According to Terri Clementson from Deloitte’s SE Asia Financial Crime Strategy & Response, the financial crime landscape in many emerging markets like Vietnam is particularly attractive right now to those scheming to commit offenses. “Criminals look for gaps in controls they can exploit,” she said.
“Customer and investment scams run in waves across different markets, targeting customers or investors directly rather than corporations,” explained Clementson in an interview following a presentation to EuroCham company leaders in Hanoi in mid January.
“In terms of corporate financial crime in Vietnam, crime risk spikes where business processes depend on manual controls - meaning where people drive risk checks, authorise payments or receive and direct funds – because people can be vulnerable to intimidation, corruption, and temptation,” she noted.
Vietnam’s economy in particular can expose businesses to new relationships and new sources of funds, and also unknown entrepreneurs that may be connected to crime.
It is because the economy’s large capital flows, significant remittance traffic and increasing foreign investment and trade relationships all multiply and magnify transaction volumes.
“High transaction volumes where transactions or capital are managed by large numbers of staff reliant on manual processes, or where risk management routines and incident response is weak, make companies ‘ripe’ for exploitation,” Clementson affirmed. “And risk compliance gaps in buoyant and busy markets will always attract more criminal activity.”
Processes being exploited for criminal purposes in Vietnam currently include procurement and contract tampering, identity fraud (to gain a benefit or conceal information), and account manipulation, such as skimming small amounts from accounts to evade detection, according to Clementson.
Additionally, creating fictitious accounts to satisfy sales targets or key performance indicators or divert payroll payments are among other potential crimes.
The potential crimes also include online account intrusion/hacking (cybercrime), and adding phantom services to invoices (services never delivered) that are actually bribes or facilitation payments to subvert risk controls.
“Leading local firms are in fact working hard on new fraud control frameworks, including fraud policies, procedures, and establishing fraud task forces or dedicated misconduct teams to lift fraud vigilance, monitoring, sampling and fraud detection,” said Clementson, adding that some companies were also investing in electronic early fraud detection capabilities using smart data analytics to target their risks proactively. But beyond detection, investment in ‘fraud response’ was also important.
This means hiring or training experts in-house to gather incident evidence carefully to support prosecutions and bring perpetrators to justice. Stepping up fraud response can also act as a powerful deterrent.
“Also, more staff training is key. Young or inexperienced staff often don’t understand that small compliance breaches by them can magnify companies’ risk exposure,” Clementson noted. “Learning to recognise and report fraud confidentially and safely will help insulate them from being manipulated to enable fraud.”
Vietnamese companies stepping-up risk defence will need to be careful to not just add more controls, more checks, and more points of authorisation in response to incidents.
Every control adds red tape and operations complexity. And where there is complexity, companies increase the likelihood that staff will breach controls to maintain productivity, customer service, or meet their targets.
According to Clementson, this is why “reassessing the effectiveness of controls can be critical”.
What the stars mean:
★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional