According to frauds recorded on the CIFAS Internal Fraud Database last year saw another sharp increase in staff fraud, when compared with 2012. Within this increase, however, several interesting variations have been spotted, according to the trade body:
· There was an 18pc rise in the total number of staff frauds recorded in 2013 when compared with 2012.
· Attempts to obtain employment fraudulently (eg by not declaring previous convictions for falsely claiming qualifications) shot up by over 70pc, demonstrating that organisations are now increasingly vetting prospective employees properly.
· While the level of dishonest actions by staff to gain a benefit by theft or deception (eg theft of cash from customer accounts) decreased, these frauds still account for 40 per cent of all confirmed insider frauds.
· Frauds where an organisation’s staff stole customer or commercial data continued to rise.
Success of counter fraud measures leaves unprotected organisations vulnerable
Historically, many organisations readily accepted the potential damage that customer fraud might inflict, but remained reticent about acknowledging the dangers and risks of fraud committed by staff. The 18% increase recorded during 2013 proves that organisations have started to treat these insider frauds as seriously.
CIFAS Communications Manager, Richard Hurley, says: “Like customers, the vast majority of an organisation’s staff will be totally honest. However, it is the few who are not so honest that tend to be the first to identify the Achilles’ heel or weak controls within an organisation. Enhanced screening processes, tightened security and a better understanding of how insider fraud is committed will impact upon far more than just a balance sheet: all these measures have undoubtedly contributed to the continued increase in identifying confirmed fraud levels. While the frauds may always have been there, organisations are now being seen to do something about them. Identifying and sharing data about such frauds is a small but powerful step. Organisations that do not take the insider threat seriously should be aware of the inherent danger in underestimating the risks.
KYE – Know Your Employee
In 2013, organisations that shared data on confirmed cases of insider fraud noted a large (71pc) increase in fraudulent attempts to gain employment. With the UK reported to be entering a more robust and healthy period in terms of recruitment, the dangers of employing someone who has made wholly fraudulent claims regarding his or her employment eligibility, history or professional qualifications become more marked.
Richard Hurley notes: “There is a huge difference between an individual submitting an application that might exaggerate professional achievements and making knowingly false declarations. These have ranged from some individuals concealing poor credit histories – when financial regulators require a clean history for specific positions – through to others claiming to have professional qualifications (essential for the role) that they do not. The risk posed by employing someone – for instance – in a role with a huge budget responsible for hundreds of jobs, when that person has fraudulently claimed to have necessary financial qualification is a serious one. Inevitably organisations are increasingly aware that the efforts that they have put into verifying information submitted by consumers applying for products have to be matched by the same rigour when it comes to recruiting an employee.”
Deceptive actions and theft of data remain serious issues
Attempts to gain benefit by deception or manipulation while in a job remained a serious threat during 2013, in spite of the apparent 5pc decrease. The theft of cash from either a customer, submitting false invoices or attempting to manipulate systems in order to beat targets are some of the most common frauds of this kind. Such frauds constituted 40pc of all insider frauds in 2013. While economic hardship might be a motivating factor for some, many such frauds are purely exploitative (e.g. targeting accounts of elderly or vulnerable citizens or attempting to undermine other colleagues). The continued high level of these frauds therefore underlines why organisations must have good support networks in place for staff who are struggling financially, to help reduce the risk of them committing internal fraud in desperation.
Recent years have also seen a dramatic rise in the number of instances of staff unlawfully obtaining and disclosing data, and the increase recorded in 2012 continued into 2013. This fraud type specifically relates to organised criminality, with a large number of proven cases related to staff disclosing customer data to third parties. With data-driven identity crime accounting for over 60pc of all frauds recorded to the CIFAS National Fraud Database, this continued increase must serve as a warning to all organisations, the association adds: such frauds may be comparatively rare, but they help to facilitate thousands of other frauds that affect you, your customers and your commercial reputation.
Comment
CIFAS Chief Executive, Simon Dukes, says: “The vulnerabilities inside an organisation are as real and in many cases even more dangerous than those that outsiders might try to exploit. This is something that responsible governance has recognised: that the insider risk may occur less frequently, but it is the insider who can wreak far more damage and breach the trust of an organisation. Not only does the rogue element inside your organisation have access to your most valuable possessions but, as recent CIFAS research has demonstrated, the collateral damage created by their frauds far exceeds any initial financial amount and can actually be four times greater than the sum that is initially lost. Such frauds attack an organisation’s productivity and the morale of remaining staff, and can result in fines, compensation payments, many man-hours taken to clear up the resultant mess and incalculable reputational damage. Simply put, being attacked from the inside is something no organisation wishes to face. The trends captured here therefore indicate underlying good news: namely that more and more organisations have started to detect, identify and share data on confirmed internal fraud cases in order to prevent further fraud. They also underline, however, the very real dangers posed by those few bad apples whose frauds undermine the health of an organisation and the morale and livelihood of their honest, hardworking colleagues.”
