economic crime survey 2003
executive summary 3
economic crime: a growing global threat 4
industries at risk 6
types of economic crime 7
the financial cost of fraud 9
the collateral cost of fraud 10
detecting economic crime 12
managing economic crime 13
recovering stolen assets 14
preventing economic crime 15
economic crime risks of the future 16
survey demographics 18
contact details 20
• Economic Crime remains a significant • Average loss per company: • Three quarters of victims of crime
threat: 37% of respondents report US$2,252,889 recovered less than 20% of their
significant economic crimes during losses; only half of respondents had
the previous two years. • The impact on reputation, brand image, insurance against economic crime,
and staff morale can be more important but they recovered more of their losses.
• The bigger you are, the harder you than the direct financial loss.
fall: companies with more employees • The biggest concerns for the future
are more likely to have suffered from • Two-thirds of respondents stressed are asset misappropriation – the most
economic crime. the company’s Board had ultimate visible of economic crimes – and
responsibility for preventing or cybercrime.
• No industry is safe: over 30% of managing economic crime – but only
respondents in each of the industries just over a quarter had given their
interviewed suffered fraud. boards any risk management training.
• Asset misappropriation is the most • Tangible risk management measures
widely reported crime. It is also the reap clear results: those that had
easiest crime to detect, with 59% of suffered fraud took practical anti-fraud
all victims citing this as one of the measures, from employee screening
frauds that they had suffered. to active awareness raising; those that
had not, relied on passive measures
such as a company code of ethics.
economic crime: a growing global threat
Economic crime remains a significant This figure is significantly higher than in Figure 2: Victims of fraud (by region)
threat to companies across all industries our previous European research in 2001.
and territories. Well over a third of The number of organisations reporting
respondent companies worldwide fraud in Western Europe has grown W Europe 34
(37%) said they had suffered from one from 29% to 34%, and in Central and C&E Europe 37
or more serious frauds during the Eastern Europe from 26% to 37%. This
South & Central
previous two years. increase appears to reflect two factors: America
N America 46
Figure 1: Victims of fraud (worldwide) • greater awareness of fraud leading
Asia & Pacific 39
to heightened detection rate; and
0 10 20 30 40 50 60
• a growing desire for transparency,
particularly in EU ‘accession countries’. Yes
The highest levels of economic crime
were reported by respondents in Africa
(51%) and North America (46%).
In contrast, respondents in Russia and
Turkey reported no economic crime
at all. There is clearly some way to
go in both these countries to either
improve detection or to promote
The bigger they are… Figure 3: Victims of fraud
by organisation size (worldwide)
Our findings suggest a direct
relationship between company size and Number of employees
the likelihood of economic crime. Only
Less than 35
35% of smaller companies (less than 1000 65
1,000 employees in territory) reported
economic crime, compared to 49% in More than 49
larger companies (over 1,000
employees in territory). 0 20 40 60 80
Possible reasons for this higher
incidence among larger companies Larger companies also generally invest
include their greater devolution of more in fraud risk management systems.
operational responsibility, tendency This will increase detection rates for
to pursue opportunities in unfamiliar most economic crimes.
markets, higher transactional complexity,
and greater opportunities for collusion
amongst employees. Staff in larger
corporations may also be less
concerned about the financial well
being of their employer, regarding
fraud as a “victimless crime”.
industries at risk
While all commercial activity is of physical assets held, and access to acutely aware of the threat from
vulnerable to economic crime, its financial transactions, many of which economic crime. So the higher reported
incidence varies between industries. may be complex. levels of fraud in these sectors partly
reflect higher sensitivity to – and
The results of the Global Survey It is also noteworthy that other highly detection of – economic crime.
reinforce our findings from the 2001 regulated industries, such as telecoms,
European Survey. Financial services appear at the top of this league table. The lower end of the chart contains
(banking, insurance) have reported more Due to their regulation, these less regulated industries such as
incidences of economic crime than companies have usually developed manufacturing and construction.
other industries. The financial services more sophisticated control and Whilst these industries are prone to
industry is an obvious target for any compliance systems. The financial economic crimes ranging from asset
fraudster, given the significant quantities services sector in particular is more misappropriation to product piracy,
they may often have less sophisticated
Figure 4: Victims of fraud by industry (worldwide) control and detection mechanisms,
or may accept losses through fraud
Telecom & Media 49
IT & IT services 46
Retail & Consumer 44
Energy & Utilities 43
Pharma & Biotech 40
Other financial services 39
Automotive & Aerospace 35
Manufacturing & Industrial products 34
0 10 20 30 40 50 60
% respondents by industry
types of economic crime
By far the most commonly reported Perception and reality very similar. This is likely to be due to
fraud is asset misappropriation, with their greater visibility: lost assets can
59% of those reporting economic Further insights can be gained by be counted, counterfeit products seen
crimes claiming this was among them. comparing the perceived prevalence in the market.
This type of fraud is generally the of each type of economic crime with
easiest to detect, as it involves the theft its actual incidence. However, with both financial
of tangible items with a defined value. misrepresentation and corruption
This may help to explain why it is the With asset misappropriation, product & bribery, the perceived prevalence
most commonly reported. piracy and cybercrime, the perceived is much higher than the reported
prevalence and actual incidence are incidences.
Figure 5: Types of fraud experienced
(worldwide) Figure 6: Frauds considered most prevalent compared with their actual incidence (worldwide)
Misappropriation Asset Misappropriation
Misrepresentation Financial Misrepresentation
Bribery Corruption & Bribery
3 Money Laundering
Cybercrime 15 6
7 Industrial Espionage
Product Piracy 19.5 20 8
Product Piracy 8
0 20 40 60 80
% respondents 0 5 10 15 20 25 30 35
Perceived prevalence Actual incidence
With financial misrepresentation, this Given the serious implications of It is inevitable that the overall figure for
gap appears to reflect two factors: financial misrepresentation, it should be Money Laundering incidence will be low.
worrying that one in 10 organisations In order to get a realistic impression of
• higher awareness following the reported incidences (figure 5). the level or impact of money laundering,
corporate scandals in North America it should be assessed according to its
and Europe; and The high perceived prevalence of incidence within the financial services
corruption & bribery reflects the hard sector. One in six banks reported having
• an understanding that it is likely to work of governments, regulators, and uncovered money laundering during the
have an especially dramatic impact certain NGO’s to raise public awareness; previous two years. 220 financial
on a business. an important factor in helping to reduce services organisations worldwide said
actual incidence. they had reported suspicious transactions
Figure 7: Types of corruption & bribery during the two years, with 20% reporting
(worldwide) 199 respondents reported suffering more than 10 suspicious transactions.
corruption & bribery (worldwide). 45% This almost certainly reflects the well
% were solicited with or received a bribe, publicised and ongoing efforts to raise
and 41% of those more than 4 times! awareness of money laundering and
43% were required to offer or pay a stop movements of illegally obtained
bribe – 52% of those more than 4 times! funds by convincing countries to adopt
The remaining 12% refused to comment. internationally accepted anti-money
laundering regulations, as well as
The incidence of corruption & bribery has regularly monitoring their performance.
a regional bias towards the developing
markets of Africa, South and Central
10 41% 52%
America, and Asia Pacific. In these regions
such acts are often viewed as an
Solicited/ Offered/ acceptable element of doing business.
received a bribe paid a bribe Increasing pressure from developed
No of respondents affected by corruption & bribery economies is forcing many countries
More than 4 times
to promote increased awareness of
corruption & bribery, and many
companies operating in those markets
to carefully review their procedures.
the financial cost of fraud
We spoke to over 1250 companies that cybercrime can be especially hard to Among the remaining two thirds
reported losses due to economic crime in quantify. Even with a more quantifiable (793 companies), we estimate the
the last 2 years. 793 of these companies crime such as asset misappropriation, average loss from fraud was
were able to quantify their loss. 21% of victims could not put a figure US$2,252,889.
on their losses.
Even when companies know that they
have suffered economic crime, they Figure 9: Average financial loss by type of fraud over last two years (worldwide)
find it difficult to quantify the financial
impact on their business. A third of
victims cannot even guess how much 3% of larger companies and 2%
Product Piracy & Counterfeiting of smaller ones admitted to losing
it cost them. It is clear that the financial 5% of larger organisations and 3% more than US$10 million.
of smaller ones estimated their
cost of less tangible economic crimes, losses at over US$10 million. US$1,390,038
such as bribery & corruption and US$3,757,218
Figure 8: Financial loss through fraud
Corruption & Bribery
One in twenty respondents
estimated that they had paid
Difficult to put 33 out more than US$10 million
a value on in bribes.
More than 10m 3 US$912,337
Of the small number who
Over two thirds of cybercrime
1m to 10m suffered this crime, almost
10 victims could not quantify the
three quarters were unable to
direct monetary costs.
put a figure on their losses.
250k to 1m
50k to 250k
The average loss per company from fraud – US $2,252,889
10k to 50k
up to 10k 13
0 10 20 30 40 50
the collateral cost of fraud
The damage inflicted by economic crime Incidence of economic crime in an on external business relationships.
goes far beyond direct monetary loss. organisation invariably raises questions It is noteworthy that both asset
Intangible assets including business in employee’s minds about its leadership misappropriation and cybercrime are
relationships, staff morale, reputation and and governance, its ethics, or as a secure perceived to inflict less damage in this
branding are critical to any business. These environment to work. Repeated exposure area than the other forms of economic
can all be undermined by the occurrence to such issues can undermine years of crime. It may be that organisations
or even the perception of fraud. carefully built up staff loyalty. accept exposure to these types of
crimes as part of the everyday risks
The reported impact varies depending The second most common concern is of doing business, whereas financial
on the nature of the crime committed. the effect of economic crime incidence misrepresentation, corruption and
Figure 10: The collateral cost of fraud (worldwide)
Asset Misappropriation Reputation
50% Brand image
40 Staff moral
Product Piracy Financial Misrepresentation
Industrial Espionage 0 Corruption & Bribery (solicited/received)
Cybercrime Corruption & Bribery (offered/paid)
bribery may be indicative of wider Overall, a failure to tackle – or at believed the impact to be short-term
company issues. least manage the risk of – economic (less than one year). This should not
crime effectively can store up long-term disguise the fact that approximately one
Business relationships and brand image operational problems for any enterprise. third of respondents reported long-term
also suffer significantly where product The safeguarding of valuable intangible effects of economic crime on their
piracy is at play. As a crime extremely assets such as brand, client relations, and business, and in the case of share price
prevalent in Africa and Asia Pacific, staff morale should be a key objective. 44%. A sure sign that collateral damage
companies operating in those markets should be considered on a par with
need to be aware of the major impact Asked to consider whether the collateral monetary loss when determining
product piracy can have on product damage had a short or long-term impact economic crime risks.
and brand licensing deals by diluting on their business, most respondents
the underlying asset value and creating
mistrust among business partners. Figure 11: Was the impact of economic crime short or long term? (worldwide)
The relationship between economic
crime and share performance is a 35
complex issue. A relatively small 70
number of victims felt that fraud had Brand image 38
affected their share price – even where 66
financial misrepresentation has Share price 44
potentially called previously disclosed 58
information into question. However, the Staff morale 31
proportion of respondents who reported
an impact on share price as a result of Business relationship
economic crime has doubled since our
2001 research, perhaps indicating that 0 10 20 30 40 50 60 70 80
the financial markets no longer view
Long term Short term
economic crimes as a historical offence
with limited future relevance.
detecting economic crime
Fraudsters invariably take great pains The results vary considerably depending Clearly, reliance on luck is not a basis
to conceal or remove evidence of their on the size of the organisation for an anti-fraud regime. However,
crimes. As companies can only report concerned. Within larger organisations even where companies have control
crimes that have been detected, it is a combination of factors are likely to be systems to detect economic crime,
not possible to judge how much fraud involved in the detection of an incident. these can often be rendered ineffective
goes unnoticed. What we can analyse Large companies most often detected by management override or collusion.
is the means by which fraud is brought fraud through their control and risk Companies need to do more in terms of:
to light. management systems. However, in
many cases this was accompanied by • Assessing the real risks and
Figure 12: How economic crime is detected a finding from the internal or external vulnerabilities to fraud within the
(worldwide) audit function or from a tip-off. organisation
Smaller organisations detected a far • Communicating actively the company’s
By a tip-off 28
greater proportion of economic crime stance on fraud and “walking the talk”
By changes in
management 10 through audit processes than by other
By internal or
means. Given the respective size of the • Proactively monitoring risky areas
external audit organisations this is most likely to be
Risk management 28 via the external auditors – a worrying • Developing policies to encourage
finding that suggests smaller companies (and protect) “whistleblowers”
may be placing too little attention on
Other 28 the development of effective controls • Expecting the worst and being
and alternative checks and balances. prepared – devising a robust fraud
None of 6
the above Over-reliance on a single annual review response plan
0 10 20 30 40 50 60 to root out problems may be playing
into the fraudster’s hands.
A consistent theme from our previous
European survey is that over a third of
economic crimes at major companies
are uncovered by accident.
managing economic crime
Respondents assign primary responsibility Figure 13: Bodies to which economic crime We are surprised that this figure is so
for managing economic crime issues to must be reported (worldwide) high. Our experience in investigating
the board of directors. 62% of economic crime for corporations
respondents stated that the board must suggests that there are many reasons
Board of directors 62
be informed of all instances of economic why an organisation may choose not to
crime. There are significant regional Audit committee 24 report a fraud to an external body. These
variations however. Within Asia & Pacific include the potential impact of negative
Internal audit 34
(83%) the responsibility is vested firmly publicity on business relationships or staff
with the Board. Significantly fewer Board of morale. In addition, companies often fear
companies in North America (45%) and the costs of a drawn-out judicial process,
Central & Eastern Europe (47%) rely on or simply believe there is little chance
the Board to fulfill this duty. In both 0 20 40 60 80 of recovering the stolen assets. It may
these regions, company management is well be that companies have a public
just as likely to have responsibility for face supporting a policy of reporting all
managing the issues. Respondents’ opinions varied on matters to the authorities, but become
how economic crimes should be dealt more pragmatic when faced with an
Regardless of where the primary with once detected. Overall 63% of actual event.
responsibility lies it is surprising that respondent organisations said they
only 28% of organisations have had a requirement to report frauds to Figure 14: Responsibility for dealing with
economic crime (worldwide)
implemented any fraud-related training an external body. Once more though,
for the Board or management. Given the regional variations are significant.
increasing focus on corporate fraud with In the Asia & Pacific region only 48%
Board of directors 33
regulators, ratings agencies and others of companies had a requirement to
now scrutinising companies involve the authorities. In Africa and Internal audit 20
for signs of misdeed, Boards and Central & Eastern Europe over 80% Internal legal
management need to consider making of companies said that they applied
this type of training part of their this policy. External auditors 3
corporate governance regime. External legal
0 10 20 30 40 50 60
recovering stolen assets
Even if economic crime is detected and Insurance However, insurance can have a
prosecuted, it can still prove impossible significant impact on recoveries.
to recover the assets. Of respondents Surprisingly, given the high awareness Companies with insurance reported
who had experienced fraud, only 8% of economic crime, less than half the being 300% more likely to recover
had succeeded in recovering more than organisations surveyed had taken out more than 60% of their losses.
80% of their losses, whilst almost three- insurance against fraud losses. This may
quarters recovered less than 20%. be due to management indifference or
scepticism over how much insurance
There are many reasons for this relative could actually recover.
failure to recover lost assets. Companies
are reluctant to embark on long Figure 15: Recoveries of companies with and without insurance (worldwide).
recovery processes with no certainty
of success, especially where the assets
have been moved across borders. Companies
27 52 21
However, there may be good reasons
to pursue the assets regardless – firstly
because it is not always possible to Companies
24 69 7
form a realistic view of the chances of
0 20 40 60 80 100
recovery until the process gets under
way, and secondly because a policy
0 1 to 60% 61 to 100%
of always attempting recovery helps to
create the right culture of deterrence.
preventing economic crime
Not surprisingly, companies that have Those that had not suffered fraud Organisations that take practical measures
suffered economic crime are more tended to rely on more intangible to combat fraud, and that effect change
concerned about the strength and prevention tools such as codes of on the ground rather than creating the
effectiveness of their systems to prevent conduct or ethical policies. In contrast, appearance of addressing the problem,
fraud. They are also more likely to have fraud victims instituted more tangible will develop a stronger culture of
taken proactive measures to reduce measures such as employee screening, prevention. As a result of such action,
future exposure. management training and whistleblowing companies that had reported economic
programmes. They also invested greater crime are “quite” or “very” confident
Our findings illustrate the impact of effort in raising awareness of the that their anti-fraud controls are stronger
fraud on an organisation’s mindset. potential for economic crimes. now than they were two years ago.
Figure 16: Types of corrective measures Figure 17: Confidence in fraud risk management systems
Specific fraud Global -8 55 27
training for management
or a code of conduct
W Europe -7 56 28
Consideration of fraud in
risk management systems 49
C & E Europe -3 57 33
Pre-employment screening 47 South & Central America -4 63 24
Public source information 33 N America -1 61 27
Asia & Pacific -14 46 22
Africa -9 61 25
-20 0 20 40 60 80 100
0 10 20 30 40 50 60 70 80
% respondents Not confident Quite confident Very confident
economic crime risks of the future
Most organisations expect the threat The responses from Central & Eastern risks without substantial actions to
of economic crime to increase over Europe are in line with our European tackle the roots of all economic crime:
the next five years, with respondents survey of 2001. Then companies motive, opportunity and a clearly
in North America and Africa being surveyed also showed some optimism perceived benefit of reward over
especially pessimistic. Our findings for a fall in economic crime risks in punishment.
support this general perception that that region. In the last two years
the risk will increase. however, our respondents in Central Looking forward over the next five
& Eastern Europe reported significantly years, 34% of companies expect their
However, companies in Central & more economic crime (2003: 37%, 2001: greatest economic crime risk to be asset
Eastern Europe and South & Central 26%). In our view it is unrealistic to misappropriation – currently the most
America expect the risk to decrease. expect decreases in economic crime frequent form of fraud worldwide –
and 33% cybercrime.
Figure 18: Expectation as to whether fraud risk will increase over the next 5 years
Compared to our previous European
Global -23 27 7
survey where cybercrime was by far the
greatest fear for the future (2001:43%)
this is a significant decrease. Regional
W Europe -15 31 7 factors do play a role however in this
analysis. Asset misappropriation is
C & E Europe -44 15 3
most noticeably seen as a threat in
South & Central America -39 18 5 Africa (48%) and North America (52%).
N America -13 42 10 In the Asia & Pacific region however,
cybercrime is still seen as the key risk
Asia & Pacific -16 31 9
for the future with 35% of companies
Africa -22 22 20 citing this as their chief concern. 27%
-60 -40 -20 0 20 40 60 of South and Central America companies
agreed with them, however a similar
Less likely More likely Much more likely proportion believe that the issues of
corruption & bribery will remain their
greatest economic crime threat.
Figure 19: Frauds considered most prevalent compared with future concerns (worldwide)
Asset Misappropriation 24
Financial Misrepresentation 17
Corruption & Bribery 31
Money Laundering 6
Industrial Espionage 13
0 5 10 15 20 25 30 35
Perceived prevalence Future concerns
The lower proportion of respondents electronic data and the use of viruses.
anticipating cybercrime as the most Companies now define cybercrime
significant future threat (figure 19) may more accurately, and expect fewer
reflect two factors. Firstly, much activity occurrences as a result. Secondly,
initially categorised as cybercrime was whilst the effects of cybercrime can be
in fact ‘traditional’ fraud conducted by extremely severe for those companies
electronic means – for instance, asset targeted, it appears that many cyber
misappropriation through tampering criminals are extremely selective in
with payment data – rather than crimes their targets. Companies that have
now clearly defined as cybercrime such not yet been made a target may be
as denial of service attacks, theft of breathing a premature sigh of relief.
This survey was the result of 3,400 interviews in 50 countries. The number of The size of participating organisations was
interviews conducted per country was: as follows:
Western Europe 1476 South & Central America 554 Global
UK/NI/ROI 162 Argentina 96
Austria 83 Brazil 86
France 156 Chile 53 <200 23
Germany 150 Columbia 48
Norway 90 Dominican Republic 31
Portugal 50 Mexico 87 201-1,000 41
Spain 106 Guatemala 30
Sweden 91 Peru 51
Switzerland 89 Uruguay 36
The Netherlands 103 Venezuela 36
Italy 159 >5,000 9
Denmark 88 North America 103
Greece 59 Canada 103 0 10 20 30 40 50
Belgium 90 %
Central & Eastern Europe 378 Asia & Pacific 878 Respondents were CEOs and CFOs and
Czech Republic 50 Australia 100
those responsible for preventing and
Hong Kong 85 detecting fraud. They were drawn from
Hungary 25 India 85
Bulgaria 25 the following industry sectors:
Poland 85 Japan 423*
Romania 29 Singapore 50
Slovenia 27 Global
Services Financial services
Russia 29 29% 13%
Slovak Republic 31 Africa 143
South Africa 91
*weighted in the statistics to reflect a base of 150 respondents
Percentages may total more or less than 100 per cent as respondents were able to provide multiple answers 58%
or may have chosen not to answer.
8 companies suffered economic crimes totalling in excess of US$100 million, and have been removed from
the “total cost” analysis.
Due to diverse descriptions of individual types of economic crime in countries’ legal statutes, we have developed the following
categories for the purposes of this survey. The descriptions were read to each of the respondents at the start of each survey to
Fraud/Economic Crime The intentional use of deceit to deprive another of money, property or a legal right.
Asset misappropriation The theft of company assets (including monetary assets/ cash or supplies and equipment) by company directors, others
(inc. embezzlement by employees) in fiduciary positions or an employee for their own benefit.
Financial misrepresentation Company accounts are altered or presented in such a way that they do not reflect the true value or financial activities
of the company.
Corruption & Bribery Typically, the unlawful use of an official position to gain and advantage in contravention of duty. This can involve the
(inc. racketeering & extortion) promise of an economic benefit or other favour, the use of intimidation or blackmail. It can also refer to the acceptance
of such inducements.
Money Laundering Actions intended to legitimise the proceeds of crime by disguising their true origin.
Cybercrime The illegal access to a computer or computer network to cause damage or theft.
(e.g. hacking, virus attacks, denial of service,
electronic theft of proprietary information)
Industrial espionage & information brokerage The acquiring of trade secrets or company information by secretive and illegal means and/or the selling of these secrets
or information to interested parties.
Product Piracy/Counterfeiting The illegal copying and/or distribution of fake branded goods in breach of patent or copyright. This also includes the
creation of false currency notes & coins with the intention of passing them off as genuine.
Other terms used in the survey
Whistleblowing The disclosure by an employee of malpractice in the workplace
Tip-off A hint or indication about goings-on in the organisation
Audit The formal examination and review of a company’s accounts and/ or practices.
Risk management systems Systems put in place to assess, identify and respond to risks in the company.
Soliciting or receiving a commission Being offered or given money or other incentives to help influence a business decision in the donor’s favour.
Offering or paying a commission Having to offer or give money or other incentives to help influence a business decision in your favour.
The majority of companies would have found it a near impossibility to quantify exactly the financial
impact of a fraud or frauds upon them. In order to facilitate their answering of this question, we provided a
series of financial ranges for them to work within:
• < US$ 10,000 • US$ 1 million – 5 million
• US$ 10,000 – 50,000 • US$ 5 million – 10 million
• US$ 50,000 – 100,000 • US$ 10 million – 50 million
• US$ 100,000 – 250,000 • US$ 50 million – 100 million
• US$ 250,000 – 500,000 • > US$ 100 million
• US$ 500,000 – 1 million
The values quoted in the report are estimates derived from a computation that assigned a midpoint to each
value range for the frauds which a company reported it had been subject to. This provided a total cost of
fraud for each individual company from which was calculated (1) the average figure and (2) the total figure.