Fraud in the private sector

Experian’s own data suggests that companies are starting to become more aware of the threat posed from within, and are actively gearing up their processes to ensure they can combat it more effectively in the future. The volume of background checks carried out by Experian for clients increased by four percent in 2009, against a backdrop of depressed recruitment activity. This demonstrates a tightening of vetting practices across all sectors and company sizes.

Whether from organised criminals, opportunists or simply candidates lying on a CV to get a job, Experian expects to see an unprecedented surge in fraud attempts over the next couple of years, as fraudsters seek to obtain assets or battle for work in a depressed job market.

This trend is echoed by other sources of data. Fraud prevention service CIFAS reported that dishonest actions by staff to obtain benefits by theft and deception increased by 69 percent in the first half of 2009, compared with the last half of 20088. KPMG, which analyses major fraud cases heard by UK Crown Courts, reported that staff accounted for £228 million worth of fraud across the private and public sectors in 2008, up from £81 million in 20079.

Insider fraud can originate in a number of areas from within an organisation, and from a range of different types of people. While many of those responsible are individual opportunists, looking to obtain assets or gain employment that they are not necessarily suitable for, improvements in anti-fraud measures designed to protect organisations from external threats have pushed an organised criminal element to consider new approaches. These include infiltrating the organisation themselves or coercing existing employees to act on their behalf.

Certainly it would seem that lying on CVs is on the increase. Surveys suggest that as many as a quarter of job seekers deviate from the truth on their CV. Experian’s own research finds that the most common distortions include salary (23 percent), level of previous experience (14 percent) and educational qualifications (13 percent), followed by dates of employment (10 percent) and job title (nine percent).

In a survey last year, Experian found that 63 percent of professionals include career details in their personal profiles online and as many as one in 10 people now publish their whole CV on social networking sites such as LinkedIn, leaving themselves at risk of ‘career cloning.’ It is likely that fraudsters will increasingly look to take on the identities and career histories of third parties to secure employment within companies for the purposes of committing fraud.

Despite the best company security systems, criminals will find the weakest link, which more often than not is a person. Criminals have been known to hang around pubs and cafes near target organisations, seeking out disgruntled employees and those fearful of job losses and unemployment, who may be vulnerable to manipulation. Once targeted, the gangs will then attempt to bully or bribe employees to give up sensitive data that could be used to steal money or other assets. Threats of violence or blackmail may be extended to employees and their families if the orders of the gangs are not undertaken.

It is not just those on lower pay grades that commit fraud. The threat includes senior level employees, who may well have implemented – or fall outside – the controls in place to monitor those deemed as higher-risk personnel. Senior personnel who deal with external suppliers, procurement and acquisitions have greater opportunities and a lower risk of detection as the focus in most organisations is elsewhere. Figures from BDO (79 percent) and KPMG (56 percent) indicate that the majority of financial losses attributable to insider fraud in 2008 were down to those in managerial positions. With tighter economic conditions resulting in pay freezes and relatively low wage increases where they are granted, we could well see increasing numbers of those higher up the organisational pyramid looking to commit insider fraud to maintain their lifestyles.

The best way to combat the insider fraud threat is through a multi-stage employee vetting process that enables the organisation to have a clear picture of the candidate from a variety of data sources.

At the recruitment stage, organisations need to be sure they know the true identity of the candidate and whether they have any criminal convictions, as well as an understanding of the individual’s financial picture. Client experience has also shown that there is a 15 percent drop-out rate when applicants are made aware that background checking is involved in the recruitment process, highlighting the strength of robust checking procedures in deterring time wasters and potential fraudsters.

Criminal records and financial data should play a key role in the recruitment process as they can highlight red flags such as convictions, bankruptcies and other adverse data, which are valuable warning signs into a candidate’s character and suitability, as well as those potentially most vulnerable to coercion from the criminal element.

While organisations may not wish to appear to doubt the word of the candidate, the importance of criminal records checks should not be underestimated. They can protect an organisation from hiring someone who may be unsuitable or even dangerous to the organisation’s staff and reputation.

Traditional CV checks should also be undertaken. Discrepancies and falsehoods on CVs and job applications provide an indication into the character of a candidate. If a person is willing to deceive on a CV, then they do not possess the integrity that employers expect.

Employee vetting should not, however, stop at the point of recruitment. Monitoring of existing staff is just as important, and many of the checks used in the recruitment process are valid for existing employees too. There are a number of early warning signs that may be indicators of staff fraud including employees living beyond their means, employees under financial pressure, and employees not wanting time off or being unwilling to change jobs which should be considered as part of an effective monitoring system.

There are a wide range of tools and techniques at employers’ disposal for deterring and detecting insider fraud. These can range from CCTV, to protect against physical losses, through to complex software analytics that can highlight unusual patterns of behaviour on systems that hold commercially sensitive and proprietary information. It is important, however, to balance privacy rights of employees with the need to protect the business. Clear and well-communicated policies that set out the organisation’s stance on fraud and its approach to tackling it also provide an opportunity to explain to employees why anti-fraud measures are so important.

Organisations are increasingly waking up to the threat from within. While much of the effort should go into the recruitment process, to truly safeguard against insider fraud it is important to maintain an element of screening throughout the employment contract.

(8) Source: CIFAS, 27-Aug-09. http://www.cifas.org.uk/default.asp?edit_id=926-57

(9) Source: KPMG, 02-Feb-09. http://rd.kpmg.co.uk/mediareleases/15782.htm