It is important to find a balance between financial crime compliance and ensuring the trust of all employees, stakeholders, partners and customers. Managing the risks of fraud will never be a ‘one size’ fits all approach – each affordable housing provider is different, as are your employees and their approach to reaching their goals.
Managing the risks
A common model adopted by businesses in dealing with fraud risk is to identify the types of fraud threats that could impact on their organisation and build policies to prevent these. From this, a risk register is created and reported on annually or bi-annually to senior management or the Board to show how many of these risk events have occurred and how they have been dealt with.
This approach only goes so far in managing the risk of fraud. It is not specific to the organisation and it rarely reflects how the business actually operates.
A bespoke approach
Of course, the aim of fraud risk management is to prevent fraud but how often do we ask why? Why do you want to prevent fraud? For some, it is to reduce the impact of financial crime on society. For others it is to prevent financial loss with focus on protection of the business, seeking to avoid fines or sanction from a regulator.
The reason for wanting to prevent fraud is unique for each person, business and organisation. The nature of the question determines the process of developing bespoke risk management.
This process leads to fit-for-purpose fraud prevention procedure.
Risk management – the process
- Ask yourself, why do you want to prevent fraud? What specific damage could fraud do to your business?
- The key is knowing which assets, if impacted by fraud, would cause the most damage to the business.
- Build a risk management programme based around the matrix of the largest impact, measured against the risk of that impact happening.
- Understand the types of fraud risk that may be in play (employee breach of confidence, collusion with a contractor, cybercrime, etc).
- From then, your risk management procedures and policies will be fit-for-purpose, recognising the working practices of your business on the ‘shop-floor’.
Risk management – tips and tricks
- Whistleblowing is key to help detect fraud. Make your whistleblowing policies clear on your organisation’s external website, allowing third parties to make reports without risk. This also acts as a deterrent, showing that your business is awake to dealing with fraud issues.
- Avoid ‘headless chicken’ moments – know how you will respond to fraud before it happens. Who should take ownership of an investigation team? Who should be in that team and why? What is your approach to each type of fraud?
- Your investigation team should be led by someone within your organisation – you know your organisation best. This shows that you are taking ownership of the situation.
- Your insurance policies, such as fidelity policies will have a number of condition precedents which can act as a great tip to your organisation for best practice.
How can you detect fraud?
It is important that all people within your organisation are educated to spot the signs of fraud.
As with red flags for any type of risk, one red flag alone does not necessarily indicate fraud but a combination will often warrant further investigation.
The tell-tale signs of fraud
People:
- Low staff morale
- Untaken holidays
- Unexplained lifestyle changes
- External pressures on an individual such as debt, education fees or addiction problems.
Transactions:
- A supplier’s turnover having an overly high percentage of revenue from your organisation
- A change of control of ownership of a contractor
- Excessive payments
- Duplication of payments
- Common names or addresses of payees or customers.
Processes:
- A lack of delegation by senior team members
- Overly complex systems
- Verbal not written explanations of financial irregularities
- Lack of segregation of duties
- Unexplained departure from policies and procedures.
How do you deal with employee fraud?
Case study one: a housing officer – looking after tenants in extra care housing – had been an employee of the business for four years.
- Detected by: an employee blew the whistle after spotting a rent refund – requested by this employee for the next of kin of a tenant – used a name that had been used on several other occasions.
- Investigation: discovered a number of tenants’ next of kin were identical names paid by cheque, non-party disclosure obtained from bank recipients of the cheques.
- Actions taken: housing officer consequentially dismissed, improved checks and controls of tenant’s alleged instructions, introduced segregation of duties.
Case study two: employee in property sales responsible for the diversion of monies.
- Detected by: evidence of diverted monies.
- Investigation: application for non-party disclosure against a national retail bank to discover the recipient of diverted sums.
- Actions taken: legal action taken against perpetrator (suspected employee) and recipient to recover the diverted sums successfully.
Case study three: one long-standing employee working in property maintenance committing two completely separate frauds.
- Detected by: accident or mistake – retailer tipped off regards the frequent collection of goods by employee’s son.
- Investigation: employee had been abusing corporate credit account, authorising expenditure in total in excess of £100,000. Also allowed a contractor to overcharge in breach of a framework agreement to win work which may not have otherwise been awarded.
- Actions taken: employee dismissed.
Case study four: tenant liaison officer abusing position of trust
- Detected by: advice was provided to the housing association following the discovery that the tenant liaison officer was named as the sole beneficiary of the estate of a tenant.
- Investigation: the tenant liaison officer was found to have abused her position of power by gaining the trust of the tenant and persuading the tenant to alter their will to the tenant liaison officer’s benefit.
- Actions taken: improvements to governance and training in relation to tenant liaison officers.
If you only take away one thing from this article
To remedy the risks of fraud: –
- Understand – identify and assess your specific risk profile and appetite.
- Prevent – implement training to minimise opportunities for fraud by introducing appropriate policies and controls that allow for your employees to be your eyes and ears in their day to day roles.
- Detect – understand and be alert to the warning signs of fraud.
- Respond – make sure you are prepared to deal with any frauds instantly to avoid losses worsening in the time between discovery and reaction.
- Review – regularly review systems, processes and controls – particularly after business changes. Take remedial action to tighten controls after any frauds have been identified.
Fraud detection goes beyond looking for the red flags, however. It is a process of learning through the sharing of best practice. Something as simple as regular team training sessions can encourage employee concerns or ideas on how to better manage the risk of fraud.
The key to successful risk management is to ensure that it has a role for every person in your organisation, allowing you to place trust in your whole team, stakeholders, partners and customers.
By Arun Chauhan, founder of Tenet Compliance & Litigation (www.tenetlaw.co.uk) and a trustee director of the Fraud Advisory Panel. Arun is the sole legal guest editor to the National Housing Federation’s 2017 book “Countering Fraud – A guide for housing associations” and a regular speaker in sector-related events.