Understanding who the perpetrators of fraud are, how they commit fraud, and why fraud may be committed will provide great insight to any organization that has the desire to proactively control fraud risk. Studies show companies on average lose about 5% of their annual revenue to fraud, but this figure can be twice as much in the construction industry.
Given the complexity of the procurement process in real estate and construction projects, fraudulent activities are commonly identified during procurement. The potential culprits can be both external and internal stakeholders, including suppliers, contractors, joint venture partners, third-party agents, property managers, and employees (in purchasing, accounting, or sales).
Sometimes fraud is committed when there's a lack of segregation of duties. One person may be responsible for many different functions in an organization with little oversight. Companies are also operating differently due to the pandemic and it creates an opportunity for sub-contractors and vendors to inflate the value they're providing without it being noticed.
Interestingly, motivation to commit fraud isn't always personal greed but may be personal or business related and financial or emotional. Examples of motivating factors include greed to support lifestyle outside one's financial means, personal financial distress, economic pressures, and/or satisfying commitments to business partners.
A fraud-susceptible environment in the real estate and construction industry is generally fostered by weak/lack of internal controls, use of non-arm's length/related parties, use of joint venture parties (especially in unfamiliar jurisdictions), poorly designed project scope, poorly worded contracts, employee/supplier collusion, use of undocumented workers, and use of cash, among others.
Most common fraud schemes noted in the real estate and construction industry include bribery and corruption, bid rigging, billing schemes, cheque tampering, expense account abuse, stealing non-cash assets, material switching, falsifying payments, use of phantom suppliers, and payroll schemes.
Cybersecurity and fraud are intertwined. Reducing the potential for cyber-attacks can also help prevent fraud.
Cyber-attacks aren't a matter of if, but when. And in some cases, it's not even a matter of when. Some organizations have been breached but don't even know yet. It can sometimes take months for an organization to find out it's happened.
Hackers know that many businesses don't often spend a lot of money or have the funds to spend on cybersecurity. They're also getting more sophisticated and targeting thousands of businesses at a time hoping for some percentage to be successful. With a ransomware attack, for example, they might only ask for a small sum of money. If they're successful with a number of attacks, they'll end up making a large amount.
Those trying to commit fraud may employ phishing techniques, such as using email to try to collect financial information or infect an employee's email with malware. This is why it's important to help make your employees more knowledgeable about how to identify cyber risks and how to respond appropriately.
While companies may not want to pay for preventative care by improving cybersecurity, they'll likely pay a lot more if they're hacked. Besides the monetary costs of being hacked, there's also the reputational risk. If clients find out you've been hacked, they might not want to share information with you. It could also reduce your ability to get investors.
Many companies also don't realize how much information they have about their customers. Even small real estate investors and landlords have a lot of identifying customer information (their bank account details, date of birth, and social insurance number) that could be used to commit fraud, making them the victim.