Fraud… Nothing To See Here!
An exclusive and thought-provoking roundtable discussion hosted by Tenet Law and Newid Consulting – challenging the norm of why the risk and impact of fraud isn’t talked about more among RPs in the social housing sector, and what needs to be done to prevent it.
Summary
What comes to mind when you consider fraud in social housing? At our recent roundtable, many of you shared a common concern from the start: fraud isn’t talked about or understood sufficiently for risk registers or wider cultural impact and, if we do nothing, it could be the next sleeping giant that catches us out.
On the other hand, much of the sector remains either unconscious to the risk or consciously not dealing with it as ‘it’s not something that affects us’. And when RPs submit nil report after nil report with little to no feedback from the regulator, a false perception of immunity becomes somewhat inevitable. Is there really ‘nothing to see here’, or are growing risks hiding in plain sight?
The issue has given Tenet Law’s Arun Chauhan and Newid Consulting’s Paul Roberts the itch for some time. We all understand the threat of cybercrime, and we’re familiar with other visible risk areas like payroll, accounts payable and procurement – what about fraud elsewhere in our organisations? We must magnify the situation on the ground and unpack the lesser-known facets of fraud. Only then can we begin to consider the impact, devise preventative measures, and pursue the benefits of a proactive approach against it.
Why social housing?
The social housing sector has many has many risks to consider, representing an ecosystem that makes an organisation exposed to a variety of frauds. We recognise the pressure that the Regulator of Social Housing (RSH) is currently under, and fear that amidst this vulnerability, fraud – including against tenants – could be the next area to cause the sector reputational harm.
Generally speaking, the average organisation loses 3-10% of total revenue to fraud each year. Is this simply the cost of doing business for RPs, or are we turning a blind eye to fraudulent activity that slips under the radar? We believe more communication, stronger thought leadership, and meaningful education is needed – forming an ultimate outcome of co-regulation and cultural ownership that proactively catches up to this ever-evolving danger.
We took a positive step towards this on 8th September 2023 with an enlightening roundtable discussion, where Board and Audit & Risk Committee members came together to share their thoughts. Here’s a summary of what we covered.
Fraud types
What does fraud look like in social housing? It seems that attention is often tunnelled on the most talked-about areas, like cyber and procurement. Beneath the surface, however, fraud takes various forms and can often manifest with the most unlikely sources. For example, this becomes clearer when we consider the reasons why an employee might commit fraud.
The traditional fraud triangle tells us that pressure on an individual can often lead to an act of fraud. The employee rationalises their choice and takes an opportunity that might present itself in the workplace. Their situational circumstances mean that stories of employee fraud are often surprising, with the realisation that good people can do bad things…
Fraud is not so clear-cut; it is about interpretation. We must steer our people to understand these dynamics and why there are various risks not only to an RP, but also to its people. One area not talked about enough here is culture. Perhaps a lack of anti-fraud communication, along with an undesirable workplace culture, makes fraud all the more likely in a given organisation – where people are motivated to do the ‘right thing’ for themselves, rather than the actual ‘right thing’.
This provided much food for thought around the table, leading us to discuss ‘red flags’ and other problem areas where fraud could take place or slip under the radar, including:
- Paying rent arrears with cash in carrier bags
- Stolen equipment, from stationery to planned maintenance stock
- On-the-side contractor work
- Airbnb/Zoopla tenancy fraud
- Long-standing employees with multiple supplier links
- Money laundering through RTB or RTA schemes
A feeling arose that limited feedback from the regulator on nil reports may downplay the volume of fraudulent activity in these situations , prompting an ambition around the table to change corporate behaviour rather than coasting along to procedure .
Impact
Next, we explored fraud’s impact and the feeling of immunity among RPs. Those at the table were encouraged to share their own experiences of the knock-on effects that fraud can have on organisations and beyond. It became clear that there is a wider impact to take seriously, yet the general mood across the sector seems far too passive.
Staff impact came up first, with the depiction of a case where a trusted employee was found guilty of fraud. Unsurprisingly, colleagues and friends of the individual were ‘rocked’ by the revelation, unable to believe how that person was capable of such an act. Concerns were also raised around the impact of promoting staff without adequate risk training in line with their additional responsibilities which could see them enter a wider realm of fraud ‘opportunity’.
How many instances of fraud are not being reported as fraud? Why aren’t we focusing more on ‘near misses’ to get ahead of the game, just like we do to improve our H&S performance? If the regulator won’t expand on nil reports, what steps can we take to firstly convince, and secondly educate, smaller housing associations of the growing threat? There seems to be an unfair, unfounded expectation that the responsibility starts and ends with the risk manager. Greater due diligence and education is needed, along with a wider culture of ownership across organisations that appreciates the need for a more proactive stance.
Prevention
Detailed discussions into the RP fraud landscape whetted our appetite for what was an insightful group brainstorm around preventative measures. Not enough is being done, but what does good look like?
One of the key answers will be your people, who are your human firewalls using their human controls: your people can be the eyes and ears of your organisation, and that often goes underappreciated. Yet many businesses and employees alike are under-resourced, over-reliant on internal audits, or uncomfortable with whistleblowing and promoting constructive curiosity.
Many people don’t understand what to report or why they should, feeling that it is a system for ‘telling on’ others rather than a means to collectively prevent and protect. So, how do we take the pressure and intimidation away, and promote the right environment? With the language we use and the perception we create.
It starts with a positive culture buoyed by employees understanding why they are being educated about fraud: to help protect themselves, their families, and their employer. This helps foster an environment where employees feel more inclined to speak up when a situation arises. Suggestions were made around the table about renaming whistleblowing as a ‘speaking up’ policy. More education on how a whistleblowing policy really works from the outset could also be given to dispel stigma and reposition whistleblowing as an opportunity, not a negative. Other thoughts on prevention included:
- Awareness – more signposting to events, insights and resources
- Digital learning – overcoming the challenge of mass face-to-face training
- Education – individual case studies and quizzes can help drive new values
- Feedback – having employees say how they see fraud risk in their specific roles
- Risk register – more investment needed
- Best practice – a basis to work from followed by up-to-date thought leadership
- Mystery shopper – bring someone in to test controls as we do with cyber testing
- Technology – work with AI, technology and the digital community, not against it
Building a momentum of awareness, of the education of new staff and the re-education of current staff, will be key. It will help to shake off the malaise around fraud – particularly in crucial business areas such as finance, supply chain, development, and housing management, as well as human resources and the internal comms team who will ultimately be relied on to deliver the messaging and make it stick.
Wider issues for ARC
A focus on the wider issues for the Audit & Risk Committee followed. Many felt a lack of emphasis from the regulator when it comes to fraud prevention, with zero insights from nil reports, and no wider guidance beyond basic procedure and a short reference to fraud in the regulator’s annual Risk Sector Profile – where it is only included briefly and at a high level within sections 5.15 to 5.17.
A scenario where we could inform the regulator was floated, as was the potential of working with the regulator in co-regulation. It was said that a firmer, less passive approach from the sector would be needed. But, in return, social housing organisations all need to feel like reports are being read and taken seriously. This would enable them to learn from each other and continue to develop preventative skills – fostering a unified approach in the sector.
Data is key here, and severely lacking at present. To be proactive, we need data extraction and analysis to become a formal prerequisite of fraud prevention – even if it’s anonymous. While a freedom of information request on the RSH may be too confrontational, perhaps building greater sector-wide awareness first would prompt the regulator into a cooperative approach.
Benefits
The final talking point looked at what our motivations should be for better fraud prevention, as well as what the sector can gain. After all, prevention opens up a plethora of opportunities beyond the net savings being missed by accepting fraud as the cost of doing business.
Fraud prevention has the power to protect social housing and keep staff and customers safe – in and outside of work. Education around the issue can genuinely benefit people’s lives, creating a strong social value element from a proactive approach. What’s more, staff are likely to feel more connected to a business that takes steps to protect them – giving something real, positive and impactful to talk about in relation to ESG, encompassed by the sector’s Sustainability Reporting Standard.
This moral aspect should be a strong driver for sector organisations and the regulator, and it could help form the basis of future co-regulation.
So, what’s next?
We’d like to extend a sincere thank you for attending and contributing to our roundtable event at 20 Stories. Your passionate and forward-thinking approach to the conversation was extremely valuable to us and, we hope, to each of you too.
A common desire to improve fraud prevention was palpable throughout the session and has further invigorated our ambition to bring continuity to this conversation towards better regulation and more proactive approaches. We’ve collated a set of potential best practices to act as a starting point for improvement – informed by pre-event ideation and post-event insights taken from our discussion:
Invest in awareness
- Stories are the best form of education – bringing to life the shades of grey where fraud can appear is vital for engaging employees on the subject.
- For more senior members of your team, this approach ought to be backed up with data and software, as this will be key to identifying, protecting against, and preventing fraud on an ongoing basis.
- Seek to embrace technology and harness digital capabilities across the fraud spectrum.
- Embed an awareness of different fraud types and how these can manifest within employees’ day-to-day lives.
- Link other areas, like safeguarding and anti-loan shark procedures, together with fraud to demonstrate how they relate and make them stick.
- Reposition fraud prevention in people’s minds as a genuine social value benefit, and something to be gained both inside and outside of the workplace.
- Be proactive in the improvement of lives and experiences, leading to a better anti-fraud culture as a result.
Educate your people
- Implement a robust but engaging staff training policy that is regularly refreshed in line with the changing fraud landscape – particularly around when a member of staff is promoted or moved to a different role.
- Incorporate digital learning to save the costs and resources associated with mass face-to-face training.
- Lead with the positive language of keeping customers, staff and clients safe – particularly in the context of making employees feel comfortable with the idea of whistleblowing, e.g. renaming it as a ‘speaking up policy’.
- Do not exclude your tenants or suppliers from the learning journey – engage with them to educate about fraud as they too can be your eyes and ears. Talking about fraud is a deterrent, which is important to remember.
Refine your approach
- Information sharing is too hard when you tackle the whole spectrum. Focus on digestible or palatable areas first to give people something they can get behind.
- Explore the potential of how mystery shopping/fraud testing could work as a means to understand how vulnerable – or well protected – your organisation is and identify areas for improvement.
- Support RPs to collaborate more effectively using common support organisations such as TFF and FAP, as well as getting involved with National Charity Fraud Awareness week in November.
- Consider sharing trend analysis from fraud reporting with others in the sector.
A clip from the thought-provoking round table discussion held in Manchester on 7th September 2023.
Fraud.. Nothing To see Here from Tenet Law on Vimeo.
The session was enlightening, and we are deeply grateful for the feedback and active engagement from all of our attendees. The full insights from this article are detailed in the white paper and can be downloaded here.
A common desire to improve fraud prevention was palpable throughout the session and has further invigorated our ambition to bring continuity to this conversation, towards better regulation and more proactive approaches.
If you have any questions or feedback please reach out to Arun Chauhan our Housing Association sector specialist.
Authors Arun Chauhan