Much focus recently has been on fraudulent activity committed against individuals. In its November 2022 report, Fighting Fraud: Breaking the Chain, the House of Lords Fraud Act 2006 and Digital Fraud Committee said that, in the previous 13-month period, 89% of fraud victims were individuals rather than organisations or businesses.
But having said that, Andrew Northage, a partner in the Regulatory & Compliance team at Walker Morris still considers fraud to be a significant threat in corporate environments. He cites the UK findings of PwC’s Global Economic Crime Survey 2022 which “showed that 64% of businesses had experienced fraud, corruption or other economic/financial crime in the previous two years, up quite significantly from 56% in 2020.”
For Northage, “the pressures of the economic climate on both businesses and individuals, combined with factors such as the increasingly rapid rise of digitisation and the move to more remote working patterns, continue to provide internal and external fraudsters with the motivation and opportunities to commit fraud against corporates.”
And new technologies such as artificial intelligence making the commission of fraud easier, more targeted, and more convincing to unsuspected victims. It doesn’t help that some employees are turning to fraud to maintain their lifestyle.
Taking a chance
The opportunities for committing fraud in a corporate environment depend to a large extent on where the areas of weakness are in structures and defences.
For Northage typical frauds include cybercrime, business impersonation fraud, supplier/supply chain fraud, mortgage fraud, employee fraud such as payroll fraud and false accounting, and money laundering. He adds: “The increasingly rapid rise of digitisation has facilitated fraud across borders and can make it difficult to trace perpetrators.”
Another area of concern for Northage is the rise of ‘greenwashing’ – the practice of making often exaggerated claims about a business’ environmental credentials and the sustainability of its products, services, and environmental impact. Most wouldn’t think of this as out and out fraud, but it is and as he says, “with the focus very firmly on companies’ compliance with ESG requirements, this is certainly an area to watch.”
And then there are the risks that follow on from the move to remote working patterns; this has affected the value of typical fraud prevention and detection measures “if,” as Northage comments, “they haven’t been updated to reflect the change in working practices post-pandemic.”
It shouldn’t be forgotten that fraudsters have become ever-more sophisticated in recent years. Firms, reckons Northage, can be considered ‘at fault’ if they don’t put in place robust processes. He’s bothered that “not all companies have the necessary controls in place to effectively manage fraudulent activity from outside and from within.”
According to the Association of Certified Fraud Examiners (ACFE) Report to Nation 2022, in 29% of cases there was a lack of control measures and in 20% of cases control measures were overridden – almost half of frauds were self-inflicted because there may have been no control systems in place to prevent the fraud or those in place were not adequate and were overriden.
The worrying part of fraud is that the majority aren’t ever discovered – at all. PwC’s Global Economic Crime and Fraud Survey 2022 noted that “51% of surveyed organisations say they experienced fraud in the past two years, the highest level in our 20 years of research.” But what of the other 49%? Are they really trouble-free?
Here Northage says that fraud “is typically discovered through the measures that businesses have in place as part of their internal controls – not necessarily related to fraud detection – such as audits, and also as a result of whistleblowing.”
Clearly there are more vulnerabilities in SMEs as they may not have resources to address potential attack risks. To say, ‘it will not happen to us’, ‘all of our staff are honest’, or ‘we are a family business’ is to be negligent.
A typical fraudster and fraud?
When asked about a typical fraudster and fraud, Northage focuses on internal or employee fraud. He prefers not to talk about a ‘typical’ fraudster as “even the most diligent employee can become a fraudster if the conditions are right”. Instead, he says that “there are certain indicators that companies can look out for, based on the ‘fraud triangle’ of opportunity, motive or pressure and justification or rationalisation.”
But for Northage, senior staff or those subject to less managerial or other oversight, and/or those with access to the company’s financial systems or key assets, are more likely to fall within the higher risk category, together with disgruntled employees or those working their notice period. He says that “behaviours to look out for include personal or financial problems or unusual spending habits, being secretive about work, working long hours and/or not taking holidays, paying more attention than usual to a particular company customer or supplier, and becoming aggressive when challenged.”
Aside from financial losses caused by the fraud itself, Northage says that “the most damaging consequence tends to be the reputational damage caused to the company and the loss of trust of customers and third parties that it deals with. And fraud committed by a senior employee can exacerbate the damage.”
On top of that there’s the effect on staff morale and the significant time and costs involved in investigating and dealing with the incident and hiring new staff.
Lastly, it shouldn’t be forgotten that senior management risk criminal sanction for their (in)activity in this sphere. Indeed, Northage details that “depending on the nature and circumstances of the fraud and the extent of the director’s involvement in it, they could face regulatory investigations, disqualification, imprisonment, fines, claims brought by the victim or victims of the fraud, shareholder action – the list goes on.”
At the end of the day, prevention is better than cure as it can be very difficult to prove dishonesty once it has occurred. But it’s worrying that businesses do not seem to have the appetite to gather evidence and prosecute – many deal with the matter internally and move the problem on. And that means fraudsters are out there.
The trade suffers
In March 2018, the Western Telegraph reported on a case involving a BMW Sytner employee, Jamie Picton, who pleaded guilty to two fraud charges.
To commit the fraud Picton gave a customer his bank details to pay £2000 for a repair which should have been done under warranty. The customer later transferred £28,000 to the same account for a new car but questioned the matter when the car didn’t materialise – which led to Picton being uncovered
BMW Sytner Group refunded the customer’s £2000 and lost out on the £489.29 cost of repairing the engine.
Picton was given six months custody, suspended for two years, and ordered to complete 200 hours of unpaid work and a 15-day rehabilitation activity requirement. He was also ordered to pay £2,489.29 in compensation, £85 court costs and a £115 surcharge
More recently, in September 2022, AM Online detailed the story of a Sytner Group BMW parts manager who avoided jail after he admitted defrauding his employer of £62,320
In this case, Richard Aston paid refunds into the bank accounts of a friend, his brother-in-law and his wife, between March 2018 and 2019.
Aston had worked at Sytner BMW Birmingham as a parts supervisor since 2008 but gained responsibility for managing employees, stock control and authorising refunds when promoted in 2015.
Aston pleaded guilty to a charge of fraud by abuse of position and was given a two-year jail sentence suspended for the same period, ordered to repay £62,320 and also carry out 30 days of rehabilitation and 120 hours of unpaid work.