Return to the office – new opportunities for employee fraud?

Employers have had a challenging time responding to the challenges of the pandemic, from arranging staff to work from home, to processing furlough paperwork. A survey carried out this week by Cifas found the majority of fraud prevention professionals believed that the management of remote and hybrid workers is the second greatest fraud challenge to their organisation over the next 18 months, only behind the social engineering of customers. With this week’s ‘re-opening’ of the country, and the end of official advice for staff to work from home, employers could be impacted by dishonest employees faking COVID-19 tests and vaccinations.  

Vaccinations have been a major topic of debate since the first COVID-19 vaccine was approved for use in December 2020, with discussions regarding whether employers should be able to oblige staff to be vaccinated to work. For example, Pimlico Plumbers announced they were re-writing employee contracts requiring them to have received a vaccination; the UK Government has declared its intention to have all care home staff vaccinated; and JP Morgan have told all staff wanting to work in their New York office they must also have been vaccinated.  

In the UK, laws mean employers are restricted in the information they can gather on their employees’ medical and vaccine status. Internal policies also need to be flexible enough to cater for those who may not have received a vaccination, such as for medical reasons, and any policy introduced must be careful to avoid discrimination. However, in order for a companies’ COVID-19 risk assessment to be implemented correctly, they do require staff to be honest with them.  

Yet there may be future instances where an employer has a legitimate policy requiring a vaccination to complete certain tasks, such as entering the office in-person or providing care to vulnerable individuals. In these instances, there may be a risk that non-vaccinated employees could present fraudulently obtained documents to work and get paid. In May 2021, it was reported there were over 1,200 companies worldwide offering fake COVID-19 vaccination and test certificates, and this is likely to rise as more emphasis is placed on the importance of these vaccines in the future.  

Linked to this is also the threat of employees faking positive COVID-19 tests to obtain time off work. This danger follows reports of school children using orange juice to obtain a positive test result. Faking these results to obtain leave from work could be considered fraudulent conduct and employers may choose to terminate employment if this were found to be the case and company policy would allow them to do so.  

In response to this new threat to employers, Cifas is updating the Internal Fraud Database (IFD) to allow organisations who dismiss staff for providing falsified information, which may in future include false COVID-19 vaccination certificates or test results, to file them for fraudulent conduct.  

The IFD is used by Cifas members to share information that specifically relates to individuals who commit dishonest actions against or within an organisation. If an individual is found to partake in this type of activity, a filing to the IFD suggests a propensity for dishonesty, which other organisations may wish to be aware of when considering hiring the individual.  

As revealed in this year’s Fraudscape report, there have been noticeable filings to the IFD during the pandemic. This includes theft from the employer and customer, as well as a rise in the number of individuals recorded for disclosing personal information to third parties. In some cases, employees have been found advertising knowledge of internal processes and systems in return for payment.  

The IFD is the only database in the UK that records instances of dishonest conduct by job applicants and employees, helping employers and recruiters identify potential threats to their organisation. For more information on how Cifas can help protect your organisation from the insider threat, visit our website.