Fraud Alert - Employee Fraud

Introduction

In March 2003 an article appeared in the Financial Times claiming that West African organised crime were or had infiltrated the economic industry and were ‘planting' employees who would pass on customer detail that could in turn facilitate an attack on the companies concerned.

The National Criminal Intelligence Service (NCIS) claimed the economic community were on the whole uncooperative with police on this issue and that they were failing to address the problem. The article also claimed that banks were reluctant to converse with police in general.

The effect of this was quite damaging. Firstly there is very good co-operation with law enforcement on this issue and secondly the industry is taking staff fraud very seriously.

Various academic studies have claimed that employees pose one of the major threats in fraud through their activities. Though very difficult to evaluate the loss associated with employee fraud, it is fair to say any activity can be very damaging.

There are no right or wrong answers to the problem associated with internal attacks on the banks, but it must be borne into mind the effects of the Financial Services Markets Act 2000 when it applies to the regulated sector, reputational risk, the effects of profit margins and of course customer confidence.

Furthermore there are established links to funding organised crime.

There are many ways in which attacks can be facilitated against companies from internal means. These include:

• Direct theft of Intellectual property
• Passing on business information for personal gain to competitors
• Passing customer detail to third parties in order that attacks may be facilitated against that organisation. This is where there may be an employee of financial institution passing customer account details to organised crime

Perceptions

There are a number of perceptions within the financial industry as to how attacks were perpetrated and who was responsible. This is not a definitive list, but outlines those major concerns:

• The use of temps from agencies were a cause for concern with the vetting carried out away from the employing company
• Human Resources departments were undertaking insufficient vetting checks on prospective employees
• General feeling that call centres were vulnerable
• Corrupt employees were moving between companies
• Individuals were being approached by organised criminals in their lunch breaks, upon leaving work and even whilst employed within branches and encouraged to pass on customer detail
• Corrupt employees coercing other employees into criminal activity

What can companies do?

There are a lot of basic tasks companies can do to address the threat from within. The Metropolitan Police are working closely with the financial sector to enhance the response both by police and companies themselves.

Early lessons that can be learnt are:

• The role of HR and staff vetting. Ensure you really do know whom you are employing. Are their references correct? Does their identity stand up to scrutiny?
• How do companies evaluate loss through crime? How good are systems for identifying whether this has been perpetrated through an insider?
• What whistle blowing policies are in place and how are sources protected?
• Where a company has an investigative branch, how do they investigate? Consider a proactive approach to investigation.
• How are the threats of internal crime marketed through an organisation? Are staff aware of the risks of becoming embroiled in crime?

Links

• National Identity Fraud Week
• Home Office - Identity Fraud
• Office of Fair Trading

Useful Contacts

• Credit Reference Agencies