A major reason why people commit fraud is because they are allowed to do so. There are a wide range of threats facing businesses and according to a 2016 report by KPMG, entitled Global profiles of the fraudster, the majority of fraudsters were either current or former employees of the victim organisation.
When correctly motivated, employees remain honest and become the most effective frontline defence against the fraudster. Employees become motivated when they believe that:
- their institution is honest and ethical in its business dealings, including dealings with customers, suppliers and employees
- their employer treats them with respect, rewards them fairly, imposes discipline fairly and, when, regrettably, redundancy becomes necessary, dismisses them fairly
- fraud prevention is a common objective throughout the organisation at all levels, they have been trained to play their part in the fight, and their efforts to do so are acknowledged.
In any case, the likelihood that a fraud will be committed is greatly decreased if the potential fraudster believes that the rewards will only be modest, that they will be detected or that the potential punishment will be unacceptably high. The main way of achieving this must be to establish a comprehensive system of controls that aims to prevent fraud and, where fraud is not prevented, increases the likelihood of detection and the cost to the fraudster.
With an ex-JPMorgan employee pleading guilty to stealing more than US$5 million from his employer last week, I thought it was prudent to explore establishing a fraud-averse environment within an institution and how this can help in the fight against fraud. So here are five factors for businesses to consider that could help to create an anti-fraud culture:
1. Demonstrating the institution’s honest ethical intent
As the first bullet point above mentions, having an honest and ethical business helps employees remain honest and motivated by enabling them to believe in their company and the fact that they’re doing the right thing.
Within the formal policies for corporate and social responsibilities should be clear statements of business principles and ethics. While detailed guidance can be found on such polices from the Institute of Business Ethics, there are a number of key features when it comes to the detail, structure and content of the policy, which include:
- compliance with all laws and regulatory obligations, with particular reference to those related to financial crime
- the requirement for all employees to act honestly and in the best interests of the company
- what constitutes dishonesty and the elements that will constitute grave misconduct under the disciplinary process
- how the business values employees, including policies on recruitment, organisation, development and training, equal employment opportunities, retirement, severance and redundancy.
2. Open communication/whistle-blowing
Whistle-blowing is acknowledged as an important safeguard in the UK Combined Code on Corporate Governance and is now recognised as a successful method of detecting internal fraud and corruption.
In the UK the law is set out in the Public Interest Disclosure Act 1998. The objective of the Act was to foster a climate of openness within the workplace and create a positive environment in which employees at all levels could raise their concerns without fear of reprisal. Under the terms of the Act, employees who make ‘protected qualifying disclosures’ have statutory protection from dismissal and from being subjected to discriminatory treatment.
3. Establishing the strategy
The board must establish a clear corporate strategy, which defines objectives as well as the concept of fraud, and assigns clear responsibilities and accountabilities for risk management. The strategy and policy must then be communicated in an appropriate way to all employees at every level.
Above all, employees must see the strategy in action: they must see that controls apply to all levels of employees and management; they must see that vigorous action is taken when fraud occurs; and they must see that if an employee is involved, then they are treated in the same way regardless of their seniority.
4. Setting policies and procedures
The policies and standards should indicate the institution’s clear commitment to preventing and detecting fraud, define the institution’s objectives and set out definitions, responsibilities and accountabilities, internal reporting and investigation procedures. These should set the minimum standards, leaving the business units to determine their individual fraud strategy.
The Fraud Advisory Panel publishes two useful leaflets dealing with anti-fraud policy statements, including a sample policy.
5. Fraud risk assessments
The objective of management of fraud risk is to permit the implementation of cost-effective fraud prevention, detection and response procedures. In order to achieve this objective, risk assessment provides a structured approach by which to identify, document and evaluate details such as:
- the threats facing the sector in which the institution operates
- the level of risk appetite of the institution
- the threats from fraudulent use of products and services provided in this institution.
Analysis of an institution’s ‘threat profile’ needs to include the identification of fraud threats specific to the products and services provided and, additionally, of the general factors that might make the institution more susceptible to fraud. It is important to document the threat profile both for the record and to assist the next stage of risk assessment.
Points to remember
- Have the proper plans in place as this can considerably decrease the probability of fraudulent activity occurring.
- Make company policy known to employees as this will deter fraudulent behaviour.
- When an employee is caught, make sure the policy is followed through and enforced as this is a big deterrent.
However, even with everything in place, we must also remember that some people are dishonest and will take any opportunity to defraud. Having the correct culture in place will go a long way toward keeping most honest employees honest and away from temptation.
How can ICT help?
We provide practical training and qualifications in AML, KYC and CDD and financial crime prevention, from introductory certificates to diplomas and post graduate diplomas.
The ICA Advanced Certificate in Managing Fraud provides a comprehensive understanding of fraud threats, how to formulate an effective strategy to prevent these threats and how to manage the response when they occur.
The ICA Professional Postgraduate Diploma in Financial Crime Compliance is an expert level qualification for senior practitioners with a focus on AML, fraud and anti-bribery and corruption.
We can also deliver bespoke training in house to firms, allowing you to to maximise your budget, minimise disruption and tailor the content to your specific needs.