Protecting your construction company from fraud

Fraud has long been a reality of doing business. If, however, you are aware of the common risks and red flags related to occupational fraud and implement proper controls within your business, you can significantly reduce your risk.

A recent study published by the Association of Certified Fraud Examiners (the ACFE) reports that organizations globally lose five per cent of annual revenues to occupational fraud, amounting $3.1 billion. The median loss per fraud case was more than $1.5 million.

These numbers represent a 24 per cent increase in median losses from fraud since ACFE’s 2022 report, and the first increase since its 2016 version. The pandemic played a significant part in driving this unprecedented jump. The report notes that more than half (53 per cent) of the cases had at least one pandemic-related factor, such as economic pressures, remote work, and emptier offices.

The real estate and construction industries are major targets for fraud. The ACFE found the median loss for these industries due to fraud was $200,000 and $250,000, respectively.

A 2025 Fraud Insights Report by FCT explains that construction companies are especially vulnerable to cyber attacks for three key reasons:

1. high volume and high value transactions
2. complex supply chains that connect with multiple contractors, vendors, and third-party service providers
3. long bureaucratic approval processes

The top three prevalent fraud risks in construction are billing, corruption schemes, and cheque tampering. With advances in technology, not only are these risks increasing, but newer tools such as AI and cryptocurrency are also creating opportunities for more sophisticated fraud incidents. At the same time, technological advances also provide organizations with more effective tools to combat fraud.

Billing

Billing fraud is a misappropriation of a company’s cash by way of a fraudulent disbursement. There are primarily three specific types of billing fraud schemes: shell companies, non-accomplice vendors, and personal purchases.

Public Services and Procurement Canada (PSPC), for example, reports that as of November 6, 2024, it had referred seven cases to the RCMP for criminal investigation, three of which were fraudulent billing schemes undertaken by subcontractors working federal contracts awarded to prime contractors.

A Mississauga-based general contractor faced a five-year suspension for overbilling the City of Toronto for its work, after it was already serving a six-month suspension for contravening the City’s supplier code of conduct.

Billing fraud can be combatted by adhering to – and not deviating from – the approved vendor list, as well as management review and verification of vendors before payments are issued. Project managers must investigate budget overruns and unexplained increases in purchased quantities. A manual or computer software-assisted review for suspicious mailing addresses, PO box numbers, out-of-sequence invoice numbers, and duplicate invoice numbers should be conducted on a periodic basis.

For example, if an analysis of excessive expenses uncovers invoices from one or more vendors for vague or non-descript products or services, then you might be the victim of billing fraud. Watch for entries like “consulting fee” or “special commission” on the invoices, particularly if they are not easily explained.

Corruption schemes

In a corruption scheme, an employee misuses their influence in a business transaction in a manner that violates their duty to the employer, resulting in a direct or indirect benefit.

Forms of corruption fraud include conflicts of interest (purchasing and sales schemes), bribery (invoice kickbacks and bid rigging), illegal gratuities, and economic extortion.

In a recent Supreme Court of Canada case, two family-owned construction companies working on large-scale construction projects fraudulently used a false invoicing scheme to take millions of dollars from the companies. They created fake invoices from fake suppliers for services that were never provided, directing the construction companies to pay them.

Controls should include reference checks for new vendors, and an established (and never-deviated-from) process to review bids. For example, competitors in the same market could potentially collude to defeat competition or artificially raise the prices of goods and services. A winning bidder sub-contracting work to a losing bidder may be an indicator of bid-rigging.

Cheque tampering

The third most prevalent fraud risk in the construction industry is cheque tampering. It can take the following forms:

• Forged maker: the cheque signature is forged
• Forged endorsement: the perpetrator intercepts the cheque and forges an endorsement
• An altered payee: the fraudster intercepts the cheque and converts the payee to self, another company, a relative, etc.
• An authorized maker: an authorized employee fraudulently writes a company cheque out to themselves
• Concealed cheques: fraudulent cheques are submitted for signing and included with legitimate cheques

In January 2024, the owner of a Toronto construction company was charged with allegedly using fraudulent bank drafts when purchasing construction materials, then selling them to third parties at discounted rates. As a result, the original sellers lost an estimated $600,000.

Smaller organizations can protect themselves from cheque tampering by implementing basic controls, such as never signing blank cheques, as well as carefully reviewing invoices and original supporting documents. In addition, blank cheques should be locked away when they are not in use by your company’s designated cheque issuers. If the bank statements are sent to the office, and you suspect fraud, you could have the bank statements sent to your home address for a few months to ensure they are not intercepted at the office by fraudsters.

If you are part of a larger organization, you will want to ensure appropriate segregation of duties, as well as proper controls and a review process to monitor inconsistencies.

Emerging fraud trends

The FCT report notes that times of economic uncertainty generally carry a higher risk, adding that new fraud trends are gaining ground by cybercriminals.

Email account hacking of wire transfers for one is becoming more prevalent. In those instances, fraudsters are leveraging compromised information from organizations’ internal systems, sending faked versions of emails to redirect funds.

Cybercriminals recently stole $6 million from a construction firm in Texas through business email compromise (BEC) scams. The cybercriminals hacked into the email account of a vendor, sending a fraudulent email disguised as the vendor requesting a change in bank details. The payment sent to the fraudulent account was then dispersed through multiple accounts overseas.

AI tools are also expected to play a role in areas such as mortgage title fraud.

ACFE also points to cryptocurrency as an emerging area of concern. In the study, 47 per cent of the cases involved the conversion of stolen assets into cryptocurrency, while 33 per cent involved bribery or kickback payments made to a co-conspirator. While it currently represents four per cent of fraud cases, the numbers will grow.

How can you help catch fraud?

In the ACFE study, the lack of internal controls was rated the most important contributing factor for fraud, followed by fraudsters overriding existing internal controls, and a lack of management review.

Providing individuals with a means to report suspicious activity is a critical part of a successful anti-fraud program. For larger organizations, fraud reporting mechanisms such as hotlines can be set up to receive tips from both internal and external sources. To be successful in combating fraud, reporting mechanisms must preserve the anonymity of tipsters and the confidentiality of reported information. Management should actively encourage employees to report suspicious activity, as well as enact and emphasize an anti-retaliation policy.

Occupational fraud is more likely to be detected by a tip than by any other method. The majority of tips reporting fraud come from employees. Therefore, even the most subtly expressed tip should be taken seriously and followed up. If employees are aware that there are processes in place to investigate and reduce fraud, they are more likely to report suspicious activity.

Look out for red flags

In 92 per cent of ACFE cases, the fraudster displayed one or more behavioral red flags, such as:

• Living beyond their means
• Financial difficulties
• Unusually close associations with vendors/customers
• Excessive control issues
• Unwillingness to share duties

In summary, proactively monitoring and analyzing data (including bank statements, reconciliations, and budgets-to-actuals), detecting red flags, and following up on tips will reduce fraud and the resulting financial losses that could occur within your company.