COVID-19: detecting fraudulent schemes perpetrated by employees

February 2022  |  SPECIAL REPORT: CORPORATE FRAUD

Financier Worldwide Magazine

February 2022 Issue

Recent media coverage has focused on the effect of coronavirus (COVID-19) on the emergence of cyber-related frauds, including social engineering and phishing schemes. Employers would also be wise to address the risk of employee fraud.

COVID-19 continues to have a significant impact on companies across a range of sectors, disrupting traditional working patterns and the supply chain. As ‘hybrid’ work environments become the new norm, employers are urged to consider what adjustments may be needed to engage and support both a remote and in-person workforce. Understanding the impact of COVID-19 on the effectiveness of internal controls is an important consideration in understanding and detecting employee fraud.

The fraud triangle

In 2022 and beyond, as the pandemic continues to increase the risk of fraud, businesses will need to find ways to improve their ability to detect fraud, by understanding how and why it occurs.

Pressure, opportunity and rationalisation (commonly referred to as the ‘fraud triangle’) are three elements that provide a useful framework for understanding and detecting employee fraud.

Pressure. Employees under extreme financial or personal pressures may be more likely to commit fraud. This pressure can come from external sources, such as personal financial difficulties, or from internal sources, such as work-related financial performance requirements.

Opportunity. The opportunity for employee fraud may be elevated as we continue to face the dual health and economic crisis arising from COVID-19. While the hybrid work model provides increased flexibility, it may make it more difficult for employers to monitor employee conduct, challenging pre-existing systems and controls. It is perhaps counterintuitive, but remote working arrangements may also enhance the effectiveness of internal controls designed to detect any previously well-tended fraudulent employee schemes, including secret commission or kickback schemes, procurement and supply chain fraud, inventory theft, phony invoicing and other dishonest or fraudulent schemes.

Rationalisation. Employees who commit fraud often justify the behaviour as short-term borrowing from their employer. Employees may also rationalise their wrongdoing on the basis that the organisation deserves to lose money, or that they deserve more money than the employer is willing to pay them. Further, employees may rationalise theft on the basis that it is acceptable because ‘everyone is doing it’. The elevated pressures and strains of the pandemic may make this rationalisation easier for certain employees.

It is important that senior management set the appropriate ‘tone from the top’ with respect to adherence to rules and internal control procedures. If adherence to rules and internal control procedures are not taken seriously, it can create an environment in which employees think it is acceptable to break the rules and gain a wrongful benefit through their employment.

Kickback or secret commission schemes

Kickback or secret commission schemes are common forms of employee fraud. Kickback and supply chain schemes can be difficult to detect in the absence of robust tendering and procurement controls, routine job duty rotation, division of duties and mandatory vacation policies.

Kickback schemes often follow a straightforward recipe: a supplier offers money or some other incentive to an employee to induce his or her employer to purchase a service or product at an inflated price. A supply chain fraud typically involves the insertion of an intermediary into the supply chain, with the employer paying an inflated price to the intermediary to the benefit of the dishonest employee. Given recent disruptions to the supply chain, many organisations have not engaged in thorough vendor selection and review processes, increasing the risk of supply chain schemes.

Canadian criminal law prohibits secret commission schemes. Section 426 of the Criminal Code prohibits the payment of secret commissions to an agent, as well as the receipt of secret commissions by an agent. Similarly, at common law, both the party paying the secret commission and the party receiving the secret commission are liable for losses arising from the scheme.

Red flags of employee fraud

Sole source of supply. Some frauds involve employees dealing directly with customers or suppliers to carry out the scheme. This may prove impossible if that employee is absent from work or self-isolating due to COVID-19 restrictions. Employers should be mindful of sole source of supply in the face of other commercially viable options.

Control of procedures. Employees who are stealing from their employers often engage in a pattern of conduct designed to circumvent internal controls. An employee who is unusually possessive of internal controls and procedures may also warrant closer scrutiny. This is particularly true where that employee takes a sudden interest in operations beyond the scope of his or her own job duties. Close relationships with employees in departments with access to accounting or procurement procedures may warrant further investigation. An employee required to work remotely due to COVID-19 may lose the ability to control such procedures.

Perfect attendance. An employee’s refusal to take a sick day or vacation could signal an attempt to conceal a fraud. Employees perpetrating a fraudulent scheme may insist on attending work daily to maintain their ability to bypass existing internal controls to ensure that evidence of their wrongdoing remains concealed. Current COVID-19 restrictions in place requiring certain employees to work from home may impede the ability of employees to continue such schemes undetected.

Preventing employee fraud

To reduce employee fraud, it is important to identify higher risk employees – those who are in a position to commit fraud because of their rights of access or level of autonomy, and those who  would cause the greatest economic damage to the organisation if they were successful in committing fraud.

Some factors to consider when determining which employees fall into a higher risk category include: (i) employees who are considered outliers with regard to performance; (ii) employees with ongoing or historical grievances; (iii) those who have resigned and are working out their notice; (iv) employees who have repeatedly missed out on promotions; (v) and employees who fail to complete mandatory training on key compliance issues.

After identifying this higher risk group, an employee fraud and malpractice risk assessment should be performed. This will provide insight on where additional controls should be focused.

A common internal control designed to detect employee fraud is the implementation of mandatory vacation policies. Proper division of duties (for example, separation of purchasing and payment functions) and the regular rotation of employee job functions are also important internal controls. Such controls are intended to reduce the risk arising from one employee maintaining sole control over key business or accounting functions in furtherance of a fraudulent scheme.

Many employee frauds are only discovered following the implementation of such controls or changes to existing procedures brought about by operational changes. When an employee is away from his or her normal operational duties this can provide an opportunity for superiors, co-workers and internal auditors to detect the previously well-guarded secret fraudulent scheme. The current hybrid work environment necessitates operational change and the potential for enhanced division of duties. This creates an opportunity for employers to detect a dishonest employee’s ongoing fraudulent scheme.

To combat employee fraud, organisations should have clear policies about expected conduct, along with a whistleblowing policy for employees to report wrongdoing. It is not enough to have sophisticated codes of conduct and anti-fraud policies in place, organisations also need effective implementation. Organisations are encouraged to provide clear, regular two-way communication on policies and practices to workers, third parties and other organisational stakeholders. Companies should strive to develop an open culture where employees feel comfortable sharing their individual difficulties without fear of ridicule or retribution.

A time for increased vigilance

While the temptation in trying economic times may be to shift focus to pressing operational and other organisational needs, employers should maintain robust internal controls while employees continue to work remotely. Employers should also consider whether additional or modified internal controls are required to combat the challenges of the current working environment.

Discovery of a fraudulent employee scheme

Upon discovery of a fraudulent scheme perpetrated by an employee, it is imperative that employers act quickly to properly investigate with the assistance of experienced legal counsel. Effective legal risk management will require the consideration of several legal issues, including financial, regulatory and reputational risks, employment law issues, fidelity insurance coverage and other potential avenues of recovery of financial losses.

 

Jim Patterson and Amanda C. McLachlan are partners at Bennett Jones. Mr Patterson can be contacted on +1 (416) 777 6250 or by email: pattersonj@bennettjones.com. Ms McLachlan can be contacted on +1 (416) 777 5393 or by email: mclachlana@bennettjones.com.

© Financier Worldwide

BY

Jim Patterson and Amanda C. McLachlan

Bennett Jones

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.