Covid-19 increasing fraud and D&O risk

Credit: iStock/Zeferli

The Covid-19 pandemic has increased the risk of employee fraud and commercial crime, while also raising D&O liability, warned experts from CMS, who outlined potential mitigation strategies.

Zaakir Mohamed, head of corporate investigations and forensics at CMS South Africa, said Covid-19 has created heightened fraud risk as individuals and organisations come under pressure.

Mr Mohamed said there are three main drivers of fraud. The first is motivation or pressure, which is often financial such as debt or addiction. The second is opportunity, where a system or control weakness allows fraud to be perpetrated. The third is rationalisation in the mind of the fraudster that allows them to justify their actions.

The lawyer noted that there has been severe financial pressure on individuals and organisations during the Covid-19 crisis, which explains the rise in fraud.

He said cybercrime is a major fraud risk that has increased during the pandemic. It has risen as employees work from home and use personal devices that may be unsecured. In addition, there has been a significant increase in phishing scams.

Other heightened fraud risks include bribery and corruption as pressure mounts to secure new business, fake organisations targeting corporate social investment, and less supervision of employees leading to time and productivity theft, according to Mr Mohamed.

And he warned that fraud doesn’t just bring direct financial costs. Associated costs such as investigating an incident, legal costs and management time must also be factored in.

Mr Mohamed stressed that up-to-date risk assessments are the most important fraud prevention measure. They must assess all areas of the business and identify the most at-risk departments such as finance, procurement or IT. Then resources must can be directed to the right place.

The pandemic has also led to rising D&O liability, said Virginie Fremat, partner at CMS Belgium. “With a potential economic crisis expected after the pandemic, and more and more companies in financial difficulties, there is always greater scrutiny of directors and officers,” she said.

Ms Fremat noted that D&O claims can be based on civil law or criminal law, and both types often go hand in hand, especially in distressed situations. Ms Fremat pointed out that claims against directors and officers can come from the company itself, as well as third parties including shareholders, creditors of financially distressed companies, bankruptcy receivers or tax administrations.

The big question is how much directors and officers can be held accountable for, and what can they do to minimise the risk.

Ms Fremat explained: “We as lawyers often get asked: ‘As a director, should I be aware of everything in my company?’ The answer is not to know every detail, but a director has the obligation to install a good delegation system that enables the functioning of the company to be monitored. If anything goes wrong, a director will not necessarily be held liable, but the question will be: did the director behave carefully? Would another director in the same circumstances have been able to prevent it? That will often be the question that leads to potential liability,” she said.

In terms of protection, Ms Fremat also said risk assessments are crucial, along with insurance.

Alessandro Voglino, CEO of Shared Underwriters, highlighted a number of potential issues facing directors and officers in the US:

  • Securities claims and class actions arising out of Covid-19 financial reporting obligations, or public statements about a company’s response to the pandemic
  • Antitrust lawsuits related to price fixing against publicly-traded companies
  • Regulatory investigations in connection with financial authorities’ reporting and disclosure requirements, alleged misrepresentation and accounting issues
  • Claims by creditors, trustees, shareholders and other stakeholders post-petition in bankruptcy
  • Cyber-related claims from shareholders or customers for alleged failure to comply with cybersecurity standards or breach notification laws, in the event a fraud is perpetrated by hackers to exploit Covid-19 vulnerabilities.

He added that directors should expect some restrictive interpretation of D&O policy language and additional information requests during current renewals.

Mr Voglino pointed to a number of exclusions that could be used by insurers. These include bodily injury exclusions, insured-versus-insured exclusions, pollution or catastrophe exclusions, and duties owed under D&O policy conditions.