The characteristics of financial crime have changed. Bank robbery is almost a thing of the past. Even robbers aren’t stupid enough to risk capture and sentencing for a violent offence, when the rewards for online crime are just as great, but without the jeopardy! Phishing attacks, for example, rose more than a fifth (21%) in 2015, and estimated to cost Britain more than £280million.
Fraud also costs the UK economy over £190 billion a year. Of which public sector losses accounted for over £37 billion in 2013/14. So, an estimate of charity sector deception at around £1.9 billion is not far off the mark. Most fraud is low value but high volume, so the risk of detection is slight. And, as fraud is about hiding and concealing, what’s detected only represents about one thirtieth of what’s taking place.
But in the face of such bald statistics few membership bodies have a fraud response plan in place. Nor are fraud and corruption likely to be written into an organisation’s Risk Register. Perhaps because they don’t think it will ever happen. But it does, so how do membership bodies counter the threat?
The answer is to quantify the risk, and set out to minimise it. First, by designing and communicating a counter-fraud strategy built around the known threats. Then, by creating a structure to implement your strategy, and using it to undertake a range of pre-emptive and reactive actions, like occasional random invoice audits and stock checking. All of which is easier said than done in a busy environment.
But, with the aid of staff who know, and are willing to identify, the weaknesses in their own company. Who recognise the personal consequences, in terms of job losses and business failure, that accrue from fraud; and aren’t tolerant of ethical ‘grey zones’, it is possible to instil an anti-fraud culture. After all, if only 10% of people are dishonest, that still leaves 90% who realise that weeding out fraudsters is in their own best interests. Make them aware of the legal protection afforded to whistle blowers in the form of the Public Interest Disclosure Act.
Fraud is easier to deter than detect. So, an anti-fraud culture can have a preventive effect, but you must also try and design weaknesses out of processes and systems; detecting fraud where it isn’t prevented, applying a range of sanctions, and seeking redress and covering losses. But never underestimate the resources needed. Management buy-in is essential, but so are resources in the form of time, equipment and training, so be realistic.
Lastly, be aware of fraud ‘red flags’. Does any employee appear to be living beyond their means, always the first in and the last out of the office, or reluctant to take long periods of leave? These may be signs of wrong-doing. But suspicion alone is not enough. Always take legal advice before conducting any internal investigation.
Michael Hoare
©2017 M J Hoare