Growing economic pressures and the rapid spread of technology-based scams have increased the risks of fraud across Asia in recent months – just as a change in working practices has weakened protections.

Companies need to act to protect their interests, by putting in place measures aimed at mitigating the risk of fraud, especially those based on “synthetic identities”, by responding robustly to malfeasance as it arises, and by working proactively to recover funds lost to corporate crime.

SVA are well positioned to be of assistance, across the region.

Growing pressures and new tools

A slowing economy in China, political demands for decoupling originating from the US, and higher interest rates have put intense pressures on companies in Asia, of late. A sudden withdrawal of credit often exposes questionable practices, or incentivises some executives to cheat.

More troubling, though, is that these economic pressures come alongside the spread of technologies, such as instant payment systems and mobile applications, which not only accelerate business, but also facilitate scams.

The creation of “synthetic identities” online is a particular concern in this context, with artificial intelligence simulating victims’ identities. Such “deepfake” frauds have reportedly risen tenfold in the last year in Hong Kong alone.

One UK-based company lost HKD200 million (USD25.6 million) when fraudsters used “deepfake” technology to impersonate the company’s CFO on a video call, and arranged a major transfer, as reported in May 2024. In that case, the video call even appeared to have multiple attendees – all of whom were fake, barring the employee who authorised the transfer.

Social media also provides greater reach to fraudsters, as with notorious “pig butchering” schemes operating from Cambodia, Laos and Myanmar; victims are tricked through social media or dating sites into sending money to fraudsters, or even forced to work for the scammers.

New wine in old bottles

Of course, frauds are not only appearing at the technological frontier. Accounting fraud is also rising, as companies seek to inflate receivables, or to overstate asset values; those in the weakening property sector in China are particularly at risk. In some cases, the use of complex structures or financial instruments may hide the real scale of losses.

Companies may also find themselves tempted into questionable deals, in an effort to boost cash flow. Multi-national firms are particularly at risk, as in-country teams not only need to prove their worth, but also have local ties that can sometimes engender fraud and corruption.

Weaker protections

A further concern is that these changes come as shifts in business life since the pandemic have loosened protections. Of note has been a lasting turn towards remote working, which means that some staff rely on insecure internet connections on shaky home systems – much more vulnerable to penetration by cyber-criminals.

A key problem is “business email compromise”, whereby hackers gain access to communications, and monitor missives for payments-related traffic. Intruders then seek to arrange a transfer for a seemingly legitimate reason. A lack of proximity may mean that staff cannot readily check demands. SVA has seen a marked rise in such cases, generally built around initial “phishing” emails.

A further concern relates to intellectual property. Companies may have looser control over remote-working employees’ handling of confidential information, posing the risk of loss of intellectual property and sales data. The risks related to staff decamping with commercial information are thus rising, and are especially acute at traditional times of departure, such as Chinese New Year, or the end of the financial year.

Partisan regulation?

As if this were not enough, a separate regional problem is the rising tide of nationalism, which is complicating enforcement measures. Some governments may seek to protect only chosen companies, particularly if in strategic sectors. Another problem is that local authorities may prove lethargic in responding to frauds, owing to limited understanding of the technology in question, or because the funds have already been moved offshore.

Act Now to Prevent Financial Damage

Companies should act now to prevent harm. In particular, management should bolster internal compliance mechanisms, so as to identify fraudulent activity early, and thereby limit losses. Dependence on audit – external or internal – will not protect most companies from this new generation of frauds; the Chinese government in July 2024 criticised PwC in relation to its work on the ailing property giant Evergrande.

Key steps include: strengthening the integrity of IT systems; implementing tighter controls over staff approvals; adding to ID or other layered checks; introducing new procedures for video calls; developing internal AI-fraud detection mechanisms; and bolstering protections for confidential information.

Staff must also be trained, drilled, and supervised, so as to ensure they understand the need to act cautiously. Staff also need to “refresh” their knowledge frequently, so as to keep up with technological change; vigilance and awareness, after all, provide the best defence.

Companies should also generally examine transactions in more detail. Key measures include bolstering audit trails and gathering additional documentation, in retrospect if necessary, so as to understand what happened, and thereby predict what problems may yet emerge.

Finally, companies should adhere to robust due diligence standards, even when under extreme pressure to contain costs. Boards should require detailed independent background investigations of investments or partnerships, and should ensure that oversight measures are in the hands of a relatively “neutral” party, rather than a local deal team. SVA are specialists in this area.

“Virtual Due Diligence” will only result in “Virtual Profits” and lead to severe consequences.

Appropriate Responses to Fraud

Responding to indicators of fraud is as important. Companies must act decisively on the discovery of red flags. Key indicators might include the unusual involvement of third parties, a dubious transaction structure, or excessively high fee levels, amongst other issues.

Companies should make sure to undertake a thorough investigation into any suggestions of fraud, and to report findings in full. Attempts to “sweep matters under the carpet” will only lead to bigger problems. SVA is often called in to assess the damage caused, and the methodology used.

Management should consider involving the relevant authorities, such as the police or regulators. In doing so, though, they must also take account of any political risks, or that some authorities may simply not respond as hoped. Again, SVA can advise as to dealing with such regulatory risks, and can assist in liaison work that encourages action.

Finally, companies should quickly launch external asset search and tracing measures, and recovery actions, so as to recoup stolen funds.

Some multinational companies take out fidelity, and other, insurance policies to cover expenditure in such circumstances and which are surprisingly inexpensive.

Such asset recovery initiatives are frequently complex, as they need to identify assets hidden in offshore jurisdictions, often structured through corporate or trust structures. Asset searches should operate as part of a broader legal strategy.

Visit SVA’s website (www.stevevickersassociates.com) to read more about asset searching and fraud investigation.

SVA

SVA has a great deal of experience in responding to incidents of financial crime, investigating frauds, and in tracing and recovering assets. If we can be of any assistance to your organisation in dealing with these complicated issues, please do not hesitate to contact us at the numbers below:

SVA (www.stevevickersassociates.com) is a specialist risk mitigation, corporate intelligence and risk consulting company. The firm serves financial institutions, private equity funds, corporations, high net-worth individuals and insurance companies and underwriters around the world.