COVID-19: detecting fraudulent schemes perpetrated by employees
February 2022 | SPECIAL REPORT: CORPORATE FRAUD
Financier Worldwide Magazine
February 2022 Issue
Recent media coverage has focused on the effect of coronavirus (COVID-19) on the emergence of cyber-related frauds, including social engineering and phishing schemes. Employers would also be wise to address the risk of employee fraud.
COVID-19 continues to have a significant impact on companies across a range of sectors, disrupting traditional working patterns and the supply chain. As ‘hybrid’ work environments become the new norm, employers are urged to consider what adjustments may be needed to engage and support both a remote and in-person workforce. Understanding the impact of COVID-19 on the effectiveness of internal controls is an important consideration in understanding and detecting employee fraud.
The fraud triangle
In 2022 and beyond, as the pandemic continues to increase the risk of fraud, businesses will need to find ways to improve their ability to detect fraud, by understanding how and why it occurs.
Pressure, opportunity and rationalisation (commonly referred to as the ‘fraud triangle’) are three elements that provide a useful framework for understanding and detecting employee fraud.
Pressure. Employees under extreme financial or personal pressures may be more likely to commit fraud. This pressure can come from external sources, such as personal financial difficulties, or from internal sources, such as work-related financial performance requirements.
Opportunity. The opportunity for employee fraud may be elevated as we continue to face the dual health and economic crisis arising from COVID-19. While the hybrid work model provides increased flexibility, it may make it more difficult for employers to monitor employee conduct, challenging pre-existing systems and controls. It is perhaps counterintuitive, but remote working arrangements may also enhance the effectiveness of internal controls designed to detect any previously well-tended fraudulent employee schemes, including secret commission or kickback schemes, procurement and supply chain fraud, inventory theft, phony invoicing and other dishonest or fraudulent schemes.
Rationalisation. Employees who commit fraud often justify the behaviour as short-term borrowing from their employer. Employees may also rationalise their wrongdoing on the basis that the organisation deserves to lose money, or that they deserve more money than the employer is willing to pay them. Further, employees may rationalise theft on the basis that it is acceptable because ‘everyone is doing it’. The elevated pressures and strains of the pandemic may make this rationalisation easier for certain employees.
It is important that senior management set the appropriate ‘tone from the top’ with respect to adherence to rules and internal control procedures. If adherence to rules and internal control procedures are not taken seriously, it can create an environment in which employees think it is acceptable to break the rules and gain a wrongful benefit through their employment.
Kickback or secret commission schemes
Kickback or secret commission schemes are common forms of employee fraud. Kickback and supply chain schemes can be difficult to detect in the absence of robust tendering and procurement controls, routine job duty rotation, division of duties and mandatory vacation policies.
Kickback schemes often follow a straightforward recipe: a supplier offers money or some other incentive to an employee to induce his or her employer to purchase a service or product at an inflated price. A supply chain fraud typically involves the insertion of an intermediary into the supply chain, with the employer paying an inflated price to the intermediary to the benefit of the dishonest employee. Given recent disruptions to the supply chain, many organisations have not engaged in thorough vendor selection and review processes, increasing the risk of supply chain schemes.
Canadian criminal law prohibits secret commission schemes. Section 426 of the Criminal Code prohibits the payment of secret commissions to an agent, as well as the receipt of secret commissions by an agent. Similarly, at common law, both the party paying the secret commission and the party receiving the secret commission are liable for losses arising from the scheme.
Red flags of employee fraud
Sole source of supply. Some frauds involve employees dealing directly with customers or suppliers to carry out the scheme. This may prove impossible if that employee is absent from work or self-isolating due to COVID-19 restrictions. Employers should be mindful of sole source of supply in the face of other commercially viable options.
Control of procedures. Employees who are stealing from their employers often engage in a pattern of conduct designed to circumvent internal controls. An employee who is unusually possessive of internal controls and procedures may also warrant closer scrutiny. This is particularly true where that employee takes a sudden interest in operations beyond the scope of his or her own job duties. Close relationships with employees in departments with access to accounting or procurement procedures may warrant further investigation. An employee required to work remotely due to COVID-19 may lose the ability to control such procedures.
Perfect attendance. An employee’s refusal to take a sick day or vacation could signal an attempt to conceal a fraud. Employees perpetrating a fraudulent scheme may insist on attending work daily to maintain their ability to bypass existing internal controls to ensure that evidence of their wrongdoing remains concealed. Current COVID-19 restrictions in place requiring certain employees to work from home may impede the ability of employees to continue such schemes undetected.
Preventing employee fraud
To reduce employee fraud, it is important to identify higher risk employees – those who are in a position to commit fraud because of their rights of access or level of autonomy, and those who would cause the greatest economic damage to the organisation if they were successful in committing fraud.
Some factors to consider when determining which employees fall into a higher risk category include: (i) employees who are considered outliers with regard to performance; (ii) employees with ongoing or historical grievances; (iii) those who have resigned and are working out their notice; (iv) employees who have repeatedly missed out on promotions; (v) and employees who fail to complete mandatory training on key compliance issues.
After identifying this higher risk group, an employee fraud and malpractice risk assessment should be performed. This will provide insight on where additional controls should be focused.
A common internal control designed to detect employee fraud is the implementation of mandatory vacation policies. Proper division of duties (for example, separation of purchasing and payment functions) and the regular rotation of employee job functions are also important internal controls. Such controls are intended to reduce the risk arising from one employee maintaining sole control over key business or accounting functions in furtherance of a fraudulent scheme.
Many employee frauds are only discovered following the implementation of such controls or changes to existing procedures brought about by operational changes. When an employee is away from his or her normal operational duties this can provide an opportunity for superiors, co-workers and internal auditors to detect the previously well-guarded secret fraudulent scheme. The current hybrid work environment necessitates operational change and the potential for enhanced division of duties. This creates an opportunity for employers to detect a dishonest employee’s ongoing fraudulent scheme.
To combat employee fraud, organisations should have clear policies about expected conduct, along with a whistleblowing policy for employees to report wrongdoing. It is not enough to have sophisticated codes of conduct and anti-fraud policies in place, organisations also need effective implementation. Organisations are encouraged to provide clear, regular two-way communication on policies and practices to workers, third parties and other organisational stakeholders. Companies should strive to develop an open culture where employees feel comfortable sharing their individual difficulties without fear of ridicule or retribution.
A time for increased vigilance
While the temptation in trying economic times may be to shift focus to pressing operational and other organisational needs, employers should maintain robust internal controls while employees continue to work remotely. Employers should also consider whether additional or modified internal controls are required to combat the challenges of the current working environment.
Discovery of a fraudulent employee scheme
Upon discovery of a fraudulent scheme perpetrated by an employee, it is imperative that employers act quickly to properly investigate with the assistance of experienced legal counsel. Effective legal risk management will require the consideration of several legal issues, including financial, regulatory and reputational risks, employment law issues, fidelity insurance coverage and other potential avenues of recovery of financial losses.
Jim Patterson and Amanda C. McLachlan are partners at Bennett Jones. Mr Patterson can be contacted on +1 (416) 777 6250 or by email: pattersonj@bennettjones.com. Ms McLachlan can be contacted on +1 (416) 777 5393 or by email: mclachlana@bennettjones.com.
© Financier Worldwide
BY
Jim Patterson and Amanda C. McLachlan
Bennett Jones
Q&A: Tackling financial crime in Latin America
Global anti-money laundering – are you ready for a perfect regulatory storm?
Money laundering trends in the US
Recent developments underscore importance of KYC and related due diligence
COVID-19: detecting fraudulent schemes perpetrated by employees
Asset recovery in Germany for international corporations
Worldwide settlement of international corporate corruption offences
New US law enforcement leadership means business on corporate crime
Reflections on the first year of ASIC’s immunity policy for market misconduct