Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Российский обзор экономических преступлений за 2016 год

237 views

Published on

В этом году в центре внимания нашего исследования находятся три вопроса: программы по соблюдению правил деловой этики и нормативно-правовых требований; противодействие легализации (отмыванию) доходов, полученных преступным путем; и киберпреступления. Помимо конкретных аспектов экономических преступлений, на которых следует сосредоточить особое внимание, в обзоре подчеркивается важность реализации более комплексных и эффективных мер, которые позволяют минимизировать указанные риски.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Российский обзор экономических преступлений за 2016 год

  1. 1. www.pwc.ru/en/forensic-services Russian Economic Crime Survey 2016 Looking to the future with cautious optimism 48% of respondents have experienced an economic crime in the past 24 months 30% of respondents were affected by bribery and corruption which lower compared to 2014 50% of organisations that have suffered an economic crime highlighted its significant negative effect on employee morale Economic crime rate falls by 20% as anti-fraud measures take hold 95% of respondents believe that the vendor selection stage is the area of procurement that is most susceptible to fraud 65% of organisations surveyed perform risks assessment at least once a year, while 83% have a formal ethics and compliance programme in place
  2. 2. 3Russian Economic Crime Survey 2016 Contents 08 08 Incidents of economic crime 10 Fraud detection and investigation 14 Procurement fraud 15 Bribery and corruption 15 Fraud horizon 34 Economic crime trends Contacts 22 Cybercrime 04 Foreword 26 Anti-money laundering 32 Terminology 06 Highlights of the survey 16 Ethics and compliance
  3. 3. We are pleased to present the results of the 2016 Economic Crime Survey in Russia. The results are based on the responses submitted by the Russian participants in the eights Global Economic Crime Survey conducted by PwC. Over 6,000 participants from 115 countries, including representatives of 120 Russian organisations participated in the global survey. Since 1999, the purpose of the survey is to seek respondents views on economic crime in general, on its causes, method of detection and prevention, and consequences of economic crime. Our survey this year focuses on three key areas: Ethics and compliance programmes, Anti-Money laundering and Cybercrime. In addition to highlighting specific areas of economic crime worth focusing on, we emphasise the things you can do better to tackle them – implementing more sophisticated and effective measures that can reduce these risks. Though the economic crime is still a major issue for businesses in Russia our survey shows a positive trend – a drop in economic crime in Russia by 20%, which we believe is the result of anti-corruption developments in Russia, strengthening of the internal audit function and other measures which are discussed further in our survey. Our survey covered a wide range of organisations operating in Russia including private companies (34%), publicly traded companies (59%) and government sector entities (3%). Respondents represented activities across the industry spectrum including financial services (23%), manufacturing (12%), energy, utilities and mining (9%), pharmaceuticals and life science (9%), retail and consumer (7%), transportation and logistics (7%). The majority of respondents occupy the senior positions such as chief financial officers/treasurers/controllers or heads of business units/departments. In addition, 50% of respondents worked in organisations with over 5,000 employees. We are very grateful to all the respondents of this survey. Most important we really hope that the results of our survey will help the readers in their fight against economic crime. Best regards, Jeremy Outen Partner, Forensic Services Leader, PwC Russia Jeremy Outen Partner Forensic Services Leader PwC Russia Foreword 4 PwC
  4. 4. 72%of respondents were managing the Finance, Executive Management, Audit, Compliance and Risk Management Functions 59%of the survey population represented publicly traded companies 25%of respondents employed by organisations with more than 1,000 employees and less than 5,000 employees 38%of respondents employed by organisations with more than 10,000 employees 48%C-suite 43%Head of Department or Business unit Industry sectors 7% Retail and consumer 7% 23% Financial Services 9% 9% 12% Manufacturing Respondents Transportation and logistics Energy, utilities and mining Pharmaceuticals and life science Participation statistics 5Russian Economic Crime Survey 2016
  5. 5. 6 PwC • 48% of companies and organisations in Russia have experienced an economic crime in the past 24 months. This is significantly lower than the result for 2014 (60%), but, nonetheless, it is higher than the respective global result (36%). • This decrease in economic crime may have been driven by following market trends: the enhanced role of internal audit within organisations and development of other systems of detection. • 65% of respondents in Russia stated that they perform fraud risk assessments at least once a year. Globally, only 51% of respondents perform risk assessments at least once a year. At the same time, 83% of respondents in Russia reported that their organisations have a formal ethics and compliance programme in place (this figure corresponds with the global average). • Our respondents state that the majority of economic crimes in Russia were initially detected by internal audit functions and corporate security (20% and 15%, respectively), which is a change from the 2014 survey, when the majority of cases were detected by corporate security (19%), while internal audit procedures were cited by 10% of those surveyed. This means that internal audit is now the most effective measure for detecting fraud in Russia. Reporting of suspicious transactions as a detection mechanism, which plays a predominant role globally, has significantly increased in Russia compared to 2014 (11% in 2016 vs 3% in 2014). Russian companies appear to have started putting measures in place to respond to risks identified during assessments. • However, fraud is still considered a significant potential threat. At least 41% of respondents believe that their organisations are likely to experience an economic crime over the next 24 months. • The profile of economic crimes remains along traditional lines in Russia. The most common types of fraud are asset misappropriation, procurement fraud, bribery and corruption. Furthermore, whilst cybercrime has moved up to second position globally, in Russia, it remains fourth on this list. • Amongst those who have suffered an economic crime over the last two years, asset misappropriation remains the main type of fraud (cited by approximately 72% of respondents in Russia and 64%, globally) and this has not changed significantly since 2014. Asset misappropriation has traditionally been regarded as one of the easiest of frauds to detect, thus its prevalence in our survey from year to year is to be expected. • In Russia, asset misappropriation is followed by procurement fraud. The number of responses noting procurement fraud is higher in Russia (33%) than globally (23%). Furthermore, vendor selection is highlighted as the most vulnerable area. For instance, 95% of our respondents think that procurement fraud occurs during this stage. It is also noteworthy that our respondents in Russia expect procurement fraud to be more common than asset misappropriation over the next two years. • There are many causes of economic crime. Our survey shows that the opportunity or ability to commit crime is perceived to have risen in Russia by 8% since 2014, and remains by far the most important factor (84%), followed by incentive or pressure (8%) and the ability to rationalise such an action (8%). Generally, this breakdown is in line with global trends where the opportunity or ability to commit fraud is also the most significant factor (69%). • In Russia, 44% of respondents reported having lost less than USD 100,000 to economic crime in the past 24 months, while 25% experienced losses between USD 100,000 and USD 1 million, and 23% experienced losses in excess of USD 1 million. Furthermore, in addition to financial losses, every economic crime produces collateral damage. • In Russia, every second respondent reported a negative effect on employee morale as the most significant result of economic crime in the past 24 months, while globally, only 44% of respondents noted this. In addition, the possible negative impact on business relations and reputation or brand strength raises slightly less concerns in Russia than worldwide. Highlights of the survey
  6. 6. 7Russian Economic Crime Survey 2016 • Both in Russia and globally, internal actors continue to dominate the profile of fraudsters operating against companies. However, there was a 12% decrease in the number of respondents reporting that external actors were perpetrators of fraud. In Russia and globally, internal perpetrators originate from middle management (42% and 35% respectively), while junior management also contributed a great deal to the perpetration of internal fraud (31% and 32%, respectively). The majority of internal fraudsters were male (77%), aged from 31 to 40 years old (62%), with a higher education (72%). The proportion of fraudsters coming from senior management in Russia decreased from 36% to 15% over the last two years. • In cases of economic crime involving third parties, the number of respondents engaging law enforcement against the perpetrators of such crimes has increased (67% vs 60% in 2014). Globally, this also remains the most common action against external perpetrators. Interestingly, cessation of business relationships has become a less popular action in Russia (56% vs 70% in 2014), but this is still significantly more common than the global result (25%). • While globally asset misappropriation, bribery and corruption, procurement fraud and accounting fraud showed a slight decrease this year over 2014’s statistics, cybercrime jumped to second place (32%). In Russia, however, only 23% of respondents suffered from cybercrime in the last two years, which is 2% lower compared to 2014. The perception of the threat posed by cybercrime has also changed. For instance, 53% of our respondents globally believe this risk has increased in the last two years while only 32% of our respondents in Russia perceive an increase in this type of risk. According to our CEO survey, executives in Russia highlighted cybercrime and weak data protection among key business risks (43%). • Bribery and corruption are still a challenge in Russia. For instance, 30% of respondents in Russia were affected by bribery and corruption compared to 24% globally. This year’s results demonstrate a decrease compared to 2014, when 58% of respondents suffered from this type of economic crime. In addition, 21% of our survey respondents stated that they have been asked to pay a bribe, which is lower compared to 41% in 2014. Furthermore, 17% of respondents lost an opportunity to a competitor, whom they believed to have paid a bribe, compared to 42% in 2014. This positive shift may be explained by two factors. Firstly, over the last four years, Russia has adopted various anti-corruption regulations and laws and we might be now seeing the results of these measures. Secondly, the share of publicly traded companies in our current survey has increased from 40% to 59% compared to 2014. Our experience shows that publicly traded companies tend to have more robust ethics and compliance programmes. • However, bribery and corruption remains one of the major risks for business. For example, 70% of executives in our recent Russian CEO survey reported it as one of the most important issues in their eyes. • In Russia, 87% of respondents reported that their organisations have developed a comprehensive code of conduct. However, only 68% of these respondents indicated that regular training on their respective codes of conduct have been carried out. • Our survey shows that enforcement of anti-money laundering (AML) has resulted certain challenges even for financial institutions with sophisticated and robust AML compliance programmes. The biggest challenge for effective AML compliance cited by the respondents in Russia is the pace of regulatory change (58%) (this is significantly higher than the global result (19%). AML regulation in Russia has also experienced significant transformations recently. Another challenge in AML compliance specified by respondents globally is lack of skilled staff (19%), while only 4% of our respondents in Russia consider this an important issue. Highlightsofthesurvey
  7. 7. 8 PwC Overview In Russia, almost half of all companies and organisations (48%) reported that they had an experienced economic crime in the past 24 months. However, this is a significantly lower result compared to 2014 (60%). Nevertheless, the rate of economic crime in Russia remains higher than the global average (36%), the results for the Emerging 7 countries (29%)1 and Eastern Europe (33%). Fig 1: Reported rate of economic crime 49% 59% 71% 37% 60% 48% 0% 10% 20% 30% 40% 50% 60% 70% 80% 2005 2007 2009 2011 2014 2016 Fig 1: Reported rate of economic crime It is worth noting that, out of those who have experienced economic crimes, 33% had suffered more than 10 instances in the past 24 months. The decrease in economic crimes in Russia may be explained by various reasons. Firstly, the results of our survey show that the role of internal audit has strengthened while other fraud detection mechanisms have also developed further. In our experience, organisations that have developed fraud detection mechanisms and implemented fraud risk management programmes are better prepared to detect and prevent fraud. Secondly, we have seen some major developments in the measures adopted against corruption in Russia over recent years, including legislative initiatives aimed at applying best global practices. Further in our survey, we will touch on these reasons in more detail. Change in types of economic crime The most pervasive economic crimes reported by our respondents in 2016 are highlighted below. Asset misappropriation is seen as the most common form of economic crime, both in Russia and globally. For instance, 72% of respondents in Russia who experienced economic crime and 64% globally reported being victims of asset misappropriation. The prevalence of asset misappropriation among other types of economic crimes is not surprising. Typically, asset misappropriation is easier to detect, since this type of fraud is not as complicated as, for example, bribery and corruption or cybercrime. Economic crime trends Fig 2: Main types of economic crime in Russia compared to global trends 0% 10% 20% 30% 40% 50% 60% 70% 80% Russia Global Fig 2: Main types of economic crime in Russia compared to global trends, % relates to respondents who have suffered crimes Asset misappropriation Procurement fraud Bribery and corruption Cybercrime Money laundering Accounting fraud Intellectual property (IP) infringement 64% 23% 30% 32% 12% 18% 7% 72% 33% 24% 23% 11% 23% 14% 1 Emerging 7 countries comprise Brazil, Russia, India, China, Indonesia, Mexico and Turkey. Incidents of economic crime
  8. 8. 9Russian Economic Crime Survey 2016 Procurement fraud was commonly cited (33%), making it the second most frequently reported type of fraud experienced in Russia. It is worth noting that the number of responses in Russia is 10% above the global average. We see this type of fraud as a double threat with a negative impact both on business and public sector. The number of responses related to bribery and corruption is higher in Russia (30%) than the global average (24%). However, there is a significant decrease in the number of responses related to bribery and corruption over the last two years, from 58% in 2014 to 30% in 2016. Globally, cybercrime has moved up to second position (32%). At the same time, the number of responses related to cybercrime in Russia is lower (23%) and has not changed much since 2014 (25%). Does this mean that Russian business is less exposed to cybercrime? We should remember that a significant percentage of those who did not report cybercrime could have suffered an event, but may not even have known about it. Negative consequences of economic crime In Russia, 44% of respondents who experienced an economic crime in the past 24 months reported loss up to USD 100,000 and 25% of respondents reported loss between USD 100,000 and USD 1 million. 23% of our respondents reported losses in excess of USD 1 million, while globally only 14% of those surveyed had experienced such significant damage. Top 3 most commonly reported types of economic crime in 2016 Asset misappropriation Procurement fraud Bribery and Corruption Тор 3 most commonly reported types of economics crime in 2016 Asset misappropriation Procurement fraud Bribery and corruption 72% 33% 30% The true costs of economic crime are difficult to estimate, especially considering that actual financial losses only comprise a small component of the fallout from a serious incident. Our survey respondents consistently note wider collateral damage, including business disruption, investigative and preventive interventions, remedial measures and, crucially, damage to employee morale and business reputation as having a significant impact on long-term business performance. In Russia, 50% of organisations that have suffered economic crime in the past 24 months stated that this has had a significant negative effect on employee morale. Globally, only 44% of respondents noted such crimes’ impact on the overall mood of employees. Furthermore, respondents in Russia are less concerned with the negative impact on business relations (35%) and reputation/ brand strength (34%). Fig 4: Negative consequnces (high and medium impact) suffered due to economic crime 0% 10% 20% 30% 40% 50% 60% Russia Global Fig 4: Negative consequnces (high and medium impact) suffered due to economic crime Employee morale Business relations Organisation's reputation / brand Relations with regulators Share price 44% 50% 32% 35% 32% 34% 27% 28% 9% 10% Collateral damage, of course, while not always quantifiable, can dwarf the relatively shorter-term impact of financial losses over time. Fig 3: Financial loss from economic cirmes 36% 17% 22% 9% 4% 1% 26% 18% 25% 19% 4% 0 5 10 15 20 25 30 35 40 Russia Global Less than USD 50,000 USD 50,000 – 100,000 USD 100,000 – 1m USD 1m – 5m USD 5m – 100m >USD 100m Economiccrimetrends
  9. 9. 10 PwC Causes of economic crime There are many causes of economic crime. Experts often point to three factors that are commonly found when fraud occurs (the so-called “Fraud Triangle”): opportunity or ability to commit a crime, incentive or pressure, and rationalisation. In Russia, perception of the significance of opportunity or ability to commit crime has risen by 8% since 2014 and remains by far the most important factor (84%). Incentive or pressure and ability to rationalise are at the same level (8%). Generally, the structure of the fraud triangle in Russia is similar to the global situation with opportunity or ability to commit fraud being the most significant factor (69%). The trend of rising opportunities or ability to commit economic crimes is worrying. This means that companies should mitigate such loopholes by taking a proactive approach in order to ensure that fraud prevention and detection mechanisms are effective in addressing the significant risks of fraud. Fraud triangle Incentive or pressure Rationalisation Opportunities 2016 2014 8 8 84 12 9 76 Fraud detection and investigation Risk assessment Fraud risk assessments are essential for identifying threats and weaknesses in controls that give rise to opportunities to commit fraud. In Russia, respondents tend to perform risk assessments on a regular basis (every six months or annually). The numbers of companies that have never performed a risk assessment in Russia, or have performed it only once, is lower than the global results (23% and 32%, respectively). Overall, Russian respondents claim that they conduct fraud risk assessments much more frequently than their global peers. As mentioned above, respondents both in Russia and around the world consider the opportunity or ability to commit fraud to be the most important factor contributing to the occurrence of such crimes. Thus, it is even more vital that companies conduct risk assessments, as they can help to identify internal control weaknesses and, thereby, prevent or at least to mitigate the risk of economic crime. Detection of economic crime Our survey shows that the majority of economic crimes in Russia were initially detected by organisations’ internal audit functions and corporate security (20% and 15%, respectively). However, the global results are different, at 11% and 5%, respectively. Globally, the leading method for detecting economic crime is reporting on suspicious transactions. In Russia, fraud detection methods have undergone various changes in the past 24 months. The role of internal audit functions in detecting economic crime has significantly changed since our previous survey (10%), compared to 20% in 2016. In addition, the role of corporate security departments in detection of fraud weakened in 2016. Reporting on suspicious transactions and fraud risk management are becoming important methods of detecting economic crimes (20%). Russian organisations appear to have implemented proper measures to respond to the risks identified during risk assessments and are shifting to more effective internal risk management systems in order to identify cases of fraud. Fig 5: Minimum frequency of performance of fraud risk assessments Fig 5: Minimum frequency of fraud risk assessments 4% 10% 6% 31% 9% 18% 9% 29% More often than quarterly Quarterly Every six months Annually Russia Global
  10. 10. 11Russian Economic Crime Survey 2016 Fig 6: Fraud detection methods in 2014 and 2016 20142016 Fig. 6: Fraud detection methods in 2014 and 2016, % relates to respondents who suffered crimes 10% 19% 3% 9% 3% 20% 15% 11% 9% 9% 0% 5% 10% 15% 20% Internal audit IT and physical security Suspicious transaction reporting By accident Fraud risk management Perception of law enforcement We asked respondents to comment on whether they believe local law enforcement to be adequately equipped and trained to investigate and prosecute economic crimes. The majority of respondents expressed their doubts in this regard, both globally and in Russia (44% and 38%, respectively). Main fraud culprits 46% of our respondents in Russia and globally reported that internal perpetrators dominate the profile of fraudsters. Investigation When an incident of potential fraud has been identified, in most cases (85%), respondents stated they will rely on their internal resources to perform internal investigations. Globally, this percentage is lower (72%). In our previous survey for 2014, we reported even higher figures (93% and 79%, respectively). However, the survey also shows that one or more other types of actions usually accompany internal investigations. We believe that, in some situations, external assistance can add value (e.g., relying on specific expertise, independence, resources, etc.). In general, respondents in Russia tend to use the same approach as their global counterparts. Fig 7: Fraud investigation methods in 2014 and 2016 20142016 Fig. 7: Fraud detection methods in 2016 and 2014 93% 15% 13% 18% 10% 85% 22% 20% 19% 7% 0% 20% 40% 60% 80% 100% Use internal resources to perform an internal investigation Contact an external legal advisor Consult with an auditor Engage a special forensic investigator Wait to see if further indications of potential fraud in the same area may arise Fig 8: Perpetrators of fraud Fig 8: Perpetrators of fraud Russia Global 0% 10% 20% 30% 40% 50% Internal actor External actor Don't know 46% 46% 33% 41% 13% 21% Economiccrimetrends
  11. 11. 12 PwC Most likely characteristics of internal fraudster Male University/college graduate 31–40 years old 3–5 years service Internal actor 49% 2014 46% 2016 External actor 45% 2014 33% 2016 3% Decrease 12% Decrease In Russia, there was a 3% decrease in a number of respondents who reported internal actors as perpetrators of fraud, from 49% in 2014 to 46% in 2016. Globally, there was a significant decrease (10%), from 56% in 2014 to 46% in 2016. In Russia, there was a 12% decrease in the number of respondents who reported that external actors were perpetrators of fraud, from 45% in 2014 to 33% in 2016. Globally, an opposite trend was observed - a 1% increase from 40% in 2014 to 41% in 2016. Internal perpetrators Both in Russia and globally, economic crimes are largely committed by middle management (42% and 35%, respectively). At the same time, junior management also contribute largely to the perpetration of internal fraud (31% and 32%, respectively). In Russia, the proportion of fraudsters from junior management has increased from 18% to 31%, almost reaching the level reported globally (32%). Conversely, the proportion of fraudsters from senior management in Russia has decreased from 36% to 15% over the last two years, also aligning with the global average (16%). Typical profile of an internal perpetrator In Russia, the majority of internal fraudsters were male (77%), aged from 31 to 40 years old (62%), with a higher education (72%) and who had joined the company within the past three to five years (62%). This profile is similar to the profile reported globally. External perpetrators In Russia, respondents who have experienced an economic crime reported that the external perpetrator had been a customer or client in 35% of cases, an agent/intermediary (29%), or a vendor (6%). Our survey shows that the share of agent/intermediary involvement increased by 9% in the past 24 months, representing a risky area in regards to relations with external parties.
  12. 12. 13Russian Economic Crime Survey 2016 Fig 9: Most common external perpetrators in RussiaFig 9: Most common external perpetrators in Russia Customers Agents / Intermediaries Vendors 20142016 7% 53% 20% 6% 35% 29% 0% 10% 20% 30% 40% 50% 60% We believe that common types of customer fraud are likely to be various schemes related to receiving commercial bribes (i.e., money paid by customers to sales managers in order to receive favourable terms) and giving commercial bribes (i.e., money paid to customers so as to retain business). Actions against perpetrators In Russia, dismissal2 remains the most frequent action against internal perpetrators (58%), which corresponds with the global trend. However, this rate decreased in comparison with the results of our previous survey (88%). Civil actions and informing law enforcement are not frequent actions against internal perpetrators as compared to the global averages. Our survey also shows that, in 15% of cases of fraud involving internal perpetrators, no actions were taken. This may have a negative effect on organisational culture, primarily with respect to employee morale. Fig 11: Actions taken by organisations against external perpetrators Fig. 11: Actions taken by organisations against external perpetrator(s) GlobalRussia 67% 56% 22% 22% 6% 53% 25% 38% 28% 9% 0% 10% 20% 30% 40% 50% 60% 70% 80% Informed law enforcement Terminated business relationship (if applicable) Notified relevant regulatory authorities Took civil action Took no action In Russia, in regards to cases of economic crime involving third parties, the number of respondents engaging law enforcement against the perpetrators of such crimes has increased (67% in 2016 vs 60% in 2014). Globally, this also remains the most common action against external perpetrators (53%). Cessation of business relationship has become a less frequent action against external perpetrators in Russia (56% in 2016 vs 70% in 2014). However, this is still significantly more common than on the global level (25%). 2 We interpret “dismissal” in this context as any termination of an employment relationship (e.g., by mutual agreement). Fig 10: Actions taken by organisations against internal perpetratorsFig. 10: Actions taken by organisations against internal perpetrators GlobalRussia 58% 23% 15% 15% 12% 4% 15% 76% 32% 43% 4% 14% 21% 3% 0% 10% 20% 30% 40% 50% 60% 70% 80% Dismissed the perpetrator(s) Took civil action Informed law enforcement Transferred perpetrator(s) internally Issued warning/ reprimand Notified relevant regulatory authorities Took no action Economiccrimetrends
  13. 13. 14 PwC It is noteworthy that 95% of the respondents in Russia reported that most cases of procurement fraud were related to vendor selection. Fraud taking place at the bid and quality review stages is also higher in Russia compared to the global results. In contrast, fraud in the payment process is quite common worldwide (41%), but not in Russia (16%). It appears that procurement fraud could be significantly reduced by strengthening controls in several key areas: conducting due diligence on vendors, checking for conflicts of interests, and ensuring that proper controls in the bid process and vendor contracting/maintenance are in place. When focusing on tenders and vendors as external parties, it is also important not to ignore the potential threat from internal actors. An employee of a purchasing department may have a pre-existing and often indirect relationship with a certain vendor. It may take months or even years to detect such conflicts of interest. Fig 12: Areas of procurement fraudFig 12: Areas of procurement fraud GlobalRussia 42% 64% 42% 17% 41% 42% 95% 68% 42% 16% Invitation of quotes/ bid process Vendor selection Vendor contracting/ maintenance Quality review Payment process 0% 20% 40% 60% 80% 100% Procurement fraud The potential for procurement fraud arises when a company takes part in a commercial or public tender, or acquires goods and services for its own use. In Russia, our respondents note that they had experienced procurement fraud more frequently than the global average (33% and 23% respectively). We see procurement fraud as a double threat. It does damage to businesses with respect to their own acquisition of goods and services. Furthermore, it prevents organisations from competing fairly and successfully for business opportunities in commercial or public tenders. Fraud at different stages of the procurement cycle In Russia, the stages of the procurement cycle where fraud usually occurs are slightly different from those highlighted by our respondents globally. Mitigating risks in procurement A detailed procurement analysis may be one of several effective solutions to ensure that a procurement function is operating properly. This would require using advanced data analytics, as well as qualitative assessments, in order to identify risks of procurement fraud and inefficiencies in the process. However, what if some organisations have hundreds or even thousands of vendors and need to understand which of them are not as reliable as they appear? A sophisticated integrity check using automated solutions may be an option to reveal negative information and identify potential conflicts of interest: a) between vendors and employees of the organisation; and b) among vendors or groups of vendors. Such an analysis may also help a company’s management to reach preliminary conclusions in a very short time. Procurement analysis stages Discover • Extract requisite data from ERP using IT solutions; • Identify key facts about the procurement process in an organisation by relying on analytical tests of data complemented by tailored questionnaires or interviews with responsible employees. Analyse • Reveal unusual trends in the data; • Perform a detailed analysis of those unusual patterns and understand the causes by using a combination of analytic tests and data visualisation techniques. Our survey shows that vendor selection, the bid process and vendor contracting / maintenance are the stages most susceptible to fraud, both in Russia and globally. However, fraud during these stages is more frequent in Russia when compared to the global average.
  14. 14. 15Russian Economic Crime Survey 2016 Bribery and corruption In Russia, 30% of our respondents experienced bribery and corruption, which is higher than the global average (24%). This year’s results show a decrease compared to our previous survey in 2014 (58%). In Russia, 21% of our respondents stated that they have been asked to pay a bribe, which is lower than 41% as reported in 2014. In Russia, 17% of our respondents have lost an opportunity to a competitor, whom they believed to have paid a bribe. This is significantly lower compared to the results of our previous survey (42%). 3 In April 2012, Russia became the 39th party to the OECD Anti-Bribery Convention. In January 2013, Article 13.3 of Russian Federal Law No. 273- FZ “On Preventing Corruption” was enacted. In November 2013, Russian Ministry of Labour and Social Protection issued “Guidelines for Developing and Adopting Measures to Prevent Corruption”. In April 2014, the National Anti-Corruption Plan for 2014- 2015 was enacted. Fig 13: Percentage of organisations asked to pay a bribe and that lost opportunities due to a bribe paid by a competitor Fig 13: Percentage of organisations asked to pay a bribe and that lost opportunities due to a bribe paid by a competitor Organisations asked to pay a bribe Organisations losing an opportunity to a competitor that paid a bribe Russia 2014Russia 2016Global 2016 13% 17% 21% 15% 0% 10% 20% 30% 40% 50% 41% 42% We believe that this positive trend may be the result of two factors. Firstly, in recent years, Russia has adopted various anti-corruption regulations and laws, and we may now be seeing the positive outcomes of these initiatives.3 Secondly, the share of publicly traded organisations in our survey has increased from 40% to 59% compared to 2014 results. Publicly traded companies are usually quite eager to develop ethics and compliance programmes. However, our recent survey of CEOs in Russia showed that 70% of top managers indicated bribery and corruption as one of the major risks for their organisations. Fraud horizon Our survey shows that economic crime is still considered a significant potential threat. We asked respondents to comment on which economic crimes they believe pose the highest risks to their companies in the next two years. At least 41% of the respondents believe that their organisations will likely experience economic crimes (procurement fraud) over the next 24 months. Fig 14: Main types of expected economic crime Fig. 14: Who is respponsible for business ethics & compliance programmes? 26% 36% 24% 34% 12% 41% 40% 26% 25% 14% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Procurement fraud Asset misappropriation Bribery and corruption Cybercrime Money laundering GlobalRussia Overall, the expectations of respondents in Russia appear to reflect global trends with the following exceptions. Firstly, fewer respondents in Russia consider cybercrime as a significant future threat (25% in Russia vs 34% globally). This might be a sign of over-confidence or non-awareness leading to the underestimation of potential threat. Secondly, more respondents in Russia expect procurement fraud to occur in the next two years, which is different from the global trend (41% in Russia against 26% globally). Uncommonly, this type of fraud is expected to overtake traditional asset misappropriation in the next two years. This also confirms that procurement fraud represents a significant threat to Russian organisations and prevention of this type of fraud should be a point of focus. Economiccrimetrends
  15. 15. 16 PwC Ethics & compliance 81% of companies rely on internal audit to ensure effectiveness of their programmes But is this the most effective path?Almost half of the incidents of serious economic crimes were perpetrated by internal parties ? ? ?1in 5respondents are not aware of a formal ethics and compliance programme ...though 83% of companies say they have business ethics and compliance programme STRATEGY HR SALES
  16. 16. 17Russian Economic Crime Survey 2016 SUCCESS BRIBERY ? 26% of companies believe it is likely they will experience bribery and corruption ...and 50% or every second respondent claim employee morale is the largest casualty of economic crime How is your business strategy aligned with and led your organisational values? Ethics&compliance
  17. 17. 18 PwC Aligning decision-making with values Overview The current business environment is characterised by growing globalisation, increasingly vigilant enforcement and greater demand for public accountability. A risk-based approach to ethics and compliance, which begins with an understanding of economic crime risks and compliance weaknesses, should be in place. Based on this approach, organisations should develop effective programmes, which can mitigate these risks, while also allowing them to achieve their business goals. Many companies have been cutting costs, both in their headcounts and training programmes, or stretching their existing compliance teams’ responsibilities to include additional duties. This may be a strategic miscalculation, as bribery and corruption still represent significant threats for business in Russia. While risks and threats are always changing, a successful compliance programme should foresee and address those evolving risks. It appears a perception gap exists between what CEOs and boards think is occurring, as well as what is actually happening in their organisations, particularly among senior and middle managers. According to our survey, middle managers remain the most likely group to commit economic crime, as well as the most likely to feel that values are not being clearly stated, or that incentive programmes are not fair. Our recent Russian CEO survey supported this theme of a gap existing between intention and execution. For example, 70% of executives cited bribery and corruption as the top threats facing their organisations. A lack of trust in business was another key threat, underscoring the importance to leadership teams of having sophisticated credible corporate ethics programmes in place. Five steps towards a more effective compliance programme • Communicating and positioning your programme in line with your organisation’s corporate strategy; • Evaluating and potentially reimagining the identity of your compliance function; • Ensuring that all owners of compliance obligations fully understand (a) the “big picture” across the organisation, and (b) the scope of their own responsibilities; • Remember that policies and training on values are not enough; credible and consistent engagement are essential; • Never downsize while risks are on the rise. Making sure your compliance programme is suitable Below are four key areas of focus for enhancing the effectiveness of ethics and compliance programmes: • People and culture. Maintaining a values-based programme, measuring and rewarding desired behaviour; • Roles and responsibilities. Ensuring they are correctly aligned with current risks; • High-risk areas. Better implementation and testing of the programme in high-risk markets and divisions; • Technology. Better use of detection and prevention tools (e.g., big data analytics).
  18. 18. 19Russian Economic Crime Survey 2016 People and culture: your first line of defence Every economic crime is based on decision made by an individual. Therefore, people should be the focus of attention. This means that organisations not only need to state principles to employees, but also create a culture where compliance is directly connected to values. In Russia, every second respondent reported that the greatest organisational damage they experienced as a result of economic crime was in regards to employee morale. Negative consequences for business reputation and organisation’s reputation/brand were noted by 34% of our respondents. In both cases, the nature of how a business is perceived (from the inside, as well as the outside) was an area of great concern. This underscores the key role played by values in a successful business strategy. A values-based compliance programme will help attract the best and the brightest to your organisation. In other words, responsible people want to work for responsible companies. A well-designed compliance programme, supported by a strong focus on ethical behaviours, can offer a clear strategic benefit to an organisation. Nonetheless, to be effective, your compliance programme must also be more than an updated code of conduct, a policy, and a few hours of training. Fundamentally, it must also address the deep connection between values, behaviour and decision-making. Fig 15: Perceptions of business ethics and compliance Organizational values are clearly stated and well understood There is a Code of Conduct that covers key risk/policy areas and sets out the organizational values and the behaviours expected of all in the organization Ethical business conduct is a key component of our HR procedures including objectives, promotion, reward, recognition and disciplinary procedures There are confidential channels for raising concerns (including a clear whistleblowing policy and procedure) Senior Leaders and Managers convey the importance of ethical business conduct in all that they do, setting a positive example and treating it as a priority Training on the Code of Conduct (and supporting policies) is provided regularly, supported by regular communications and various advice channels Irrespective of level, role, department or location, rewards are fair and consistent Irrespective of level, role, department or location, disciplinary procedures and penalties are consistently applied Concerns can be raised confidentially, without fear of retaliation, and feedback is provided on a timely basis Agree strongly Agree Neither agree or disagree Disagree Disagree strongly 41% 44% 9% 4% 2% 37% 50% 7% 4% 2% 28% 50% 13% 5% 4% 42% 37% 9% 7% 5% 27% 58% 5% 7% 3% 30% 38% 16% 10% 6% 18% 52% 13% 15% 2% 15% 49% 19% 13% 4% 28% 51% 10% 6% 5% Fig 15: Perceptions of business ethics and compliance Mind and measure the (perception) gaps In Russia, 85% of our respondents confirmed that their organisations had clearly stated and well-understood corporate values. However, only 70% of our respondents believe that rewards are fair and consistent, irrespective of level, role, department or location. Moreover, only 64% of respondents think that disciplinary procedures and penalties are consistently applied. Thus, our survey might indicate a gap in how values are perceived, especially between what senior leaders communicate and what employees actually see. To compete at the highest level, today’s organisations need to embed ethical behaviour throughout their operations at every level without exception. Ethics&compliance
  19. 19. 20 PwC Aligning roles and responsibilities: who’s in charge? Our survey shows that 17% of respondents told us that they knew of no formal ethics and compliance programmes in place at their organisations. In Russia, 83% of respondents noted that their organisations have established a formal business ethics and compliance programme. This result almost corresponds with the global average (82%). Fig 16: How many organisations have a formal business ethics and compliance programme in place? 83% Yes 9% No 8% Don’t know Fig 16: How many organisations have a formal business ethics and compliance programme? Who has ownership? Adopting a risk-based approach Our survey shows that, in most organisations, the chief compliance officer and human resource director are responsible for business ethics and compliance programmes. Fig 17: Who is responsible for business ethics and compliance programmes Fig. 17: Who is responsible for business ethics and compliance programmes? GlobalRussia 34% 15% 21% 3% 18% 38% 13% 18% 8% 7% 0% 5% 10% 15% 20% 25% 30% 35%40% Chief Compliance Officer General Counsel Human Resources Director Chief Financial Officer Chief Audit Executive It is important that all people across a business, not just compliance professionals, understand their roles and responsibilities for ensuring the business is aligned with its ethics and compliance programme. However, many organisations indicate a degree of confusion about who has ownership for what. “Ownership” of a programme should belong to a business unit’s management, as their responsibility is to understand risks and determine the unit’s appetite for such risk. The role of the compliance function, on the other hand, is oversight and providing guidance. In some organisations, however, there is a tendency to view compliance as a kind of insurance policy upon which passive responsibility can rest. Ultimately, all members of an organisation must work towards the same compliance goals.
  20. 20. 21Russian Economic Crime Survey 2016 Opportunities for crime on the rise Our survey shows that 84% of respondents believe that opportunity is the main driver of internal economic crimes. This outweighs the other two elements of the fraud triangle, which are incentive/pressure to commit a crime and rationalisation of such an action. In Russia, a large majority of respondents (81%) noted that their organisations rely on internal audit functions to assess the effectiveness of their compliance programmes. This result is higher than the global average (76%). Monitoring whistleblowing hotline reports to ensure that ethics and compliance functions are effective is a more popular approach in Russia than globally (60% and 42%, respectively). At the same time, at the global level, management reporting is placed second. This is an area for further development in Russia. While internal audit is an important part of the framework for assessing a compliance programme’s effectiveness, on its own it is not a sufficient means of assuring compliance, as its interventions are both periodic and historical. Since prevention must ideally occur during the decision- making stage, internal audit mechanisms should be integrated with management reporting and real-time monitoring, so that problems can be detected and prevented in time. Implementation in high-risk areas In Russia, 87% of our respondents noted that their organisations had a code of conduct in place, but only 68% of them confirmed that relevant training is provided regularly and their codes were supported by regular communications. Such a gap shows that good policies, procedures and controls will not suffice. Strong words must be supported by actions and practical solutions. Obviously, a well-designed compliance programme must be more than an updated code of conduct, policies, and a few hours of training. Compliance is effective only if is not limited to “tick the box” exercises. It is essential that employees at all levels of an organisation share the same values. Using technologies in pursuit of compliance Today, there are several sophisticated tools (e.g., big-data analytics for effective transaction monitoring), which can help bring compliance initiatives closer to operations by handling a variety of structured and unstructured data. However, apart from transaction-monitoring systems (which are used primarily by financial sector clients), our survey shows that very few organisations are using these technologies to help detect and prevent economic crimes. Some organisations pay too much attention to monitoring certain areas, while completely ignoring other critical issues. Others duplicate their expenditures on different tools. Nevertheless, others follow a "tick-the-box" approach to compliance and do not always gather or use the right data. Our experience shows that the best place to start is not with the “big data” used for transaction monitoring, but rather with the “small data” from risk assessments. What matters most is collecting consistent and comparable data. The optimal model should encompass the spread of risks an organisation faces and allow for reporting based on business units, geography or third parties. To achieve this, three things are needed: • a consistent approach to defining risk; • transparency in risk measurement; • a common data platform Data alone can never be a panacea. Nevertheless, if used effectively, it can offer companies additional power to stay ahead of their compliance risks. Fig 18: How does your organisation ensure that your compliance and business ethics programme in effective 0% 20% 40% 60% Russia Global Fig 18: How does your organisation ensure that your compliance and business ethics programme is effective 81% 60% 44% 35% 2% 12% 76% 42% 54% 40% 2% 8% Internal audit Monitoring reports from whistleblowing hotlines Management reporting External audit Other external monitoring Other internal monitoring 80% 100% Ethics&compliance
  21. 21. PwC22 Cybercrime 23% of organisations affected ...and 25% think they will be affected in the next two years 43% of CEOs are concerned about cyber security In Russia cybercrime almost has not changed in the past 24 months Cybercrime jumped to the second place globally
  22. 22. 23Russian Economic Crime Survey 2016 Only 26% of organisations have a cyber incident response plan Most companies are still not adequately prepared for or even understand the risks faced and the make up of this team varies widely HR ? ? IT ? ?? How will your cyber-response plan stand up to reality? Cybercrime
  23. 23. 24 PwC Furthermore, business leaders tend to worry that cybercrime may be holding back their organisations. Our recent Russian CEO survey showed that 43% of executives expressed concern about the growing threat of cybercrime, while 52% of them see speed of technological change as another challenge. Impact of cybercrime Our respondents in Russia reported reputational damage and theft of personal information as having the most damaging impact in regards to cybercrime, followed by loss of intellectual property, as well as legal and enforcement costs. Globally, respondents assigned a higher level of impact for service disruption, regulatory risks and actual financial losses. Boundless threats Overview Digital technology is continuing to transform and disrupt the world of business, exposing organisations to both opportunities and threats. Therefore, it is hardly surprising that cybercrime on a global scale is rising (e.g., ranking as this year's second most reported economic crime globally). Cybercrime is not just an IT problem. Technology today is so widespread, both within and outside of organisations, that cybercrime may now be considered as a fundamental business problem. However, our survey shows that cybercrime in Russia is somewhat different. Almost a quarter of our respondents reported that they had been affected by cybercrime in the past 24 months (23%). This has not significantly changed since our previous survey in 2014 (25%). Fig 19: Change of perception towards the risks of cybercrime Russia Global Fig 19: Change of perception regarding cybercrime risks 41% 53% 5% 60% 32% 8% Remained the same Increased Decreased 0% 20% 40% 60% 80% Fig 20: Level of impact of cybercrime Reputational damage Actualfinancial loss Legal,investment and/or enforcementcosts Regulatory risks IntellectualProperty (IP)theft,including theftofdata Service disruption Theftorlossof personalidentity information High Medium Low None Don't know 10% 17% 33% 37% 3% 3% 30% 27% 37% 3% 7% 13% 33% 37% 10% 3% 7% 45% 34% 10% 7% 27% 27% 27% 13% 3% 37% 23% 23% 13% 10% 17% 30% 43% Fig. 20 Level of impact of cybercrime In Russia, 60% of our respondents did not change their perception of cybercrime risks in the last 24 months. Conversely, 53% of respondents globally believe that this risk has increased over the last two years, while only 32% of respondents in Russia have seen an increase in this type of risk. Does this mean that Russian organisations are less exposed to cybercrime? The insidious nature of this threat is that a percentage of those who say they have not experienced a cybercrime were actually affected without knowing it. Sometimes hackers manage to remain on organisations’ networks for extended periods of time without ever being detected. In Russia, 47% of respondents indicated that their organisations lost up to USD 1 million owing to cybercrime incidents over the last two years. In addition, 6% of respondents reported they had suffered losses in even bigger amounts. It is worth mentioning that a significant proportion of respondents who have experienced cybercrime could not estimate the size of the resulting loss (23%).
  24. 24. 25Russian Economic Crime Survey 2016 Cybercrime Responses to cybercrime In Russia, only 26% of respondents have a fully operational incident response plan, compared to 37% of respondents surveyed around the world. Furthermore, 20% of organisations have no plan and are not considering the implementation of one. It appears that, in cases of cybercrime, only 45% of organisations have personnel who are “fully trained” to act as first responders, of which the overwhelming majority (74%) are IT security staff. Corporate cybercrime is one of the most complex and challenging issues an organisation can face. An effective response requires the skills, knowledge, and experience of a range of corporate functions working in tandem (e.g., legal, human resources, media and public relations, communications, privacy counsel, audit and risk, finance, corporate security, etc.) IT threats and their mitigation are the responsibility of an entire organisation. Executive level: • Institute sound cybersecurity strategy • Ensure quality information is received and assimilated • Implement user security awareness programmes • Support strategy-based spending on security Audit & Risk: • Ensure a thorough understanding and coverage of technology risks • Conduct up-front due diligence to mitigate risks associated with third parties • Address risks associated with operational (non-financial) systems • Address basic IT audit issues IT threats & mitigations are the responsibility of the entire organisation Legal: • Track the evolving cyber-regulatory environment • Monitor decisions made by regulators in response to cyber incidents • Be aware of factors that can void cyber insurance IT: • Conduct forensic readiness assessments • Be aware of the changing threat landscape and attack vectors • Test incident response plans • Implement effective monitoring processes • Employ new strategies cyber attack simulations, gamifications of security training and awareness sessions and security date analytics Fig 21: Do organisations have Incident Response Plans to deal with cyber-attacs? Fig 21: Do organisation have Incident Response Plans to deal with cyber-attacs?? 26% Yes, fully in operation 27% Don’t know 10% Yes, not yet implemented 17% No, assessing feasibility 20% No, do not intend to implement a plan
  25. 25. 26 PwC in Russia 52% of financial services respondents cite challenges with complexity of implementing/upgrading systems ...only 57% of money laundering or terrorist financing incidents were detected by system alerts 29 % financial services respondents have experienced enforcement actions by a regulator ? Anti-money laundering The place of regulatory changes has increased
  26. 26. 27Russian Economic Crime Survey 2016 Anti-moneylaundering How would your organisation fare in the face of regulatory scrutiny? ...and 58% claim that the pace of regulatory change is the biggest challenge to AML compliance
  27. 27. 28 PwC Risk assessments should be conducted on a regular basis and closely tailored to variable circumstances such as operating environments, global standards and local regulations. Our survey shows that the overwhelming majority of respondents in the financial sector (88% in Russia and 74% globally) perform AML and combating the financing of terrorism (CFT) risk assessments across their business and territories of operation. Fig 22: Percentage of organisations that carry out AML/CFT Risk assessment Overview Money laundering destroys value. It facilitates economic crime and nefarious activities such as corruption, terrorism, tax evasion, and drug and human trafficking, by holding or transferring the funds necessary to commit these crimes. It can be detrimental to an organisation’s reputation and its bottom line. Global money laundering transactions are estimated to account for 2 to 5% of global GDP, or roughly USD 1-2 trillion annually. However, according to the United Nations Office on Drugs and Crime (UNODC), less than 1% of global illicit financial flows are seized by authorities.4 Growth in money laundering and terrorist financing is becoming more alarming for governments in almost all countries. Furthermore, over the last few years, heavy fines in the hundreds of millions to billions of dollars were imposed by regulators on global financial institutions for money laundering. However, not just financial services institutions are affected. Any organisation that facilitates financial transactions, including non-bank money service businesses such as digital/ mobile payment services, life insurers and retailers, is also the focus of anti-money laundering (AML) legislation worldwide. Many of these new participants are still not ready to meet the requirements of regulators. As regulation evolves and becomes more complex, the cost of AML compliance rises. According to new figures from WealthInsight, global spending on AML compliance is set to grow to more than USD 8 billion by 2017 (compounded annual growth rate of almost 9%).5 However, large penalties resulting from compliance failures outweigh rising compliance costs. Risk assessments are crucial Over the last decade, improved money laundering control measures have forced fraudsters and criminals to seek new methods to transfer their funds. Therefore, regular risk assessments are crucial, as they enable organisations to identify and address money laundering and terrorist financing risks. GlobalRussia Fig 22: Percentage of organisations that carry out AML/CFT Risk assessment 74% 4% 5% 3% 13% 88% 6% 8% Yes No, we do not believe this is necessary No, but we plan to carry out a risk assessment in the next 12 months No, but we plan to carry out a risk assessment in next 24 months Don't know 0% 20% 40% 60% 80% 100% However, our survey shows that 29% of financial institutions in Russian and 18% of financial institutions globally have recently been subject to enforcement actions on the part of a regulator (through either an enforced remediation programme or major feedback to address pressing matters). 4 From ‘Estimating illicit financial flows resulting from drug trafficking and other transnational organized crimes’ by the United Nations Office on Drugs and Crime © 2011 United Nations. Reprinted with the permission of the United Nations. 5 Statistics provided courtesy of WealthInsight.
  28. 28. 29Russian Economic Crime Survey 2016 Anti-moneylaundering Fig 23: Instances of regulatory enforcement actions Fig. 23: Instances of regulatory enforcement actions GlobalRussia Yes, we had a regulatory inspection but with no major feedback/ consequences Yes, we had a regulatory inspection and received feedback on major issues to addres No, we have not had a regulatory inspection in the past 24 months Yes, we were/are currently under a mandatory remediation programme Don't know 33% 21% 17% 8% 21% 32% 13% 32% 5% 18% 0% 5% 10% 15% 20% 25% 30% 35% Challenges faced Our respondents indicated that the level of enforcement of AML / CFT measures has created challenges for even the most sophisticated of financial institutions. In Russia, 58% of respondents reported that the pace of regulatory change was the most significant challenge to ensuring compliance with AML / CFT requirements. Globally, only 19% of respondents indicated this as a challenge. Globally, respondents also indicated the following additional significant challenges (which were not highlighted by respondents in Russia): ability to hire experienced AML / CFT staff (19% globally and only 4% in Russia) and technology requirements (14% globally and only 4% in Russia). Fig 24: Most significant challenge to compliance with AML/CFT requirements Russia Global Fig 24: Most significant challenges to compliance with AML/CFT requirements 58% 12% 12% 4% 4% 4% 4% 19% 13% 11% 19% 14% 8% 6% 0% 20% 40% 60% Pace of regulatory change Complying with AML requirements from multiple jurisdictions Cost Ability to hire experienced AML / CFT staff Technology requirements Negative impact on customers Data privacy limitations on information sharing across jurisdictions Our survey shows that the most significant challenges in regards to organisations’ AML / CFT systems are the complexity of implementing or upgrading systems, data quality, and maintenance of client information in electronic formats and monitoring systems generating large numbers of false alerts. In Russia, the majority of respondents stated that the most significant challenge is the complexity of implementing or upgrading systems. This might be due to use of legacy monitoring systems, which seem to be burdensome and extremely expensive to run, maintain and update as local regulatory frameworks change. Fig 25: AML/CFT systems: most significant challenges faced Russia Global Fig 25: AML / CFT systems: most significant challenges faced 52% 24% 12% 4% 8% 24% 33% 23% 11% 9% 0% 10% 20% 30% 40% 50% 60% Complexity of implementing/ upgrading systems Data quality and maintenance of client information in electronic format Monitoring systems generating large numbers of false positive alerts Data privacy limitations on information sharing across jurisdictions Other
  29. 29. 30 PwC Effectiveness of methods applied Our survey shows that Russian financial institutions more frequently use transaction monitoring (57%) as a key method for identifying suspicious money laundering or terrorism financing. Our research also indicates that internal reporting on the part of employees of financial institutions is more frequently used in Russia than globally (24% and 10%, respectively). Fig 26: Methods by which suspicious activities are identified Russia Global Fig 26: Methods by which suspicious activities are identified 57% 50% 0% 10% 20% 30% 40% 50% 60% Alerts from scenario-based automated systems (transaction monitoring) Tip-offs/leads from a Financial Crime Intelligence Unit Internal reporting from sales staff/relationship managers/branch staff Other 24% 10% 33% 14% 6% 5% Our survey shows that organisations undertake varying activities to reduce AML /CFT risks. The leading measures are transaction monitoring, data validation, enhancing “know your customer” (KYC) requirements for certain client segments, and boosting compliance with respect to monitoring escalation and reporting systems.
  30. 30. 31Russian Economic Crime Survey 2016 Fig 27: Measures to reduce AML/CFT risks Fig. 27: AML/CFT risk mitigation measures GlobalRussia Conducted transaction monitoring data validation Increased KYC requirements for certain client segments Enhanced compliance monitoring escalation and reporting systems Implemented increased controls and/or quality assurance measures Reduced exposure by exiting high-risk jurisdictions or client segments 68% 60% 52% 44% 24% 12% 8% 4% 4% 8% 43% 60% 55% 52% 31% 43% 15% 12% 3% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% Aligned people, technology or processes to ensure a consistent global approach Introduced data privacy limitations on cross-jurisdictional information sharing Reduced outsourcing/offshoring of transaction surveillance functions Considered relocating headquarters or certain functions to other jurisdictions Other As mentioned above, financial institutions in Russia are more focused on identification of suspicious transactions and its further validation (68% in Russia compared to 43% globally). We also learned there are differences in how people, technology and processes are aligned across different jurisdictions (12% in Russia and 43% globally). This approach has yet to be developed in Russia. Anti-moneylaunderingAnti-moneylaundering
  31. 31. 32 PwC Terminology Due to the diverse descriptions of individual types of economic crime in the legal statutes of different countries, we have developed the following categories for the purposes of this survey. These descriptions were defined as such in our web survey questionnaire. Accounting fraud When financial statements and/or other documents are altered or presented in such a way so that they do not reflect the true value or financial activities of an organisation. This can involve accounting manipulations, fraudulent borrowings/raising of finance, fraudulent application for credit and unauthorised transactions/rogue trading. Asset misappropriation, including embezzlement/deception by employees The theft of assets (e.g., monetary assets/cash or supplies and equipment) by directors, persons in fiduciary positions or other employees for their own benefit. AML Anti-money laundering Bribery The unlawful use of an official position to gain an advantage in contravention of duty. This can involve the promise of an economic benefit or other favour, as well as the use of intimidation or blackmail. It can also refer to the acceptance of such inducements. Specific examples include kickbacks, extortion, gifts (with strings attached), facilitation payments, etc. Corruption Dishonest or fraudulent conduct by those in power, typically involving bribery. CFT Combating the financing of terrorism Cybercrime Also known as computer crime, cybercrime is an economic offence committed using a computer and/ or Internet. Typical instances are the distribution of viruses, illegal downloads of media, phishing & pharming, and theft of personal information (e.g. bank account details). This excludes routine fraud, whereby a computer is used as a byproduct in order to carry out a fraud, and only includes such economic crimes where a computer, Internet or use of electronic media and devices is the main element and not simply incidental. Economic crime The intentional use of deceit to deprive another of money, property or a legal right. Financial loss When estimating financial losses due to fraud, participants should include both direct and indirect losses. Direct losses are the actual size of the fraud in question, while indirect losses would typically include the costs involved with investigation and remediation of the problem, penalties levied by the regulatory authorities and litigation costs. This should exclude any amount estimated due to “loss of a business opportunity”. Fraud risk assessments Assessments are used to ascertain whether an organisation has undertaken initiatives to specifically consider: a. the fraud risks to which its operations are exposed; b. an assessment of the most threatening risks (i.e., evaluating risks for significance and likelihood of occurrence); c. identification and evaluation of controls (if any) that are in place to mitigate key risks; d. assessment of the general anti-fraud programmes and an organisation’s control; and e. actions to remedy any gaps in such controls.
  32. 32. 33Russian Economic Crime Survey 2016 Incentive/pressure to perform When an individual has some financial problem that he/she is unable to solve through legitimate means, so he/she considers committing an illegal act as a way to solve the problem. The financial problem may be professional (e.g., job is in jeopardy) or personal (e.g., personal debt). Intellectual property (IP) infringement IP infringement covers trademarks, patents, counterfeit products and services. This includes the illegal copy and/or distribution of fake goods in breach of patent or copyright, as well as creation of false currency notes and coins with the intention of passing off as genuine. KYC Know your client/customer Money laundering Actions intended to legitimise the proceeds of crime by disguising their true origin. Opportunity or ability When an individual uncovers a way where he/she can use (abuse) his/her position of trust in order to solve a financial problem with a low perceived risk of getting caught. Procurement fraud Illegal conduct by which an offender gains an advantage, avoids an obligation or causes damage to his/her organisation. The offender might be an employee, owner, statutory board member, an official, a public figure or a vendor who was involved in the purchase of services, goods or assets for the affected organisation. Rationalisation When an individual finds a way to justify the crime to himself/herself in a way that makes it an acceptable or justifiable act.
  33. 33. 34 PwC Contacts Jeremy Outen PwC | Partner Office: +7 495 967 6011 Email: jeremy.outen@ru.pwc.com Survey management and methodology Irina N Novikova PwC | Partner Office: +7 495 232 5735 Email: irina.n.novikova@ru.pwc.com Inna Fokina PwC | Partner Office: +7 495 967 6382 Email: inna.fokina@ru.pwc.com Ilya Mushket PwC | Senior Manager Office: +7 495 223 5105 Email: ilya.mushket@ru.pwc.com Survey leadership team Anton Ulyakin PwC | Assistant Manager Office: +7 495 967 6000 Email: anton.ulyakin@ru.pwc.com
  34. 34. © 2016 OOO PricewaterhouseCoopers Advisory. All rights reserved. PwC Russia (www.pwc.ru) provides industry-focused assurance, tax, legal and business consulting services. Over 2,500 professionals working in PwC offices in Moscow, St Petersburg, Ekaterinburg, Kazan, Novosibirsk, Rostov-on-Don, Krasnodar, Voronezh, Vladikavkaz and Ufa share their thinking, experience and solutions to develop fresh perspectives and practical advice for our clients. The global network of PwC firms brings together more than 208,000 people in 157 countries. * PwC refers to OOO PricewaterhouseCoopers Advisory, or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate legal entity. www.pwc.ru/en/forensic-services

×