There has been a recent focus on fraudulent activity committed against individuals. In its November 2022 report, Fighting Fraud: Breaking the Chain, the House of Lords Fraud Act 2006 and Digital Fraud Committee said that, in the previous 13-month period, 89% of fraud victims were individuals rather than organisations or businesses (Fraud Act 2006 and Digital Fraud Committee, 2022).
Despite this, Andrew Northage, a partner in the Regulatory & Compliance team at law firm Walker Morris, still considers fraud to be a significant threat in corporate environments. He cites the UK findings of PwC's Global Economic Crime Survey 2022 which ‘showed that 64% of businesses had experienced fraud, corruption or other economic/financial crime in the previous two years, up quite significantly from 56% in 2020’ (PwC, 2022).
Healthcare under attack
The world of healthcare has not been exempt from this. In January 2012, the Mail Online wrote about a practice manager, Duncan Millar, who got into debt following the failure of his marriage and subsequently stole £58,000 from the NHS doctor's surgery where he worked. As the report details, Millar thought his salary was ‘insufficient’ and started stealing money by writing out cheques to himself. The theft started with small amounts from the surgery's funds in August 2009, but became an almost weekly occurrence until March 2012.
» Typical frauds include cybercrime, business impersonation fraud, supplier/supply chain fraud, mortgage fraud, employee fraud (such as payroll fraud and false accounting), and money laundering «
It appears that the owner of the practice, Dr Dilip Chatterjee, inadvertently opened the door to the theft. Only he and the practice manager had access to the account, and the doctor was often away in India, leaving Millar with access to blank cheques to make out — or he would forge the doctor's signature (Davies, 2013). Millar was given an 18-month jail term suspended for two years, ordered to carry out 300 hours of unpaid community work and given an extended curfew.
More recently, a GP surgery manager, Kirsty Whawell, was convicted in 2021 for stealing £184,000 from her practice (Gibson and Davidson, 2021). It also emerged, according to the Mirror story, that she had obtained her job at Kibworth Medical Centre dishonestly by lying about having no criminal convictions, whereas in reality she had stolen from a previous employer. Her frauds occurred between 2013-2019.
In applying for her first position before working her way up to practice manager, she forged a Clean Check DBS to conceal a 2008 conviction for misusing an employer's credit card for her own purposes. Whawell then gave herself unauthorised salary rises and covertly paid herself overtime. Invoices and 53 cheques were falsified to make payments, totalling £126,504 into her own account. This was done with ‘a magic pen’ to write the names of payees, such as locum medics, or to pay for services. Surgery partners signed them thinking they were legitimate, but Whawell would rub out the false payee names to replace with her own. The fraud only came to light when her practice merged with another and discrepancies were found. Whawell was given a one-year prison sentence.
Fraud is everywhere
David Kearns, managing director of commercial investigations agency Expert Investigations, considers fraud to be prevalent in all business sectors: ‘In more than 23 years of investigating employee dishonesty [it's affected] all sectors, including manufacturing, services sector, professional services, utilities, transport and logistics, healthcare and so on.’
He adds that, according to the Association of Certified Fraud Examiners (ACFE) Report to Nation 2022, a worldwide report based on asset misappropriation fraud, ‘we do not know how prevalent fraud is as so much is undiscovered, unreported and so not investigated’ (Association of Certified Fraud Examiners, 2022).
For Northage, ‘the pressures of the economic climate on both businesses and individuals, combined with factors such as the increasingly rapid rise of digitisation and the move to more remote working patterns, continue to provide internal and external fraudsters with the motivation and opportunities to commit fraud against corporates.’
Kearns agrees. He sees new technologies such as artificial intelligence making the commission of fraud easier, more targeted, and more convincing to unsuspecting victims. He feels, however, that ‘the current economic crisis may well encourage those struggling to commit fraud, but as yet there is no evidence to support this.’
» Fraudsters have become ever-more sophisticated in recent years. New technologies such as artificial intelligence make the commission of fraud easier, more targeted and more convincing to unsuspecting victims «
A question of opportunity
The opportunities for committing fraud in a corporate environment depend, to a large extent, on where the areas of weakness are in structures and defences.
For Northage, typical frauds include cybercrime, business impersonation fraud, supplier/supply chain fraud, mortgage fraud, employee fraud (such as payroll fraud and false accounting), and money laundering. He adds: ‘The increasingly rapid rise of digitisation has facilitated fraud across borders and can make it difficult to trace perpetrators.’
Another area of concern for Northage is the rise of ‘greenwashing’, the practice of making often exaggerated claims about environmental credentials and the sustainability of products, services and environmental impact. Most wouldn't think of this as out-and-out fraud, but it is, and as he says, ‘with the focus very firmly on companies' compliance with ESG requirements, this is certainly an area to watch.’
Then there are the risks that follow on from the move to remote working patterns; this has affected the value of typical fraud prevention and detection measures ‘if,’ as Northage comments, ‘they haven't been updated to reflect the change in working practices post-pandemic.’
It shouldn't be forgotten that fraudsters have become ever-more sophisticated in recent years. Organisations, says Northage, can be considered ‘at fault’ if they don't put in place robust processes. He is concerned that ‘not all have the necessary controls in place to effectively manage fraudulent activity from outside and from within.’
Kearns refers to the ACFE report's findings and says that ‘the latest report shows in 29% of cases there was a lack of control measures and in 20% of cases control measures were overridden — literally half of victims made themselves the victim.’
Indeed, he sees the majority of employee-related frauds following on from an employee identifying an opportunity to commit a fraud. This may be because, as he puts it, ‘there may be no control systems in place that prevent the fraud or those in place are not adequate, and the employee simply overrides them.’
He expands on this and notes that current and previous ACFE reports have found that ‘where more than one employee is involved in a fraud it takes longer to identity the matter and the median loss is higher than an employee acting alone.’ He continues: ‘The majority of frauds I see are simplistic in their nature and could have simply been prevented.’
Discovery
The worrying part of fraud is that the majority aren't ever discovered. PwC's Global Economic Crime and Fraud Survey 2022 noted that ‘51% of surveyed organisations say they experienced fraud in the past two years, the highest level in our 20 years of research.’ But what of the other 49%? Are they really trouble-free?
Here, Northage says that fraud ‘is typically [discovered] through the measures that businesses have in place as part of their internal controls — not necessarily related to fraud detection, such as audits.’
The small business is a cause for concern for Kearns. He says that ‘there can be more vulnerabilities in a small privately run business as it may not have resources to address potential attack risks.’ He considers it “negligent to believe ‘it will not happen to us’, ‘all of our staff are honest’ and ‘we are a family business’. Over 23 years I have heard this on a weekly basis, only for a business to become a victim of employee dishonesty and fraud.”
A typical fraudster and fraud?
When asked about a typical fraudster and fraud, Northage focuses on internal or employee fraud. He prefers not to talk about a ‘typical’ fraudster as ‘even the most diligent employee can become a fraudster if the conditions are right’. Instead, he says that “there are certain indicators that companies can look out for, based on the ‘fraud triangle’ of opportunity, motive or pressure and justification or rationalisation.”
But for Northage, senior staff or those subject to less managerial or other oversight, and/or those with access to the company's financial systems or key assets, are more likely to fall within the higher risk category, together with disgruntled employees or those working their notice period. He says that ‘behaviours to look out for include personal or financial problems or unusual spending habits, being secretive about their work, working long hours and/or not taking holidays, paying more attention than usual to a particular company customer or supplier, and becoming aggressive when challenged.’
Devastating impact
There is no way to sugarcoat it. Fraud can be devastating, and in some cases can lead to insolvency. Aside from financial losses caused by the fraud itself, Northage says that ‘the most damaging consequence tends to be the reputational damage caused to the organisation and the loss of trust from clients and third parties that it deals with. If the fraud was committed by a senior employee, that can exacerbate the damage.’
On top of that, there is the effect on staff morale and the significant time and costs involved in investigating and dealing with the incident and hiring new staff. Organisations can be faced with no other option than to either let staff go or invest their own money to keep afloat.
It shouldn't be forgotten that senior management risk criminal sanction for their (in)activity in this sphere. Indeed, Northage explains that ‘depending on the nature and circumstances of the fraud and the extent of the management's involvement in it, they could face regulatory investigations, disqualification, imprisonment, fines, claims brought by the victim or victims of the fraud, shareholder action – the list goes on.’
» There are certain indicators that companies can look out for, based on the ‘fraud triangle’ of opportunity, motive or pressure and justification or rationalisation «
Conclusion
Ultimately, prevention is better than cure, as it can be very difficult to prove dishonesty once it has occurred. But it is worrying that employers do not seem to have the appetite to gather evidence and prosecute, and many simply deal with the matter internally and move the problem on. And that means fraudsters are out there, lurking.