Insider fraud: lessons from International Fraud Awareness Week

16 December 2024

The Association of Certified Fraud Examiners (ACFE) estimates that organisations lose approximately 5% of their yearly revenues to occupational (insider) fraud, underscoring a persistent global issue, with corruption observed in 48% of all fraud instances. Occupational fraud occurs when a person commits fraud against an organisation of which they are an associated person. Under the United Kingdom Bribery Act 2010 (UKBA), an “associated person” is defined as a "person who performs services” for or on behalf of the organisation, which may include employees, subsidiaries and agents.

  • Types of occupational fraud
  • Learning from fraud incidents
  • Could it happen to you?

Types of occupational fraud

Asset misappropriation

Misuse of company resources by an associated person. Examples include:

  • Billing schemes: creating false invoices or manipulating legitimate invoices/supplier accounts to take funds from an organisation.
  • Payroll schemes: manipulating the payroll scheme to receive improper payment eg ghost employee/overtime/enhancements.
  • Expenses claims: submitting false/inflated expense claims.
  • Skimming: redirecting cash before it is recorded or underreporting revenue by giving customers a receipt for a lower amount.

It is the most common form of occupational fraud, accounting for 89% of the total fraud cases reported in the ACFE’s global 2024 report.

Financial statement fraud

Intentionally misrepresenting financial information to deceive stakeholders, such as:

  • Inflating revenue: artificially increasing reported sales.
  • Understating/overstating expenses or liabilities: reporting lower or higher costs or debts to make the financial wellbeing seem more sustainable.
  • Manipulating asset valuations: reporting lower or higher valuation of assets to make the financial health seem more sustainable.
  • Improper disclosure: omitting or misrepresenting financial reports.

Corruption

  • Conflicts of interest: conflicts of interest arise when the various interests, duties or commitments that a person may have – family, friends, work, voluntary work or political interests – come into conflict (or are very likely to). These conflicts do not necessarily involve improper or corrupt behaviour, although they can lead to it.
  • Bribery: under the Bribery Act 2010, bribery is defined as giving someone a financial or other advantage to encourage that person to perform their functions or activities improperly or to reward that person for having already done so, in order to gain an advantage, whether personal or commercial.
  • Illegal gratuities: rewards or gifts given to a person of authority after they have made a decision or taken action, as a token of appreciation.
  • Economic extortion: demanding money, goods or favours from an individual or organisation by threatening consequences.

The impact of fraud is wide-reaching in any organisation, through financial loss, breakdown in trust, legal costs and reputational damage. Preventing fraud is considerably more advantageous than detecting fraud once it has occurred and dealing with its aftermath. The Institution of Chartered Accountants advise that investing in fraud prevention can yield a return on investment (ROI) of up to 12:1.


Learning from fraud incidents

As the ultimate experts in your processes and systems, your employees are essential to the operation of your business. When this goes wrong, and an employee abuses their position to steal from you, it is the ultimate betrayal.

Whenever a fraud or near miss occurs, organisations should take the opportunity to learn all they can from it. Any areas of weakness should be immediately strengthened, and awareness raised across the team.

The Public Sector Fraud Authority (PFSA) has established five principles that can be adopted across all sectors:

1.There is always going to be fraud
It is a fact that some individuals will look to make gains where there is an opportunity. Organisations need robust processes in place to prevent, detect and respond to fraud and corruption.

2. Finding fraud is a good thing
If you don’t find fraud, you can’t fight it. This requires a change in perspective so that the identification of fraud is viewed as a positive and proactive achievement.

3. There is no one solution
Addressing fraud requires a holistic response incorporating detection, prevention and redress, underpinned by a strong understanding of risk. It also requires cooperation between organisations under a spirit of collaboration.

4. Fraud and corruption are ever changing
Fraud and counter-fraud practices evolve very quickly. Organisations must be agile and adapt their approach to deal with these evolutions.

5. Prevention is the most effective way to address fraud and corruption
Preventing fraud through effective counter-fraud practices reduces loss and reputational damage. It also requires fewer resources than an approach focused on detection and recovery.


Could it happen to you?

Fraud can occur in any organisation, especially when engaging with new suppliers. To protect your business, it's crucial to implement thorough checks and controls. Here are the key steps to ensure your supplier processes are secure:

Supplier requirement

Before engaging a new supplier, ensure you have the necessary authorisation and a valid business case. Follow the correct procurement process based on the anticipated spend.

Supplier due diligence

Verify new suppliers with these checks:

  • Ownership: are they linked to any of your staff?
  • Addresses: do their registered and trading addresses match the details provided?
  • Incorporation date: how long has the company been trading; for instance, were they established only recently?
  • Trading history: have they submitted financial returns?
  • Registered addresses: are they appropriate for the type of business (eg not residential or a PO box)?
  • VAT check: are they listed on the HMRC checker?
  • References: can they provide assurance that they can deliver the goods/services?
  • Accreditations/registrations: are they registered with any professional body, and can this be independently verified?
  • Bank confirmation of payee checks: does their account name match the company details?

New supplier set up

Who reviews the results of the above searches? The four eyes principle should be in place to ensure independent review of the above searches.

Declarations of interest

Require staff in decision-making roles to declare any outside interests that may conflict with their role. Consider reviewing Companies House records to independently verify that employees are not linked to your suppliers.

Accounts payable

Implement strong controls, including:

  • User access management on your accounts system.
  • Segregation of duties between goods receipting and invoice payment.
  • A “No PO, No Pay” system.
  • Regular budget reviews between the finance and contract manager and annual aggregate spend checks to ensure authorisation was in line with Standing Financial Instructions limits.

Fraud awareness: a key component of fraud prevention

It is vital that your team understands what fraud risks may be faced in their area of work, how to recognise fraud, and have the confidence and available routes to report their suspicions. Over half of all fraud concerns raised come from employees. Your staff know your systems and processes better than anyone and should be utilised to fraud-proof them. Once issues are reported, organisations must take these suspicions seriously and take action to remedy any gaps in controls. Fraud prevention controls and activities should be publicised to ensure staff are aware of the organisation’s commitment to finding and preventing fraud.

International Fraud Awareness Week (IFAW) is an opportunity to reflect on how fraud persists as a constant threat to security at an organisational level and how preventative measures can minimise the diversifying fraud risk and seek to protect finances, assets, reputation and ensure compliance with legislative frameworks.

The ACFE report highlights that concerns raised are twice as likely to come from employees who have received fraud awareness training, and that organisations that did not provide any fraud awareness training lost nearly twice as much as those that did.

Fraud awareness does not need to be expensive or time-consuming. It can be as simple as sharing recent fraud cases with your team and discussing in a team meeting whether that scheme would have been successful in your company.

How our counter-fraud experts can help your organisation

Our fraud experts offer free webinars on current fraud trends. Matt Wilson, an Associate Director in our counter-fraud team, recently interviewed Alex Wood, a former fraudster. During the session, Alex shared how he convinced finance staff to transfer millions of their company’s funds into his accounts. Now working with the police and UK government, Alex revealed his methods, how he gained trust, and how you can protect yourself.

Our counter-fraud specialists can assist your organisation in various ways, including:

  • Targeted proactive prevention exercises to identify weaknesses and strengthen controls.
  • Detailed fraud and bribery risk assessments to review your control environment, identify areas of weakness, and measure the potential levels of fraud exposure.
  • Bespoke training sessions to heighten awareness of areas of possible exposure, take corrective action, and be alert to how to identify potential instances of fraud.
  • Post-event reviews to identify the extent of loss and control failings, recommending areas of improvement to prevent fraud from reoccurring.
  • Disciplinary or criminal investigations to gather evidence of the offence for an internal panel or to present to the police for consideration of investigation.

For more guidance on how to safeguard your business against fraud, please contact Andrea Deegan or Gemma Higginson.