Surveys suggest that only 32 percent of companies have any anti-fraud controls in place. That’s bad. Just look at the recent slew of bad press for companies that have lost sensitive customer data or seen company funds misused.
If proposed changes to the law come to fruition, fraud is an issue that organisations will soon have to push much higher up their agenda. The government has announced plans to create a new corporate offence that will hold firms to account for criminal acts staff commit during work time.
Under current law, organisations are only liable for fraud committed by staff if it can be proved that someone sufficiently senior was aware of the criminal conduct – something that traditionally has been very hard to do.
The proposed ‘failure to prevent fraud’ offence requires companies to demonstrate that they have rigorous processes in place to prevent illegal activity. Without such proof, if an employee is caught with his or her hand in the proverbial till, the company and its office bearers could face severe penalties.
In a recent article in the Solicitors Journal, Attorney-General Jeremy Wright QC is quoted as saying that the new offence would “help prosecutors to hold companies to account for criminal conduct at all levels of a business and to show the public that organisations are not above the law.”
Regulators hope the proposed change will lead companies to review the way they tackle internal fraud, in much the same way that the Bribery Act prompted companies to shift their approach to preventing bribery and corruption.
There are still many questions around how the proposed offence will work in practice, but the plan should act as a wake-up call for organisations who are not currently taking active measures to prevent employee fraud.
So what kind of best practice policies and procedures should a business have in place?
Rigorous screening of prospective employees is a company’s first line of defence when it comes to preventing insider fraud. In sectors where staff turnover is high, or in a business where the pressure is on, it can be only too tempting to by-pass the screening process in favour of getting people recruited and up-and-running quickly.
But screening is vital to verify people’s identity, confirm their right to work in the UK, and check their qualifications. Professionally conducted pre-employment screening will also allow you to investigate any unexplained gaps in people’s employment history and to uncover any red flags in relation to their financial or criminal background.
Just the existence of a comprehensive screening programme is often enough to deter people who may be actively looking to infiltrate your business with a deliberate intent to commit fraud (something which is more common than you might think).
But don’t think you should restrict screening to new recruits. People’s circumstances change and a debt or addiction problem may lead a previously up-standing employee into temptation. Ongoing employee screening, particularly for those who have access to sensitive data or accounting systems, can help to reduce the level of risk.
Every business will have different needs in terms of the policies, internal controls and levels of security it needs. In its report ‘Tackling Staff Fraud and Dishonesty’, the CIPD suggests taking a risk-based approach which takes into account the nature of the business and different job roles. Dual sign-off procedures, regularly updated computer passwords, and CCTV monitoring are among the measures businesses may need to implement, depending on the nature of their operations.
It’s also vital that people are aware of your code of conduct, what constitutes acceptable behaviour and what the consequences will be if they contravene the rules or misuse company property or information. These are messages that should be clearly conveyed during the induction process and reinforced via training.
Employees also need to be clear that if they have suspicions about a colleague they are duty-bound to report them. Make sure people know the procedure for reporting concerns either directly to someone in authority or via a whistleblowing hotline. More importantly still, ensure your employees are confident that if they do report something, the matter will be dealt with professionally.
Employers have a difficult line to tread between monitoring of employees to prevent illegal activity, while at the same time not making them feel they are constantly under suspicion. Open and regular communication is the key to creating a culture of mutual trust and respect.
If you explain to staff why you are undertaking regular screening, for example, and highlight the risks to the business, they will understand why it is necessary and will generally be happy to co-operate. On the other hand, if stringent controls are suddenly imposed without any explanation, it may create bad feeling and have a negative impact on morale.
If everyone is clear why the company has a zero-tolerance policy towards all types of fraud, and understands the impact that illegal activity could have on the reputation and financial health of the business, they will usually be happy to co-operate with whatever policies you have in place – and may indeed even become ‘ambassadors’ who can help you identify risks or gaps in the systems.