In recent weeks BExA has advised members to be alert to a rise in criminal and fraudulent activity which is exploiting the current coronavirus pandemic.
A new report from Europol, based on information received from the EU Member States, provides an overview of exactly how criminals are adapting their misdeeds to Covid-19.
Businesses are being urged to prioritise the mitigation and management of these risks to minimise the threat that they pose.
“This is a time to reflect on what you have. Risk assess, look ahead and plan accordingly to be stronger and operate more effectively in overseas markets,” says BExA member John Burbidge-King, CEO of Interchange Solutions, a well-established consultancy specialising in anti-bribery and corruption management.
In this article, Burbidge-King gives an overview of the opportunistic criminal activity that has surfaced on the back of the current health crisis, and outlines steps that the exporting community can take to stay on top of the risks.
Q: What kind of criminal activity are we seeing as a result of the coronavirus crisis, and why?
Burbidge-King: There are two areas. Firstly, in terms of organised crime and criminality, it's less a rising crime and more an opportunistic move, switching from other activities. For instance, where county lines drug dealing might be curtailed under the present lockdown, gangs will find other pursuits, for example, counterfeiting goods such as Covid-19 tests, masks, equipment, etc. They'll shift their business model in the same way as industries are. So that's the first thing that's happening and there's a clear trend in that, as evidenced in the recent Europol report.
The second area is what’s being carried out by business itself, whether naively or deliberately, in desperation or bending the rules. For example, this could be illicitly incentivising others to retain or gain business – that's bribery – perhaps in the foolish expectation that they're not going to be caught because the police are all locked down. But, as we know, in the UK, there is no statute of limitation and they will have to face the music if investigated further down the line. Those acting more naively simply may not have the policies and processes to prevent it – they're just allowing it to happen.
Q: Does this suggest that the normal corporate ethics/business conduct policies, approvals, procedures and business processes do not operate effectively when some compliance functions are working from home?
Burbidge-King: The answer is we don't know. There is the potential for a breakdown of due processes as managers are separated by working from home. So, for example, it could be bypassing the normal process for signing off invoices and purchases, which may be taking far longer than usual because these documents are having to go in and out of people's home offices gathering the necessary e-signatures, which a company may not have previously set up.
Another example could be attempts to defraud because of a lack of overriding controls. This is likely to happen because people are not on the ground, in their place of work, to see it, and their systems may not be geared to cope with the authorisation traffic that's now not taking place in the office but happening offline with people working from home.
It's perhaps not so much the policies but rather the local enforcement of them. The government has recently issued guidance for leaders and fraud experts in government bodies and local authorities that are administering emergency programmes on its behalf. It’s calling on local government to be really thorough and check that controls are properly in place to reduce the risk of widespread fraud.
Now’s also the time to review arrangements with export agents and freight forwarders to ensure there's a robust no-bribe policy and training in place for them. With ports and airports closing down, there are a number of pinch points and – perhaps in more corrupt countries – the opportunity to bribe is prolific. With goods trying to be moved out of and into countries, it's probable that the people that will be precipitating this on behalf of your company may be your export agents and freight forwarders.
Q: What are the more obvious ways in which companies are at risk?
Burbidge-King: Most people understand the ongoing phishing scams, but it’s important to note that they're getting more sophisticated. This could be, for example, emails purporting to be from HMRC advising of a small benefit payment. It may look legitimate in the format, but does the e-mail address give it away? If tempted, it will ask for your bank details into which to pay the funds, then attack your account, personal or company. Other phishing scams specifically target homeworkers and could be carefully crafted, authoritative-looking emails purporting to be from the CEO or finance director of your company, authorising an employee to make payments or to handover the passwords/encryption keys to bank accounts to supposedly facilitate transactions such as the payment of an invoice, which is, of course, false.
What we’re also seeing is criminals increasing their efforts to launder lesser sums by inducing people to use their personal bank accounts to move funds based on a commission to do so. Until the outbreak of Covid-19 this had mostly happened in the student population. But now, with people being out of work, they may be tempted to take up these offers if they're naive about what's happening. It’s worth noting that the amounts laundered in these cases are usually below the banking surveillance thresholds. So, it’s unlikely that these transactions will be picked up now – although they may be further down the line.
Q: What are some of the more opportunistic methods that criminals are turning to?
Burbidge-King: The highest risk is posed by the corrupt so-called professional enablers. These are the people with financial and legal skills, who have found a rich seam of wealth through running family offices or similar, or may have operated a one or two-man law firm or financial advice business, and have been persuaded that there's another route to making money. So they're acting on behalf of criminals, in the UK and elsewhere, offering cheap and quick loans to cash-strapped, distressed UK businesses, which in reality is laundering the proceeds of crime for the organised crime groups. Be in no doubt this happens with criminal investment in car washes, taxi firms, small distribution companies, etc. One can reasonably assume that in this very difficult period, they have more fallow ground to plough, such as smaller companies screaming for help, because the banks are only offering backup loans while offsetting their risk against the Covid-19 government loans.
Another area of risk is in sales agents, consultants and distributors operating in more corrupt countries, where their principals might be politically exposed persons (PEPs): people who, through their prominent position or influence, may be susceptible to bribery or corruption to award contracts. PEPs are ordinarily on the data bases of due diligence and enforcement agencies. If these PEPEs are investigated for unexplained wealth orders, such as under the UK’s Criminal Finance Act, for example, it means companies connected with these intermediaries backed by those PEPs may well also be investigated.
Q: What advice would you have for BExA members during this period in terms of staying on top of the risks outlined?
Burbidge-King: Firstly, review the robustness of the risk assessment and risk register processes, and the policies and processes you now have in the context of today’s situation to test whether they are still fit for purpose both now and for the future. This situation we’re in is global: what you had in the past, country by country or agent by agent, may not be fit for purpose. This could provide an opportunity to improve your policies or processes and make them more robust.
Secondly, think ahead to how business momentum can be built by exporters in expanding or revitalising the sales network through overseas sales agents – but assess the risks and develop a due diligence plan, which can be started right now. Those agents might be desperate for business too, so you need to put good, strong policies and processes in place and know that they are behaving properly, particularly given the constraints of the UK Bribery Act.
Thirdly, look at how the online comms are working. Are they robust and hacker-proof? For example, look at password protocols and your home network security, which I suspect most people have overlooked except, perhaps, for the more sophisticated organisations. Do you have two-stage authentication? Does it work? Consider using a security token, like the banks and major companies. And be sure to share best practices in cyber security with your team – do that now, don't wait until a disaster occurs.
Finally, be aware of anti-competitive activity in these troubled times. For example, picking up the phone to your competitors and hatching plans to divide and rule on customers, on contracts, thereby creating cartels, and acting in an anti-competitive way. This is something that could happen in manufacturing, and in offering contracts or financing.
Posted 7 Apr 2020