Fraud – why it pays to be vigilant

Financial crime is an increasing threat to all organisations. The modes of facilitating fraud have become easier. Being a victim of fraud as an organisation risks significant financial consequences, but also serious reputational harm and loss of stakeholder confidence.

Think IT!

As the pandemic has shown, remote working has provided a great platform for unscrupulous criminals’ intent on committing fraud. IT systems are not impregnable and unless cyber security is kept up-to-date, it can be exposed and exploited, such as during the WannaCry ransomware attack (in 2017) which affected Windows based operating systems and caused significant disruption and cost to the NHS and across other organisations.

Employees need to be reminded not to click on suspicious links, however plausible they may seem, to report suspicious emails and activity on mobile devices and laptops as well as workstations, to avoid unwanted intrusion, potential data theft and financial loss. Simple as that advice may seem, it is only one part of a robust compliance and integrity programme which organisations must put in place if they are not to fall victim to fraud.

Be conscious of employee behaviour

According to EY's Global Integrity Report 2022, 43% of board members and 35% of senior staff surveyed indicated they would do one of, falsifying records, misleading regulators or auditors, or take a bribe for personal gain.

In a report by the Institute of Chartered Accountants in England and Wales (ICEAW) in May 2021, the average company has suffered six incidents of fraud in the past two years with 40% having been committed by internal staff. In increasingly challenging times, business integrity is a key issue. With the looming cost of living crisis, pressure on employees to perform, and staffing issues, there are risks where supervision and internal controls, particularly audit, are inadequate that organisations may become susceptible to fraud.

Whistleblowing and vetting

Identifying such acts, including reporting unusual behaviour in employees, reinforcing anti-fraud and compliance policies and regularly training staff, remain central pillars to effective fraud prevention. Creating an environment where reporting concerns without consequences for the whistle-blower is of paramount importance. Without this, tolerance of corrupt or unethical behaviour becomes the norm.

Due diligence including vetting staff, new and temporary, and any third party suppliers and contractors should be mandatory — and robust internal processes to validate any changes in their financial details recorded and approved.

Ensure due diligence is followed

Some typical fraud scenarios involve higher levels of authority within the organisation structures, and can be missed due to work pressure, lack of regular monitoring or reconciliations, or management (including non-executive) review. These include:

• inflated expense claims, transfers to own accounts, on doctored or fake invoices, and theft of cash and/or alteration of cheques; creation of ghost employees;
• working on own account, collusion with and favouring certain customers or suppliers for financial or material benefits, passing on confidential information;
• false accounting to hide payments or losses; and
• falsely representing performance or entitlement to bonus, increased pay or financial rewards and/or misuse of funds in purchasing or investments.

Internal reporting structures and compliance policies, from board to staff on the ground relating to financial matters where money might be handled and assets which may be vulnerable, allow for proper scrutiny and reduce the risk of loss. Division of responsibility and authorisation permits greater accountability and reduces the risk of oversight of suspicious transactions whether fraud or error.

Importance of managing investigations

In the event of an incident, preparation is fundamental. The formal process of investigation should be documented to ensure that lead roles are defined, to avoid leakage of information which can cause reputational harm or “tipping off” which may prejudice a police investigation.

To assist in this process, early engagement of legal teams, once suspected fraud arises, is imperative — not only to ensure preservation of evidence both electronic and paper, but also to improve the chances of recovery, and retention of privilege in confidential or commercially sensitive material. They can also assist with anticipating any regulatory consequences, as well as navigation of the complex criminal process, if that is necessary.

With the possible advent of corporate criminal liability for failure to prevent economic crime part of a continuing and growing debate in Parliament, strengthening corporate governance, compliance and ethical behaviour within organisations has never been such an important board agenda item.

So, in summary, task someone senior with ensuring that your policies, processes and systems are regularly reviewed, so fraud awareness becomes integrated with normal business. The reward for vigilance will mark you out as an ethical organisation which is the best way to avoid being a victim.

What to do next?

If you have any concerns regarding any of the issues raised in this article, please feel free to contact Paul for a free confidential discussion on 0121 2374577.