The misconceptions surrounding fraud

Let us be clear: fraud is not corruption or bribery; it is not money-laundering, although the two are constant companions; it is not error or incompetence. It is not just a criminal matter either: it is covered by the civil law; the criminal law; regulatory sanctions; and disciplinary sanctions.

Here are a few of the myths that one often hears people say about fraud...

• Fraud only happens in large organisations.

• Fraud is a victimless crime.

• It's all about the money!

• Fraud is highly complex and elaborate.

• Fraudsters keep their money in Swiss bank accounts and tax havens.

• Nobody in a position of trust or authority would commit fraud.

• Fraudsters are easy to spot.

• If the team has suspicions, they will report it.

• It can never happen to us!

• It's all about cyber-criminals.

In fact, fraud is far from victimless. It has direct and negative consequences, undermining the financial health and stability of companies and diverting resources from the provision of good services.

Fraud through the eyes of a fraudster

Why do people choose a life of fraud in the first place? Many books on the subject contain many theories, but here is a compendium of the most obvious ones.

A fraudster might have an incentive to commit fraud if he is: experiencing financial problems or in debt; greedy; living above his means; suffering from loss of earnings on the part of a family member; unlucky in his investments; suffering from blackmail (this is rare); a victim of bad personal circumstances, which can include illness, mental or otherwise, or personality disorders; cheating on his spouse and/or trying to keep up another relationship; or a terrorist.

His opportunities are by no means few and far between. Many organisations hand fraudsters their chances on a plate with:

• poor governance and risk-management procedures;

• weak internal systems and controls;

• badly segregated duties, or duties not segregated at all;

• no fraud prevention or detection policies;

• internal cultural problems;

• easy access to funds or assets;

• a failure to check the backgrounds (or, indeed, the foregrounds) of employees, suppliers and customers;

• a willingness to give some people the authority – or at least the opportunity – to override controls.

How does the fraudster rationalise his actions? You might be amazed at the tortuous self-justifications that investigators have uncovered. Here are some of them.

• Other people are doing it, so why can't I?

• I have had no pay rises and/or I am poorly paid.

• I have been badly treated or unfairly passed over for promotion.

• The organisation can take the loss.

• The organisation is poorly managed anyway.

How and why fraud occurs

This list can never be exhaustive, but here is a summary of many things that investigators see. First we turn to the 'behaviours' or things that go on at a firm that can make it criminogenic, or which can act as 'giveaways'.

• The management style is domineering and personalities are always clashing.

• There is high staff turnover.

• The lifestyle of some employees is higher than one might suppose from their pay-packets.

• Morale is low among the staff.

• Someone is always working long hours or not taking holidays.

• Someone is behaving unusually or uncharacteristically.

• New staff members are resigning quickly.

• Someone is resisting change, or offers of help.

• Someone is refusing promotion.

• A whistle-blower (i.e. a tell-tale) is alleging fraud on someone's part.

The kind of company that is likely to fall victim to fraud tends to have the following shortcomings.

• Poor systems and controls.

• Lack of 'due diligence' (e.g. background checking) on suppliers, customers, 'third parties' and employees.

• Frequent dismissal of 'red flags'.

• Cultural problems.

• Lack of policies and procedures.

• An inadequate assessment of risks, monitoring and review.

• No whistle-blowing policy.

• Too much trust.

Its financial shortcomings are also well known.

• Duplicate payments/cheques.

• Problems with reconciliations.

• Consistent alterations/deletions.

• Missing/incomplete documents, i.e. major income/expenditure streams.

• Variances between forecasts and budgets.

• Changes in financial reporting.

The economic effect of fraud

The recession was, in the words of Phil Angelides, the chairman of the US Congress Financial Crisis Inquiry Commission, “fuelled by an epidemic of mortgage fraud.” Over the 12 months following the collapse of Lehman Brothers:

• there was an increase of 55% in online banking fraud;

• insurance fraud rose by 74% in the first half of 2009;

• there was a 72% increase in the number of directors disqualified for financial crime;

• there was an increase of 72% in the number of reported frauds; and

• the Bank of England revised its estimate of the percentage of counterfeit £1 coins from 2% to 2½%.

The effect of economics on fraud are what one might expect in a recession. In the recession of 1980-81, for example, gross domestic product shrank by a total of 6.1%; reported fraud and forgery offences rose by 9.09%. In the downturn of 1990-91, GDP shrank by 2½%; reported fraud and forgery offences rose by 30½%. In 2008-9 GDP shrank by more than 7%; fraud and forgery soared by 40%.

The scale of fraud

How big is the problem of fraud in the United Kingdom? This is impossible to quantify accurately, as many organisations deal with fraud within their four walls and let the mention of it go no further for reputational reasons. Many fraud statistics are available from reports, however. The British Cards Association received reports of £388 million in 2012. The Association of British Insurers, meanwhile, came up with the figure of £983 million detected in 2011. The Department for Work and Pensions' figures show that total overpayments due to fraud and error stood at 2.1% of all benefit expenditure, or £3.4bn, in 2011.

Steps to take when your organisation discovers a fraud

DO NOT...

• ignore whistle-blowers;

• respond emotionally or take any hasty action;

• confront the subjects immediately;

• damage or mark any evidence or potential evidence;

• turn on computers, laptops, mobile phones or other electronic devices;

• limit the scope of your concerns to a specific issue;

• divert attention away from the day-to-day running of the business;

• dismiss the employee – consider suspension instead;

• ignore the possibility that losses may still be continuing.

DO...

• activate your fraud response plan and implement a communication strategy;

• contact relevant parties, which might be the board, the bank, the police, the insurers, the regulator, or specialist service-providers;

• engage professional assistance where required and resist the temptation to play Sherlock Holmes;

• carefully preserve evidence, which might be electronic and paper documents, laptops and mobile phones;

• take steps to stop further losses;

• be objective in your assessment;

• limit the number of people involved in the investigation;

• assess the effect and act on lessons you have learnt; and

• consider the next steps, which could include criminal or civil action in the courts.

Prevention is better than cure!

Here we list a few general defences against fraud at a financial firm.

• On the 'human resources' front, every financial firm's catchphrase should be “recruitment, recruitment, recruitment.” This is the stage at which effective pre-employment screening can save a private bank or asset management firm millions.

• Training and awareness are essential for all staff regularly. People's capabilities also have to be matched with their functions.

• Every firm must ensure that key policies and procedures are in place – this extends not only to fraud but also to money-laundering control, bribery control etc.

• Managers must take responsibility by acting on information, being both proactive and reactive and setting 'tripwires' – there is no substitute for checking one's own defences.

• Risk-profiling is important and compliance officers or financial crime officers should be encouraged to evolve risk profiles for key business areas. They should review large items of expenditure and should consider zero-based budgeting.

• The restriction of access to assets – bank buildings, stock and other assets – is vital, and IT systems and programmes require the checking of 'permissions' and access rights.

• Lastly, culture is vital. Firms should eradicate any traces of a 'password-sharing' culture and instil a culture in which “the blowing of the whistle” is praised and not punished.

The supervision (SUP) part of the UK Financial Conduct Authority's rulebook obliges firms to report fraud to the regulators. SUP 15.3.15 says that every firm must notify the appropriate regulator immediately if it is being prosecuted for, or convicted of, any offence involving fraud or dishonesty, or any penalties are imposed on it for tax evasion. SUP 15.3.17, meanwhile, states that each firm must notify the appropriate regulator immediately if one of the following events arises and the event is significant (i.e. there is or might be a significant monetary loss or a significant amount of reputational damage or the event reveals anything wrong with internal controls):

• it becomes aware that an employee may have committed a fraud against one of its customers; or

• it becomes aware that a person, whether or not employed by it, may have committed a fraud against it; or

• it considers that any person, whether or not employed by it, is acting with intent to commit a fraud against it; or

• it identifies irregularities in its accounting or other records, whether or not there is evidence of fraud; or

• it suspects that one of its employees may be guilty of serious misconduct concerning his honesty or integrity and which is connected with the firm's regulated activities or ancillary activities.