Internal fraud continues to plague Asian businesses at alarming rates, despite better governance and technology. According to a recent study, 58% of Asia-Pacific organisations saw an uptick in fraud cases, with each Singapore dollar lost costing nearly four times more after factoring in recovery, legal and internal investigation expenses.
The most prevalent ‘traditional’ schemes are asset misappropriation, corruption and falsified accounts, illustrated by a number of high-profile cases that are currently ongoing in South-East Asia. ‘In industries where segregation of duties is weak, employees can exploit structural gaps to bypass or override controls,’ says Wallace Lee, financial advisory partner (forensic services) at Forvis Mazars Singapore.
‘General user awareness levels are neither sufficiently high nor up to date’
‘The risk is further amplified when internal controls are not regularly tested, reviewed and updated, particularly during periods of organisational change such as restructuring, rapid expansion, remote work environments or leadership transitions.’
New vulnerabilities
While companies are strengthening their formal whistleblower programmes, the shift to digital technology is creating new vulnerabilities. According to Feedzai’s 2025 report, more than 50% of fraud involves the use of AI. Many organisations’ security measures and oversight systems simply aren’t evolving fast enough to address the emerging threats.
‘The most common schemes have not really changed significantly in the past 20 years, with one exception: the advent of AI and digital-asset related fraud,’ says Sanjay Sidhu, executive director and partner for audit and assurance at BDO Malaysia. ‘General user awareness levels of threats and how to safeguard against them are neither sufficiently high nor up to date.’
Finance and audit teams are taking a new approach. Instead of catching fraud after it happens, they are working to prevent it. Internal auditors now use advanced data analytics and continuous control-monitoring to scan every transaction as it occurs. This helps them spot suspicious patterns much earlier than the traditional method of reviewing random samples could.
Another key safeguard is ensuring that no one person controls a transaction from start to finish. While larger companies can spread the duties across different staff members, smaller firms often need their managers to step in with extra oversight to make up for limited personnel.
‘Many employees simply don’t know what fraud looks like’
In response, companies are ramping up their fraud training at every level. The goal is to help staff spot warning signs early and build a stronger culture of ethics. ‘Many employees simply don’t know what fraud looks like or that certain actions are considered unethical, making training critical for building organisational awareness,’ says Ricky Cheng, director and head of risk advisory at BDO Hong Kong.
Stronger accountability
Regulators and corporate boards have grown more assertive in recent years. In Malaysia, the updated corporate governance code and Bursa Malaysia’s 2023 Anti-Fraud, Bribery and Corruption Policy put more responsibility on boards to maintain strong internal controls. These rules, which align with ISO 37001 and the Malaysian Anti-Corruption Commission Act guidelines, raise the bar for transparency and protect those who report wrongdoing.
Key strategies for internal audit teams
- Prevention is built on monitoring transactions in real time rather than sampling randomly.
- Data analytics should screen all transactions continuously.
- Always keep controls updated, especially during company changes.
- Don’t allow a single person to handle an entire transaction.
- Create clear reporting channels and protect those who speak up.
- Train staff with real-world examples from their actual roles.
- Boards must review control systems annually and investigate unusual patterns.
- Watch for warning signs, such as bypassed procedures, mixed duties or missing documentation.
- Build a culture where good behaviour is rewarded and misconduct faces clear consequences.
Hong Kong SAR of China is tightening its oversight, too. Starting in July 2025, boards need to review their controls annually. The Banking Industry Integrity Charter, launched in October 2024, brings regulators and industry groups together to promote better business practices. And in 2023, the Securities and Futures Commission and the Accounting and Financial Reporting Council urged companies to scrutinise third-party transactions more carefully.
A recent Singapore court ruling clarified what company directors are – and are not – responsible for when it comes to fraud. It stated that directors can be a ‘sentinel’, not a ‘sleuth’. This means that they need to stay alert for warning signs and question anything suspicious, but they don’t have to play detective or personally investigate every possible misconduct; it’s only when clear red flags appear that they need to dig deeper.
‘This principle is significant. It sets practical boundaries around directors’ responsibilities, ensuring they are not unfairly held liable for misconduct that could not reasonably have been detected,’ Lee notes.
Embedding integrity
Preventing fraud takes more than just rules and controls; it needs a workplace culture built on ethics, vigilance and accountability. When top leaders model ethical behaviour and make it part of everyday business, employees follow suit. The culture gets stronger through regular ethics checks, consistent messages from leadership, and strict consequences for misconduct at any level.
‘When staff see that reports are handled fairly and transparently, it builds trust’
Regular training on fraud prevention is equally important. By walking employees through real-world examples that relate to their specific jobs, they learn to spot warning signs, understand typical scams and know how to safely speak up when they spot concerning behaviour. ‘Regular training not only sharpens vigilance but also normalises the expectation that fraud awareness is part of everyone’s role,’ Lee explains.
Whistleblowing continues to be one of the most effective early-warning systems. Companies need to give their employees secure ways to report concerns confidentially and guarantee they won’t face backlash. When staff see reports being handled openly and fairly, they’re more likely to speak up, creating a workplace that values doing the right thing.
‘When staff see that reports are handled fairly and transparently, it builds trust, reinforces integrity, and fosters a workplace that is both aware of and resilient against fraud,’ says Lee.
