The impact of COVID-19 on the risk and threat of organised crime
The Basel Institute on Governance, working with “United for Wildlife”, has released a report on the impact of the coronavirus crisis on the illegal wildlife trade. The report sets out rather neatly the challenges faced by organised crime in responding to emerging changes in public health policy, restrictions on movement and disruption of transport links across the world. It concludes that “while there will be no widespread operational pause for wildlife traffickers”, there will be “some localised disruption” and “in the medium to long terms … wildlife traffickers will face unprecedented vulnerabilities due to macroeconomic and macro-political uncertainties.” One might almost assume that the problems faced by organised crime groups are broadly similar to those faced by legitimate businesses.
In any major crisis, there are winners and losers. While many businesses are currently suffering huge, potentially fatal, losses as trade collapses and opportunity shrinks, some will seize new opportunities and a few will do exceptionally well - the manufacturers of Personal Protective Equipment and toilet paper spring to mind. Similarly, many organised crime groups will suffer losses; some will have to diversify in order to survive; and some will thrive in the new environment created by the worldwide response to the pandemic.
The risk of fraud
Many of the recently reported coronavirus scams arise from online, or internet-facilitated, threats. CIFAS, the Credit Industry’s representative body on fraud, has warned businesses and consumers of a growing number of scams predicated on the public response to the coronavirus lockdown. They note that “fraudsters are always looking for new opportunities to steal money and information”, highlighting the ways in which criminals “target homeowners and prey on their anxieties”.
Emerging frauds may broadly be placed into two categories: those directly related to the coronavirus pandemic; and those given extra traction because of the measures put in place to control the spread of the virus.
Coronavirus-related fraud
We are seeing evidence of organised crime muscling in on the coronavirus supply chain, both official and unofficial. As reputable suppliers struggle to meet the demand for Personal Protective Equipment (or PPE), disreputable groups rush to produce fast, cheap alternatives, less effective or ineffective in protecting customers against the virus, selling it into the health service supply chain or direct to unwary consumers. Other criminals simply produce the illusion of supply, setting up impressive-looking websites or posting borrowed photos and descriptions to online auction sites. As fear of the disease grips the world, fraudsters have cashed in on a lucrative market for masks, gloves, disinfectant, miracle cures and antibody test kits. The naïve, unwary and unfortunate place orders in good faith and receive something that doesn’t meet their needs, if anything at all.
Lockdown-related fraud
There is at least some prospect that a reasonably sophisticated consumer will appreciate the risk of ordering medical equipment online during a viral pandemic. The second category of scams presents a more nuanced and perhaps more significant threat. There are more people online at this time than there have ever been before, as whole populations confined to their homes by coronavirus restrictions resort to the internet for communications, work, shopping and entertainment purposes. For many of those lucky enough to still be earning a wage, “work” has rapidly changed from being attendance at a physical location alongside real people to remote access via a laptop. Remote working carries its own risks as those of us accustomed to direct contact with customers and colleagues have to adapt to new ways of working that rely on employees being able to trust the electronic communications they receive and identify attempts to defraud the organisation.
One growing threat is mandate fraud – companies receiving instructions, ostensibly from a known customer, to send a due payment to a new bank account. The instruction to do so may come from an email address designed to closely resemble the known email address, or even from the known address itself in circumstances where the supplier’s own systems have been compromised. Protecting against mandate fraud requires a series of security measures, including robust IT security at both the customer and supplier end and education and training of key finance staff.
Another potential threat is CEO impostor fraud. A member of finance staff receives an email, apparently from a senior executive instructing them to make an emergency transfer of funds or delivery of goods. In many corporate cultures, the staff member is simply expected to jump when they are told to – who are they to question the Company Director? Even if they do have concerns about the instruction, what do they do? Isolated staff members may have nobody to check with in an emergency; nobody to tap on the shoulder and run something by; nobody sat at reception answering their call at the other end of the supply chain. The pressure to comply with what looks like a legitimate instruction from a senior officer outweighs any concerns they have that the request is slightly unusual or out of the ordinary.
The finance clerk is now working from their dining room table, metaphorically in a twilight zone where expectations and working practices have changed and their personal responsibilities for decision making have increased dramatically. Add to this the distractions of home-schooled children or an elderly parent with a health issue and you have perfect conditions for a carefully targeted attempt at fraud to lead to a serious financial loss to the business. Scams such as these, which present a real but manageable risk to companies in normal working circumstances, become a vastly increased threat under lockdown conditions.
The benefits of lockdown
It is not all bad news. According to the Basel report, the grounding of civil aircraft has seriously affected the ability of wildlife traffickers to move illegal products around the world, forcing them to adapt their methods. The same can almost certainly be said of other international criminal trade, including drug trafficking, counterfeiting and the physical movement of criminal cash. In the UK, “county drug lines” supplying drugs from OCGs in the major cities to outlying towns have taken a hit as law-abiding citizens “stay at home” and the police take a far greater interest in those who are still using the road network, thus increasing the chance of drug couriers being stopped en route. Street crime, shoplifting and drunken Friday night brawls are, at least for the time being, pleasingly absent from local news reports. For those of us able to keep business going from makeshift home offices, it seems that every cloud really does have a silver lining.
The Black Swan
Coronavirus is what is sometimes described in risk management circles as a “black swan event”. The phrase derives from the (Eurocentric) assumption, dating back to Ancient Rome, that all swans were white, because nobody had ever seen any other kind of swan. This assumption was only derailed in 1697 when European explorers visiting Australia spotted a black swan for the first time. As the coronavirus situation unfolded, even companies and organisations with plans in place to deal with business disruption caused by fires or floods will almost invariably have been caught on the back foot by a situation that required them to abandon their business premises and get every member of staff set up to work from home, a scenario that almost nobody would have predicted a month earlier.
Five weeks into lockdown, the problem for many businesses is no longer that their staff cannot connect to the server; it is the fact that they cannot connect to one another, or to their customers. In the absence of personal contact, and with little or no security awareness to go with their new IT connectivity, well-meaning individuals will make unwise decisions that costs themselves and the companies dearly in financial loss, personal embarrassment and reputational damage.
Five key learning points
Any crisis – economic, health, political or other – presents both risks and opportunities, but the one opportunity that it affords everyone is the opportunity to learn, both individually and organisationally. Here are my five key learning points from COVID-19:
- Prepare for the unthinkable. Effective risk planning means considering unlikely scenarios and deciding what you will do if they happen.
- If you see one black swan, there is almost certainly another one out there somewhere. Being unprepared for the coronavirus pandemic was understandable; being unprepared for the next wave in 12 months time is just plain stupid.
- Think before you press the button. In my panic to roll out homeworking, am I neglecting important security considerations? Under pressure to pay money to my supplier, am I missing potential indicators of fraud? Am I really prepared to pay £20 a roll for toilet paper from an anonymous seller on ebay?
- Information and training is critical to success. People who are put in unfamiliar situations with new equipment and working practices will make mistakes unless they are properly briefed, trained and supported.
- And finally... every crisis presents both risks and opportunities. Manage the risks and identify the opportunities – even if it is simply the opportunity to catch up with backlogs, improve processes and provide much-needed training to essential staff.
Written by Laurence Howland
http://www.uktraining.eu/news-article/the-impact-of-covid19-on-the-risk-and-threat-of-organised-crime/97