Insider Fraud on the Rise
Insider fraud is on the rise, but the good news is that the problem can be addressed with concrete steps by risk specialists.
The latest “2015/2016 Annual Global Fraud” survey commissioned by Kroll and carried out by the Economist Intelligence Unit, polled 768 senior executives worldwide across a broad range of industries from January through March of 2015.
Not only did three-quarters of respondents say their companies experienced fraud in the last year, but 81 percent of those companies said the scheme in question was perpetrated by an insider. That’s up from 72 percent in the previous year’s survey.
“Of those companies that experienced fraud where the perpetrator was known, four in five suffered at the hands of at least one insider.” — Kroll 2015/2016 Annual Global Fraud
Also, sixty-nine percent of those surveyed worldwide said the fraud they suffered resulted in a financial loss, up from 64 percent in the previous survey.
“The greater long-term threat to a company [today] is internal, specifically from corrupt employees who have access to private data, such as trade secrets, customer lists, proprietary software and the like, and the authority to spend money through the purchase of goods and services,” said Daniel Karson, Kroll’s chairman.
The survey clearly states that the biggest fraud threat to companies is the result of insider fraud.
“Of those companies that experienced fraud where the perpetrator was known, four in five suffered at the hands of at least once insider,” the survey revealed.
More than 36 percent of victims experienced fraud at the hands of their own senior or middle management; 45 percent by a junior employee; and 23 percent by the conduct of an agent or intermediary, the report stated.
So, what can risk managers do to mitigate the exposures Karson described?
Kroll’s report found that the most effective methods of preventing fraud were whistleblowers (representing 41 percent of uncovered frauds), external audits (31 percent), and internal audits (25 percent).
Karson said risk specialists should audit the cost they’re charged for goods and services so they know they’re paying market price and not being overcharged.
“That goes to [potential risk] of simply overpaying for goods and services as well as kickbacks paid to employees buying goods and services,” he said.
Beyond this, Karson recommended several other steps risk specialists should take on behalf of their organizations.
An employee code of conduct that’s enforced and reinforced through continued training is critical, he said. Also critical is a code of conduct developed for and agreed to by vendors.
“Can a company detect a kickback or bribe if it is paying 5 percent to 10 percent more for office supplies, or selling its goods to a foreign government? In most cases, it can’t without solid evidence. Its best defense is to deploy integrity tools that will have the same impact as a firewall.
“This is comprised of a comprehensive employee code of conduct, a vendor code of conduct, pre-employment background investigations, vendor screening, ethics training, whistleblower policies, a hotline, and the periodic audit of both purchase prices and tests to confirm that its vendors are bona fide companies,” Karson said.
“Together these are the tools that will reduce a business’s risk of internal fraud.
“Fraud thrives in an environment where rules are not in place, or where there is a perception that rules won’t be enforced, that audits are perfunctory, and that misconduct won’t be punished,” Karson said.
Gregory Bangs, chief underwriting officer of global crime at XL Catlin, agreed, pointing out that the U.S. and U.K. have been relatively successful in combatting the upswing toward insider crime.
“Unfortunately, employee fraud and third-party crime are on the increase around the world, so although we can point to the U.S. and the U.K. as the countries that have had the most success in limiting this increase, no country has been able to halt or reverse this trend,” he said.
“The most effective measure that companies can employ to aid in the fight against fraud is the implementation of an employee and third-party ‘hotline’ for reporting suspected employee theft,” said Bangs.
“Its efficacy is due to the anonymous nature of the reports, as individuals are far more willing to report suspicious activity if there are no potential negative repercussions for doing so.
“Another useful tool is the adoption of a ‘master vendor file’ that lists pre-approved vendors that employees are authorized to transact business with, which can help to limit the largest area of employee crime — vendor fraud,” Bangs said.
(Bangs writes about fighting vendor fraud here.)
“In one form or another, the specter of fraud arises in virtually every business relationship,” Karson added. “What our report drives home is that fraud is often an `inside job’ and that companies must address both internal and external relationships if they are to most effectively protect their money, property and private data.”
While Bangs agreed with the Kroll survey’s finding that approximately 80 percent of fraud against companies is committed by employees, he said risk specialists must also be on guard against the rising tide of computer crime involving third-party hackers.