Written by Holly Whitehead on Friday February 15, 2019
A major reason why people commit fraud is because they are allowed to do so. There are a wide range of threats facing businesses and according to a 2016 report by KPMG, entitled Global profiles of the fraudster, the majority of fraudsters were either current or former employees of the victim organisation.
When correctly motivated, employees remain honest and become the most effective frontline defence against the fraudster.
Employees become motivated when they believe that:
In any case, the likelihood that a fraud will be committed is greatly decreased if the potential fraudster believes that the rewards will only be modest, that they will be detected or that the potential punishment will be unacceptably high. The main way of achieving this must be to establish a comprehensive system of controls that aims to prevent fraud and, where fraud is not prevented, increases the likelihood of detection and the cost to the fraudster.
With this in mind, in this blog we explore establishing a fraud-averse environment within an institution and how this can help in the fight against fraud. So here are five factors for businesses to consider that could help to create an anti-fraud culture:
1) Demonstrating the institution’s honest ethical intent
As the first bullet point above mentions, having an ethical business helps employees remain honest and motivated by enabling them to believe in their company and the fact that they are doing the right thing.
Within the formal policies for corporate and social responsibilities, there should be clear statements of business principles and ethics.
While detailed guidance can be found on such polices from the Institute of Business Ethics, there are a number of key features when it comes to the detail, structure and content of the policy, which include:
2) Open communication/whistle-blowing
Whistle-blowing is acknowledged as an important safeguard in the UK Combined Code on Corporate Governance and is now recognised as a successful method of detecting internal fraud and corruption.
In the UK the law is set out in the Public Interest Disclosure Act 1998. The objective of the Act was to foster a climate of openness within the workplace and create a positive environment in which employees at all levels could raise their concerns without fear of reprisal. Under the terms of the Act, employees who make ‘protected qualifying disclosures’ have statutory protection from dismissal and from being subjected to discriminatory treatment.
3) Establishing the strategy
The board must establish a clear corporate strategy, which defines objectives as well as the concept of fraud, and assigns clear responsibilities and accountabilities for risk management. The strategy and policy must then be communicated in an appropriate way to all employees at every level.
Above all, employees must see the strategy in action: they must see that controls apply to all levels of employees and management; they must see that vigorous action is taken when fraud occurs; and they must see that if an employee is involved, then they are treated in the same way regardless of their seniority.
4) Setting policies and procedures
The policies and standards should indicate the institution’s clear commitment to preventing and detecting fraud, define the institution’s objectives and set out definitions, responsibilities and accountabilities, internal reporting and investigation procedures. These should set the minimum standards, leaving the business units to determine their individual fraud strategy.
The Fraud Advisory Panel publishes two useful leaflets dealing with anti-fraud policy statements, including a sample policy.
5) Fraud risk assessments
The objective of management of fraud risk is to permit the implementation of cost-effective fraud prevention, detection and response procedures.
In order to achieve this objective, risk assessment provides a structured approach by which to identify, document and evaluate details such as:
Analysis of an institution’s ‘threat profile’ needs to include the identification of fraud threats specific to the products and services provided and, additionally, of the general factors that might make the institution more susceptible to fraud. It is important to document the threat profile both for the record and to assist the next stage of risk assessment.
Points to remember:
However, even with everything in place, we must also remember that some people are dishonest and will take any opportunity to defraud.
Having the correct culture in place will go a long way toward keeping most honest employees honest and away from temptation.
You may also like:
This article forms part of the #BigCompConvo - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the Big Compliance Conversation get in touch with us at firstname.lastname@example.org
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.