UAE: Securities & Related Investigations Know-How
Over the past few months, there has been an increasing number of cases involving fraudulent insurance claims, abuse of COVID-19 relief schemes, and corporate fraud driven by employees. This article looks at the issue of employee fraud and the relatively simple and cost-effective measures that organisations can implement to help mitigate employee fraud risk.
Historically, fraud and employee malpractice ("employee fraud") rises in times of financial uncertainty, as businesses struggle to survive economically and employees try to hit targets or make ends meet. The global financial crash of 2008 is a classic example of this cycle which is now repeating as the covid-19 pandemic continues to cause economic hardship. Virtually every day now brings a new fraud-related survey or headline from around the world.
In the last few weeks for example, there have been reports ranging from rises in fraudulent insurance claims, abuse of covid-19 relief schemes, and corporate fraud driven by employees trying to circumvent controls, falsely boost performance, or line their own pockets. Incidents include theft of intellectual property and corporate information assets, abuse of procurement or expense procedures, and exploitation of weak controls and oversight following the introduction of remote working practices.
Many organisations fail to adequately address the risk of employee fraud, in part because it’s often an uncomfortable topic to acknowledge. But it is more critical than ever to address this risk as the pandemic continues to have a significant economic impact on companies across a range of sectors. Employee fraud needs to be addressed both at the individual employee level (assessing individual risks) but also at a corporate level (structural risks).
The risk of employee fraud is often proportionate to the level of controls and incentives that an organisation puts in place. For example:
However, there are some simple steps that can help reduce employee fraud which can be executed quickly with the right support. Organisations that adopt a risk-based approach can identify areas of weakness in their systems and controls and, in combination with identifying employees who fall into a higher-risk category, can mitigate employee fraud risk considerably. When properly executed, this can be a very cost effective approach, which can be combined with a robust and targeted awareness campaign.
First, identification of higher risk employees. This step is not about identifying employees who are likely to be dishonest or untrustworthy. This exercise is designed to identify which employees, if they were intent on committing fraud, are either:
There are a number of factors to consider when determining which employees fall into a higher risk category. The factors will vary depending on the type of organisation and its industry sector but examples include:
Second, an employee fraud and malpractice risk assessment should be performed. Focused on the now-identified higher risk population, it will help determine those areas with the highest likelihood and impact rating for fraud or malpractice. It will provide insight as to where you should start to consider more robust controls.
Third, the design and implementation of enhanced controls should be prioritised. Often this may simply require a reconfiguration of existing controls, although in some cases new measures may need to be designed, tested and deployed. For example, in the case of an employee who has resigned but is working out their notice period – is there a valid reason why they still need access to intellectual property or customer lists? A simple control could be put in place to prevent the downloading of sensitive or confidential data that could potentially be the subject of unauthorised disclosure.
Other examples of simple but effective controls to implement include:
While these steps in isolation are an excellent start, even greater value can be generated by combining the deployment of enhanced controls with an awareness campaign. The combination of new controls and awareness activities often has a strong deterrent effect.
Arguably one of the most important steps to combat or deter employee fraud is to ensure is that there is a process and a capability to investigate any incidents that arise or which are identified as a result of the enhanced controls. A properly conducted investigation will also have a strong deterrent effect.
Finally, most organisations have "blind spots" which prevent them from properly self-assessing their vulnerabilities. There is often a tendency for organisations to become complacent when times are good, and to assume that "we've always done it this way" means that it's the right way to do things. Bringing in independent, external consultants, who have extensive experience of employee fraud acquired after having investigated or assisted many clients to manage the after-effect of such frauds can be invaluable. Experts can help identify red flags quickly and are immune to office politics or the fear of retribution from colleagues or management, so getting a review from an independent, external party can't be over-estimated.
Most observers continue to project higher levels of employee fraud and malpractice and, although focusing on high-risk employees can feel uncomfortable for some businesses, it is a really pragmatic response to the circumstances.
The three steps of:
Together, can quickly help to strengthen an organisation's resistance to employee fraud. Combining theses steps with a good awareness campaign and an investigation capability can make for a very effective mitigation strategy.