Page created by Anne Williamson
PwC’s Global Economic
Crime Survey 2018:
UK findings
Pulling fraud out
of the shadows

Welcome to the UK results from our
                          2018 Global Economic Crime Survey
                          (GECS). The findings from this year’s
                          GECS confirm that the long-term global
                          trend towards higher levels of fraud
                          is continuing, and clearly show the
                          destructive impact that this rising tide of
                          economic crime is having on businesses.

                          According to our study, nearly a quarter of frauds   Rising usage of digital technologies is a futher
                          occurring in the UK over the past two years          factor. With businesses relying ever more heavily
                          resulted in a loss of over $1m (£700,000). The       on the benefits of technology and the use of data,
                          direct costs are increased still further by the      it is hardly surprising that our survey has revealed
                          burden of investigating and remediating after a      yet another rise in the number of UK organisations
                          fraud, and businesses are feeling the resulting      experiencing cyber attacks in the past two years.
                          impact on their reputation, brand, employee          Our survey showed that cybercrime is the most
                          morale and relationships with business partners.     commonly experienced fraud, overtaken by asset
                                                                               misappropriation for the first time. Yet we have
Fran Marwood
Investigations Partner,
                          Experience shows that times of uncertainty often     also seen increases in the number of organisations
Forensic Services         create new openings for fraudsters to exploit gaps   reporting other types of fraud, notably bribery
PwC UK                    or weaknesses in controls, and it’s significant      and corruption and procurement fraud, despite
                          that over a quarter of respondents to our survey     the overall level of UK businesses experiencing
                          felt that the current geopolitical climate would     fraud falling from 55% in 2016 to 50% in 2018.
                          lead to more opportunities for people to commit      It is also apparent that the UK is lagging behind
                          fraud. As such findings underline, it’s now more     much of the rest of the world in harnessing
                          crucial than ever that businesses understand         technology to prevent and detect fraud.
                          the fraud risk landscape and all the possible
                          avenues of attack.                                   In this year’s report, we use the UK results from
                                                                               GECS to explore three key themes:

                                                                               • How do you make the best choices around
                                                                                 preventing and detecting fraud?
                                                                               • How can you focus your resources and use
                                                                                 technology more effectively?
                                                                               • What do the results say about UK businesses’
                                                                                 approach to bribery and corruption?
3 PwC’s Global Economic Crime Survey 2018: UK findings

Know                                                                               Top 5 frauds that
                                                                                   respondents think
what fraud                                                   50% of UK
                                                                                   are most likely to be               42%
looks like                                                    respondents
                                                                                   the most disruptive
                                                                                   in the next two
                                                               experiencing        years                           Cybercrime
                                                               economic crime
                                                                in the past 24
                                                                months, in line
                                                               with the global                   10%                   8%
                                                             average of 49%
                                                           and a reduction in
                                                                                        Bribery and corruption   Accounting fraud
                                                          the UK from 55%
                                                         compared to 2016.

                              Top 5 types of reported                                                                  7%
                              fraud in 2018:
                                                                           44%             Consumer fraud        Money laundering

                              Asset                                  32%
                                                                                   $ lost through fraud in the past
                                                                                   24 months                        >$1M
                                                                                                          $100,000 -
                              Procurement fraud
                                                              23%                                            $1M
                              Bribery and                     23%
4 PwC’s Global Economic Crime Survey 2018: UK findings

55% of frauds were committed by                          Cybercrime is
external perpetrators (Global: 40%).                     high on the
33% were committed by internal                           agenda for UK
perpetrators (Global: 52%)                               boards...



remaining respondents either don't
know or prefer not to say
                                                               82%              ...with 82% of CISO’s*
          Half the frauds committed by internal
          perpetrators were committed by senior                                 reporting into the
          management, up from 18% (in 2016)                                     board (compared to

                             +                                                  61% globally)

                            32% 19%                                        of frauds were detected
                                                         through fraud risk management and       15%
                                                         were detected by internal audit.

                                                         The success of suspicious transaction
                                                         monitoring (from 22% in 2016 to 10%

                             45% 24%
                                                         in 2018) and data analytics (8% to
                                                         1%) has declined in the UK.

             of respondents felt that the main                              have been
                 reason was the opportunities            asked to pay a bribe in the last two
                   presented to the individual.          years – up from 5% in 2016.                 *CISO – Chief Information Security Officer
PwC’s Global Economic Crime Survey 2018: UK findings

   Making good choices:
   How well do you
   understand your fraud risks?

6 PwC’s Global Economic Crime Survey 2018: UK findings

                            Fraud imposes significant costs on UK business.     Organisations face potential attack from multiple

                            Half of the respondents to our survey reported      angles – customers, suppliers, cyber criminals,
                            that they have experienced fraud in the last        organised crime, employees, and many more.
                            two years, similar to the global level – and our
of frauds saw the victims   experience suggests that many more may have         The range of fraud also continues to expand and,
lose more than              fallen victim to fraud without realising it.        for every threat and risk that an organisation

$1M                         Our study also shows that the incidence of fraud
                                                                                identifies and manages today, new risks arise
                                                                                as it develops and grows its activities over time.
(£700,000)                  is continuing to trend upwards over time, both in
                            the UK and globally.
                                                                                Experience shows that times of economic
                                                                                uncertainty and change, with businesses
                                                                                expanding into new global markets, holding
                            These findings are borne out by frequent media      and utilising more data, and implementing new
                            reports covering the full spectrum of fraudulent    technologies, give rise to increased opportunities
                            activity, ranging from the latest cyber scams       and pressure on individuals to commit fraud.
                            against businesses and consumers, to corporate
                            executives facing serious charges.                  27% of our respondents expect that the
                                                                                geopolitical environment will result in increased
                            The continuing flow of frauds takes a heavy         economic crime in the next two years, and only
                            financial toll on the businesses affected. Over     9% are expecting a decrease (compared to
                            half of the most disruptive frauds in the UK        18% globally).
                            resulted in losses of over US$100,000 (£70,000),
                            while some 24% of frauds saw the victims            Business conduct and misconduct
                            lose more than US$1m (£700,000). These are
                            significant costs both to UK business and the       This year we have included a new category
                            wider economy. Also, importantly, the proceeds      of fraud: business conduct/misconduct. We
                            often end up in the hands of organised criminals,   define this as frauds where the company is the
                            funding a range of activities from terrorism to     perpetrator, with the criminal activity typically
                            human trafficking.                                  affecting customers or suppliers through
                                                                                activities such as deliberate overcharging. This
                                                                                type of crime affected 21% of those respondents
                                                                                in the UK who reported experiencing a fraud in
                                                                                the last two years.
Both globally and in the UK, we have also seen             The wider cost of fraud
a rise in the percentage of frauds committed
by senior management. In the UK this category              While some of the losses from fraud can be
increased from 18% of all frauds in 2016 to 50%            quantified clearly, others are much harder to
in 2018. In our experience, these types of fraud           understand. For example, on top of the losses
can relate to a range of activities, including the         sustained as a direct result of a fraud, businesses
manipulation of accounting records to influence            also face the costs of investigation and remedial
results and deliberate overcharging of customers           activities, as well as potentially significant
where contractual arrangements may be vague.               disruption to wider business activities.

Interestingly for UK businesses with operations            Of those respondents who had experienced a
overseas, accounting fraud or misstatement of              fraud in the last two years:
results was by far the more common overseas
fraud, with 40% of businesses affected. This
is also by far the most disruptive fraud in
organisations’ overseas locations.
Many businesses do not consider the risk of fraud           68%                                    68%
from the perspective that the business or one of
its subsidiaries may be the perpetrator, yet it is
these types of fraud that are typically the most           68% said that      77% said it         78% said it
damaging to brand, reputation and shareholder              the fraud had      had an impact       had an impact
value. Frauds perpetrated by management                    an impact          on business         on employee
present some unique challenges:                            on their           relations           morale
• They are often harder to spot, as management             and brand
  may be in a position to override controls;
• As a result, the direct loss from the fraud can          At the same time, UK organisations are
  be much greater;                                         spending more than ever on compliance. 54%
• Related activity may set a culture and “tone             of UK organisations have seen an increase in
  from the top” that unethical behaviour                   compliance spend over the past two years (vs
  is acceptable;                                           42% globally), and 51% expect it to increase in
• Employees may be pressured to turn a                     the next two years (compared to 44% globally). It
  blind eye; and                                           is clear that UK businesses are taking compliance
• The incentives and pressures can be complex,             spending significantly more seriously than the
  for example, to maintaining the continuity               global average.
  of the business rather than for direct
  personal gain.

                                                                           Source: Global Economic Crime Survey 2018
8 PwC’s Global Economic Crime Survey 2018: UK findings

Fraud risk assessments                                   Fraud risk is an increasingly multifaceted and

                                                         complex issue that develops over time. Both
Given the continuing rise in fraud, it is worrying       fraud techniques and threats evolve alongside
that 50% of the UK businesses surveyed had not           the business’s activities, operations, people
carried out a general fraud risk assessment, which       and structures.                                       of UK businesses
looks at the key risks facing particular parts of                                                              surveyed had not
their business or activities in the past two years.      This makes it vital that risk assessments are         carried out a general
                                                                                                               fraud risk assessment
This is broadly consistent with the global position.     refreshed regularly to ensure developing threats
                                                                                                               looking at key fraud
                                                         are addressed, and means the lack of frequency
                                                                                                               risks in the past two
In our view, a well-considered and closely               with which we know risk assessments are being         years. This compares
targeted assessment should be the technique that,        reviewed is a significant concern.                    to 46% globally
first and foremost, drives all other anti-fraud
activities. Its absence means that the business’s        With risk assessments being an increasing feature
other anti-fraud activities may be poorly targeted       of enforcement actions (as well as part of an
and lack effectiveness and specificity.                  “adequate procedures” or “reasonable procedures”       Key questions to ask:
                                                         defence under the UK Bribery Act and the
                                                                                                                •   Am I maintaining
More positively, some companies do report                Criminal Finances Act), it’s more important than           a view of my
undertaking more focused risk assessments                ever that a business’s fraud risk assessment is fit        evolving risks –
relating to specific risk areas such as cyber            for purpose. Key questions to consider include:            including fraud,
vulnerability (52%), anti-bribery and corruption                                                                    cyber and bribery?
(50%), anti-money laundering (28%), sanctions            • Are you just focusing on the obvious areas,
                                                                                                                •   Is this detailed
and export controls (25%), and anti-competitive            where you probably already have the
                                                                                                                    and tailored to my
behaviour (17%). However, it’s clear that coverage         best controls?                                           organisation and
is patchy across all areas.                              • When did you last update your risk                       how it operates?
                                                           assessment? Does it adequately reflect your
                                                                                                                •   Are each of the
In our experience, very few organisations have put         business as it is today?
                                                                                                                    risks identified
processes in place to identify major changes in the      • Do you have a holistic view of fraud risks, or
                                                                                                                    covered by
risk profile of the business or parts of the business,     have your risk assessments been carried out              appropriate anti-
such as new products or new markets. Fraud risk            in silos?                                                fraud measures?
assessments, when prepared, are often static             • Have you engaged with all relevant
documents, reflecting a snapshot at a moment               stakeholders, and do your senior management
in time, rather than responding to a complex               have a sufficient level of oversight?
and evolving environment. This type of static            • Would your risk assessment stand up to
assessment is not enough.                                  scrutiny in the event of an unexpected
                                                           investigation under the Criminal Finances Act
                                                           or the UK Bribery Act.
9 PwC’s Global Economic Crime Survey 2018: UK findings

                  Technology 2.0:
                  How can you focus
                  your resources and use
                  technology more effectively?

10 PwC’s Global Economic Crime Survey 2018: UK findings

                           The top fraud in the UK in 2018 was cybercrime,        As a result of its prevalence, impact and the

                           suffered by 49% of these respondents who had           requirements of EU General Data Protection
                           experienced fraud in the past two years. As a          Regulation (GDPR), cybercrime is high on the
                           result it overtook the traditional “winner”, asset     agenda for UK boards. One sign of this is that
of the frauds in the       misappropriation (32%), for the first time since       82% of Chief Information Security Officers
past two years were        our survey started. A closer look at the figures       (“CISOs”) in the UK report directly to the board,
                           underlines the scale of the issue.                     compared to only 61% globally. This echoes the
                                                                                  findings from PwC’s recent Global CEO Survey,
                           Given the number of high-profile cyber and data        which revealed that cybercrime was one of the
                           loss issues reported in the media recently, it isn’t   top current concerns of business leaders.
                           surprising that 42% of UK respondents felt that
                           cybercrime will be the most disruptive economic        Fortunately, UK business appears to be taking the
                           crime over the next two years, far higher than         challenge of cybercrime seriously, with a higher
                           the global average of 26%.                             level of UK businesses than the global average
                                                                                  having put cyber security programmes in place.
                           As a developed economy, the UK represents an           That said, 25% of UK respondents still do not
                           attractive target, especially for overseas threat      have such a programme, or are still evaluating
                           actors. Their attacks are causing significant          whether to have one. This is a risky position to
                           business disruption, and are often used as a           be in.
                           channel to commit more traditional frauds
                           such as the theft of assets, cash, or Intellectual     Exhibit 1: What type of economic crime was
                           Property. Cybercrime is often simply a new take        committed through cyber attack?
                           on old-fashioned confidence tricks, but can also
                           be highly sophisticated.                               Disruption of                                        29%
                                                                                  Asset                                              26%
                                                                                  misappropriation                                 24%

                                                                                  Intellectual                                   22%
                                                                                  Property (IP) theft             12%

                                                                                  Extortion                                  21%

                                                                                  Insider Trading

                                                                                                           UK           Global

                                                                                                        Source: Global Economic Crime Survey 2018
11 PwC’s Global Economic Crime Survey 2018: UK findings

Gone Phishing?

Over half of the cyber attacks reported in the
last year involved phishing, which seems to be
more prevalent in the UK than in the rest of the
world (20% higher than the global average). It
could also be that the UK is just better at spotting      Technology and fraud detection
phishing attacks.
                                                          This year, our survey shows that the most
However, what is clear is that phishing (a broader        successful fraud detection methods in the UK
term to cover mass attacks that are playing the           rely on people – with fraud risk management                   the most successful
odds) or spear-phishing (more targeted attacks            techniques (detecting 19% of frauds), internal                fraud detection
on an individual) are often just the starting point       tip offs and whistleblowing (detecting 16% of                 methods in 2018 have
for a wider attack. Phishing allows fraudsters to         frauds) and internal audit (detecting 15% of                  relied on people
gain access to a company’s systems, whether for           frauds) coming out top. The percentage of frauds
the purposes of stealing information, blackmail,          detected by all of these methods has increased
or simply to cause disruption.                            compared to 2016, suggesting that anti-fraud
                                                          measures are getting better at detecting issues.
Email filtering will catch some phishing attacks,
but given that businesses almost always need to           However, while people-based detection methods
let through external emails, it is difficult to catch     are essential, they can also be labour and cost
every phishing attack.                                    intensive. In the current climate, the best fraud
                                                          detection harnesses the power of both people
Also, criminals’ phishing tactics are changing            and technology to balance higher effectiveness,
over time. The consequences of attack can be              with tight control of costs.
devastating, so awareness and diligent behaviour
on the part of technology users is a vital defence.       Exhibit 2: How are companies detecting fraud?
Phishing capitalises on our vulnerabilities as
                                                          Fraud risk management                                                   19%
humans, playing on our curiosity or fear and                                                          14%
acting as a trigger that causes us to do something
                                                          Whistleblowing and                                               16%
we wouldn’t usually do. Phishing files are
                                                          internal tip off                                      13%
deliberately titled to exploit human behaviour –
names such as ‘Pay_details_for_all_staff.xls’ and         Internal Audit                                          15%

‘Planned_redunancies.ppt’ have both been used                                                   8%

in the past.                                              Suspicious                                   10%
                                                          transaction monitoring                                                   22%

Ultimately, defence against phishing attacks              By accident                          7%
relies on humans, as well as technology, so                                                     8%
training, awareness and escalation procedures             Data analytics           1%
are key tools to use.                                                                            8%

                                                                                        2018   2016
                                                                                                      Source: Global Economic Crime Survey 2018
12 PwC’s Global Economic Crime Survey 2018: UK findings

Making technology work for you, not The known unknowns: what is
against you                         lurking in your data?

When technology is used well, it can be of a              With data analytics detecting only 1% of frauds
13 PwC’s Global Economic Crime Survey 2018: UK findings

                  Bribery 2018:
                  the ongoing impact of the
                  UK Bribery Act on business’
                  approach towards bribery
                  and corruption

14 PwC’s Global Economic Crime Survey 2018: UK findings

                           One of the most surprising statistics in this year’s   So, is this trend telling us that bribery is suddenly
                           survey was the big increase in the proportion of UK    more prevalent in the UK? Or is something
2016                       organisations that reported having experienced         else going on? Our experience tells us that it’s
        6%                 bribery and corruption in the last two years – a       the latter.
                           figure that has leapt to 23% from just 6% in 2016
23%          23%           (with the global average in 2018 being 25%).           Policies, backed up by actions
The number of
organisations              While research done by observers such as               In the past ten years, the UK has gone from
experiencing bribery       Transparency International, indicates that the         lagging behind the rest of the world in its anti-
and corruption, in the     level of bribery and corruption in the UK remains      bribery laws and enforcement activities, to
past two years has         relatively low from a global perspective, our          being at the forefront of global anti-corruption
increased from 6%          survey suggests that the issue is having a serious     efforts. It now appears that these developments,
to 23%
                           impact on our UK respondents.                          and the greater openness they have helped to
                                                                                  generate, are having a significant impact on our
                           Our survey also finds that nearly a quarter of         UK findings.
                           UK businesses had been asked to pay a bribe in
                           the past two years, either in the UK or in their
                           overseas operations. In 2016, only 5% reported
                           that they had been asked to pay a bribe.

                           Exhibit 2: What percentage of those who experienced fraud experienced bribery & corruption?

                            UK                                                                             23%

                            Africa                                                                                           32%

                            Asia Pacific                                                                                  30%

                            Eastern Europe                                                                                 31%

                            Latin America                                                                        26%

                            Middle East                                                                  22%

                            North America                                              13%

                            Western Europe                                             13%
                                                                                                 Source: Global Economic Crime Survey 2018
15 PwC’s Global Economic Crime Survey 2018: UK findings

The UK Bribery Act, which came into force                                      Managing your bribery and

in 2010 has been instrumental in bringing to                                   corruption risk
light a number of high-profile cases, and has
without doubt led to huge improvements in                                      The starting point for developing processes and
how UK business prevents and detects bribery.             of the UK            controls to manage bribery and corruption risk
It has also led to massive increases in the sums          respondents to our   should be conducting a risk assessment – this is
business spends on ensuring compliance. At the            survey said their    also the first principle of “adequate procedures”
                                                          organisation had
same time, the UK has remained committed                                       under the UK Bribery Act. Given this, and the
                                                          a formal ethics
to an agenda of fostering transparency and                                     number of cases of bribery and corruption that
                                                          and compliance
responsible business behaviour, as set out in the         programme in place   have been in the news recently, it is surprising
recently published UK anti-corruption strategy                                 that only half of respondents to our survey had
2017-2022. Both the OECD (Organisation for                                     carried out a bribery risk assessment in the past
Economic Co-operation and Development) and                                     two years.
Transparency International have praised the
UK’s efforts, particularly with regard to foreign                              In addition, we found that a significant minority
bribery offences.                                                              of respondents are not using any kind of
                                                                               monitoring technology in relation to bribery
This commitment to tackling bribery is also                                    and corruption. While these kinds of frauds are,
evident among UK businesses. Three-quarters                                    arguably, harder to detect than cyber breaches
of the UK respondents to our survey said their                                 (which the vast majority of respondents do
organisation had a formal ethics and compliance                                use technology to monitor), all organisations
programme in place. Of these, 62% said that this                               have access to data that, if analysed properly,
included specific anti-bribery and corruption                                  will enable them to pinpoint anomalies and
policies, well above the global average of 50%.                                inconsistencies that require further investigation.
These figures indicate that a number of factors,                               This approach is particularly relevant in
including an increased focus on creating a                                     relation to bribery, as such ongoing monitoring
culture of transparency, the promotion of                                      is a key part of any “adequate procedures”
whistleblowing hotlines, and encouragement                                     defence, and is also an area where we see many
from the authorities for organisations to self-                                organisations struggling.
report, have all contributed to an environment in
which UK organisations are far better informed
than only a few years ago, regarding potential
incidences of bribery and corruption in their
global operations.
16 PwC’s Global Economic Crime Survey 2018: UK findings

The legacy of historical offences                         The risks of doing business

Of those UK respondents who had experienced
fraud in the past two years, only 5% felt that
bribery and corruption had the most disruptive
                                                          Whilst there has been a sustained effort in
                                                          the UK to tackle bribery and corruption, our
                                                          survey suggests that this type of fraud is still
                                                                                                                 of the UK
impact on their business. This may be because             having a big impact on UK organisations. As an         respondents felt
many have spent considerable sums putting                 illustration, some 21% of our UK respondents           that they had lost
                                                                                                                 an opportunity to
in place extensive compliance activities and              felt that they had lost an opportunity to a global
                                                                                                                 a global competitor
frameworks, and believe the risk of future                competitor who they believed had paid a bribe,         who they believed
bribery and corruption is low.                            up from just 7% in 2016.                               had paid a bribe

Significantly, a large proportion of the high-            The UK’s strong focus on the anti-bribery and
profile cases that have come to light recently            corruption agenda may also explain why over
have been historical in nature, involving                 half of our respondents reported that they               Key questions to ask:
investigations centred on allegations of improper         included specific anti-bribery and corruption
                                                                                                                   •   Do I understand
behaviour stretching back many years. Many of             due diligence as a part of work undertaken when              the detailed
these have been uncovered through the recent              acquiring another business.                                  bribery risks facing
focus on corporate integrity.                                                                                          my organisation?
                                                          This is higher than the global average of 45%,
                                                                                                                   •   Is my programme
Similarly, looking forward, only 10% of                   and second to regulatory compliance as a priority
                                                                                                                       of adequate
respondents think that bribery and corruption             for due diligence.
                                                                                                                       procedures linked
will be the most disruptive economic crime that                                                                        to these risks?
they experience over the next two years.                  This aligns with our experience of client
                                                          demands for such services as well as even greater        •   Is the ethical due
                                                          focus on volume based integrity due diligence                diligence on those
                                                                                                                       I do business with
                                                          on businesses’ third parties. Such measures are
                                                          sensible, given that 55% of fraud threats come
                                                          from sources external to the organisations, as
                                                          referred above.
Exhibit           due diligence
        What additional           do you
                        due diligence      dodoononacquisitions?
                                      do you        acquisitions?                                   Source: Global Economic Crime Survey 2018

     Anti-bribery and           Anti-             Cyber security           Sanctions and          Regulatory            Tax compliance
       corruption           competititive /                                export control         compliance

      53%                                          52%                                           57%                     49%
                            43%                                            43%
If you want to know more about any of the issues discussed above, be it fraud
or bribery risk, cyber threat prevention, forensic technology or integrity due
diligence, then please contact one of our subject matter experts.

Fran Marwood                 Ian Elliott                Umang Paw                 Mark Anderson
Investigations Partner,      Partner, UK Forensic       Head of Digital &         UK Anti-Bribery and
Forensic Services            Services Leader            Forensic Investigations   Sanctions Leader
T: +44 (0) 20 7213 4709      T: +44 (0) 20 7213 1640    M: +44 (0)7931 304 666    T: +44 (0) 20 7804 2564
M: +44 7841 491400           M: +44 7711 912415         M: +44 7770 921256                        

Survey editorial team        Marketing team
Kathryn Westmore             Jennifer Miranda
Senior Manager               Marketing Manager
T: +44 (0) 20 7213 2941      T: +44 (0)20 7213 3939
M: +44 7715 211090           M: +44 7715 033797

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering
quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this
publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this
publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for
any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

© 2018 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to the UK member firm, and may sometimes refer to the PwC network. Each member firm is a
separate legal entity. Please see for further details.

Design Services 31157 (02/18).
You can also read