Many small business owners are understandably wary of falling victim to crime. But often the danger comes from internal employees, who either deliberately or unwittingly can threaten the survival of the firm. Georgina Fuller investigates
Employee fraud is a growing problem. A total of 751 insider fraud cases were reported by Cifas (the UK’s fraud prevention service) members in 2014, an 18 per cent increase on the year before. Lee D’Arcy, Director of Engagement at Cifas, says the majority of employees are honest and trustworthy but that it only takes one dodgy one to cause problems.
“Internal fraud is a threat to any organisation, large or small,” he says. “It has a huge impact on an organisation’s finances, morale and customer reputation. In some cases, the impact on a business is so great that it cannot recover.” In fact, according to Cifas, smaller amounts of fraud can result in disproportionately higher overall costs. A £300 fraud loss will incur, on average, a £795 associated cost and a final bill of £1,095, while a £10,000 fraud could cost over £36,000, it says.
The 2015 Employee Fraudscape report, published in June last year, showed that the most prevalent of all insider frauds were fraudulent job applications, where individuals intentionally deceive prospective employers either by providing false information or by omitting key details. These accounted for 63 per cent of all internal frauds (including 53 per cent from unsuccessful candidates and 10 per cent from successful applications), followed by dishonest actions by staff to obtain a benefit by theft or deception (30 per cent) and unlawful obtaining or disclosing of personal data (7 per cent).
Employee expenditure is often rife for manipulation, says Dafydd Llewellyn, Managing Director, UK, at financial management firm Concur, because companies often have no effective way of tracking or linking the invoices that come into their company and the expenses that go out of it. “In the majority of companies, expenses are the business process that time forgot,” he says.
“If you’re still relying on Excel spreadsheets, you’re making it easy to abuse the system. If how you manage expenses hasn’t moved on since the 1970s, the chances are that the culture of ‘I’ll slip that receipt in for Sunday lunch last weekend’ probably still prevails too.”
There are also several other unpleasant types of misdemeanours, including operational fraud such as setting up a separate company or bank account and asking customers to make payments to that one rather than to a fraudster’s employer.
So what can employers do to help minimise the risks? “The best defence against an internal fraudster is to not let them through the door in the first place, so vetting potential employees is essential,” Mr D’Arcy advises. “Check references, past employment history and qualifications thoroughly, and don’t be afraid to ask for further clarification or evidence if you’re unsure of anything.”
John Kiptum, Risk Consultant at NetGuardians, a software company that works primarily with businesses in the financial sector, says it’s always a case of prevention being better than cure. “Companies need to take a proactive, rather than reactive, stance to fraud risks, including deploying fraud prevention software, which uses a range of methods including auditing and monitoring programmes and ad-hoc fraud audits, in addition to regularly scheduled audits,” he says.
It’s also advisable to put in place specific measures to combat data theft – a growing problem, as criminals can pay to get their hands on personal information which can subsequently be used to commit identity fraud. “Employers should thoroughly audit their internal processes and systems and ask key questions such as: who has access to the data, and do they need it?” suggests Mr D’Arcy. “Do systems have up-to-date anti-virus and firewall software installed? Are devices such as laptops and phones encrypted in case of loss or theft?”
It’s also essential to make sure your employees understand the risks of internal fraud, so they do not inadvertently help to facilitate it. “Criminals often target employees by ‘phishing’ or ‘vishing’, where they use emails or phone calls to trick staff into revealing sensitive data or installing malicious software on to systems,” says Mr D’Arcy.
Mr Llewellyn says that, generally, employees want to do the right thing by their company and their conscience. “Make it easy for them to do so with a clear best-practice policy, which is completely void of jargon and which doesn’t leave staff members with a headache,” he says. “Keep the rules and scenarios simple and easy to understand, and they will be more inclined to follow them.” He also suggests employers offer workshops clearly outlining the processes and rules employees should be following, to avoid any misunderstandings.
Having a culture and processes where employees can raise concerns about others is also important. “Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely?” asks Mr Kiptum. “Is there an anonymous reporting channel, such as a third-party hotline, available to employees?”
But what can an employer do if, even after deploying such methods, they still think they are being targeted or have been targeted? It is vital to have a structured response in place prior to a fraud case arising, says Mr Kiptum. “Employers should try to obtain as much information as possible from computers and contracts, and make sure all the relevant documentation is up to date,” he says. “Unfortunately, fraud can hit any employer any time. For most companies, it’s not a matter of ‘if’ but ‘when’.”
Raphael Prais, professional support lawyer, employment, at LHS Solicitors, offers the following advice on how to approach the issue of employee fraud:
Always check references and, if possible, do a DBS (Disclosure and Barring Service) check. “It may also be sensible to check the internet: does their LinkedIn profile accord with their CV?” he says. “Then review their performance as they settle into their role – it is easier to dismiss an employee shortly after they begin rather than waiting.”
Firms should endeavour to create a culture where even minor exaggerations are not the norm on expense forms. “Clear and robust policies that are regularly communicated to employees, and consistent discipline in response, will help to create a workplace without fraud,” he says.
“It always pays to be sympathetic – obtaining benefits by deception may well be because of need,” says Mr Prais. “Be careful too not to discriminate in your response.”
James*, the Chief Executive of a computer and telecoms reseller, which has been in business for more than 16 years, hired Daniel* as Managing Director on a six-figure salary, to help grow the business.
Within a few months of Daniel starting work, however, James found himself the victim of fraud. “Daniel diverted a large consultancy contract of the company, and stole a contract worth £234,000 in profit per annum,” he says. “He also stole a database of our leads and customers, and destroyed computer records.”
The company initially reported him to the police but received little support. “They were not interested in pursuing white-collar crime, nor did they have the resource or expertise to do so,” James explains. “Subsequently, we took him to court, and following a hugely expensive legal case, we were awarded judgment plus costs.”
It didn’t end there, however, as Daniel refused to pay his judgement fees, then filed a fraudulent IVA (individual voluntary arrangement) application which was rejected by creditors. The company then made him bankrupt.
James finally managed to track down the missing funds after the court case. “With enough determination and a resolute bankruptcy trustee, we managed to find where the cash was hidden, and have brought our former Managing Director’s wife to judgement also,” he says.
* Names have been obscured to protect identities