It’s bad enough losing out to theft committed by customers and third-party criminals, but it can leave a particularly nasty taste in the mouth when those most trusted – staff – commit criminal acts against the business that employs them.
According to Action Fraud, one in five small businesses will have been defrauded at some point in their trading history – sometimes to the point of bringing the business to its knees.
In March 2010, The Journal reported that a 21-year-old garage – Knights of Newcastle – was put out of business after a trusted employee, Colin Prudham, used the company computer to print off 419 fake MOT test certificates. The fraud only earned Prudham £12,500. In February 2011, a former employee in the accounts department was convicted for stealing over £50,000 from Lanehouse Service Station in Weymouth over a six-year period. The managing director, Peter Amery, described Joyce Britnell’s actions as a “major betrayal.”
And in February 2013, a bookkeeper stole £210,000 from a family business involved in motorcycle publishing run by her friends. Amanda Stevens took the money for, among things, hair and clothes leaving the company – Redcat – to pick up the pieces. The fraud committed over a number of years was only discovered when the VAT couldn’t be paid.
While fraud is an ever-present risk, and a destructive one at that, employers can take preventative measures.
The first step is to proactively check on everyone that is employed by the business, especially where they have access to sensitive systems or the company bank account. Quite simply, firms need to know exactly who they are employing. References should be sought and followed up with calls; the matter shouldn’t be dropped until satisfactory answers are received. Everyone from the cleaner to the members of the board, as well as contractors, should be subject to background checks. At the very minimum, it’s important to confirm an employee’s identity, date of birth, residential address, qualifications, employment history, criminal history and financial background. The process can be undertaken as part of the statutory obligation to ensure that an employee has the legal right to work in the UK.
Another option is to ask for a recent bank or utility statement, as well as details to check on qualifications, or a marriage certificate if a married woman has changed her name. You can also ask for past P45 or P60s, as well as data from Disclosure and Barring Service. Credit agency Experian offer background checks for those in the automotive sector to enable employers to check on, for example, qualifications and experience. At the same time, by signing up with one of the credit reference agencies – Experian, Equifax or Callcredit – employers will be able to monitor if employee (or third party) activity has changed the financial status of the business.
Another large step that a business can take to protect its position is to engender the ethos that fraud is not tolerated within the business. This starts at the top with everyone being able to see that the management plays by the same rules that employees have to follow. Policies and procedures need to be written, but they also need ‘buy-in’ from employees which requires consultation. On joining, every employee should be given, among things, an anti-fraud policy. If a fraud should occur and the employee concerned is dismissed, the event and the consequences should be widely communicated to all staff as a deterrent.
As harsh as it sounds, firms need to strictly control access to their premises and systems. As soon as an employee leaves the company their access to systems should be terminated immediately. Passwords should be changed, passes revoked and possession should be regained of company laptops and mobiles. (It doesn’t hurt to regularly change passwords held and used by all employees).
If a faked history or worse, criminality, is suspected, it’s important to take good legal advice with a view to with- drawing any employment offer made (or dismissing the employee). The situation should be reported to the police or, in the case of illegal working, to the UK Border Agency, as well as to the recruitment agency if appropriate. Ignoring the issue will only shuffle the problem to another employer; it could also leave the firm open to claims from future employers who weren’t warned about the ‘rogue’ employee.
Processes need to be put in place so that no one person has sole control over payment systems, chequebooks or the ability to singly authorise purchases over a given (low) value. Invoices should be checked to ensure that they are from genuine suppliers; unexpected requests to change bank accounts should verified – every time; and suppliers should be informed in writing each time a payment is made.
It’s important to also prevent premium rate and international numbers from being dialled out on company phones. Premium rate fraud – also known as PBX or dial-through fraud) involved out of hours calls being made to particularly expensive numbers. Similarly, phone logs should be regularly checked for increased use or unusual call activity.
Lastly, firms should take steps to destroy any documents with sensitive information that may allow a fraudster to misuse the corporate identity for criminal gain.
For paper, this means acquiring a fine cut cross shredder, while for data, firms should securely wipe computers (physically destroying hard drives and USB sticks) while factory resetting mobile devices. At the same time, time spent signing up on Companies House and other agencies websites seeking out their online protections is worthwhile. Companies House, for example, offers the PROOF scheme in relation to the changing of official corporate details; it helps prevent the hijacking of a company.
Fraud is an unpleasant fact of life. However, those firms that make it harder for employees who are criminally minded will be much better off. By removing the opportunity they’ll remove the temptation.
WHAT TO BE AWARE OF
There are countless different ways that an employee can abuse trust. However, the main forms that firms should be on the watch for are:
Procurement fraud: Fraud relating to company purchases of goods, services or works commissioned. Goods are invoiced but not delivered, or are subject to inflated prices.
Travel and subsistence fraud: Where employees claim for, say, food and mileage not incurred or which is higher than receipts can show.
Personnel management: Staff on sick leave but moonlighting elsewhere, misuse of company equipment and time for private purposes, or the use of false references and qualifications.
Exploitation of assets and information: The passing of internal company information for personal gain.
Payment fraud: The creation of fake accounts and invoices, the redirection of cheques and other payments, or the processing payments to the fraudulent individual.
Receipt fraud: The theft of inbound monies or where records for monies owed are altered.
False accounting: Changing records and accounts to misrepresent their true value, to enhance or alter their appearance, to gain funds from a bank, report overly high profits or to hide losses.