Risk and Compliance Preventing and investigating FRAUD in the workplace Preventing and investigating fraud in the workplace | 1 2 | Preventing and investigating fraud in the workplace Contents Introduction ..............................................................4 How corporate governance can help prevent fraud ...........................................................6 Could you spot a potential fraudster? ...................14 Ways to reduce the risk of fraud ...........................16 Key employment law issues for fraud prevention ....................................................20 Monitoring staff phone calls, email and internet use ............................................................24 Can insurance help to manage fraud risk? ...........32 What policies and procedures should you have in place in case fraud occurs? ......................34 Enabling employees to report fraud .....................40 Discovery of a fraud: the first 24 hours .................46 Ensuring that your investigation complies with employment law obligations .........................50 Data retention and recovery: where to look and what (not) to do: ..............................................54 Freezing assets and tracing funds ........................60 Involving the police and criminal investigations ...66 Using private investigators ....................................72 Useful contacts ......................................................78 Preventing and investigating fraud in the workplace | 3 Fraud continues to be a significant issue for many businesses. But it is a risk that can be reduced and managed to some extent. Almost all frauds against a business will involve employees - sometimes as perpetrators and sometimes as the innocent dupes of outsiders. We continue to see cases where our clients lose money by falling victim to a dishonest employee who, had thorough vetting been carried out, might not have been hired. We see cases where employees have been able to defraud their employer by methods that could have been detected if proper procedures were followed. And we see cases where employees have been tricked into overriding standard procedures and clients have lost substantial funds as a result. Three examples from recent cases we have dealt with may illustrate some of these points. Case 1: An accounts payable clerk received an email apparently from a supplier saying that the supplier’s bank account details had changed and quoting a new sort code and account number. Without further checking the clerk directs payments to the new account, which of course is not genuine. Substantial funds are lost before the problem comes to light as a result of the genuine supplier chasing for non-payment. A few simple checks could have prevented this. Case 2: A senior member of the finance department has the authority to approve his own expense claims. An internal audit identifies this as a risk area and recommends that an additional level of approval is introduced. The internal audit report is not acted on and substantial false expenses continue to be submitted, fraudulently approved and paid. Case 3: An accounts payable clerk operated an online payment platform provided by a bank. This was designed to provide an efficient payment system with proper approval processes. The clerk was telephoned by someone impersonating the CEO who convinced the clerk that the company had to make highly confidential payments for a transaction overseas that should not be discussed with anyone except the CEO and a previously unknown external lawyer. The clerk received apparently approved invoices and payment instructions by email from the supposed lawyer, purportedly signed by the CEO and the Group Treasurer. Substantial payments were made to an overseas bank, only some of which were intercepted and recovered. The accounts clerk bypassed the online payment platform, failed to carry out basic checks and accepted someone she thought was the CEO telling her on the phone that the payments were highly confidential and should not be discussed with anyone else within the organisation. These experiences reinforce some basic messages: • Carry out background and reference checks when recruiting. Speak to referees. • Staff carrying out any aspect of payment functions should be reminded that there are people out there keen to steal your money and they need to be eternally vigilant. Under no circumstances should they depart from established and proper procedures; they are there for a purpose. Ensure that staff are trained to appreciate that each one of them is potentially in the front line of defence against a fraudulent attack on the business. 4 | Preventing and investigating fraud in the workplace • Someone, no matter how senior they are, telling an employee that a transaction is confidential and should not be discussed with anyone else is a clear warning sign. Most businesses do not need to make confidential payments. Anyone told to make one should immediately discuss it with their supervisor and escalate it if necessary. • Be careful not to permit management to override established procedures. • Any requested change in procedure should be verified by back-up checks. In Case 1 above a simple telephone call to the supplier would have revealed the scam. Check email addresses behind email names. • Follow up on all concerns, reports and audit recommendations. • If in doubt - check. Management must make it clear (by regular communication, not just by a well written whistle-blowing policy) that any employee with a concern should report it. If it turns out to be misplaced, a report in good faith will nevertheless be appreciated and commended. • Perhaps one of the most important features that can reduce the chance of fraud occurring is the culture of an organisation. Where management makes it clear that inappropriate behaviour of any kind is not acceptable, that even seemingly trivial misdemeanours are dealt with firmly and management leads by example, a culture of zero-tolerance can develop in which fraudulent conduct is less likely to arise and more likely to be detected early. This practical guide is designed to help businesses consider some of the basic procedures that have been proven to reduce the incidence of fraud. If a fraud is discovered it will help you conduct investigations into fraud in the workplace at short notice, often under pressure. It will alert you to some of the key problems you may face in conducting investigations and provides a straightforward guide to help you navigate through some of the areas where problems are most likely to arise. Andrew Keltie Joanna Ludlam Partner Partner Tel: +44 (0) 207 919 1376 Tel: +44 (0) 207 919 1822 Email: andrew.keltie@ Email: joanna.ludlam@ bakermckenzie.com bakermckenzie.com Preventing and investigating fraud in the workplace | 5 How can CORPORATE GOVERNANCE help prevent fraud? Fraud by a company’s management or employees, or their involvement in criminal or unethical activities either against the company or on behalf of the company, is likely to result in the company incurring financial losses and reputational damage. Losses may arise from funds lost directly as a result of a fraud or from the costs of internal and external investigations into improper conduct. Good corporate governance can reduce the risk of fraud at every level within a company. 6 | Preventing and investigating fraud in the workplace What is corporate governance? How can The phrase “corporate governance” can be used to describe the internal policies, processes and people, which serve the Good corporate needs of shareholders and other stakeholders, by directing governance can and controlling management activities with objectivity, “ provide companies accountability and integrity. The term encompasses principles such as transparency and accountability but in the broadest with the tools to sense, it is the way in which a company is run. In other words, prevent fraudulent corporate governance means rigorous supervision of the management of a company; it means ensuring that business practices. is done competently, with integrity and with due regard for the interests of all stakeholders. Good corporate governance is embodied in practices such help prevent fraud? as quick and accurate reporting of quality information, the establishment of clear, credible and well-documented ” decision-making and review processes, and effective two-way communication with shareholders and other stakeholders. Good governance is, therefore, a mixture of legislation, non- legislative codes, self-regulation and best practice, structure, culture, and board competency. Good corporate governance can provide companies with the tools to prevent, as well as identify, potentially fraudulent, or other criminal and unethical activities and business practices. In general, the nature of the arrangements that a company should have in place will depend on its size, the nature of its business, the jurisdictions in which it operates and the associated risks that it faces. Using corporate governance rules and standards to help prevent fraud The Combined Code Much of governance goes beyond the legal framework. Company law deals at length with the individual and collective responsibilities of directors, but contains few references to processes, quality standards or outcomes. In the UK there is a system of self-regulation. The Combined Code on Corporate Governance, published by the Financial Reporting Council (FRC), the independent regulator for promoting confidence in corporate reporting
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages80 Page
-
File Size-