Today, both public and private companies of all sizes are concerned with cybercrime, all types of fraud (customer, third party, internal), changes in the economy and external physical threats. These types of concerns often require both executive and board level attention. Cybercrime, over the last several years, has commanded the spotlight in sensational headlines pointing to millions of people having their personal data exposed. These large breaches demand more and more attention from company executives, government entities and third party vendors. In contrast to the headlines, fraud is still the most common type of crime being committed against organizations on a daily basis. Fraud has been around for thousands of years.

The first recorded example of fraud is from 1800 B.C. A Mesopotamian businessman named, Ea-Nasir, reportedly committed fraud against several of his customers according to cuneiform script tablets unearthed in the 20th century. Ea-Nasir, was a businessman from the city of Ur, who traded in copper, finished metal products, textiles and foodstuffs. The tablets contained complaints against Ea-Nasir for not delivering copper to his customers as well as providing lower quality copper[1]. What we see in this vignette from several thousand years ago is that whilst the methods used to commit frauds might have changed, the fundamentals have not. At the heart of each case of fraud is an individual able to act with relative autonomy, despite the legal and regulatory systems within which they operate.

At the root of fraud is human nature. Companies can leverage technology, create internal controls and provide training to spot fraud but what organizations cannot circumvent is human emotions or traits such as revenge, greed or narcissism.

Common Motivations of Occupational Fraud

Cover-Up: Very often we see that individuals involved in a fraud, start out believing that what they are doing is in the interests of their company. Accidental losses combined with big targets provide individuals with motivation to report that the situation is better than it is. Often such individuals have been successful in the past, are charming and are therefore trusted by their stakeholders. Their past successes make them believe they can make back their losses and more, gaining bonuses in the process. A gambling instinct takes over, with many doubling down. This can be successful the first time, giving the fraudsters the impression that it is a sensible tactic. Times of financial pressure can trigger these events by initiating losses, or can push individuals to realise their losses have reached a scale that is impossible to hide.

Invincibility and Greed: Some individuals just believe they are able to ‘win’, that no one is going to stop them and that they deserve the rewards of their efforts. They will often deceive their superiors to achieve their aims and any obstacles in their way are removed using whatever means possible. Where such individuals are in positions of authority, they can instruct people to do what they need. There are myriad reasons why people end up in this mindset, and in reality, these are likely the hardest perpetrators to stop since they will do anything to achieve their goals. Companies need to be alert to the possibility they have such employees and that such individuals are often accomplished liars.

Revenge: The final motivation to highlight is that of revenge. All companies have the potential to upset some of their employees, even those who put their staff at the heart of what they do. However, left unchecked, disgruntled staff can use their frustration to justify fraudulent activity. In particular, if employees feel that they are not paid well, or if amounts owed to them are withheld, they can justify their actions as simply taking what they are owed.

How Can Organisations Minimise Their Risk of Occupational Fraud?

The three types of motivations to commit fraud described above are clearly simplified but that being said, there are some simple steps that companies can take to minimise their risk of occupational fraud.

1. Treat people with respect. It should go without saying that employees who are well remunerated, treated like trusted human beings and feel part of the community of the company are less likely to want to defraud them. In the current climate where many more people are working from home, this is simultaneously easier and harder to do. If organizations accept and display trust in their employees, provide them with clear tasks and expectations, rather then simply leave them to get on with their work, this can send the message that they are valued. Inversely, individual employees working from home are lacking one of the main control points companies have – observation by other staff. Some companies have replaced this with monitoring software that uses webcams and key loggers, but this can be counterproductive and create a culture of distrust. It might be prudent to build automated controls to stop people from subverting key processes and trust them to do the rest of their job unsupervised.
2. Don’t neglect the basics. The simplest controls are often the most neglected and overridden because they are viewed as simple and unimportant. The most important of these are a second pair of eyes to check and a division of responsibilities. We have seen many examples of frauds that might have been avoided if for example, the invoice payment was made by someone other than the person responsible for ordering, or if the senior accountant had not given their banking login details to a more junior staff member. These basics should be non-negotiable. But rigid structures of authority are often the blocker. Peer review should be used more than many organisations currently perceive.
3. Empower all staff. Many in senior management are able to get away with fraudulent behaviour despite other staff identifying issues. Flatter structures discourage such behaviour as does limiting the power of individuals. Why, for example, should the responsibility for authorising transactions made by senior management not sit with junior staff members?
4. Provide a means by which staff can report issues and openly talk about their results. Many companies have implemented a ‘speak-up’ line or similar but do little to investigate or enforce repercussions of problems that are reported. Investigators, both internal and external, report a lack of trust in such hotlines because no impact is seen by whistle-blowers who then fear retaliation for their actions. It takes more than just setting up the phone line to ensure that problems are identified and reported. Action needs to be taken and the results communicated to the staff involved and the company more broadly.

Human nature drives people to commit fraud, but companies can also use human nature to protect themselves. Ethical employers minimise the risk of becoming victim to fraudsters by remembering that those they interact with, be they employee, supplier or customer, are human and they need to be treated as such. A&M Disputes and Investigations professionals can help companies to investigate fraud, but can also help review governance and control structures to ensure they meet the needs of all stakeholders.