The fight against fraud
February 2019 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
Financier Worldwide Magazine
February 2019 Issue
Fraud continues to be a major issue for businesses of all sizes. Whether businesses are growing in a strong economy, or facing a challenging period in an economic downturn, fraud seems to be ever present. The National Audit Office (NAO) reported that in the year ending 30 September 2016, fraud accounted for roughly 31 percent (3.6 million incidents) of all crime in England and Wales. Of these fraud incidents, online fraud accounted for approximately 53 percent (1.9 million incidents). In addition, the latest figures released by UK Finance demonstrate that a total of £503.4m was stolen by criminals through authorised and unauthorised fraud in the first six months of 2018.
Further details were also provided on authorised push payment (APP) scams which show that a total of £145.4m was lost due to APP scams, split between personal (£92.9m) and non-personal or business (£52.5m) accounts. In an APP scam, the account holder is tricked into authorising a payment to be made to another account. Unfortunately, these figures are likely to be the tip of the iceberg. There are likely to be many more frauds which have not yet been uncovered or which go unreported. While frustrating, this is not surprising in light of the ease with which money and assets can be transferred at the click of a button. The benefits brought about by the internet and technology has also given rise to new opportunities for fraud by unscrupulous individuals.
While fraud will always be present in some shape or form, a properly formulated fraud prevention plan tailored to a specific business or organisation will significantly reduce the risk of falling victim to a fraud. At the same time, even if that business or organisation falls victim to a fraud, it will be in a much stronger position to detect it earlier and subsequently reduce its losses or even recover them. A fraud prevention plan requires businesses to undertake focused risk assessments and then implement a policy detailing prevention, detection and response plans.
Fraud is an ongoing risk for all organisations, and directors are under an obligation to ensure they have considered and attempted to deal with the internal and external fraud threats to their organisation. Prevention begins by having in place appropriate policies such as a code of conduct or a fraud policy and then effectively communicating them to employees. However, it is not enough for organisations to simply rely on these documents once created. The tone from the top must make clear that fraud is not acceptable in any way, shape or form. The board and directors must take proactive steps and communicate their anti-fraud policies to their employees, ensuring they deliver training to employees to assist their understanding of the threats to the organisation and how they can report their concerns. The policies should be revisited on an annual basis to assess whether any changes need to be made.
Detection requires a proactive approach in seeking to uncover any potential wrongdoing. This can include unscheduled or announced audits or ensuring that all invoice payments over a certain threshold require two signatories before being processed. The dual signatory method is an example of a simple and cost effective measure that can significantly reduce opportunities for fraud. The 2018 Association of Certified Fraud Examiners’ (ACFE) Report to the Nations identified the most common behavioural indicators of occupational fraud as being: (i) living beyond means; (ii) financial difficulties; (iii) unusually close association with a vendor or customer; (iv) excessive control issues or unwillingness to share duties; (v) recent divorce or family problems; and (vi) a general ‘wheeler-dealer’ attitude involving shrewd or unscrupulous behaviour. Occupational fraud is defined as the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organisation’s resources or assets. The ACFE Report explains that these six behavioural red flags have been the most common in every one of its studies dating back to 2008. Employers should be alive to these signs and investigate further when they arise in order to detect potential wrongdoing.
In addition, the ACFE Report explained that the most common detection method of fraud comes from tips and that 53 percent of all tips were provided by employees of the victim organisations. Thirty-two percent of the tips that led to fraud detection came from people outside of the organisation, including from customers, vendors and competitors. Organisations should consider promoting reporting mechanisms not only to their employees but also customers and vendors. To improve the chances of detecting fraud, it is essential that employees are confident that they will not be treated unfairly or discriminated against for ‘blowing the whistle’.
Finally, organisations should carefully consider how to respond to a fraud when it is uncovered. Clear lines of responsibility should be identified in advance so that when the organisation is facing a crisis, the relevant individuals are aware of their responsibilities. For example, the head of IT should know to cease all routine data destruction policies. The head of legal should be immediately informed and should take a lead on the investigation. The investigation team should be kept small and only those who need to know about the issue should be informed. While some investigations are led by external auditors or forensic accountants, it is important that the investigation is undertaken by experienced investigators who are familiar with the obligations imposed by data protection regulations and who are accustomed to collating evidence which could be utilised in disciplinary and legal proceedings at a later date. This requires a detailed understanding of how to retain privilege.
When responding to a fraud, time is of the essence and action needs to be taken very quickly. Being slow off the mark can have disastrous consequences on both reputation and brand. An early decision will need to be made on how best to proceed. Sometimes the suspected perpetrator is an employee which will require further consultation with the HR and legal teams as to whether the employee should be suspended pending the investigation. After the investigation, a decision will need to be made on whether to engage the disciplinary process, and whether to issue formal legal proceedings to recover any identified losses.
If the suspected perpetrator is an outsider, careful consideration will need to be given to the organisation’s objectives. Does the business want to send a message to internal and external stakeholders that it will not tolerate fraud, and will seek to recover its losses? If so, by reacting quickly, the prospects of successfully recovering losses are increased dramatically. On the other hand, the business may wish to report the matter to the police in the hope that further action will be taken against the suspected wrongdoers. While the police may investigate, the downside for the business is that it loses control of the process, and is unlikely to recover its losses through criminal proceedings.
Businesses will always be a target for fraudsters. It is essential that they identify the risks they are exposed to, both internally from employees and externally from other parties, in order to take the necessary steps to reduce their risk exposure. Organisations that take sensible steps in advance will be much better placed to identify and respond to a fraud than those that have simply put their head in the sand. In our experience, it is essential that action is taken and be seen to be taken. As is often the case, actions speak louder than words, and businesses are under an obligation to deal with the growing threat of fraud.
Martin Shobbrook is a partner and Mehmet Karagoz is a managing associate at Mishcon de Reya. Mr Shobbrook can be contacted on +44 (0)20 3321 7469 or by email: email@example.com. Mr Karagoz can be contacted on +44 (0)20 3321 6630 or by email: firstname.lastname@example.org.
© Financier Worldwide
Martin Shobbrook and Mehmet Karagoz
Mishcon de Reya