Calls for fraud prevention training as insider threat increases

Large UK businesses must carry out specialist fraud prevention training throughout the entire employee lifecycle, if they are to protect themselves against the increasing risk of insider fraud. That is the central message to employers following the latest research by leading fraud prevention service, Cifas. We’ll speak to a fraud investigation expert about spotting the signs of this type of crime.

This is research from Cifas-commissioned research which revealed that 6% of organisations with over 1,000 employees only held insider threat prevention training while onboarding recruits. Worryingly, 2% admitted to having never conducted any training of this type. Cifas is advising employers to be alert to the dangers of employees becoming an insider threat. 

The HR Director reports on this and quotes Tracey Carpenter, Insider Threat Manager at Cifas. She says: ‘We’re seeing more cases than ever filed to our Insider Threat Database in relation to dishonest conduct by employees. While there are myriad reasons behind staff becoming an insider threat, the cost-of-living crisis has further exacerbated the need for people to supplement their wages or repay debts, which can create temptation. For others, being disgruntled at work has been enough to ‘justify’ or rationalise dishonest conduct in their minds.’ She goes on: ‘Our research further underlines how important it is for organisations to hold specialist, preventative training consistently. When they do, they’re equipping their workforces to effectively identify and report incidents of dishonest conduct by staff.’ Rachael Tiffen, Cifas’ Director of Learning, adds “An untrained workforce can often become a business’s weakest link. Building a colleague’s knowledge throughout their entire employee lifecycle – regardless of their job title, tenure, or industry experience – can prove to be vital when keeping organisations, and their people, safe from nefarious threats.”

So how do you spot this type of crime? Andrew Herring is one of the lawyers in our litigation team specialising in complex litigation and fraud-related investigations and earlier he joined me by phone from the Birmingham office to discuss that point. I started by asking Andrew about the warning signs, the red flags that HR should be alive to?

Andrew Herring: “The first one from our perspective is people that are working excessive hours, or who don't take the right levels of annual leave that you might expect. There have been some very high-profile cases over the years, where people have been committing fraud and they don't leave work because they need to be in control of the situation in order to ensure that they're not found out, and that things carry on in the way that they would like them to, and they don't get caught. So, it's always worth just making sure you know if people are working excessive hours, or working odd times of the day, and from a pastoral perspective, you're checking that everything's okay with them but then, also, that it's not a red flag of other things going on. For example, on the holiday point, in some regulated sectors businesses will ensure that people take a mandatory two-week holiday during the course of the year just so that if audits do need to be undertaken about what work has been undertaken, those can be carried out safely. Then there will be other things that that might be warning signs, for example, people using unnecessarily complicated working practices. If something can be done simply and openly and transparently it's very likely to be a quite a rigorous process whereas if people are making it overly complicated, then that just creates potential situations that can be exploited, and we see that quite often in the finance teams within businesses. You know, the invoicing procedures, the authorization procedures, if it's too complicated it gives people the opportunity to commit fraud. I think also, and this is difficult one because there is this huge emphasis on data protection and protecting confidential, commercially sensitive information within organisations but, again, if people are taking steps to keep what they're doing secret in a way, which is not appropriate within the business, that might be a marker that they're doing something wrong that they're trying to hide from their fellow employees or management so that's something to keep an eye on. Obviously, people living beyond their means is usually a big marker. I have dealt with multimillion pound frauds where the thing which has caught the suspicion of the board has been the flash car in the car parked outside the office when everyone else is driving very modest vehicles. So, anything that suggests that - the holidays or anything out of the ordinary like driving flash cars, overly expensive jewellery, that sort of thing. There might be absolutely perfectly justifiable reasons for that, but if it doesn't add up then it's worth just then thinking well, do we need to take a closer look at this individual? Then in terms of when you're thinking about well, is someone, you know, maybe doing wrong doing, we all have very stressful jobs but,  actually, a change in someone's personality can sometimes be a marker for people that are doing something wrong because, quite often, the stress of trying to have multiple lives at the same time can actually cause people to behave differently in the workplace and again, from a pastoral perspective, that's something that needs to be looked at and to check that people are okay, from mental wellbeing perspective, etcetera, but it might be the red flag. Then the classic in that area where we have dealt with cases in the past is where employees have a gambling habit and, actually, they start turning to defrauding their employer in order to generate the money they need to maintain their losses on a gambling account and, unfortunately, that is something we've come across a number of times and people's personalities and their behaviours have changed because they're trying to juggle their financial affairs outside of work.”

The results of that survey by Cifas were published on 26 March and include a list of useful steps they recommend businesses take to minimise the risk of insider fraud. We have put a link to that in the transcript of this programme for you.

LINKS
- Link to Cifas report on fraud