Cifas Employee Fraudscape report: know your employees and understand your weaknesses
Cases of fraud committed inside an organisation (by the people an organisation should be able to trust most – its employees) rose by 18% in 2013 compared with 2012. This is the first of many findings presented in the latest report from Cifas – the UK's Fraud Prevention Service. Employee Fraudscape analyses the confirmed cases of fraud committed by insiders during 2013, and examines the various trends that emerge. These demonstrate the positive counter fraud work that has taken place and highlight some lessons that are yet to be learned.
The dangers within
The 18% increase in insider fraud was driven by numerous factors, most notably:
- A 71% increase in unsuccessful fraudulent attempts to obtain employment. These are instances where applications contained serious fraudulent declarations or omissions that would affect the decision to offer employment (e.g. applicants fraudulently declaring that they held the professional qualifications specified for the role, failure to declare previous criminal convictions, etc). The fact that these frauds were detected before an offer of employment could be made shows that organisations are taking smarter precautionary steps in their recruitment. They have realised the need to vet and verify applications as carefully as they would consumer applications for products and services.
- Frauds by well-established employees. The average length of service for those who committed fraud while in position averaged out at 6.5 years before the fraud was discovered. This demonstrates that frauds are committed as much by those who - previously - were considered to be trusted members of staff. Such a statistic challenges organisations to find better ways of understanding their staff and to provide support in order to counteract any motivating factors that led to the fraud.
- The theft of data. While this remained a less common fraud (8% of all records), levels increased slightly from 2012. These frauds have potentially the most far-reaching and damaging consequences. Not only does this lead to more data in criminal hands (who can then make use of it for their own fraudulent purposes such as emptying a customer’s account of money), but this also challenges the very way that organisations conduct business. Tighter restriction of access to data and closer control of systems that can enable it to be transferred must become a higher priority.
- Dishonest actions (such as theft of cash or submitting false expenses). These accounted for 40% of all internal frauds recorded. This is further proof that organisations need to reassess constantly their controls and procedures in order to remove the opportunity for such frauds to occur, as well as to create a fairer, more transparent culture to counteract the motivations, which can range from pure greed to financial desperation and from need through to personal factors such as grudges.
Fighting fraud: inside and outside must be viewed equally
Cifas Communications Manager, Richard Hurley, comments: “While insider fraud may not be as prevalent as many other frauds (such as identity fraud), its effects are just as detrimental. Fraud inside an organisation affects customers, the employer and colleagues and is many times more damaging than the sum initially lost to the fraud or stolen. This report shines a light not only on the frauds that took place but also the likely causes and motivations. As a result, it challenges organisations to see cases of internal fraud not as something to be swept under a carpet but an issue that requires them to take ownership: from improving procedures to examining their culture to counter anything that might provide impetus to those who are susceptible.”
Simon Dukes, Cifas Chief Executive, concludes: “Traditionally, organisations have been tempted to treat fraud committed by insiders as a separate risk from fraud committed by outsiders. The findings in this report prove that both types must be treated with equal seriousness: not only are the risks endemic, but organisations can no longer shy away from their responsibilities. Data sharing is one way of helping to prevent insider fraud from thriving and it can also help to reveal systemic weaknesses that need to be addressed. It is only by doing so that an organisation will be able to maintain a healthy, honest, culture of integrity and zero-tolerance towards fraud and corruption on the inside, thus helping to strengthen its reputation and resilience to fraud on the outside.”
Notes to Editors:
- Cifas is the UK's Fraud Prevention Service with over 300 Member organisations spread across banking, credit cards, asset finance, retail credit, mail order, insurance, investment management, telecommunications, factoring and share dealing and the public sector. Members share information on identified frauds in the fight to prevent further fraud. Cifas is unique and was the first data sharing scheme of its type in the world. Other schemes modelled on Cifas have been set up in Southern Africa and Germany.
- Cifas launched its Internal Fraud Database in 2006, which currently has over 260 organisations sharing information on frauds that have been perpetrated against participating organisations. These organisations are drawn from the UK financial services industry, telecommunications, insurance, recruitment and other business sectors. The launch of the Database was carried out in consultation with: the Information Commissioner’s Office, the Financial Services Authority (now Financial Conduct Authority); the Confederation of British Industry; the Trades Union Congress and Chartered Institute for Personnel and Development.