В этом году в центре внимания нашего исследования находятся три вопроса: программы по соблюдению правил деловой этики и нормативно-правовых требований; противодействие легализации (отмыванию) доходов, полученных преступным путем; и киберпреступления. Помимо конкретных аспектов экономических преступлений, на которых следует сосредоточить особое внимание, в обзоре подчеркивается важность реализации более комплексных и эффективных мер, которые позволяют минимизировать указанные риски.
Российский обзор экономических преступлений за 2016 год
1. www.pwc.ru/en/forensic-services
Russian Economic Crime Survey 2016
Looking to the future
with cautious optimism
48%
of respondents have
experienced an economic
crime in the past 24 months
30%
of respondents were affected
by bribery and corruption
which lower compared to 2014
50%
of organisations that have
suffered an economic
crime highlighted its
significant negative effect
on employee morale
Economic crime rate falls by 20%
as anti-fraud measures take hold
95%
of respondents believe that
the vendor selection stage is
the area of procurement that
is most susceptible to fraud
65%
of organisations surveyed
perform risks assessment
at least once a year, while
83% have a formal ethics and
compliance programme in place
2.
3. 3Russian Economic Crime Survey 2016
Contents
08
08 Incidents of economic crime
10 Fraud detection and investigation
14 Procurement fraud
15 Bribery and corruption
15 Fraud horizon
34
Economic crime trends
Contacts
22 Cybercrime
04 Foreword
26 Anti-money laundering
32 Terminology
06 Highlights of the survey
16 Ethics and compliance
4. We are pleased to present the results of the 2016 Economic
Crime Survey in Russia. The results are based on the responses
submitted by the Russian participants in the eights Global
Economic Crime Survey conducted by PwC.
Over 6,000 participants from 115 countries, including
representatives of 120 Russian organisations participated
in the global survey.
Since 1999, the purpose of the survey is to seek respondents
views on economic crime in general, on its causes, method of
detection and prevention, and consequences of economic crime.
Our survey this year focuses on three key areas: Ethics and
compliance programmes, Anti-Money laundering and
Cybercrime. In addition to highlighting specific areas of
economic crime worth focusing on, we emphasise the things
you can do better to tackle them – implementing more
sophisticated and effective measures that can reduce these risks.
Though the economic crime is still a major issue for businesses
in Russia our survey shows a positive trend – a drop in
economic crime in Russia by 20%, which we believe is the
result of anti-corruption developments in Russia, strengthening
of the internal audit function and other measures which are
discussed further in our survey.
Our survey covered a wide range of organisations operating
in Russia including private companies (34%), publicly traded
companies (59%) and government sector entities (3%).
Respondents represented activities across the industry
spectrum including financial services (23%), manufacturing
(12%), energy, utilities and mining (9%), pharmaceuticals
and life science (9%), retail and consumer (7%), transportation
and logistics (7%).
The majority of respondents occupy the senior positions such
as chief financial officers/treasurers/controllers or heads of
business units/departments. In addition, 50% of respondents
worked in organisations with over 5,000 employees.
We are very grateful to all the respondents of this survey.
Most important we really hope that the results of our survey
will help the readers in their fight against economic crime.
Best regards,
Jeremy Outen
Partner, Forensic Services Leader, PwC Russia
Jeremy Outen
Partner
Forensic Services Leader
PwC Russia
Foreword
4 PwC
5. 72%of respondents were managing the Finance,
Executive Management, Audit, Compliance
and Risk Management Functions
59%of the survey population represented
publicly traded companies
25%of respondents employed by organisations
with more than 1,000 employees and less
than 5,000 employees
38%of respondents employed by organisations
with more than 10,000 employees
48%C-suite
43%Head of
Department or
Business unit
Industry sectors
7%
Retail
and consumer
7%
23%
Financial Services
9%
9%
12%
Manufacturing
Respondents
Transportation
and logistics
Energy, utilities
and mining
Pharmaceuticals
and life science
Participation statistics
5Russian Economic Crime Survey 2016
6. 6 PwC
• 48% of companies and organisations in Russia
have experienced an economic crime in the past
24 months. This is significantly lower than the result
for 2014 (60%), but, nonetheless, it is higher than
the respective global result (36%).
• This decrease in economic crime may have been
driven by following market trends: the enhanced
role of internal audit within organisations and
development of other systems of detection.
• 65% of respondents in Russia stated that they perform
fraud risk assessments at least once a year. Globally,
only 51% of respondents perform risk assessments
at least once a year. At the same time, 83% of
respondents in Russia reported that their
organisations have a formal ethics and compliance
programme in place (this figure corresponds with
the global average).
• Our respondents state that the majority of economic
crimes in Russia were initially detected by internal
audit functions and corporate security (20% and 15%,
respectively), which is a change from the 2014 survey,
when the majority of cases were detected by corporate
security (19%), while internal audit procedures were
cited by 10% of those surveyed. This means that
internal audit is now the most effective measure for
detecting fraud in Russia. Reporting of suspicious
transactions as a detection mechanism, which plays a
predominant role globally, has significantly increased
in Russia compared to 2014 (11% in 2016 vs 3% in
2014). Russian companies appear to have started
putting measures in place to respond to risks identified
during assessments.
• However, fraud is still considered a significant potential
threat. At least 41% of respondents believe that their
organisations are likely to experience an economic
crime over the next 24 months.
• The profile of economic crimes remains along
traditional lines in Russia. The most common types
of fraud are asset misappropriation, procurement
fraud, bribery and corruption. Furthermore, whilst
cybercrime has moved up to second position globally,
in Russia, it remains fourth on this list.
• Amongst those who have suffered an economic crime
over the last two years, asset misappropriation
remains the main type of fraud (cited by
approximately 72% of respondents in Russia and 64%,
globally) and this has not changed significantly since
2014. Asset misappropriation has traditionally been
regarded as one of the easiest of frauds to detect, thus
its prevalence in our survey from year to year is
to be expected.
• In Russia, asset misappropriation is followed by
procurement fraud. The number of responses noting
procurement fraud is higher in Russia (33%) than
globally (23%). Furthermore, vendor selection is
highlighted as the most vulnerable area. For instance,
95% of our respondents think that procurement fraud
occurs during this stage. It is also noteworthy that our
respondents in Russia expect procurement fraud to be
more common than asset misappropriation over the
next two years.
• There are many causes of economic crime. Our survey
shows that the opportunity or ability to commit crime
is perceived to have risen in Russia by 8% since 2014,
and remains by far the most important factor (84%),
followed by incentive or pressure (8%) and the ability
to rationalise such an action (8%). Generally, this
breakdown is in line with global trends where the
opportunity or ability to commit fraud is also the
most significant factor (69%).
• In Russia, 44% of respondents reported having lost
less than USD 100,000 to economic crime in the past
24 months, while 25% experienced losses between
USD 100,000 and USD 1 million, and 23%
experienced losses in excess of USD 1 million.
Furthermore, in addition to financial losses, every
economic crime produces collateral damage.
• In Russia, every second respondent reported a
negative effect on employee morale as the most
significant result of economic crime in the past
24 months, while globally, only 44% of respondents
noted this. In addition, the possible negative impact
on business relations and reputation or brand strength
raises slightly less concerns in Russia than worldwide.
Highlights of the survey
7. 7Russian Economic Crime Survey 2016
• Both in Russia and globally, internal actors continue
to dominate the profile of fraudsters operating
against companies. However, there was a 12%
decrease in the number of respondents reporting
that external actors were perpetrators of fraud.
In Russia and globally, internal perpetrators
originate from middle management (42% and
35% respectively), while junior management also
contributed a great deal to the perpetration of
internal fraud (31% and 32%, respectively). The
majority of internal fraudsters were male (77%),
aged from 31 to 40 years old (62%), with a higher
education (72%). The proportion of fraudsters
coming from senior management in Russia
decreased from 36% to 15% over the last two years.
• In cases of economic crime involving third parties,
the number of respondents engaging law
enforcement against the perpetrators of such
crimes has increased (67% vs 60% in 2014).
Globally, this also remains the most common
action against external perpetrators. Interestingly,
cessation of business relationships has become
a less popular action in Russia (56% vs 70% in
2014), but this is still significantly more common
than the global result (25%).
• While globally asset misappropriation, bribery and
corruption, procurement fraud and accounting fraud
showed a slight decrease this year over 2014’s
statistics, cybercrime jumped to second place (32%).
In Russia, however, only 23% of respondents
suffered from cybercrime in the last two years,
which is 2% lower compared to 2014. The perception
of the threat posed by cybercrime has also changed.
For instance, 53% of our respondents globally
believe this risk has increased in the last two years
while only 32% of our respondents in Russia
perceive an increase in this type of risk. According
to our CEO survey, executives in Russia highlighted
cybercrime and weak data protection among key
business risks (43%).
• Bribery and corruption are still a challenge in
Russia. For instance, 30% of respondents in Russia
were affected by bribery and corruption compared
to 24% globally. This year’s results demonstrate
a decrease compared to 2014, when 58% of
respondents suffered from this type of economic
crime. In addition, 21% of our survey respondents
stated that they have been asked to pay a bribe,
which is lower compared to 41% in 2014.
Furthermore, 17% of respondents lost an
opportunity to a competitor, whom they believed
to have paid a bribe, compared to 42% in 2014.
This positive shift may be explained by two factors.
Firstly, over the last four years, Russia has adopted
various anti-corruption regulations and laws and we
might be now seeing the results of these measures.
Secondly, the share of publicly traded companies
in our current survey has increased from 40% to
59% compared to 2014. Our experience shows that
publicly traded companies tend to have more robust
ethics and compliance programmes.
• However, bribery and corruption remains one
of the major risks for business. For example, 70%
of executives in our recent Russian CEO survey
reported it as one of the most important issues
in their eyes.
• In Russia, 87% of respondents reported that their
organisations have developed a comprehensive code
of conduct. However, only 68% of these respondents
indicated that regular training on their respective
codes of conduct have been carried out.
• Our survey shows that enforcement of anti-money
laundering (AML) has resulted certain challenges
even for financial institutions with sophisticated
and robust AML compliance programmes. The
biggest challenge for effective AML compliance
cited by the respondents in Russia is the pace
of regulatory change (58%) (this is significantly
higher than the global result (19%). AML
regulation in Russia has also experienced
significant transformations recently. Another
challenge in AML compliance specified by
respondents globally is lack of skilled staff
(19%), while only 4% of our respondents in Russia
consider this an important issue.
Highlightsofthesurvey
8. 8 PwC
Overview
In Russia, almost half of all companies and organisations (48%)
reported that they had an experienced economic crime in the
past 24 months. However, this is a significantly lower result
compared to 2014 (60%). Nevertheless, the rate of economic
crime in Russia remains higher than the global average
(36%), the results for the Emerging 7 countries (29%)1
and Eastern Europe (33%).
Fig 1: Reported rate of economic crime
49%
59%
71%
37%
60% 48%
0%
10%
20%
30%
40%
50%
60%
70%
80%
2005 2007 2009 2011 2014 2016
Fig 1: Reported rate of economic crime
It is worth noting that, out of those who have experienced
economic crimes, 33% had suffered more than 10 instances in
the past 24 months.
The decrease in economic crimes in Russia may be explained
by various reasons.
Firstly, the results of our survey show that the role of internal
audit has strengthened while other fraud detection
mechanisms have also developed further. In our experience,
organisations that have developed fraud detection
mechanisms and implemented fraud risk management
programmes are better prepared to detect and prevent fraud.
Secondly, we have seen some major developments in the
measures adopted against corruption in Russia over recent
years, including legislative initiatives aimed at applying best
global practices.
Further in our survey, we will touch on these reasons in more
detail.
Change in types of economic crime
The most pervasive economic crimes reported by our
respondents in 2016 are highlighted below.
Asset misappropriation is seen as the most common form of
economic crime, both in Russia and globally. For instance,
72% of respondents in Russia who experienced economic
crime and 64% globally reported being victims of asset
misappropriation. The prevalence of asset misappropriation
among other types of economic crimes is not surprising.
Typically, asset misappropriation is easier to detect, since this
type of fraud is not as complicated as, for example, bribery
and corruption or cybercrime.
Economic crime trends
Fig 2: Main types of economic crime in Russia compared
to global trends
0% 10% 20% 30% 40% 50% 60% 70% 80%
Russia Global
Fig 2: Main types of economic crime in Russia compared
to global trends, % relates to respondents who
have suffered crimes
Asset misappropriation
Procurement fraud
Bribery and corruption
Cybercrime
Money laundering
Accounting fraud
Intellectual property (IP)
infringement
64%
23%
30%
32%
12%
18%
7%
72%
33%
24%
23%
11%
23%
14%
1
Emerging 7 countries comprise Brazil, Russia, India, China, Indonesia, Mexico
and Turkey.
Incidents of economic crime
9. 9Russian Economic Crime Survey 2016
Procurement fraud was commonly cited (33%), making it the
second most frequently reported type of fraud experienced in
Russia. It is worth noting that the number of responses in
Russia is 10% above the global average. We see this type
of fraud as a double threat with a negative impact both on
business and public sector.
The number of responses related to bribery and corruption is
higher in Russia (30%) than the global average (24%).
However, there is a significant decrease in the number of
responses related to bribery and corruption over the last
two years, from 58% in 2014 to 30% in 2016.
Globally, cybercrime has moved up to second position (32%).
At the same time, the number of responses related to
cybercrime in Russia is lower (23%) and has not changed
much since 2014 (25%). Does this mean that Russian business
is less exposed to cybercrime? We should remember that a
significant percentage of those who did not report cybercrime
could have suffered an event, but may not even have known
about it.
Negative consequences of economic crime
In Russia, 44% of respondents who experienced an economic
crime in the past 24 months reported loss up to USD 100,000
and 25% of respondents reported loss between USD 100,000
and USD 1 million. 23% of our respondents reported losses
in excess of USD 1 million, while globally only 14% of those
surveyed had experienced such significant damage.
Top 3 most commonly reported types of economic crime in 2016
Asset
misappropriation
Procurement
fraud
Bribery and
Corruption
Тор 3 most commonly reported types of economics crime in 2016
Asset
misappropriation
Procurement
fraud
Bribery
and corruption
72% 33% 30%
The true costs of economic crime are difficult to estimate,
especially considering that actual financial losses only
comprise a small component of the fallout from a serious
incident.
Our survey respondents consistently note wider collateral
damage, including business disruption, investigative and
preventive interventions, remedial measures and, crucially,
damage to employee morale and business reputation as
having a significant impact on long-term business
performance.
In Russia, 50% of organisations that have suffered economic
crime in the past 24 months stated that this has had a
significant negative effect on employee morale. Globally, only
44% of respondents noted such crimes’ impact on the overall
mood of employees. Furthermore, respondents in Russia are
less concerned with the negative impact on business relations
(35%) and reputation/ brand strength (34%).
Fig 4: Negative consequnces (high and medium impact) suffered
due to economic crime
0% 10% 20% 30% 40% 50% 60%
Russia Global
Fig 4: Negative consequnces (high and medium impact)
suffered due to economic crime
Employee morale
Business relations
Organisation's reputation /
brand
Relations with regulators
Share price
44%
50%
32%
35%
32%
34%
27%
28%
9%
10%
Collateral damage, of course, while not always quantifiable,
can dwarf the relatively shorter-term impact of financial
losses over time.
Fig 3: Financial loss from economic cirmes
36%
17%
22%
9%
4%
1%
26% 18%
25%
19%
4%
0
5
10
15
20
25
30
35
40
Russia Global
Less than
USD 50,000
USD 50,000 –
100,000
USD 100,000 –
1m
USD 1m –
5m
USD 5m –
100m
>USD 100m
Economiccrimetrends
10. 10 PwC
Causes of economic crime
There are many causes of economic crime. Experts often point
to three factors that are commonly found when fraud occurs
(the so-called “Fraud Triangle”): opportunity or ability to
commit a crime, incentive or pressure, and rationalisation.
In Russia, perception of the significance of opportunity or
ability to commit crime has risen by 8% since 2014 and
remains by far the most important factor (84%). Incentive or
pressure and ability to rationalise are at the same level (8%).
Generally, the structure of the fraud triangle in Russia is
similar to the global situation with opportunity or ability
to commit fraud being the most significant factor (69%).
The trend of rising opportunities or ability to commit
economic crimes is worrying. This means that companies
should mitigate such loopholes by taking a proactive approach
in order to ensure that fraud prevention and detection
mechanisms are effective in addressing the significant risks
of fraud.
Fraud triangle
Incentive or pressure
Rationalisation
Opportunities
2016 2014
8
8
84
12
9
76
Fraud detection and investigation
Risk assessment
Fraud risk assessments are essential for identifying threats
and weaknesses in controls that give rise to opportunities
to commit fraud.
In Russia, respondents tend to perform risk assessments on
a regular basis (every six months or annually). The numbers
of companies that have never performed a risk assessment
in Russia, or have performed it only once, is lower than the
global results (23% and 32%, respectively). Overall, Russian
respondents claim that they conduct fraud risk assessments
much more frequently than their global peers.
As mentioned above, respondents both in Russia and around
the world consider the opportunity or ability to commit fraud
to be the most important factor contributing to the occurrence
of such crimes. Thus, it is even more vital that companies
conduct risk assessments, as they can help to identify internal
control weaknesses and, thereby, prevent or at least to
mitigate the risk of economic crime.
Detection of economic crime
Our survey shows that the majority of economic crimes in
Russia were initially detected by organisations’ internal
audit functions and corporate security (20% and 15%,
respectively). However, the global results are different,
at 11% and 5%, respectively.
Globally, the leading method for detecting economic crime
is reporting on suspicious transactions.
In Russia, fraud detection methods have undergone various
changes in the past 24 months.
The role of internal audit functions in detecting economic
crime has significantly changed since our previous survey
(10%), compared to 20% in 2016. In addition, the role
of corporate security departments in detection of fraud
weakened in 2016.
Reporting on suspicious transactions and fraud risk
management are becoming important methods of detecting
economic crimes (20%).
Russian organisations appear to have implemented proper
measures to respond to the risks identified during risk
assessments and are shifting to more effective internal risk
management systems in order to identify cases of fraud.
Fig 5: Minimum frequency of performance of fraud risk assessments
Fig 5: Minimum frequency of fraud risk assessments
4%
10%
6%
31%
9%
18%
9%
29%
More often than
quarterly
Quarterly Every six months Annually
Russia Global
11. 11Russian Economic Crime Survey 2016
Fig 6: Fraud detection methods in 2014 and 2016
20142016
Fig. 6: Fraud detection methods in 2014 and 2016,
% relates to respondents who suffered crimes
10%
19%
3%
9%
3%
20%
15%
11%
9%
9%
0% 5% 10% 15% 20%
Internal audit
IT and physical security
Suspicious transaction
reporting
By accident
Fraud risk management
Perception of law enforcement
We asked respondents to comment on whether they believe
local law enforcement to be adequately equipped and trained
to investigate and prosecute economic crimes. The majority
of respondents expressed their doubts in this regard, both
globally and in Russia (44% and 38%, respectively).
Main fraud culprits
46% of our respondents in Russia and globally reported that
internal perpetrators dominate the profile of fraudsters.
Investigation
When an incident of potential fraud has been identified, in
most cases (85%), respondents stated they will rely on their
internal resources to perform internal investigations.
Globally, this percentage is lower (72%). In our previous
survey for 2014, we reported even higher figures (93% and
79%, respectively). However, the survey also shows that one
or more other types of actions usually accompany internal
investigations. We believe that, in some situations, external
assistance can add value (e.g., relying on specific expertise,
independence, resources, etc.).
In general, respondents in Russia tend to use the same
approach as their global counterparts.
Fig 7: Fraud investigation methods in 2014 and 2016
20142016
Fig. 7: Fraud detection methods in 2016 and 2014
93%
15%
13%
18%
10%
85%
22%
20%
19%
7%
0% 20% 40% 60% 80% 100%
Use internal resources
to perform an internal
investigation
Contact an external
legal advisor
Consult with an auditor
Engage a special
forensic investigator
Wait to see if further
indications of potential
fraud in the same area
may arise
Fig 8: Perpetrators of fraud
Fig 8: Perpetrators of fraud
Russia Global
0% 10% 20% 30% 40% 50%
Internal actor
External actor
Don't know
46%
46%
33%
41%
13%
21%
Economiccrimetrends
12. 12 PwC
Most likely characteristics of internal fraudster
Male
University/college
graduate
31–40 years
old
3–5 years
service
Internal
actor
49%
2014
46%
2016
External
actor
45%
2014
33%
2016
3%
Decrease
12%
Decrease
In Russia, there was a 3% decrease in a number of
respondents who reported internal actors as perpetrators of
fraud, from 49% in 2014 to 46% in 2016. Globally, there was a
significant decrease (10%), from 56% in 2014 to 46% in 2016.
In Russia, there was a 12% decrease in the number of
respondents who reported that external actors were
perpetrators of fraud, from 45% in 2014 to 33% in 2016.
Globally, an opposite trend was observed - a 1% increase
from 40% in 2014 to 41% in 2016.
Internal perpetrators
Both in Russia and globally, economic crimes are largely
committed by middle management (42% and 35%, respectively).
At the same time, junior management also contribute largely to
the perpetration of internal fraud (31% and 32%, respectively).
In Russia, the proportion of fraudsters from junior
management has increased from 18% to 31%, almost
reaching the level reported globally (32%).
Conversely, the proportion of fraudsters from senior
management in Russia has decreased from 36% to 15% over
the last two years, also aligning with the global average (16%).
Typical profile of an internal perpetrator
In Russia, the majority of internal fraudsters were male
(77%), aged from 31 to 40 years old (62%), with a higher
education (72%) and who had joined the company within
the past three to five years (62%). This profile is similar
to the profile reported globally.
External perpetrators
In Russia, respondents who have experienced an economic
crime reported that the external perpetrator had been a
customer or client in 35% of cases, an agent/intermediary
(29%), or a vendor (6%).
Our survey shows that the share of agent/intermediary
involvement increased by 9% in the past 24 months,
representing a risky area in regards to relations with
external parties.
13. 13Russian Economic Crime Survey 2016
Fig 9: Most common external perpetrators in RussiaFig 9: Most common external perpetrators in Russia
Customers
Agents /
Intermediaries
Vendors
20142016
7%
53%
20%
6%
35%
29%
0% 10% 20% 30% 40% 50% 60%
We believe that common types of customer fraud are likely
to be various schemes related to receiving commercial bribes
(i.e., money paid by customers to sales managers in order
to receive favourable terms) and giving commercial bribes
(i.e., money paid to customers so as to retain business).
Actions against perpetrators
In Russia, dismissal2
remains the most frequent action against
internal perpetrators (58%), which corresponds with the
global trend. However, this rate decreased in comparison with
the results of our previous survey (88%). Civil actions and
informing law enforcement are not frequent actions against
internal perpetrators as compared to the global averages.
Our survey also shows that, in 15% of cases of fraud involving
internal perpetrators, no actions were taken. This may have
a negative effect on organisational culture, primarily with
respect to employee morale.
Fig 11: Actions taken by organisations against external perpetrators
Fig. 11: Actions taken by organisations against external
perpetrator(s)
GlobalRussia
67%
56%
22%
22%
6%
53%
25%
38%
28%
9%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Informed law
enforcement
Terminated business
relationship (if applicable)
Notified relevant
regulatory authorities
Took civil action
Took no action
In Russia, in regards to cases of economic crime involving
third parties, the number of respondents engaging law
enforcement against the perpetrators of such crimes has
increased (67% in 2016 vs 60% in 2014). Globally, this
also remains the most common action against external
perpetrators (53%).
Cessation of business relationship has become a less frequent
action against external perpetrators in Russia (56% in 2016
vs 70% in 2014). However, this is still significantly more
common than on the global level (25%).
2
We interpret “dismissal” in this context as any termination of an employment relationship (e.g., by mutual agreement).
Fig 10: Actions taken by organisations against internal perpetratorsFig. 10: Actions taken by organisations against internal
perpetrators
GlobalRussia
58%
23%
15%
15%
12%
4%
15%
76%
32%
43%
4%
14%
21%
3%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Dismissed the
perpetrator(s)
Took civil action
Informed law
enforcement
Transferred
perpetrator(s)
internally
Issued warning/
reprimand
Notified relevant
regulatory authorities
Took no action
Economiccrimetrends
14. 14 PwC
It is noteworthy that 95% of the respondents in Russia
reported that most cases of procurement fraud were related
to vendor selection. Fraud taking place at the bid and quality
review stages is also higher in Russia compared to the global
results. In contrast, fraud in the payment process is quite
common worldwide (41%), but not in Russia (16%).
It appears that procurement fraud could be significantly
reduced by strengthening controls in several key areas:
conducting due diligence on vendors, checking for conflicts
of interests, and ensuring that proper controls in the bid
process and vendor contracting/maintenance are in place.
When focusing on tenders and vendors as external parties,
it is also important not to ignore the potential threat from
internal actors. An employee of a purchasing department
may have a pre-existing and often indirect relationship with
a certain vendor. It may take months or even years to detect
such conflicts of interest.
Fig 12: Areas of procurement fraudFig 12: Areas of procurement fraud
GlobalRussia
42%
64%
42%
17%
41%
42%
95%
68%
42%
16%
Invitation of quotes/
bid process
Vendor selection
Vendor contracting/
maintenance
Quality review
Payment process
0% 20% 40% 60% 80% 100%
Procurement fraud
The potential for procurement fraud arises when a company
takes part in a commercial or public tender, or acquires goods
and services for its own use. In Russia, our respondents note
that they had experienced procurement fraud more frequently
than the global average (33% and 23% respectively).
We see procurement fraud as a double threat. It does damage
to businesses with respect to their own acquisition of goods
and services. Furthermore, it prevents organisations from
competing fairly and successfully for business opportunities
in commercial or public tenders.
Fraud at different stages of the procurement cycle
In Russia, the stages of the procurement cycle where fraud
usually occurs are slightly different from those highlighted
by our respondents globally.
Mitigating risks in procurement
A detailed procurement analysis may be one of several
effective solutions to ensure that a procurement
function is operating properly. This would require
using advanced data analytics, as well as qualitative
assessments, in order to identify risks of procurement
fraud and inefficiencies in the process.
However, what if some organisations have hundreds
or even thousands of vendors and need to understand
which of them are not as reliable as they appear? A
sophisticated integrity check using automated solutions
may be an option to reveal negative information and
identify potential conflicts of interest: a) between
vendors and employees of the organisation; and b)
among vendors or groups of vendors. Such an analysis
may also help a company’s management to reach
preliminary conclusions in a very short time.
Procurement analysis stages
Discover
• Extract requisite data from ERP using IT solutions;
• Identify key facts about the procurement process
in an organisation by relying on analytical tests
of data complemented by tailored questionnaires
or interviews with responsible employees.
Analyse
• Reveal unusual trends in the data;
• Perform a detailed analysis of those unusual patterns
and understand the causes by using a combination
of analytic tests and data visualisation techniques.
Our survey shows that vendor selection, the bid process
and vendor contracting / maintenance are the stages most
susceptible to fraud, both in Russia and globally. However,
fraud during these stages is more frequent in Russia when
compared to the global average.
15. 15Russian Economic Crime Survey 2016
Bribery and corruption
In Russia, 30% of our respondents experienced bribery and
corruption, which is higher than the global average (24%).
This year’s results show a decrease compared to our previous
survey in 2014 (58%).
In Russia, 21% of our respondents stated that they have been
asked to pay a bribe, which is lower than 41% as reported
in 2014. In Russia, 17% of our respondents have lost an
opportunity to a competitor, whom they believed to have
paid a bribe. This is significantly lower compared to the
results of our previous survey (42%).
3
In April 2012, Russia became the 39th party to the OECD Anti-Bribery Convention.
In January 2013, Article 13.3 of Russian Federal Law No. 273- FZ
“On Preventing Corruption” was enacted.
In November 2013, Russian Ministry of Labour and Social Protection issued
“Guidelines for Developing and Adopting Measures to Prevent Corruption”.
In April 2014, the National Anti-Corruption Plan for 2014- 2015 was enacted.
Fig 13: Percentage of organisations asked to pay a bribe and that
lost opportunities due to a bribe paid by a competitor
Fig 13: Percentage of organisations asked to pay a bribe
and that lost opportunities due to a bribe paid
by a competitor
Organisations asked
to pay a bribe
Organisations losing
an opportunity to a competitor
that paid a bribe
Russia 2014Russia 2016Global 2016
13%
17%
21%
15%
0% 10% 20% 30% 40% 50%
41%
42%
We believe that this positive trend may be the result of two
factors. Firstly, in recent years, Russia has adopted various
anti-corruption regulations and laws, and we may now be
seeing the positive outcomes of these initiatives.3
Secondly,
the share of publicly traded organisations in our survey has
increased from 40% to 59% compared to 2014 results.
Publicly traded companies are usually quite eager to develop
ethics and compliance programmes.
However, our recent survey of CEOs in Russia showed that
70% of top managers indicated bribery and corruption as
one of the major risks for their organisations.
Fraud horizon
Our survey shows that economic crime is still considered
a significant potential threat.
We asked respondents to comment on which economic crimes
they believe pose the highest risks to their companies in the
next two years. At least 41% of the respondents believe that
their organisations will likely experience economic crimes
(procurement fraud) over the next 24 months.
Fig 14: Main types of expected economic crime
Fig. 14: Who is respponsible for business ethics &
compliance programmes?
26%
36%
24%
34%
12%
41%
40%
26%
25%
14%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Procurement fraud
Asset misappropriation
Bribery and corruption
Cybercrime
Money laundering
GlobalRussia
Overall, the expectations of respondents in Russia appear to
reflect global trends with the following exceptions.
Firstly, fewer respondents in Russia consider cybercrime as
a significant future threat (25% in Russia vs 34% globally).
This might be a sign of over-confidence or non-awareness
leading to the underestimation of potential threat.
Secondly, more respondents in Russia expect procurement
fraud to occur in the next two years, which is different from
the global trend (41% in Russia against 26% globally).
Uncommonly, this type of fraud is expected to overtake
traditional asset misappropriation in the next two years. This
also confirms that procurement fraud represents a significant
threat to Russian organisations and prevention of this type
of fraud should be a point of focus.
Economiccrimetrends
16. 16 PwC
Ethics & compliance
81%
of companies rely on internal audit to
ensure effectiveness of their programmes
But is this the most effective path?Almost half of the
incidents of serious economic crimes were perpetrated
by internal parties
?
?
?1in 5respondents are not aware of
a formal ethics and compliance
programme
...though 83%
of companies say they have business
ethics and compliance programme
STRATEGY
HR
SALES
17. 17Russian Economic Crime Survey 2016
SUCCESS
BRIBERY
?
26%
of companies believe it is likely they will
experience bribery and corruption
...and 50%
or every second respondent claim employee
morale is the largest casualty of economic crime
How is your business strategy aligned with
and led your organisational values?
Ethics&compliance
18. 18 PwC
Aligning decision-making with values
Overview
The current business environment is characterised by
growing globalisation, increasingly vigilant enforcement
and greater demand for public accountability. A risk-based
approach to ethics and compliance, which begins with an
understanding of economic crime risks and compliance
weaknesses, should be in place. Based on this approach,
organisations should develop effective programmes, which
can mitigate these risks, while also allowing them to achieve
their business goals.
Many companies have been cutting costs, both in their
headcounts and training programmes, or stretching their
existing compliance teams’ responsibilities to include
additional duties. This may be a strategic miscalculation,
as bribery and corruption still represent significant threats
for business in Russia. While risks and threats are always
changing, a successful compliance programme should
foresee and address those evolving risks.
It appears a perception gap exists between what CEOs and
boards think is occurring, as well as what is actually
happening in their organisations, particularly among senior
and middle managers. According to our survey, middle
managers remain the most likely group to commit economic
crime, as well as the most likely to feel that values are not
being clearly stated, or that incentive programmes are not
fair.
Our recent Russian CEO survey supported this theme of a gap
existing between intention and execution. For example, 70%
of executives cited bribery and corruption as the top threats
facing their organisations. A lack of trust in business was
another key threat, underscoring the importance to
leadership teams of having sophisticated credible corporate
ethics programmes in place.
Five steps towards a more effective
compliance programme
• Communicating and positioning your programme
in line with your organisation’s corporate strategy;
• Evaluating and potentially reimagining the identity
of your compliance function;
• Ensuring that all owners of compliance obligations
fully understand (a) the “big picture” across the
organisation, and (b) the scope of their own
responsibilities;
• Remember that policies and training on values are
not enough; credible and consistent engagement
are essential;
• Never downsize while risks are on the rise.
Making sure your compliance programme is
suitable
Below are four key areas of focus for enhancing the
effectiveness of ethics and compliance programmes:
• People and culture. Maintaining a values-based programme,
measuring and rewarding desired behaviour;
• Roles and responsibilities. Ensuring they are correctly
aligned with current risks;
• High-risk areas. Better implementation and testing
of the programme in high-risk markets and divisions;
• Technology. Better use of detection and prevention tools
(e.g., big data analytics).
19. 19Russian Economic Crime Survey 2016
People and culture: your first line of defence
Every economic crime is based on decision made by an
individual. Therefore, people should be the focus of attention.
This means that organisations not only need to state
principles to employees, but also create a culture where
compliance is directly connected to values.
In Russia, every second respondent reported that the greatest
organisational damage they experienced as a result of
economic crime was in regards to employee morale. Negative
consequences for business reputation and organisation’s
reputation/brand were noted by 34% of our respondents.
In both cases, the nature of how a business is perceived
(from the inside, as well as the outside) was an area of great
concern. This underscores the key role played by values in
a successful business strategy.
A values-based compliance programme will help attract the
best and the brightest to your organisation. In other words,
responsible people want to work for responsible companies.
A well-designed compliance programme, supported by a
strong focus on ethical behaviours, can offer a clear strategic
benefit to an organisation.
Nonetheless, to be effective, your compliance programme
must also be more than an updated code of conduct, a policy,
and a few hours of training. Fundamentally, it must also
address the deep connection between values, behaviour
and decision-making.
Fig 15: Perceptions of business ethics and compliance
Organizational values are clearly stated and well understood
There is a Code of Conduct that covers key risk/policy areas and sets out the
organizational values and the behaviours expected of all in the organization
Ethical business conduct is a key component of our HR procedures including
objectives, promotion, reward, recognition and disciplinary procedures
There are confidential channels for raising concerns
(including a clear whistleblowing policy and procedure)
Senior Leaders and Managers convey the importance of ethical business
conduct in all that they do, setting a positive example and treating it as a priority
Training on the Code of Conduct (and supporting policies) is provided
regularly, supported by regular communications and various advice channels
Irrespective of level, role, department or location, rewards are fair
and consistent
Irrespective of level, role, department or location, disciplinary procedures
and penalties are consistently applied
Concerns can be raised confidentially, without fear of retaliation, and
feedback is provided on a timely basis
Agree strongly Agree Neither agree or disagree
Disagree Disagree strongly
41% 44% 9% 4% 2%
37% 50% 7% 4% 2%
28% 50% 13% 5% 4%
42% 37% 9% 7% 5%
27% 58% 5% 7% 3%
30% 38% 16% 10% 6%
18% 52% 13% 15% 2%
15% 49% 19% 13% 4%
28% 51% 10% 6% 5%
Fig 15: Perceptions of business ethics and compliance
Mind and measure the (perception) gaps
In Russia, 85% of our respondents confirmed that their
organisations had clearly stated and well-understood
corporate values.
However, only 70% of our respondents believe that rewards
are fair and consistent, irrespective of level, role, department
or location. Moreover, only 64% of respondents think that
disciplinary procedures and penalties are consistently
applied. Thus, our survey might indicate a gap in how values
are perceived, especially between what senior leaders
communicate and what employees actually see.
To compete at the highest level, today’s organisations need
to embed ethical behaviour throughout their operations at
every level without exception.
Ethics&compliance
20. 20 PwC
Aligning roles and responsibilities: who’s in
charge?
Our survey shows that 17% of respondents told us that they
knew of no formal ethics and compliance programmes in
place at their organisations.
In Russia, 83% of respondents noted that their organisations
have established a formal business ethics and compliance
programme. This result almost corresponds with the global
average (82%).
Fig 16: How many organisations have a formal business ethics and
compliance programme in place?
83%
Yes
9%
No
8%
Don’t know
Fig 16: How many organisations have a formal business
ethics and compliance programme?
Who has ownership? Adopting a risk-based
approach
Our survey shows that, in most organisations, the chief
compliance officer and human resource director are
responsible for business ethics and compliance programmes.
Fig 17: Who is responsible for business ethics and compliance
programmes
Fig. 17: Who is responsible for business ethics and
compliance programmes?
GlobalRussia
34%
15%
21%
3%
18%
38%
13%
18%
8%
7%
0% 5% 10% 15% 20% 25% 30% 35%40%
Chief Compliance
Officer
General Counsel
Human Resources
Director
Chief Financial
Officer
Chief Audit
Executive
It is important that all people across a business, not just
compliance professionals, understand their roles and
responsibilities for ensuring the business is aligned with
its ethics and compliance programme. However, many
organisations indicate a degree of confusion about who
has ownership for what.
“Ownership” of a programme should belong to a business
unit’s management, as their responsibility is to understand
risks and determine the unit’s appetite for such risk. The role
of the compliance function, on the other hand, is oversight
and providing guidance. In some organisations, however,
there is a tendency to view compliance as a kind of insurance
policy upon which passive responsibility can rest.
Ultimately, all members of an organisation must work
towards the same compliance goals.
21. 21Russian Economic Crime Survey 2016
Opportunities for crime on the rise
Our survey shows that 84% of respondents believe that
opportunity is the main driver of internal economic crimes.
This outweighs the other two elements of the fraud triangle,
which are incentive/pressure to commit a crime and
rationalisation of such an action.
In Russia, a large majority of respondents (81%) noted that
their organisations rely on internal audit functions to assess
the effectiveness of their compliance programmes. This result
is higher than the global average (76%).
Monitoring whistleblowing hotline reports to ensure that
ethics and compliance functions are effective is a more
popular approach in Russia than globally (60% and 42%,
respectively). At the same time, at the global level,
management reporting is placed second. This is an area for
further development in Russia.
While internal audit is an important part of the framework
for assessing a compliance programme’s effectiveness, on
its own it is not a sufficient means of assuring compliance,
as its interventions are both periodic and historical.
Since prevention must ideally occur during the decision-
making stage, internal audit mechanisms should be integrated
with management reporting and real-time monitoring, so that
problems can be detected and prevented in time.
Implementation in high-risk areas
In Russia, 87% of our respondents noted that their
organisations had a code of conduct in place, but only 68% of
them confirmed that relevant training is provided regularly
and their codes were supported by regular communications.
Such a gap shows that good policies, procedures and controls
will not suffice. Strong words must be supported by actions
and practical solutions. Obviously, a well-designed compliance
programme must be more than an updated code of conduct,
policies, and a few hours of training.
Compliance is effective only if is not limited to “tick the box”
exercises. It is essential that employees at all levels of an
organisation share the same values.
Using technologies in pursuit of compliance
Today, there are several sophisticated tools (e.g., big-data
analytics for effective transaction monitoring), which can help
bring compliance initiatives closer to operations by handling
a variety of structured and unstructured data.
However, apart from transaction-monitoring systems (which
are used primarily by financial sector clients), our survey
shows that very few organisations are using these
technologies to help detect and prevent economic crimes.
Some organisations pay too much attention to monitoring
certain areas, while completely ignoring other critical issues.
Others duplicate their expenditures on different tools.
Nevertheless, others follow a "tick-the-box" approach to
compliance and do not always gather or use the right data.
Our experience shows that the best place to start is not with
the “big data” used for transaction monitoring, but rather
with the “small data” from risk assessments. What matters
most is collecting consistent and comparable data.
The optimal model should encompass the spread of risks an
organisation faces and allow for reporting based on business
units, geography or third parties. To achieve this, three
things are needed:
• a consistent approach to defining risk;
• transparency in risk measurement;
• a common data platform
Data alone can never be a panacea. Nevertheless, if used
effectively, it can offer companies additional power to stay
ahead of their compliance risks.
Fig 18: How does your organisation ensure that your compliance
and business ethics programme in effective
0% 20% 40% 60%
Russia Global
Fig 18: How does your organisation ensure that your
compliance and business ethics programme
is effective
81%
60%
44%
35%
2%
12%
76%
42%
54%
40%
2%
8%
Internal audit
Monitoring reports from
whistleblowing hotlines
Management reporting
External audit
Other external monitoring
Other internal monitoring
80% 100%
Ethics&compliance
22. PwC22
Cybercrime
23%
of organisations affected
...and 25%
think they will be affected
in the next two years
43%
of CEOs are concerned
about cyber security
In Russia cybercrime almost has not
changed in the past 24 months
Cybercrime jumped
to the second place
globally
23. 23Russian Economic Crime Survey 2016
Only 26%
of organisations have a cyber
incident response plan
Most companies are still not adequately
prepared for or even understand the
risks faced and the make up of this team
varies widely
HR
?
?
IT
?
??
How will your cyber-response plan
stand up to reality?
Cybercrime
24. 24 PwC
Furthermore, business leaders tend to worry that cybercrime
may be holding back their organisations. Our recent Russian
CEO survey showed that 43% of executives expressed concern
about the growing threat of cybercrime, while 52% of them
see speed of technological change as another challenge.
Impact of cybercrime
Our respondents in Russia reported reputational damage and
theft of personal information as having the most damaging
impact in regards to cybercrime, followed by loss of
intellectual property, as well as legal and enforcement costs.
Globally, respondents assigned a higher level of impact for
service disruption, regulatory risks and actual financial losses.
Boundless threats
Overview
Digital technology is continuing to transform and disrupt the
world of business, exposing organisations to both
opportunities and threats. Therefore, it is hardly surprising
that cybercrime on a global scale is rising (e.g., ranking as
this year's second most reported economic crime globally).
Cybercrime is not just an IT problem. Technology today is so
widespread, both within and outside of organisations, that
cybercrime may now be considered as a fundamental
business problem.
However, our survey shows that cybercrime in Russia is
somewhat different. Almost a quarter of our respondents
reported that they had been affected by cybercrime in the
past 24 months (23%). This has not significantly changed
since our previous survey in 2014 (25%).
Fig 19: Change of perception towards the risks of cybercrime
Russia Global
Fig 19: Change of perception regarding cybercrime risks
41%
53%
5%
60%
32%
8%
Remained the same
Increased
Decreased
0% 20% 40% 60% 80%
Fig 20: Level of impact of cybercrime
Reputational
damage
Actualfinancial
loss
Legal,investment
and/or
enforcementcosts
Regulatory
risks
IntellectualProperty
(IP)theft,including
theftofdata
Service
disruption
Theftorlossof
personalidentity
information
High Medium Low None Don't know
10%
17%
33%
37%
3%
3%
30%
27%
37%
3%
7%
13%
33%
37%
10%
3%
7%
45%
34%
10%
7%
27%
27%
27%
13%
3%
37%
23%
23%
13%
10%
17%
30%
43%
Fig. 20 Level of impact of cybercrime
In Russia, 60% of our respondents did not change their
perception of cybercrime risks in the last 24 months.
Conversely, 53% of respondents globally believe that this risk
has increased over the last two years, while only 32% of
respondents in Russia have seen an increase in this type of risk.
Does this mean that Russian organisations are less exposed
to cybercrime? The insidious nature of this threat is that
a percentage of those who say they have not experienced
a cybercrime were actually affected without knowing it.
Sometimes hackers manage to remain on organisations’
networks for extended periods of time without ever being
detected.
In Russia, 47% of respondents indicated that their
organisations lost up to USD 1 million owing to cybercrime
incidents over the last two years. In addition, 6% of
respondents reported they had suffered losses in even bigger
amounts. It is worth mentioning that a significant proportion
of respondents who have experienced cybercrime could not
estimate the size of the resulting loss (23%).
25. 25Russian Economic Crime Survey 2016
Cybercrime
Responses to cybercrime
In Russia, only 26% of respondents have a fully operational
incident response plan, compared to 37% of respondents
surveyed around the world. Furthermore, 20% of
organisations have no plan and are not considering the
implementation of one.
It appears that, in cases of cybercrime, only 45% of
organisations have personnel who are “fully trained” to act
as first responders, of which the overwhelming majority
(74%) are IT security staff.
Corporate cybercrime is one of the most complex and
challenging issues an organisation can face. An effective
response requires the skills, knowledge, and experience
of a range of corporate functions working in tandem
(e.g., legal, human resources, media and public relations,
communications, privacy counsel, audit and risk, finance,
corporate security, etc.)
IT threats and their mitigation are the responsibility
of an entire organisation.
Executive level:
• Institute sound cybersecurity strategy
• Ensure quality information is received and
assimilated
• Implement user security awareness
programmes
• Support strategy-based spending on security
Audit & Risk:
• Ensure a thorough understanding and
coverage of technology risks
• Conduct up-front due diligence to mitigate
risks associated with third parties
• Address risks associated with operational
(non-financial) systems
• Address basic IT audit issues
IT threats & mitigations are the responsibility of the entire organisation
Legal:
• Track the evolving cyber-regulatory
environment
• Monitor decisions made by regulators in
response to cyber incidents
• Be aware of factors that can void cyber
insurance
IT:
• Conduct forensic readiness assessments
• Be aware of the changing threat landscape and
attack vectors
• Test incident response plans
• Implement effective monitoring processes
• Employ new strategies cyber attack simulations,
gamifications of security training and awareness
sessions and security date analytics
Fig 21: Do organisations have Incident Response Plans to deal
with cyber-attacs?
Fig 21: Do organisation have Incident Response Plans
to deal with cyber-attacs??
26%
Yes, fully in
operation
27%
Don’t know
10%
Yes, not yet
implemented
17%
No, assessing
feasibility
20%
No, do not intend
to implement
a plan
26. 26 PwC
in Russia 52%
of financial services respondents cite challenges with
complexity of implementing/upgrading systems
...only 57%
of money laundering or terrorist financing
incidents were detected by system alerts
29 %
financial services respondents
have experienced enforcement
actions by a regulator
?
Anti-money laundering
The place of
regulatory changes
has increased
27. 27Russian Economic Crime Survey 2016
Anti-moneylaundering
How would your organisation fare
in the face of regulatory scrutiny?
...and 58%
claim that the pace of regulatory
change is the biggest challenge
to AML compliance
29. 29Russian Economic Crime Survey 2016
Anti-moneylaundering
Fig 23: Instances of regulatory enforcement actions
Fig. 23: Instances of regulatory enforcement actions
GlobalRussia
Yes, we had a regulatory
inspection but with
no major feedback/
consequences
Yes, we had a regulatory
inspection and received
feedback on major
issues to addres
No, we have not had
a regulatory inspection
in the past 24 months
Yes, we were/are
currently under a
mandatory remediation
programme
Don't know
33%
21%
17%
8%
21%
32%
13%
32%
5%
18%
0% 5% 10% 15% 20% 25% 30% 35%
Challenges faced
Our respondents indicated that the level of enforcement
of AML / CFT measures has created challenges for even
the most sophisticated of financial institutions.
In Russia, 58% of respondents reported that the pace of
regulatory change was the most significant challenge to
ensuring compliance with AML / CFT requirements.
Globally, only 19% of respondents indicated this as a challenge.
Globally, respondents also indicated the following additional
significant challenges (which were not highlighted by
respondents in Russia): ability to hire experienced AML / CFT
staff (19% globally and only 4% in Russia) and technology
requirements (14% globally and only 4% in Russia).
Fig 24: Most significant challenge to compliance with AML/CFT
requirements
Russia Global
Fig 24: Most significant challenges to compliance with
AML/CFT requirements
58%
12%
12%
4%
4%
4%
4%
19%
13%
11%
19%
14%
8%
6%
0% 20% 40% 60%
Pace of regulatory change
Complying with AML
requirements from multiple
jurisdictions
Cost
Ability to hire experienced
AML / CFT staff
Technology requirements
Negative impact on
customers
Data privacy limitations
on information sharing
across jurisdictions
Our survey shows that the most significant challenges in regards
to organisations’ AML / CFT systems are the complexity of
implementing or upgrading systems, data quality, and
maintenance of client information in electronic formats and
monitoring systems generating large numbers of false alerts.
In Russia, the majority of respondents stated that the most
significant challenge is the complexity of implementing or
upgrading systems. This might be due to use of legacy
monitoring systems, which seem to be burdensome and
extremely expensive to run, maintain and update as local
regulatory frameworks change.
Fig 25: AML/CFT systems: most significant challenges faced
Russia Global
Fig 25: AML / CFT systems: most significant challenges faced
52%
24%
12%
4%
8%
24%
33%
23%
11%
9%
0% 10% 20% 30% 40% 50% 60%
Complexity of implementing/
upgrading systems
Data quality and maintenance
of client information
in electronic format
Monitoring systems
generating large numbers
of false positive alerts
Data privacy limitations
on information sharing
across jurisdictions
Other
30. 30 PwC
Effectiveness of methods applied
Our survey shows that Russian financial institutions more
frequently use transaction monitoring (57%) as a key method
for identifying suspicious money laundering or terrorism
financing.
Our research also indicates that internal reporting on the part
of employees of financial institutions is more frequently used
in Russia than globally (24% and 10%, respectively).
Fig 26: Methods by which suspicious activities are identified
Russia Global
Fig 26: Methods by which suspicious activities are identified
57%
50%
0% 10% 20% 30% 40% 50% 60%
Alerts from scenario-based automated systems
(transaction monitoring)
Tip-offs/leads from a Financial Crime
Intelligence Unit
Internal reporting from sales staff/relationship
managers/branch staff
Other
24%
10%
33%
14%
6%
5%
Our survey shows that organisations undertake varying
activities to reduce AML /CFT risks. The leading measures are
transaction monitoring, data validation, enhancing “know your
customer” (KYC) requirements for certain client segments, and
boosting compliance with respect to monitoring escalation and
reporting systems.
31. 31Russian Economic Crime Survey 2016
Fig 27: Measures to reduce AML/CFT risks
Fig. 27: AML/CFT risk mitigation measures
GlobalRussia
Conducted transaction monitoring
data validation
Increased KYC requirements for certain
client segments
Enhanced compliance monitoring escalation
and reporting systems
Implemented increased controls and/or
quality assurance measures
Reduced exposure by exiting high-risk
jurisdictions or client segments
68%
60%
52%
44%
24%
12%
8%
4%
4%
8%
43%
60%
55%
52%
31%
43%
15%
12%
3%
4%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Aligned people, technology or processes
to ensure a consistent global approach
Introduced data privacy limitations on
cross-jurisdictional information sharing
Reduced outsourcing/offshoring of transaction
surveillance functions
Considered relocating headquarters or certain
functions to other jurisdictions
Other
As mentioned above, financial institutions in Russia are more
focused on identification of suspicious transactions and its
further validation (68% in Russia compared to 43% globally).
We also learned there are differences in how people, technology
and processes are aligned across different jurisdictions (12% in
Russia and 43% globally). This approach has yet to be developed
in Russia.
Anti-moneylaunderingAnti-moneylaundering
32. 32 PwC
Terminology
Due to the diverse descriptions of individual types of economic
crime in the legal statutes of different countries, we have
developed the following categories for the purposes of this
survey. These descriptions were defined as such in our web
survey questionnaire.
Accounting fraud
When financial statements and/or other documents are
altered or presented in such a way so that they do not reflect
the true value or financial activities of an organisation. This
can involve accounting manipulations, fraudulent
borrowings/raising of finance, fraudulent application for
credit and unauthorised transactions/rogue trading.
Asset misappropriation, including
embezzlement/deception by employees
The theft of assets (e.g., monetary assets/cash or supplies and
equipment) by directors, persons in fiduciary positions or
other employees for their own benefit.
AML
Anti-money laundering
Bribery
The unlawful use of an official position to gain an advantage
in contravention of duty. This can involve the promise of an
economic benefit or other favour, as well as the use of
intimidation or blackmail. It can also refer to the acceptance
of such inducements. Specific examples include kickbacks,
extortion, gifts (with strings attached), facilitation payments,
etc.
Corruption
Dishonest or fraudulent conduct by those in power, typically
involving bribery.
CFT
Combating the financing of terrorism
Cybercrime
Also known as computer crime, cybercrime is an economic
offence committed using a computer and/ or Internet. Typical
instances are the distribution of viruses, illegal downloads of
media, phishing & pharming, and theft of personal
information (e.g. bank account details). This excludes routine
fraud, whereby a computer is used as a byproduct in order to
carry out a fraud, and only includes such economic crimes
where a computer, Internet or use of electronic media and
devices is the main element and not simply incidental.
Economic crime
The intentional use of deceit to deprive another of money,
property or a legal right.
Financial loss
When estimating financial losses due to fraud, participants
should include both direct and indirect losses. Direct losses
are the actual size of the fraud in question, while indirect
losses would typically include the costs involved with
investigation and remediation of the problem, penalties levied
by the regulatory authorities and litigation costs. This should
exclude any amount estimated due to “loss of a business
opportunity”.
Fraud risk assessments
Assessments are used to ascertain whether an organisation
has undertaken initiatives to specifically consider:
a. the fraud risks to which its operations are exposed;
b. an assessment of the most threatening risks
(i.e., evaluating risks for significance and likelihood
of occurrence);
c. identification and evaluation of controls (if any) that
are in place to mitigate key risks;
d. assessment of the general anti-fraud programmes and
an organisation’s control; and
e. actions to remedy any gaps in such controls.
33. 33Russian Economic Crime Survey 2016
Incentive/pressure to perform
When an individual has some financial problem that he/she is
unable to solve through legitimate means, so he/she considers
committing an illegal act as a way to solve the problem. The
financial problem may be professional (e.g., job is in jeopardy)
or personal (e.g., personal debt).
Intellectual property (IP) infringement
IP infringement covers trademarks, patents, counterfeit
products and services. This includes the illegal copy and/or
distribution of fake goods in breach of patent or copyright, as
well as creation of false currency notes and coins with the
intention of passing off as genuine.
KYC
Know your client/customer
Money laundering
Actions intended to legitimise the proceeds of crime by
disguising their true origin.
Opportunity or ability
When an individual uncovers a way where he/she can use
(abuse) his/her position of trust in order to solve a financial
problem with a low perceived risk of getting caught.
Procurement fraud
Illegal conduct by which an offender gains an advantage,
avoids an obligation or causes damage to his/her
organisation. The offender might be an employee, owner,
statutory board member, an official, a public figure or a
vendor who was involved in the purchase of services, goods or
assets for the affected organisation.
Rationalisation
When an individual finds a way to justify the crime to
himself/herself in a way that makes it an acceptable or
justifiable act.