Avoiding the worst kind of theft from your business

Published:  17 April, 2018

Theft by customers and third-party criminals is bad enough, but it hurts most when staff commit criminal acts against the business that employs them. Adam Bernstein discusses.

According to Action Fraud, nearly one in five small businesses will have been defrauded at some point in their trading history – sometimes to the point of bringing the business to its knees.

And the trade has had its own victims, including Plumb Center’s own Bristol branch. In 2010, HVP reported that Mark Estcourt, a Manager for the company, pleaded guilty for the theft of £2,620 that should have been banked, which he used to pay his mortgage. Although he intended to repay, it fell to his mother to write a cheque. He was dismissed from the role.

What to be aware of

There are countless different ways that an employee can abuse trust. However, the main forms to watch for are:

  • Procurement fraud – fraud relating to company purchases of goods, services or works commissioned. Goods which are invoiced, but not delivered, or are subject to inflated prices
  • Travel and subsistence fraud – where employees claim for, say, food and mileage not incurred, or which is higher than receipts show
  • Personnel management – staff on sick leave but moonlighting elsewhere, misuse of company equipment and time for private purposes, or the use of false references and qualifications
  • Exploitation of assets and information – the passing of internal company information for personal gain
  • Payment fraud – the creation of fake accounts and invoices, the redirection of cheques and other payments, or the processing of payments to the fraudulent individual
  • Receipt fraud – the theft of inbound monies, or where records for monies are altered
  • False accounting – changing records and accounts to misrepresent their true value, to enhance or alter their appearance, to gain funds from a bank, reporting overly high profits, or to hide losses.

While fraud is an ever-present risk, and a destructive one at that, employers can take preventative measures.

The first step is to proactively check everyone that is employed, especially where they have access to sensitive systems or the company bank account. Quite simply, firms need to know exactly who they are employing.

References should be sought and followed up with calls; the matter shouldn’t be dropped until satisfactory answers are received. Everyone, from the cleaner to the members of the board, as well as contractors, should be subject to background checks.

At the very minimum, it’s important to confirm an employee’s identity, date of birth, residential address, qualifications, employment history, criminal history, and financial background. The process can be undertaken as part of the statutory obligation to ensure that an employee has the legal right to work in the UK.

Another option is to ask for a current passport and driving licence, birth and marriage certificates (if a married woman has changed her name), a recent bank or utility statement, certificates or reference numbers to check on qualifications, past P45 or P60s, as well as data from the Disclosure and Barring Service.

Policies

Another option is to engender the ethos that fraud is not tolerated within the business. This starts at the top with everyone being able to see that management plays by the same rules that employees have to follow. Policies and procedures need to be written, but they also need ‘buy-in’ from employees which requires consultation.

On joining, every employee should be given an anti-fraud policy. If a fraud should occur and the employee concerned is dismissed, the event and the consequences should be widely communicated to all staff as a deterrent. The key is to remove the belief that criminal actions will go undetected.

Control access

As harsh as it sounds, firms need to strictly control access to their premises and systems. As soon as an employee leaves, their access to systems should be terminated immediately. Passwords should be changed, passes revoked, and possession should be regained of company laptops and mobiles.

Take action

If a faked history or worse, criminality, is suspected, it’s important to take good legal advice with a view to withdrawing any employment offer made (or dismissing the employee).

The situation should be reported to the police or, in the case of illegal working, to the UK Border Agency, as well as to the recruitment agency if appropriate.

Ignoring the issue will only shuffle the problem to another employer; it could also leave the firm open to claims from future employers who weren’t warned about the ‘rogue’ employee.

Check further

Processes need to be put in place so that no one person has sole control over payment systems, chequebooks or the ability to singly authorise purchases over a given (low) value.

Invoices should be checked to ensure that they are from genuine suppliers, unexpected requests to change bank accounts should verified, and suppliers should be informed in writing each time a payment is made.

Lastly, firms should take steps to destroy any documents with sensitive information that may allow a fraudster to misuse the corporate identity for criminal gain. For paper, this means acquiring a fine cut cross shredder, while for data, firms should securely wipe computers (physically destroying hard drives and USB sticks) and factory reset mobile devices.

At the same time, time spent signing up on Companies House and other agencies’ websites, seeking out their online protections, is worthwhile. Companies House, for example, offers the PROOF scheme in relation to the changing of official corporate details, which helps prevent the hijacking of a company.

Fraud is an unpleasant fact of life. However, those that make it harder for employees who are criminally minded will be much better off. By removing the opportunity, they’ll remove the temptation.