Ukraine

Global EconomicCrime Survey

Cybercrime in thespotlight

3, 877 respondents fromorganisations in78 countries provide aglobal picture of economiccrime

December 2011

www.pwc.com/ua

Global Economic Crime Survey December 2011

Executive summary 3

Cybercrime in the spotlight 4

Overview of fraud in Ukraine 9

Terminology 15

Contacts 16

Contents

3

Executive summaryEconomic crime does not discriminate. It affects organisations all over the world, and no industry ororganisation is immune. The fallout cannot be measured simply by the direct costs, as economic crime canseriously damage brands or tarnish a reputation, leading organisations to lose market share. As societybecomes less tolerant of unethical behaviour, businesses need to make sure they’re building – and keeping –the public’s trust.

This year’s Economic Crime Survey turns the spotlight on to the growing threat of cybercrime. Today, mostpeople and businesses rely on technology, including the Internet. In doing so, they are opening themselvesup to potential attacks from criminals anywhere in the world. Against the backdrop of data losses and theft,computer viruses and hacking - our survey looks at the significance and impact of this new type of economiccrime and how it affects businesses worldwide.

The survey was designed to seek the respondents’ views on economic crime in general, and to spot long-termtrends and questions specifically related to cybercrime, the threats posed by cybercrime, and howorganisations work to counter any cyber attacks.

This year’s report is divided into two sections:

1. Cybercrime – its impact on organisations, their awareness of the crime, and what they are doing tocombat the risks.

2.Fraud, the fraudster and the defrauded – types of frauds committed, how fraud is detected, who commitsfraud, and the repercussions for those who are caught.

This is the sixth time that the Global Economic Crime Survey has been administered globally and the secondtime in Ukraine.

Almost 4,000 respondents from 78 countries completed it globally. Of the total number of globalrespondents, 53% were directors or senior executives of their respective organisations, 36% representedlisted companies and 38% represented organisations with more than 1,000 employees.

The number of participants from Ukraine increased by 23% in comparison to last survey and included 84Ukrainian senior executives and managers representing 13 industries.

Key findingsCybercrime in Ukraine

Cybercrime has become one of top five economic crimes in Ukraine. Every 3rd respondent (37%) believes that the risk of cybercrime has increased over the past 12 months. More than 25% of organisations do not have adequate cybercrime incident response

mechanisms/policies. 46% of respondents have not received any training related to cyber security during the last 12 months. 58% of respondents in Ukraine report that their organisations do not monitor the use of social media

sites.

Economic crime in Ukraine

36% of organisations had experienced economic crime in the past 12 months Every 3rd organisation does not perform risk assessments. Assets misappropriation (73%), bribery and corruption (60%) remain the most common types of crime in

Ukraine. The number of internal frauds has increased significantly (by 22%) since 2009. The majority of Ukrainian respondents who faced economic crime estimated losses up to $5m. 40% of crimes are committed by senior management Every 5th organisation that has suffered from economic crime has not taken any actions against an

internal perpetrator of fraud.

Global Economic Crime Survey December 2011

Cybercrime in the spotlighton the market, or a patent based

on their research and

development is registered byanother organisation.

Warfare. This can take place

between states, or may involve

states attacking private sector

organisations, especially critical

national infrastructure such as

power, telecoms and financialsystems.

Terrorism. This threat overlaps

with the warfare threat. Attacks

are undertaken by terrorist

groups (possibly state-backed),

again targeting either state or

private assets, and often criticalnational infrastructure.

Activism. This may again

overlap with some other

categories, but the attacks are

undertaken by supporters of an

idealistic cause.

There is no globally acceptedstandard definition ofcybercrime available. Theimplication of not having aclear-cut definition is that iforganisations do not know aboutthe dangers, it’s harder to detectand combat cybercrime –essentially, if the “concept of theenemy” is blurred, any efforts tofight them might prove futile.

Is cybercrime therefore simply ameans by which a criminalcommits an illegal act, or is it aneconomic crime in its own right?

Should organisations takespecific measures over andabove other fraud preventionand detection methods tomanage this risk?

Our 2011 survey takes a closerlook at these issues.

In PwC’s view, there are fivemain types of cyber attacks, eachwith its own distinct – thoughsometimes overlapping –methods and objectives. Theyare:

Financial crime and fraud. This

involves criminals – often highly

organised and well-funded –

using technology as a tool to

steal money and other assets.

Espionage. Today, an

organisation’s valuable

intellectual property includes

corporate electronic

communications and files as

well as traditional intellectual

property such as research and

development outputs. Theft of

intellectual property is a

persistent threat, and the

victims may not even know it

has happened – until knock-offproducts suddenly appear

Due to the ambiguitysurrounding thedefinition of cybercrimeand what it constitutes,organisations may not befully aware of the risksassociated with fraud,and find it difficult todetect and combat

1 As defined in the Global Economic Crime Survey 2011 by PwC in conjunction with our survey academic partner, Professor Peter

Sommer.

For the purposes of our survey questionnaire, Cybercrime was formally defined as follows:

“Cybercrime, also known as computer crime, is an economic offence committed using the

computer and Internet. Typical instances of cybercrime are the distribution of viruses, illegal

downloads of media, phishing, pharming and theft of personal information such as bank account

details. This excludes routine fraud whereby a computer has been used as a by product in order to

create the fraud, and only includes such economic crimes where a computer, the Internet or the use

of electronic media and devices is the main element and not an incidental one”1.

5

Cybercrime ranked as one ofthe top 5 frauds in Ukraine

In previous editions of theGlobal Economic Crime Survey,we asked respondents abouttheir experiences involvingcybercrime. Since the reportedcybercrime levels werestatistically insignificant, theresults were not presentedseparately in our 2009 survey.

Given the increasing concernsaround cybercrime, we focusedon this fraud activity in 2011 andreintroduced it in questionsregarding the different types offraud, asking the respondentswhether they had experiencedcybercrime in the past 12months.

More than one third (37%) ofUkrainian respondents said theyperceive the risk of cybercrimeto be on the rise, while only 4%indicated a decrease. Theremainder (59%) believe that thesituation has not changed.

The increasing risk ofcybercrime can be explained inthe following ways:

Increased media attentionaround recent cybercrimecases, leading to a heightenedawareness of this type offraud. Organisations may haveput extra controls in place todetect and report sucheconomic crimes;

Due to the ambiguity aroundthe definition of cybercrimeand what it constitutes, therespondents may have re-classified some of the moretraditional types of economiccrimes as cybercrime becausethese were committed throughthe use of a computer,electronic device or theInternet;

Increased focus fromregulators;

Advancements in technologymay have made it easier tocommit cybercrimes.

Cybercrime is ranked as one ofthe top five types of economiccrime in Ukraine (see Figure 1).The other four are: assetmisappropriation, bribery andcorruption, anti-competitivebehaviour and accounting fraud.

This year’s survey shows thatcybercrime represents 23% offrauds reported globally, and17% in Ukraine. Currentinformation security trendsindicate that cybercrime attacksare becoming moresophisticated and harder todetect and prevent, resulting inmuch greater damage.

Emerging risk or existingand growing fraud?

Not all of the five main types ofcyber attack that werepreviously defined are commonin Ukraine, however it is clearthat the threat of cybercrime hasbecome a real issue that mayimpact Ukrainian organisations.

23%

7%

24%

24%

72%

17%

23%

30%

60%

73%

% 10% 20% 30% 40% 50% 60% 70% 80%

Cybercrime

Anti-competitive behaviour

Accounting fraud

Bribery and corruption

Asset misappropriation

Ukraine Globally

Figure 1: Top five types of economic crime reported in Ukraine and globally in 2011

Respondents who experienced economic crime in the last 12 months

Global Economic Crime Survey December 2011

More than half (53%) ofrespondents in Ukrainementioned that externalcybercrime threats come fromwithin the country. Customersand vendors were commonlyreported as key externalperpetrators. Still, over 40% ofsurvey participants believe thatthreats come from both insideand outside the country of theiroperations.

The top three countries reportedin Ukraine as the likely home ofcybercrime threats are HongKong (and China), Russia andthe USA. However, a significantnumber of Ukrainianorganisations considercybercrime threat comes fromUkraine as well as from othercountries.

Globally the statistics are similarto the Ukrainian results, as thefollowing six countries areperceived to be the likely homeof cybercrime: Hong Kong (andChina), India, Nigeria, Russia,Ukraine and the USA1.

Where does the internalrisk reside?

In Ukraine, the InformationTechnology (“IT”) department ofan organization is considered tobe the most risky in terms of theinternal cybercrime threat –according to 67% ofrespondents. This is notsurprising, as they expect that ITpersonnel have the necessaryskills and access to commit thesecrimes (e.g. extra administrativerights to access systems and theability to delete audit trails,making it harder to detect theirwrongdoing, etc.).

However, it is interesting thatrespondents also perceive otherdepartments (Finance – 47%,Marketing and Sales – 37%,Legal – 27%, Operations – 22%)as potential sources ofcybercrime threats, as well asrepresentatives of the seniorexecutive level (29%). Similarresults are observed globally.

Respondents believe that therisk of cybercrime is least likelyto come from the Informationand Physical Security (16%) andHuman Resources (10%)departments – howeverorganisations should not ignorethese departments, ascybercrime can happenanywhere.

Is cybercrime an externalthreat?

36% of respondents in Ukrainefeel that cybercrime is anexternal threat, another 34%would treat it as both an internaland external threat, and the 24%state that it is internal.

Such results differ from thosereported globally, where 46% ofrespondents recognise the riskof cybercrime coming mainlyfrom external fraudsters,whereas crimes committed frominside the organisation accountfor 13% and 29% believe thefraud comes from bothinternally and externally.

Where does it come from?

We asked organisations if theythought the risk of externalcybercrime mainly came frominside their own country or fromother nations.

Perceive the risk of cybercrime as an external threat

Perceive the risk of cybercrime is an internal threat

1 Countries are listed in alphabetical order

24%

36%

The reality is that cybercrime is a realglobal threat that can come fromanywhere in the world, and it is notrestricted by jurisdictional boundarieslike many other conventional crimes

7

How to reduce the risk?

Given that people think thatcybercrime is on the rise, it isworrying to learn that 46% ofrespondents in Ukraine and 42%globally have not performed anycyber security training for theiremployees in the past 12 months– which would suggest that theyare potentially unaware of therisks that cybercrime presents totheir organisation.

How efficient are trainings toprevent cybercrime?

We asked people what training, ifany, they have had. Only one insix respondents who have hadtrainings – received them face-to-face. 62% received other kinds oftrainings such as e-learnings,email announcements, etc.

It is not surprising that there is solittle face-to-face training, as it isgenerally time consuming andmore costly. However 56% of

While social media sites may not be the real source of cyber economic

crime, they can be used to socially engineer cyber economic crime to

be more effective.

This media can make phishing attacks more effective. For example,

social media sites can be used to collect information about a targeted

individual (also known as spear fishing), to research certain staff

members, or to install malware onto the user’s computer, making the

cybercrime more effective.

Is there any danger in socialmedia sites?

58% of respondents in Ukraineand 60% globally stated theirorganisation does not monitor theuse of social media sites, or thatthey are not aware of suchmonitoring. This is startlingbecause these sites can present bigsecurity risks if employees abusethem.

The younger generation typicallyuses social media extensively, andthere is considerable peer andsocial pressure to shareinformation with others –therefore, not monitoring thesesites may create potential issuesfor organisations from acybercrime perspective.

However, one needs to add thatthis generation grew up withsocial media sites, and sharingpersonal information has becomethe norm for the wholegeneration.

Organisations need to be awarethat the younger generation mighthave a very differentunderstanding of the risks suchsites pose, and hence need to beeducated accordingly.

respondents said that face-to-facetrainings are the most effectiveform when it comes to cybercrimeawareness.

What if a crime occurs?

The top three reactions ofUkrainian organisations inresponse to a potential cybercrimewould be: Consult internally with

experienced staff to resolve thematter;

Consult with experts who areexternal to the firm; and

Inform law enforcement.

The most common actions takenagainst external perpetrators offraud were informing lawenforcement and notifying therelevant regulatory authorities aswell as proceeding with civilactions, including recoveries andcessation of the businessrelationship.

Identified internal perpetrators offraud were fired in the most cases(73%).

58% of respondents statedthat their organisation doesnot monitor the use of socialmedia sites, or they are notaware of it

Global Economic Crime Survey December 2011

Cybercrime is more thanjust an IT issue

Traditionally, cyber security hasbeen perceived as an IT issue,creating a communication gapbetween business managers andsecurity professionals.

PwC’s Global State ofInformation Security Survey2011 confirms that cybersecurity is not only a technicalissue, but a core businessimperative.

We asked organisations whoshould ultimately be responsiblefor dealing with cybercrimethreats. More than half of therespondents (67%) pointed tothe Chief Information Officer(CIO) or Technology Director;

How to defend?

1. Get the CEO involved – the CEO and the Board need to be aware ofthe cyber threats. Top management needs to understand the risks ofthe cyber world.

2. Reassess the security function – unlike traditional ‘economiccrimes’, cybercrime is fast paced with new risks constantly emerging,which means an organisation need to continually adapt itsprocedures.

3. Awareness – organisations need to have a clear awareness of itscurrent and emerging cyber environment. If this is in place, well-informed and prioritised decisions and actions can be taken

4.Create a cyber incident response team – which needs to act withspeed and agility. A well functioning cyber response team means anincident that is spotted anywhere in the business will be tracked, therisk assessed, and the threat negated.

5.Educating all employees – organisations need to embed a ‘cyberawareness’ culture, through recruiting those with the relevant skills sothat this knowledge can be shared with all employees, creating a cyberaware organisation which is better able to protect itself.

6. Take a more active and transparent stance towards cybercrime –respond by pursuing cybercrime perpetrators through legal means,and communicate more publicly regarding the actions thatorganisation is taking regarding the threats, incidents and responses.

What are the responses fromorganisations?

As we saw earlier, nearly half ofrespondents who had experiencedeconomic crime in the past 12months said they perceive the riskof cybercrime to be growing.

Based on reported frauds,cybercrime ranks in the top fivetypes of fraud. A large number ofUkrainian organisations (50%) areaddressing fraud risks byintroducing in-house capabilitiesto prevent, detect and investigatecybercrime.

Also, organisations based inUkraine tend to engage with anexternal consultant once anincident has occurred (57%),compared to only 21% oforganisations that prefer topreventatively engage externalconsultants.

Table 1: Cybercrime incidentresponse mechanisms used byorganisations in Ukraine in 2011

In-house capabilities toprevent and detectcybercrime

51%

In-house capabilities toinvestigate cybercrime

50%

Involvement of Forensictechnology investigators

45%

Media & PRmanagement plan

38%

% of all respondents

Executive recognition of the strategic value ofsecurity is now more closely aligned withbusiness than with IT

only 13% suggested the ChiefExecutive Officer (CEO) or theBoard. This suggests that,whether or not the CIO sits onthe Board, they do not shareultimate responsibility with theCEO or the board as a whole.

Only 20% of respondents saidthat the CEO and the Boardreview these risks at least once ayear, and more than quarter(32%) said that they only reviewthem on an ad hoc basiscompared to 25%, who do notperform assessments at all.

We would expect the CEO andthe Board to understand andinvestigate cybercrime riskrelated matters on a regularbasis.

9

Overview of fraud in UkraineAs a result, the organisationsperforming regular riskassessments report more fraudwith a higher frequency of itsoccurrence.

However, we expect executivesto know about these crimes.Happily, in 2011 executives arebetter informed about fraudinstances in their organisationsthan in 2009: only 10% ofrespondents who did not know iftheir organisations faced fraudrisks were senior executives,compared to 55% in 2009.

In order to ensure that abusiness operates efficiently,organisations need to pay moreattention to anti-fraud and riskmanagement procedures.

36% of respondents in Ukrainereport that they haveexperienced at least one instanceof economic crime in the past 12months. This is higher thanfigures reported globally (34%),but lower than indicatorsreported in 2009 (45%).

We may assume that the resultsof the 2009 survey were affectedby the economic recession,which was followed by increasedinstances of fraudulent activity.

We believe that the decreasereported by Ukrainianorganisations for fraud in 2011 isexplained by a low detection raterather than an actual decrease offraud cases.

To determine this, we comparedthe level of reported fraud byorganisations which performregular risk assessments withthose that do not assess fraudrisks regularly.

Organisations performingregular risk assessments,report more fraud and ahigher frequency of itsoccurrence

Fraud by ownership type

The majority of survey participantsin Ukraine represent privateorganisations (69%) and publiclylisted organisations (24%).

Governmental, state-owned andnon-profit organisations, whichrepresent 7% of the surveyparticipants, confirmed that theyeither have not experiencedeconomic crime during past 12months, or are not aware of suchinstances.

However, private organisations arealmost 3 times more likely to faceeconomic crime than publiclylisted organizations. The mostcommon types of fraud withprivate organisations are: Assets misappropriation (31%), Bribery and corruption (29%),

and Accounting fraud (14%).

Publicly listed organisations areprimarily affected by: Assets misappropriation (37%), Bribery and corruption (21%),

and Cybercrime (16%).

36% of organisationsin Ukraine haveexperiencedeconomic crime inthe past 12 months

Global Economic Crime Survey December 2011

3%

3%

7%

13%

17%

23%

30%

60%

73%

10%

7%

14%

14%

7%

28%

59%

59%

% 20% 40% 60% 80%

Money laundering

Insider trading

Tax fraud

IP infringement

Cybercrime

Anti-competitive behaviour

Accounting fraud

Bribery and corruption

Asset misappropriation

2009 2011

Such a significant number ofreported fraud instances mayalso mean that these are notonly the most popular types offraud, but also that this type offraud is easier to detect than theother types.

Instances of “assetsmisappropriation” and “anti-competitive behaviour”increased almost by 15%compared to 2009. Meanwhile,“bribery and corruption” and“accounting fraud” stayed at thesame level.

These changes force those whowish to commit fraud to developnew and more sophisticatedways to commit their crimes andremain undetected. Nowadays,these individuals are wellequipped technically, whileinternal investigators are onlystarting to develop in-housemechanisms for prevention andinvestigation. The economicslowdown makes organisationsreluctant to spend funds on in-house services such as audit orinternal forensics.

What types of fraud areorganisations facing inUkraine?

Economic crimes can take onmany different forms, with somebeing more common and morepersistent than others. In 2011,the most widespread type ofcrime in Ukraine was assetsmisappropriation (73%), followedby bribery and corruption (60%),and accounting fraud (30%).

Survey results indicate thatUkrainian organisations suffermuch more from “bribery andcorruption” and “anti-competitivebehaviour” than other countriesin Central and Eastern Europeand globally (see Table 2).

Table 3: Fraud indicated in2011 by the size oforganisations in Ukraine

Up to 200employees

27%

201 to 1,000employees

30%

1,001 to 5,000employees

23%

More than 5,000employees

20%

% respondents who experienced

economic crime in the last 12 monthsTable 2: Types of fraud in Ukrainewhich significantly differ fromCEE and globally in 2011

Briberyandcorruption

Anti-competitivebehavior

Ukraine 60% 23%

CEE 36% 12%

Globally 24% 7%

% respondents who experienced

economic crime in the last 12 months

Figure 2: Types of fraud incidents in 2009 and 2011

Does the size of theorganisation matter?

This year’s results show that allUkrainian organisations (nomatter their size) suffer equallyfrom economic crimes.

% respondents who experienced economic crime in 2009 and 2011

11

13%

25%

29%

36%

40%

43%

50%

0% 20% 40% 60%

Professional services

Manufacturing

Insurance

Retail and consumer

Communication

Energy, utilities andmining

Financial Services

What industries are the mostaffected?

This year’s survey representsviews of representatives frommore than 13 different industries.Financial services, retail andconsumer, manufacturing andprofessional services representmore half (63%) of all surveyparticipants both in Ukraine andworldwide.

Every 2nd respondent working infinancial services, energy, utilitiesand mining experienced economiccrime during the last 12 months.

Comparing incidents of crime byindustries, we note an increase infraud in the retail and consumerindustry by 6%, and 5% in thefinancial services in 2011.

Table 4: Types of fraudUkrainian organisationsanticipate will occur in thefuture

Bribery and corruption 42%

IP infringement 36%

Assets misappropriation 35%

Accounting fraud 25%

Cybercrime 25%

Anti-competitive behavior 24%

Money laundering 17%

Tax fraud 14%

Insider trading 12%

Espionage 10%

% all respondents

Future expectations

Despite a decrease of 9% in thelevels of bribery and corruptionreported, more than 40% ofUkrainian respondents areexpecting its occurrence withinthe next 12 months. Two otherleading types of fraud areexpected to be IntellectualProperty infringement (36%) andassets misappropriation (35%).

Organisations globally expect anincrease in assetmisappropriation (34%),cybercrime (26%) and briberyand corruption (23%).

Figure 3: Fraud reported by industry segment in Ukraine in 2011

More than 40% ofrespondents inUkraine expectincidents ofbribery andcorruption withinthe next year

% respondents from particular industry who experienced fraud in the last 12 months

Global Economic Crime Survey December 2011

The average perpetrator ofinternal fraud in Ukraine ismale, degree universitygraduate, 31-50 years old, whohas been employed with theorganisation for a period of 3 to10 years.

Both in Ukraine and globally,the main perpetrator of externalfraud is a customer (43% forUkraine and 35% globally).Other external fraudstersinclude agents andintermediaries (14%) andvendors (14%).

One of the key fraud preventiontechniques is to know who youare doing business with. Thus,know your customer, vendor,and agent due diligences arebecoming more recognised as acritical element of any riskreduction program.

Portrait of a Fraudster

This year, organisations equallysuffer from both internal andexternal fraudsters, though since2009, the number of seriouseconomic crimes committed byinternal offenders increased by22%.

A very typicalperpetrator of fraudworldwide is the so-called ‘white-collarcriminal’.

A white-collar criminalis a 30+ years old maleindividual, with apostgraduate education,having goodpsychological healthand a stable familysituation.

The majority of internal fraudstersin Ukraine are representatives ofsenior (40%) and middlemanagement (40%). To compare,60% of internal crimes globallyare performed by middlemanagement and junior staff.

Table 5: Perpetrators of fraud

2011 2009

Internal fraudsters 56% 28%

External fraudsters 40% 72%

Don’t know 3% 0%

% respondents who experienced

economic crime

14%

40%

18%

88%

42%

40%

41%

13%

42%

20%

39%

0% 20% 40% 60% 80% 100%

Ukraine (2009)

Globally (2009)

Ukraine (2011)

Globally (2011)

Senior management Middle management Junior staff members

Figure 4: Main perpetrators of internal fraud in Ukraine and globally

40% of crimes inUkraine are committedby senior management

Respondents who experienced economic crime in 2009 and 2011

13

Cost of collateral damage

The financial losses are just oneaspect of the damage thatorganisations face fromfraudulent activities, and mightbe far from the most important.The collateral damage suffered,and its impact on thereputation/brand, share price,employee morale, businessrelations, and relations can be asignificant cost to any business.

Of those who had experiencedeconomic crime as a result offraud this year, 23% reporteddamage to employee morale,17% noticed damage to theorganisation’s brand, 13% torelations with regulators andanother 13% to businessrelations.

Even though these figures areconsistent with similar resultsreported by organisationsglobally, collateral damage issignificantly lower in 2011compared to 2009, whenemployee morale damage

6%

7%

38%

48%

3%

10%

47%

40%

% 10% 20% 30% 40% 50% 60%

Don't know

5 million to 100 million US dollars

100,001 to 5 million US dollars

Less than 100,000 US dollars

Ukraine Globally

How much does fraud costorganisations?

The majority of those respondentswho said they had experiencedeconomic crime in the last 12months reported losses up to$5m. The top three mostexpensive types of fraud were alsothe most common types,including assetsmisappropriation, bribery andcorruption and accounting fraud.Comparing 2011 with 2009, thereis a noticeable increase in boththe frequency and cost of thesetypes of fraud.

Cases of fraud committed by

employees are usually more

expensive for organisations than

frauds committed by external

parties i.e. customers, vendors or

agents.

The cost of crime increases withthe fraudsters’ age. For example,the more expensive crimes(between $5m and $100m) werecommitted by individuals olderthan 50 years old.

accounted for 34%, damage torelations with a regulator for34%, 28% for damaged businessrelations, and 14% for damage toa brand.

Figure 5: Financial losses from economic crimes in Ukraine and globally in 2011

Table 6: Comparison of collateraldamage in Ukraine in 2009 and2011

2011 2009

Relations withregulators

13% 34%

Employee morale 23% 34%

Business relations 13% 28%

Reputation/brand 17% 14%

Share price 7% 1%

% respondents who experienced

economic crime

The low indicators of collateraldamage in 2011 are surprising.Fraud is become to be viewed asan inherent feature of doingbusiness in Ukraine, which leadsorganisations down a worryingpath where the organisationsthemselves provide a rational forpotential fraudsters, andtherefore increase theprobability of fraud.

The majority of Ukrainian respondentsthat experienced an economic crime in thelast 12 months estimated losses up to $5m

% respondents who experienced economic crime in the last 12 months

Global Economic Crime Survey December 2011

What actions are taken byorganisations against thefraudsters?

73% of perpetrators of internalfraud were dismissal and facedcivil actions, including recoveries.Notably, organisations have takenno action in 20% of incidents. In2009, this figure was only 3%, sothe increase represents a worryingstatistic.

In some organisations there seemsto be complacency or a wish to dealwith fraud in a low-key way. Wequestion this approach. Is it rightto keep the fraudster in theorganisation and to run the riskthat they might do it again? Wethink organisations should show‘zero tolerance’ towards fraud, andto set the right tone by dealing withthe fraudster officially, and byinvolving outside authorities.

How do organisationsdetect fraud?

Fraud detection refers to allmethods employed byorganisations to find out if aneconomic crime has beencommitted. In 2011, Ukrainianrespondents indicate that thefollowing methods are the mosteffective for revealing fraud.

In Ukraine the majority ofcrimes are detected with thehelp of Corporate Security. Only6% of frauds are identified byInternal Audit. The globalresults show a completelyopposite situation.

It is also worth mentioning that27% of respondents were notaware of the way fraud wasinitially detected, compared to10% globally. This means thatorganisations in other countriesmaintain a higher level ofawareness about anti-fraudprograms.

More than half of surveyparticipants (54%) do not use awhistle-blowing system.However, 82% of those whoemployed such a systemconsider it to be effective.

The following actions have beentaken by Ukrainian organisationsagainst external fraudsters:

• Informing law inforcement(71%);

• Civil actions, includingrecoveries (64%);

• Cessation of the businessrelationship (57%); and

• Notification of the relevantregulatory authorities (43%).

These figures coincide with theglobal statistics, as well as withthe results of the 2009 survey.

It is worrying that 43% said theirorganisation still has a businessrelationship with a fraudster–perhaps highlighting somefundamental concerns regardingthe culture of the organisation.

One out of every fiveinternal fraudstersdid not face anypunishment

27%

17% 17%

10%

7% 7%

3% 3%

9%10%

6%

11%

18%

10%

2%

14%

8%

21%

%

5%

10%

15%

20%

25%

30%

Don't know Corporate security(incl. IT and

physical security)

Tip of f(internal) Suspicioustransactionreporting

Fraud riskmanagement

By lawenforcement

Internal audit By accident Other

Ukraine Globally

Figure 6: Fraud detection methods used in Ukraine and globally in 2011

% respondents who experienced economic crime in the last 12 months

15

Terminology

Cybercrime incident response

mechanism

This would typically include in-house

technical capabilities to prevent, detect

and investigate cybercrime, access to

forensic technology investigators, media

and PR management plan, controlled

emergency network shut down procedures,

etc.

Economic crime or fraud

The intentional use of deceit to deprive

another of money, property or a legal right.

Espionage

Espionage is the act or practice of spying

or of using spies to obtain secret

information or using technology to act on

your behalf as a spy.

Fraud risk assessment

Fraud risk assessments are used to

ascertain whether an organisation has

undertaken an exercise to specifically

consider:

(i) The fraud risks to which operations

are exposed;

(ii) An assessment of the most

threatening risks (i.e. evaluate risks

for significance and the likelihood of

occurrence);

(iii) Identification and evaluation of the

controls (if any) that are in place to

mitigate the key risks;

(iv) Assessment of the general antifraud

programmes and controls in an

organisation; and

(v) Actions to remedy any gaps in the

controls.

Insider trading

Insider trading refers generally to buying

or selling of a security, in breach of a

fiduciary duty or other

relationship of trust and confidence,

while in possession of material, non

public information about the

security. Insider trading violations

may also include ‘tipping’ such

information, securities trading by the

person ‘tipped’, and securities trading

by those who misappropriate such

information.

Intellectual Property

infringement (including

trademarks, patents,

counterfeit products and

services)

This includes the illegal copying

and/or distribution of fake goods in

breach of patent or copyright, and the

creation of false currency notes and

coins with the intention of passing

them off as genuine.

Money laundering

Actions intended to legitimise the

proceeds of crime by disguising their

true origin.

Senior executive

The senior executive (for example the

CEO, Managing Director or Executive

Director) is the main decision maker

in the organisation.

Sustainability activities

Includes activities such as carbon

credit trading (buying and selling

carbon credits), or engaging in

projects which create carbon

emissions offsets.

Sustainability fraud

Fraud in relation to sustainability

activities (refer to sustainability

activities) such as carbon trading

markets, environmental claims or

statutory declarations.

Due to the diverse descriptions of

individual types of economic crime in

the legal statutes of different

countries, we developed the following

categories for the purpose of this

survey. These descriptions were

defined in the web survey to assist

respondents in completing the survey.

Accounting fraud

Financial statements and/or other

documents are altered or presented in

such a way that they do not reflect the

true value of the financial activities of

the organisation. This can involve

accounting manipulations, fraudulent

borrowings/raising of finance,

fraudulent application for credit and

unauthorised transactions/rogue

trading.

Anti-competitive behaviour

Includes practices that prevent or

reduce competition in a market such

as cartel behaviour involving collusion

with competitors (for example, price

fixing, bid rigging or market sharing)

and abusing a dominant position.

Assets misappropriation

(including

embezzlement/deception by

employees)

The theft of assets (including

monetary assets/cash or supplies and

equipment) by directors, others in

fiduciary positions or an employee for

their own benefit.

Corruption and bribery

(including racketeering and

extortion)

The unlawful use of an official position

to gain an advantage in contravention

of a duty. This can involve the

promise of an economic benefit or

other favour, or the use of

intimidation or blackmail. It can also

refer to the acceptance of such

inducements.

Global Economic Crime Survey December 2011

Contacts

PwC provides industry-focused assurance, tax and advisory services to build public trust and enhance value forour clients and their stakeholders. More than 169,000 people in 158 countries across our network share theirthinking, experience and solutions to develop fresh perspectives and practical advice. You can find out moreinformation by visiting www.pwc.com.

Forensic services

With the largest network of forensic services practices in the world, spanning 63 countries and employing over1,400 advisors, PwC firms can draw on a vast experience of dealing with difficult situations across a broadspectrum of industries in many jurisdictions.

Our fast-growing Forensic services practice in CEE employs over 70 professionals, including accountants,economists and IT professionals.

Our services include:

• Investigations• Fraud risk management• Commercial disputes• International arbitration• Transaction and shareholder disputes & investigations• Forensic technology solutions• Intellectual property services• Licensing management services• Insurance claims services• Anti-money laundering services• Capital project services• U.S. regulatory investigations and securities litigation

Forensic services team

Rafal Krasnodebski

Partner

Advisory services

rafal.krasnodebski@ua.pwc.com

Irina Novikova

Partner

Forensic services in Russia

irina.n.novikova@ru.pwc.com

Gennadiy Chuprykov

Senior Manager

Forensic services leader forUkraine

gennadiy.chuprykov@ua.pwc.com

Victoriya Tsytsak

Manager

Forensic services in Ukraine

victoriya.tsytsak@ua.pwc.com