Getting to Know You

When it comes to fraud, prevention is much less costly than the cure. Companies need not only a basic anti-fraud culture in place, but an effective vetting process to mitigate the exposure to risk often overlooked in the recruitment process. Mike Bluestone outlines some practical solutions to fraud prevention

Whilst exact statistics are hard to come by, reliable sources, such as fraud watchdog, the Fraud Advisory Panel, estimate that up to £15 billion is being lost to the UK economy through corporate fraud of varying kinds. A survey by PricewaterhouseCoopers in 2003 reported that fraud causes productivity loss, cash flow problems and corporate collapses. Significantly, 51% of British businesses have been victims of fraud for the period 2001-2003.

There is no single offence, which is defined as fraud (although government legal experts are currently working on producing one), but it is usually considered to be theft or false accounting of different and increasingly sophisticated types. In 2001, Ernst & Young produced their own definition as follows: "Fraud is usually taken to be theft - the removal of cash or assets to which the fraudster is not entitled - or false accounting - massaging or falsifying the results or numbers reported by business to create a false impression".

Disturbingly, corporate management and other employees perpetrate a high percentage of fraud. Sometimes third parties carry out the fraud and frequently there is collusion between employees and third parties.

The fastest growing category of fraud in the UK at present is Identity Fraud which alone is estimated to be costing the UK economy over £1.5 billion per annum. Identity fraud involves the use of an individual or company's identity information to open bank accounts, obtain payments or credit, fraudulently obtain social security benefits (in the case of individuals) or obtain goods and services.

A considerable number of identity fraud cases involve the fraudster stealing the identity of a deceased or living individual. Some cases involve fraudsters acting as imposters, pretending to be someone else and on occasions actually gaining senior management positions as a result of their convincing 'performance'.

But there are practical solutions that businesses can implement which can help both recognise and meet the threat of fraud. Fraud prevention is certainly more effective and cheaper than clearing up after a fraud has been uncovered. Having to bring in corporate investigators, following the discovery of a fraud, is a costly exercise. Tackling fraud in an effective, preventative manner will require an understanding of the risks and types of fraud, a corporate fraud awareness programme, and a well-resourced anti-fraud policy and strategy in order to develop an anti-fraud culture amongst employees as well as third parties and contractors.

Key to the success of anti-fraud measures is the endorsement and support of senior corporate management. Without such backing there will be no resources, budgets or policy to meet the threat of fraud. Corporate complacency is the fraudster's greatest ally.

Corporations should strive to keep the anti-fraud message simple but effective. Innovation in delivering the message is both desirable and necessary to maintain the momentum. The use of screen savers and messages on electronic bulletin boards are useful tools as are pre-printed warnings on mouse mats, conventional notice boards and office stationery. The anti-fraud message should be instilled through staff induction, review and assessment processes. Third parties and contractors should also be made aware that your business is aware of the issues. The message can be linked to best value and tendering processes.

One statistic which always and understandably unnerves corporate managers is that over 85% of corporate fraud is perpetrated by employees or former employees. The implications of this are clear, namely that too many people of questionable integrity are slipping through the screening nets of corporations, both large and small. Very often the recruitment of fraudsters is due to flawed screening and vetting processes or worse still, none at all! All too many companies still chose to either avoid implementing screening programmes or simply ignore the issue, with lack of budget most likely cited as the reason.

Wise corporate managers understand that moderate investment in pre-employment screening processes is actually highly cost effective. Anyone doubting this philosophy should take a look at the fall-out from recent high profile corporate fraud trials, on both sides of the Atlantic, to see the devastation that fraud can wreak on businesses. It makes sense therefore to invest in the screening process. So how is it done? The first thing to recognize is that there is no one single way of doing it. Different organisations have their own preferred methods and systems.

The 'Holistic Approach' is a tried and tested method based on a composite methodology which incorporates the use of public domain information as well as in-house processes. Since most recruitment begins with an application form, it is important to check that the applicant has filled in all the required information and that changes of name and address are questioned. Any lengthy gaps in employment history should be discreetly challenged, with the applicant's rights under the Data Protection laws being fully respected. Verifying identity is essential and written proof of status, including where appropriate, work permits must be produced (see Tightening the Net, page 11 Payroll World May issue for further details on checking for illegal workers).

The interview stage is critical as it presents an opportunity to verify and where appropriate to challenge the information provided on the applicant's written application form. It is always preferable for at least two persons to conduct the interview; one to write down the applicants answers to questions, while the other gets a feel for the applicant's integrity and character by observing their body language and certainty of response.

Getting solid references on the applicant are vital. Verbal ones should be confirmed in writing and academic and professional qualifications should be verified with the awarding body. Most universities and professional organisations will happily verify claims to degrees etc. Many organsiations can gain access to public domain data bases, where information relating to indebtedness, for example, can provide useful tools in assessing the applicant's integrity. It is prudent to advise applicants on the methods applied so that there is no infringement of their legal rights.

Many organsiations use Graphology testing as an essential screening tool. This involves a qualified Graphologist analysing the character of the applicant by reference to traits that are revealed in their handwriting. Whilst the writer has encountered sceptics of this particular methodology over the years, it has proven itself to be a useful tool in the screening armoury. While psychometric testing can also help identify character traits in applicants that can shed light on integrity issues in addition to the applicant's abilities. The final decision-making process involves a calm analysis of all the stages and considering them in parallel to any impression that the interviewers gained about the applicant.

Arriving at a decision on the desirability of implementing thorough screening methods shouldn't be too difficult. Apart from fraud, the conventional theft of corporate property, intellectual as well as physical, can in itself be potentially disastrous. The theft of laptop computers, so prevalent throughout the UK, is a case in point. Often managers' main concern on hearing about a theft of a laptop is the cost of its replacement, but often the loss of the intellectual property, i.e. the actual corporate information stored on the machine, can cost the business considerably more than the cost of replacing the physical asset. Reputational damage can be as damaging as financial loss.

The screening process is just one part of a broader security risk management strategy, but it is an integral and not necessarily expensive part of that strategy. Failure to implement it however can have fatal consequences and can prove to be extremely costly. The message is simple: Don't hesitate - review your screening & vetting programmes sooner rather than later.

Mike Bluestone is Principal Director of Integra Security Solutions Ltd, a City of London based security risk management consultancy. He is a member of the Fraud Advisory Panel and is an associate lecturer at the Center for Hazard & Risk Management, Loughborough University.