More companies – both inside the U.S. and globally – are experiencing economic crimes, and as companies expand their international operations and their reliance on the Internet and mobile technologies, economic crime increasingly has become a “borderless threat,” according to PricewaterhouseCoopers’ recent survey of global companies. The survey report, entitled “Global Economic Crime Survey 2014,” details companies’ changing costs from and perceptions of economic crime, particularly cybercrime. The U.S. Supplement to the PwC survey report can be found here, and the key U.S. supplement highlights can be found here. PwC’s February 19, 2014 press release regarding the survey report can be found here.
During the period August to October 2013, 5,128 respondents in 95 countries completed the survey. There were 115 U.S. respondents, over half of whom were from publicly traded companies, and over three-quarters of whom were from organizations with more than 1,000 employees. The term “economic crime” as used in the survey and in the survey report encompasses thirteen specific types of fraud, including: espionage; competition law/antitrust law; illegal insider trading; tax fraud; mortgage fraud; IP infringement/theft of data; money laundering; human resource; accounting fraud; cybercrime; bribery ad corruption; procurement fraud; and asset misappropriation.
The U.S. survey respondents reported a “larger global footprint” than respondents outside of the U.S.; 80% of U.S. respondents reported worldwide operations, compared to 61% globally. U.S companies are also likelier than their global counterparts to pursue opportunities in markets with “high levels of corruption risk.” In addition to growing their international operations, U.S. companies are expanding the role of the Internet and mobile technology in their operations, which can bring risk from beyond their immediate geographic footprint. U.S. companies increasingly are operating in a “borderless” economy in which they “may not need to have a brick-and-mortar operation in a country to have a presence and a possible risk.” In addition, reliance on agents and other third-parties in other countries may expose U.S. companies to increased economic crime risks, including corruption, cybercrime and economic sanctions.
Perhaps as a result, the percentage of U.S. companies reporting that they had suffered an economic crime in the past two years (45%) was greater than the global average (37%). In addition, U.S. companies reported that they had experienced increased levels of fraud across all types of crime since PwC’s last survey in 2011, except asset misappropriation and insider trading. However, asset misappropriation still remains the most common fraud that U.S. organizations suffered. At the same time, U.S. companies reported increased levels of accounting fraud and of bribery and corruption. The report speculates that the increased reports of accounting fraud and of bribery and corruption “may be attributable in part to more companies implementing internal controls, more robust compliance programs and increased risk assessments, leading to more frauds being detected.”
The one the thing that is clear is that economic crime hurts companies’ bottom lines. Of the U.S. survey respondents that reported economic crimes in the last two years, 54% reported that their companies had experienced fraud losses in excess of $500,000, with 8% reporting fraud losses in excess of $5 million. The risks associated with these kinds of costs obviously provide substantial incentive for companies to implement fraud prevention and detection measures. The report points out that the indirect costs associated with fraud, such as damage to company brand, reputation and employee morale, provide even further incentives, as does the policies of the SEC and the DoJ, which recognize the existence of compliance programs as a mitigating factor in setting penalties for legal violations.
The survey’s findings regarding cybercrime are particularly interesting. Of the U.S. respondents reporting that they had suffered an economic crime in the last two years, 44% identified cybercrime as one of the frauds experienced, while 44% of all U.S. respondents “indicated that they thought it was likely they would suffer a cybercrime within the next 24 months.” 71% of U.S. respondents indicated that their perception of cybercrime had increased over the past two years, compared to 48% of global respondents.
Compared to their global counterparts, U.S. companies lost more in financial terms from cybercrime than their global counterparts. 7% of U.S. respondents lost $1 or more from cybercrime, compared to 3% of global organizations. 19% of U.S. organizations lost $50,000 to $1 million, compared to 8% of global respondents.
The report also has a number of interesting observations about bribery and corruption activities. The report states that of the U.S. respondents reporting that they had experienced an economic crime in the past two years, 14% had identified bribery and corruption of the type of fraud suffered, up from 7% in PwC’s 2011 survey. 17% of both U.S. and global respondents reported that their organizations had been asked to pay a bribe within the last 24 months. 15% of U.S. respondents reported that their organizations lost an opportunity to a competitor whom they believed had paid a bribe, compared to 22% of global respondents. 4% of U.S. respondents and 5% of global respondents reported financial losses of $1 million or more through bribery and corruption. 28% of U.S. organizations and 27% of global organizations reported financial losses of $50,000 to $1 million.
Perhaps as a result of their actual experiences over the last two years, U.S. companies think it is more likely now than they did in 2011 they will experience losses from fraud across all categories of economic crime in the next two years. The report itself states that “the interplay among enhanced global regulatory scrutiny, more skilled and technologically sophisticated fraudsters, and the emergence of an increasingly borderless business environment presents ongoing challenges to organizations as they combat fraud during the economic recovery period.”
Consistent with its overall message that both the risk of fraud and that companies’ perceptions of the risks of fraud are increasing, the report has extensive information about the steps companies can take to try to combat fraud. The report concludes that companies increased awareness of the risks of fraud likely “will prompt organizations to make the up-front investment in fraud prevention and detection methods, which continuously prove less costly than implementing damage control measures after the fact.”
It is not a point of emphasis in the PwC survey report, but investors, regulators and other constituencies increasingly are seeking to hold company management liable when their companies suffer economic crimes. In the U.S., we have long seen follow-on lawsuits after companies disclose the existence of bribery investigations. As I noted at year-end, these kinds of follow-on lawsuits are becoming increasingly frequent in connection with the disclosure of other types of regulatory investigations as well. And as recently seen in connection with the Target cyber breach, investors and others are seeking to hold company management accountable for cybercrime as well. In each of these types of examples, claimants have sought to hold company officials liable for failing to take steps to protect their companies from these kinds of incidents.
The point here is that among the many risks associated with increased levels of economic crime is the risk of increasing director and officer liability exposure. It seems increasingly likely that claimants will seek to hold company management liable for the alleged failure to take steps to protect their companies from the occurrence of these kinds of economic crimes. The most important thing for company management to do is to focus on the kinds of preventive measure and detection practices outlined at length in the PwC survey report. However, in addition, company management will want to review their D&O insurance program to try to ensure that their insurance program is sufficient to protect them in the event claimants later contend that they did not do enough to protect their companies from economic crime.
The Time of My Life: On Saturday, as I was at the grocery store cash register, the cashier asked my date of birth. I told her the date in 1956 when I was born, and then for some reason it suddenly occurred to me that I have been alive for a longer period (58 years, as of my next birthday) than the length of the period between 1900 and 1956. The startling thing about this observation is to think how much happened between 1900 and 1956, and then to reflect that I have been alive for even longer than that.
Think about it. The period between 1900 and 1956 included the discovery of man-powered flight; the development of the mass produced automobile; the invention of radio and of television, as well as the invention of the computer and the transistor; the discovery of penicillin; two World Wars; the Great Depression; the development of the atomic bomb and rocket technology.
How do the changes of the last 58 years compare? Since 1956, we have had the advent of unmanned and manned space flight; the sequencing of the human genome; the development of the personal computer and of the cell phone, as well as the invention and proliferation of the Internet; we have had the elimination of legal racial segregation; the invention of laser guided missiles and unmanned drones: the construction of Interstate highway system; the fall of the Berlin Wall and the collapse of the Soviet Union; and the introduction of e-mail, voice mail, digital photography, instant messaging, social networking, spreadsheets, GPS…
On Saturday evening, as my wife and I enjoyed the bottle of wine in connection with the purchase of which the cashier had originally asked for my date of birth, we debated the question of which of the two periods was more eventful. My mother in law, who lives with us and who is the self-appointed Final Authority on every topic, declared that the more recent period was more eventful, because of the computer. I am skeptical; so many of the developments in the more recent period are the consequences or result of developments or events in the first period. Even the computer itself was first invented during the earlier period.
What do you think? (Other than that I am getting old and that it probably would do me some good to get out more, at least on Saturday night.)