March is Fraud Prevention Month, an annual public awareness campaign aimed at helping educate the public, and providing the tools and resources businesses need to defend themselves against fraud.
As a payments technology company, one of our focuses has to be fraud prevention so that our business clients can operate with peace of mind. This is why I sat down with our Director, Fraud Strategy & Operations, Nadir Samji, to learn more about how fraud is committed and how businesses can better protect themselves.
1) There are multiple kinds of fraud, but many don’t know a lot about occupational fraud. What is occupational fraud, and why is it so important for businesses to better protect themselves?
Nadir: Occupational fraud is sometimes referred to as workplace fraud or internal fraud, but refers to fraud committed by employees or executives, against the company. There are 3 general categories of occupational fraud.
- Corruption: This may be the most well known type of occupational fraud. Examples include bribery, kickbacks, and extortion. However, corruption is not the most common form of occupational fraud, nor is it the most costly (on average) to businesses.
- Asset misappropriation: By far the most common form of occupational fraud, examples of asset misappropriation include, skimming, fraudulent disbursements, and larceny (false sales/shipping, theft of office equipment, etc.).
- Financial statement fraud: This may be the least common source of occupational fraud, but it is certainly the most costly for businesses. Examples include improper disclosures, fictitious revenues, and improper asset valuations.
Businesses are often focused on external threats, and combat these by implementing firewalls, alarm systems and encrypted access to systems. However, occupational fraud is more common and causes more financial loss to businesses than fraud committed by third parties. Businesses need to implement better controls and protective measures in the fight against occupational fraud.
2) Businesses of all shapes and sizes are vulnerable to occupational fraud. How are small businesses affected differently?
Nadir: It’s important to point out that regardless of business size or industry, all businesses have some level of vulnerability to fraud, whether strategically planned, or opportunistic in nature. Having said that, small businesses do seem to be in a higher risk category for a number of reasons.
Small businesses typically have fewer resources to contribute to anti-fraud controls than larger businesses. Not only that, smaller businesses are typically more trusting of their employees and therefore may not feel the need to expend additional resources for these controls.
According to the ACFE 2018 Report to the Nations, small businesses lose almost twice as much per scheme to occupational fraud than large businesses! In addition, fraud caused by a lack of controls is nearly 70% more likely to occur in small businesses than large businesses.
Also, one fact that I found surprising, fraud is nearly twice as likely to be perpetrated by the owner or an executive in a small business (less than 100 employees) than a large business.
3) What types of controls can businesses put in place to protect themselves and their consumers from these issues?
Nadir: While there are many controls that businesses can institute, I’ll highlight a couple of these here:
- Code of conduct: Having a corporate wide code of conduct that explicitly states the ethical behaviour all staff should exhibit has a surprisingly high impact. In a survey of companies done by the ACFE, there was a 56% reduction in median fraud losses when a code of conduct was in place.
- A fraud risk assessment program: This is an extremely beneficial tool for businesses to understand their risk universe, the likelihood of a risk event occurring, and the measures or controls that are in place mitigate them. While these programs can be quite complex, I would suggest that businesses start with a simple approach that can scale.
Start by identifying clear ownership and accountability of certain functions. For example, identify who is responsible for managing your accounts receivable. Then ask yourself about what controls need to be in place to protect your business. Let’s go back to this example of accounts receivable:
- How does this individual ensure that deliveries are received for invoices paid?
- How are receivables inspected for completeness and quality?
- Do department managers sign off on expenses before they are incurred?
- Are there dollar thresholds that would require a higher level of approval?
These are very simple controls that would form a small part of the Accounts Receivable controls section of your Fraud Risk Assessment tool.
- Finally, it is important to have a systemized process for handling cases of occupational fraud. Investigation protocols must be reviewed and approved by senior management and may include privacy, confidentiality, time-sensitivity, legal-privileges, methods to secure evidence (e.g., chain of custody), and most importantly the clear goal or limits of the investigation.
(Source: Managing the Business Risk of Fraud: A Practical Guide)
4) How does nanopay’s business-to-business payment product, Connect, protect from occupational fraud?
If we continue our example of accounts receive and payable, Connect provides a number of important proactive and reactive tools for businesses.
The best approach to reduce losses and control occupational fraud, is to proactively suppress the fraud from happening. Having the right tools and processes in place, will limit the business’ exposure to potential losses. Here are a few tools nanopay’s Connect offers to prevent occupational fraud:
- Delegating access to specific individuals with specific transaction limits. These controls will limit the risk exposure for each transaction and each employee.
- Approval process requiring a second individual to approve a transaction or batch of transactions before processing. Dual-authority is a common tool used by businesses of all sizes to minimize risk from individual employees.
- Custom permissions to prevent certain user roles from adding new payees or adding bank accounts. Certain actions are higher risk and create an opportunity for occupational fraud. By limiting those actions to certain functions, businesses can reduce their exposure.
In rare cases, even with all the right tools in the place, there are still instances of occupational fraud. In these instances, it is just as important to have tools in place which can identify issues and determine responsibility. Here are a few tools nanopay’s Connect offers to identify occupational fraud:
- A clear audit report of all transaction and account activity. Every transaction and action within Connect is tracked, with the highest level of searchability. Customized reporting and an immutable transaction ledger allows businesses to easily identify financial discrepancies.
- Individual logins with top-of-the-line password encryption. Every action is logged and tracked back to an individual employee. Any suspicious activity is tracked and recorded for easy investigation.
5) Any final tips or wisdom to share with businesses looking to protect their organization from the threat of occupational fraud?
It’s important to take a measured and strategic approach to enhance controls in your organization. Moving too fast will risk alienating your employees and give a perception of distrust. My advice would be to start with employee education and fraud training, first for managers and then for employees. Setting the tone at the top and creating an anti-fraud policy shows that management is serious about protecting the organization and thereby protecting their employees.
Another very important thing is to know your employees – Are employees living beyond their means? Do they have unusually close relationships with specific vendors or suppliers? Is there an undue feeling of excessive pressure by management to reach targets without adequate support? These are just some of the behavioural red flags that could indicate a greater concern.