Fraud is endemic and it costs businesses a fortune.
In its 2020 Report, the Association of Certified Fraud Examiners estimated that 5% of all revenue generated by organisations – some three and half trillion pounds globally – is lost every year through fraud committed by employees. Some of these are mega-frauds involving tens or hundreds of millions, even billions, being misappropriated by CEOs or high-profile businessmen (the generalisation here is justified to an extent: male employees commit 70% of workplace fraud).
To think of corporate fraud brings to mind the most infamous and large-scale fraudsters such as Bernard Madoff and Robert Maxwell. However, whilst the vast majority of frauds committed by employees are much smaller than this, they still each cause, on average, losses of more than £100,000.
The seniority or the position of trust of the person committing a fraud will often be highly relevant. Robert Maxwell was the Chairman and stole the pension fund, but assistants will often have high levels of trust reposed in them. Joyti De-Laurey, for example, was personal assistant to investment bankers at Goldman Sachs who was able to steal over £4 million from them over the course of four years by exploiting the trust of those who relied on her.
No matter who commits it and how it takes place, three elements are present in every fraud, known as the “fraud triangle”:
- pressure on the fraudster (“I need this money for my family/lifestyle”)
- opportunity (“I can get this money if I fudge these performance data”)
- rationalisation (“I should take this money as my employer doesn’t need it and I’ll pay it back, I’ve been working so hard lately so this is rightfully my money anyway”)
- Pressure (or incentive)
Colloquially referred to as “need or greed”, pressure can be actual or merely perceived. Actual need may arise where the employee’s income no longer meets their expenses – maybe because a big debt has fallen due or because a spouse or partner has lost their job. “Perceived” need arises when the individual wants something he can’t have and decides to act outside of the rules to obtain it. Joyti De-Laurey wanted to live the high life and spent the proceeds of her £4 million fraud on luxury cars, Cartier jewellery and holidays to Monaco and Beverley Hills.
It is very possible that worsening economic conditions brought about by the Covid pandemic – such as rising unemployment following the current phase of the furlough scheme ending on 31 January – and responses to those conditions will give rise to the sorts of financial difficulty that stimulate the need for additional funds.
Boiled down to its fundamentals, fraud involves people doing what they are not allowed to do for their own enrichment and then concealing what they have done.
Most often, fraud is committed by those who are entrusted with their employer’s assets (be that money, tangible assets or intangibles such as intellectual property and confidential information) and abuse that trust and misuse the assets. But it can happen in other ways too, including staff negotiating favourable terms with customers to get a secret commission for themselves; falsifying information to give the impression that targets have been met in order to obtain a performance bonus; and collecting monies due from clients but keeping it and writing off the overdue balances. Many potential instances of fraud can be prevented by an organisation having effective systems and controls in place to prevent these sorts of illicit activities.
However, no organisation’s systems are 100% effective. Ambiguities and loopholes in procedures can be exploited and the controls can be overridden by senior management or otherwise circumvented. The determined fraudster will find a way to achieve the desired result.
Remote working arrangements which have been imposed since the outset of the Covid-19 pandemic also present challenges for pre-existing systems and controls, which will have been designed on the assumption that the relevant personnel will be working together at the organisation’s premises.
Rationalisation is what the fraudster does to persuade himself that what he is doing is morally acceptable. How much internal persuasion is needed depends on how honest the employee is to start with: the inherently dishonest employee (and they do exist) needs much less persuading than the honest one.
Often when employees commit fraud, they rationalise it as short-term borrowing from their employer. If times are hard or some large one-off expense needs to be paid, it might be easy to justify the misappropriation on the basis that it is a “one-off” and will be repaid next month. Once the employee takes the money (or other value) and the organisation fails to detect it, the psychological restraints on the employee weaken such that, rather than repay what has been taken, the employee will instead borrow a little bit more the next month on the same basis.
Eventually, the employee may come to rationalise their wrongdoing on the basis that the organisation actually deserves to lose the money because its systems are not up to detecting what the employee has been doing.
Employees also rationalise their conduct by coming to the view that they deserve more than the employer is willing to give, perhaps because they feel they work harder than their peers or their managers, or that the organisation’s competitors pay more for the same work.
An employee who thinks he is going to lose his job may rationalise his wrongdoing on the basis that he is compensating himself for future lost benefits when his employment comes to an end. He may also justify his conduct as retaliation in advance for what he considers to be an unfair decision.
Very importantly, if adherence to rules and procedures is not taken seriously (or those in leadership and senior management positions flout or ignore them without consequence), that can create an environment in which employees think it is acceptable to break the rules and gain a wrongful benefit from their employment.
There is an increased risk of fraud in a pandemic
The Covid-19 pandemic and the measures taken to combat it are unique in living memory. Many people have more or less been confined to their homes for months and most businesses have for the first time found themselves needing to grapple with mass homeworking for extended periods.
For many employees the pandemic, and the UK government’s response to it, has brought economic hardship. Some have been furloughed, whilst others have had hours and salaries reduced and frozen. Others still may have lost their jobs altogether or are fearful this is an inevitability in the coming months. As the effects of the pandemic are widespread, others on whom an employee may rely for financial support in more normal circumstances may have experienced similar issues.
The unique circumstances and particular hardships the pandemic may have caused for many employees will undoubtedly add pressure on some to commit fraud as a potential solution to their troubles. Some of these same factors may also make it easier for the employee to rationalise committing fraud.
Plainly, employees may feel the need to “borrow” from their employer if presented with the opportunity to do so. Just as important, the way the employer has sought to resolve issues created by the pandemic or taken decisions about prioritising resources may have created a perception of unfair or unequal treatment in some employee’s minds. This perception, whether it is justifiable or not, can be used to rationalise fraud in the minds of some.
In terms of opportunities for fraud, it is very likely that systems and controls which most organisations have in place will not have been designed with extended periods of remote working in mind. These systems will be less robust.
We have seen numerous examples of successful “Business Email Compromise” frauds where members of a business’s finance team have been deceived into making large payments to fraudsters on the basis of false emails sent seemingly received from the CEO or CFO’s email account, which will usually be from a spoof address but may be from the actual account to which the fraudsters have gained access.
If external actors can do that, then employees can do it too and do it much more easily. It is also possible that audit and finance teams will have been reduced in terms of headcount: in this case, even if there are suitable policies and procedures in place, there are fewer people monitoring compliance. If the finance and audit teams are on reduced hours, it is likely that the focus is on time-critical tasks, with checks and reconciliations falling by the wayside. Weaknesses like these create ample opportunities for fraud in unsuspecting firms.
How can HR help reduce and detect fraud in the workplace?
HR should consider how it can support the business’s operations, IT and accounting functions to play a meaningful role in reducing the incidence of workplace fraud. We suggest HR contributes to the overall strategy of the business by bearing in mind:
- most employees who commit fraud will be generally honest people who see an opportunity to commit fraud without being detected. It is not difficult to rationalise fraud in an employment context
- on the other hand, some people are simply dishonest and are hardwired to commit wrongdoing. HR can play an important role in ensuring that this type of person is never employed in the first place. This can be largely achieved through identity checks and credit references and, in some cases, criminal records checks
- the need to ensure that the organisation promotes the highest standards of conduct and has a “zero tolerance” policy when it comes to fraud. A code of conduct and anti-fraud policy, endorsed by management and applied equally to all levels of staff, can significantly reduce the incidence of fraud in an organisation by up to 50%. HR should be taking steps to message the importance and applicability of the code to all staff, wherever they may be working
- many frauds get discovered while the fraudster (or one of them, in the case of a joint enterprise fraud) is on holiday. Fraudsters, who are concerned about detection, will often be reluctant to take time off. When staff are working from home for extended periods and travel is difficult (or even prohibited) there is a reduced incentive for employees to take time off. As we discuss in our recent newsletter, HR can ensure that employees take some or all of their unused holiday entitlement in most cases. HR can also identify those who have not taken a decent break for a while, as this is an indicator of a potential problem
- HR can also review performance evaluations and appraisals with a view to identifying potential issues. Sudden drops in performance or negative evaluations which are out of line with historic evaluations or current expectations can be an indicator of actual or intended wrongdoing. Of course, employers should nevertheless take care to fully investigate such matters to understand their potential underlying causes, which may be entirely explainable by reference to other factors
- finally, HR can play an important role by proactively reaching out to employees to identify how any changes in role, responsibilities or remuneration have been received by employees and if employees are experiencing any of the sorts of pressures discussed above. These interactions can also be used to gather valuable feedback about whether the organisation’s controls and procedures are continuing to work effectively in circumstances where remote working is the norm rather than the exception.