Fraud risks facing NPOs amidst the COVID-19 pandemic

Since 13 March 2020, when the Cabinet Secretary for Health announced the first confirmed case of COVID-19 in Kenya, social distancing, the mandatory wearing of masks in public and restrictions on public gatherings amongst other measures have become the new normal. Organisations face unprecedented challenges as they continue to navigate the impact of the pandemic.

Fraud tends to peak during times of crisis. Uncertainty and anxiety about the future can lead to more pressure on companies, leaders, staff and creditors. Desperation may embolden individuals to attempt and rationalise bad behaviour, and to go to extremes in order to survive, utterly flouting the ethical codes at their organisations. The current health and economic situation in Kenya makes organisations especially vulnerable to fraud attacks.

Therefore, crisis also calls for an organisation’s gatekeepers to exercise even more vigilance and to focus their attention not only on dealing with the crisis but also on the potential for fraud. After all, the last thing that an organisation needs during a crisis is another crisis.

PwC’s 2020 Global Economic Crime Survey shows that 36% of economic crimes experienced by organisations were committed by internal perpetrators. These are people with intimate knowledge of the controls and processes in their organisation, who also know how to take advantage of any weaknesses and to conceal their efforts.

Fraud risk in the NPO sector Not-for-profit organisations (NPOs) may experience a temporary reprieve from the threat of fraudulent diversion of donor funds, since many of their activities may be on hold. Other NPOs (particularly those in the health sector) may be much more active. Whatever the case, this is not a reason to relax organisational vigilance and in fact, the threat of fraud may increase once normality resumes. NPOs should therefore shore up their detection and monitoring activities to mitigate the potential for fraud, now and in the future.

In PwC’s Global Economic Crime Survey 2020, the most common types of fraud were bribery and corruption, procurement fraud, asset misappropriation and customer fraud. The challenge presented by COVID-19 may change the frequency or type of economic crimes experienced by NPOs. For example, the use of remote working technologies and communications, e-commerce and other activities primarily conducted online could increase the risk of cyber fraud. Most organisations are poorly prepared to manage such threats but the risk is real. Identity theft, phishing attacks, ransomware attacks and other forms of technological threats are expected to increase in frequency and severity.

Mitigation techniques

  • Prepare your teams for extended remote working: Most organisations must maintain critical operations despite the challenges of office closures, social distancing and travel restrictions. Most have transitioned quickly to remote working, using scalable remote access technology. In this environment, employees need remote access to critical assets and applications but there are risks to remote access. Organisations should implement an integrated foundation of security and privacy systems and policies so that it can maintain critical operations and limit exposure to fraud or compliance issues.
  • Educate your workforce about online threats: To strengthen their security and prevent online threats, NPOs should communicate and educate staff regularly, focusing on social engineering and email attack techniques. Staff should know what behaviour is expected of them and what resources are available to support them.
  • Communicate with stakeholders: NPOs should update donors, regulators, the communities and/or general public where they operate. They should confirm that all relevant stakeholders are aware of any risks as well as the organisation’s prevention strategies and contingency plans. In so doing, they will reduce the anxieties amongst their stakeholders that are brought about by uncertainty.
  • Sharpen fraud monitoring and detection: Most NPOs will need to use new platforms to operate in the pandemic environment, and they may not be fully aware of the risks. It is therefore imperative that the teams charged with the responsibility of safeguarding the organisation’s resources remain on high alert for fraud, carrying out regular reviews and checks to detect any potential threats. The use of data analytics and online security tools can help to detect threats sooner.

As NPOs tighten their belts in response to the economic pressure brought about by the COVID-19 pandemic, fraudsters are also adapting to this ‘new normal’ to exploit any weaknesses and opportunities that they can find. The sooner that NPOs can identify and seal gaps in their control environment, the better.

"Fraud tends to peak during times of crisis. Uncertainty and anxiety about the future can lead to more pressure on companies, leaders, staff and creditors. The current health and economic situation in Kenya makes organisations especially vulnerable to fraud attacks."

Related articles

Sustainability of NPOs in evolving and challenging times

Sustainability is not a goal to be reached but a way of thinking, a way of being & a principle we must be guided by. The Not-for-Profit Organisation (NPO) sector cannot and should not leave their sustainability to chance... PwC's Mercy Kuria and Mwangi Karanja share their thoughts in this article.

Data protection requirements for the public sector

The public sector has a legal and moral responsibility to ensure that national data is kept safe. Helping to set that tone, there are currently two pieces of data protection legislation applicable in Kenya; The Data Protection Act, 2019 (“DPA”) & the EU General Data Protection Regulation (“GDPR”), which is applicable by virtue of its extra-territorial application. In this article, PwC's Caroline Kipkulei discusses these laws and their application in detail.

Cybersecurity priorities for the public sector

Organisations must dig deeper to uncover cybersecurity risks. In this article, PwC's Benjamin Mkwizu explains why achieving greater cyber resilience as a society and within organisations will require a more concerted effort to uncover and manage new risks inherent in emerging technologies.

Eric Owino

Senior Manager, Advisory E: T: +254 20 2855692

Share with your networks

Read the next article: Augmented Reality applications for the NPO sector