In summer 2018, the National Fraud Intelligence Bureau issued an alert warning that so-called ‘insider fraud’ was posing a bigger threat to UK businesses than any other fraudulent activity.
According to the police unit in charge of countering fraud and cyber-crime at a national level, more than half of businesses in the UK had been defrauded by an employee or contractor in the previous 12 months. And while the majority of business owners feel the biggest threat comes from online criminal gangs, the NFIB says the figures show clearly that the greater fraud risk comes from within an organisation.
According to Julian Beressi, managing partner at KJG and a specialist forensic accountant, said the main issue with insider fraud was organisations placing too much trust in individuals on financial matters without adequate oversight.
“When you hire someone to your accounts team or contract out your bookkeeping, it is natural that you want to trust them,” he said. “But what sort of background checks have been done? And what kind of controls are put in place as they work?
“All too often we see cases where insiders who are eventually caught defrauding the company they work for have simply been left to their own devices, with no checks and balances in place. The first step towards fraud is opportunity, and opportunity arises when there is too much trust placed in individuals from the top.”
Julian pointed out that, due to the lack of oversight, insider fraud can go on for years before it coming to light. Employees with access to accounts or authority to sign off invoices will typically start small, manipulating records and siphoning off relatively insignificant amounts to see if they can get away with it.
But over time, small sums add up and the fraudsters become increasingly bold. In many cases, it is only when they become overly confident and start to try to hide larger amounts that people notice and they are eventually caught.
In terms of taking practical steps to guard against insider fraud, Julian says company directors and owners cannot hide behind trust. “Oversight does not have to mean a culture of suspicion and finger-pointing,” he said. “It means putting in place basic controls, especially at the point where money is leaving the company accounts, i.e. authorisation of payments. Not having some sort of review system in place to check where money is going leaves you exposed to unnecessary risk.”
With the majority of companies now switching over to digital accounting systems, another issue is user access controls. With weak protocols in place, unauthorised personnel can find it alarmingly simple to get into sensitive records. Poor password and authentication policies can also lead to situations where, for example, former employees or contractors are still able to access systems long after they have left, widening the scope of what constitutes ‘insider fraud’ further still.
Should you be worried?
We’re not suggesting that businesses should start back checking and suspecting every employee, process and procedure. The advice is to remove temptation, have robust systems in place with strong controls, especially when it comes to money. You can run these back checks yourself or ask your professional advisor to fulfil them. The role of a Forensic Accountant is to look for anomalies in financial records, to go through records with a fine-tooth comb and keep your business safe and secure.