Low fraud prevention investment points to surge in undetected fraud, PwC Thailand says

Over the past two years, almost half of global businesses reported incidents of fraud or economic crime yet in the same period less than a quarter of Thai businesses detected fraud, according to PwC’s Global Economic Crime and Fraud Survey 2022 – Thailand Report.   

Increased connectivity means that cybercrime risks are rising, as are emerging threats such as Environmental, Social and Governance (ESG) reporting fraud, supply chain fraud and anti-embargo fraud. With fraudsters becoming more sophisticated in their tactics and exploiting vulnerable perimeters to remain undetected, incidents of fraud could potentially cost financial damages and incur expenses for fraud risk management. 

Phansak Sethsathira, Risk Consulting Partner at PwC Thailand, said Thai businesses detected less than half the fraud of their global counterparts (22% vs 46%). This doesn’t come as a surprise as Thailand lags behind the global figure for investment in enterprise risk management and compliance (28% vs 53%). 

Also, more than 30% of Thai survey respondents don’t have designated risk management and compliance functions, the report showed.

“Our survey shows that Thai businesses’ perimeters are vulnerable to fraudsters who are adopting new methods and technologies to breach defences undetected,” Phansak said. 

“Adding to the risk is that companies in Thailand are falling behind in terms of investment in risk management and compliance. As fraudsters become more complex in their attacks, it’s critical that businesses focus on investments to better protect themselves from economic crime,” he said. 

The Thailand report is part of PwC’s Global Economic Crime and Fraud Survey, which collected responses from 1,296 businesses across 53 countries, including 50 Thai and multinational companies operating in Thailand.

Top three fraud risks for Thailand business 

The top three fraud risks that increased during COVID-19 in Thailand are cybercrime (24%), procurement fraud (24%), and asset misappropriation (13%). Despite having limited access to company assets, employees are now working remotely which increases cyber risk. This increased frequency of cyber-attacks means that traditional preventive tools such as code of conduct, investigation or training are no longer sufficient. 

“Given that the nature of cyber-attacks is borderless, lower investment in fraud risk management compared to their global peers, may result in Thai corporates becoming targets of cyber-attacks,” Phansak said. 

Supply chain shortages from the pandemic have had a direct impact on fraud vulnerability. The constraints have forced companies to reallocate human resources from fraud control to supporting supply chain issues, Phansak said. 

To prevent production disruptions, some companies may decide to bring in new suppliers without proper due diligence, which can result in procurement fraud, he said. 

According to the PwC survey, less than 10% of Thai respondents proactively monitored the supply chain and associated risks, making it an excellent target for fraud.

Rising importance of ESG incentivises fraud reporting

The rising demand for ESG is putting pressure on both corporations and governments for higher commitments, resulting in additional reporting requirements and greater regulatory scrutiny. 

Surprisingly, Thai corporations are almost on par with the global figure for having processes in place to identify and manage environmental reporting risk (65% vs 71%). Only 8% of global organisations encountering fraud in the last 24 months experienced ESG reporting fraud.

However, Thai respondents reported none, but the incentive to commit fraud in this area is only going to increase.

“Although there are trusted agencies that conduct ESG assurance, every organisation has the incentive to window dress and manipulate the data to attract investors, which leads to misleading the market participants,” Phansak said.

Apart from periodic assessments of fraud risk to proactively monitor key risks, there are three considerations to help businesses strengthen their fraud risk management. 

  1. Understand the end-to-end lifecycle of customer-facing products. Take time to identify exploits, preventive strategies, and countermeasures.
  2. Strike the proper balance between user experience and fraud controls. Ensure that users have a great experience while detecting and stopping fraudsters. 
  3. Orchestrate the data to track end-to-end lifecycle of users and generate meaningful alerts.

“Preventing fraud and economic crimes is a complex challenge. It takes a continuous effort on governance, people, processes, and the use of sophisticated technology to protect vulnerable perimeters from bad actors who are becoming competent in exploiting the cracks,” Phansak said.

Source: PwC Thailand