The Annual Fraud Indicator published by Experian found that housing tenancy fraud cost local government £1.83 billion in 2017. However, with budget cuts, the investigation and recovery of monies lost through fraud is not an operational priority for enforcement agencies. This is despite the fact that fraud in all forms is increasing. Given the relatively low chances of recovering sums lost to fraud through the criminal justice system, it is important that organisations do all they can to guard against the risk of loss through fraud. These are our top ten tips.
1. Personnel and recruitment
It is important that a housing association knows who is performing services on its behalf. To that end, appropriate background checks should be performed when on-boarding new hires or contractors in key functions.
Similarly, given the opportunities for financial crime in this sector, which can either leave an organisation suffering a loss, or vicariously liable for the acts of a related party, it is important to ensure that those staff given access to finances or sensitive data are appropriately trained.
2. Understand key risk areas
You can only set up an organisation to protect against financial crime risks if its senior managers identify the threats it faces and the key risk areas. For instance, for housing associations it is important to be aware of how people may seek to cheat the system and secure a property, by making a false application, subletting or key selling. Both active and passive policies and procedures will only achieve their protective goal if they are tailored to detect and defend against the issues the housing association is actually likely to face. It is better to have active engagement rather than producing and implementing a suite of policies, which merely pay lip service to risks, for example think about how stakeholders can communicate concerns to your business.
3. IT security
Whilst measures should be tailored to defend against relevant risks, one must realise that information technology underpins all modern organisations. Cybercrime is the fastest growing form of fraud with statistics published by Action Fraud estimating that £34.6 million was stolen from victims of this crime between April and September 2018, a 24% increase on the previous six months. As such, threats to cybersecurity should be a primary concern. It is vital that all organisations rigorously implement and test active and passive secure information technology and data security policies and iprocedures. For instance, how easy is it to log on to your systems and what is the procedure for making a financial payment out? This will not only help guard against internal and external fraud and theft that causes financial loss, but will also protect against regulatory action and fines from the Information Commissioner’s Office in the event of a data breach (currently up to 20 million euros or 4% of an organisation’s turnover)
4. Due diligence
When entering into any relationship or transaction, housing associations should consider what due diligence is appropriate to conduct on counterparties to ensure compliance with anti-financial crime legislation. For instance, how do you minimise the risk of becoming involved with an organisation that pays bribes to secure building contracts?
5. Procedures, not just policies
Compliance often talks about the importance of policies, and frequently forgets procedures. This is unfortunate given that the latter is, arguably, the more important of the two. Procedures reflect the implementation of the policies. A comprehensive and thoughtful policy will not provide any practical or legal protection if it is improperly implemented. Policies and procedures should be created so that they are risk-appropriate to the organisation in question and enable an understanding of how they guard against risks within the business’ activities. For instance, how does your organisation check and update information on who is occupying its properties?
6. Training and education
A key part of implementing policies and procedures is ensuring that the whole organisation understands the threat they are designed to guard against, their purpose, how they operate, and how different parts of the business work as a whole to make them function effectively. To that end, training should be top to bottom, tailored to the various roles of different groups, including temporary, part-time clerical staff, those in the field and the board of directors, chairperson, and CEO.
As important as any policy, procedure, or training, is hiring people who are not only right for the organisation in terms of expertise, but also hold strong ethical values. Instilling a culture of transparency, a willingness to report concerns to superiors and zero tolerance for fraud will support the effective operation of policies and procedures.
8. Contract with integrity
Ensuring that contracts with staff, suppliers, and third parties contain clauses obliging them to adhere with all relevant laws and regulations is a good start, but to afford maximum protection, such agreements should, where possible, allow housing associations the right to conduct periodic and / or spot audits for compliance purposes. For larger, higher-value, or wider agreements, housing associations may wish to employ special measures such as stand-alone compliance contracts, or even “integrity pacts”, featuring periodic, independent third-party reviews.
9. Active monitoring and review
Once a new employee, supplier or other third party has been on-boarded, it is important to ensure that due diligence is repeated at regular intervals appropriate to the level of risk they represent. This should be combined with active electronic monitoring measures ie automated risk identification and reporting systems for (for example red flags), as well as human checks. In addition to ongoing monitoring of activity, housing associations should also ensure that their policies and procedures are periodically audited to ensure robustness.
10. Have a plan for when things go wrong
Make sure you have clear policies and procedures to deal with reporting and resolving any detected wrongdoing. This should encourage timely, rather than rash action. You will want to stop any ongoing unlawful activity and prevent future wrongdoing, while preserving evidence to ensure the matter can be fully investigated. To that end, have the suspect, or suspects, had their physical and electronic access credentials revoked, have any hard copy materials been secured and any electronic devices forensically checked? It is always advisable to involve legal counsel (internal and external) in this process, to ensure timely and compliant response and reporting.