Blowing the whistle

Even by the standards of recent fraud statistics, the 70% increase in staff deception reported by Cifas, the UK's fraud prevention service, for the year to June 2009 was an eye-opener. And there is no reason to anticipate an imminent reversal.

UK unemployment is at its highest level for 14 years — and is still rising. The correlation between periods of economic downturn and certain types of criminal activity, including theft and fraud, is well established. As an example, the UK has just become the shoplifting capital of Europe, with nearly £5bn worth of goods disappearing off retailers' shelves over the past 12 months. Of this figure, 36% was attributed to employee theft.

Looking at this situation positively, however, the recession has drawn attention to the problem of fraud as never before and given employers the impetus to establish or revitalise the checks and controls that protect them.

Companies need to be particularly vigilant about internal fraud at all times — not just during an economic downturn — as there will always be a small core of people who are criminally minded and will be inclined or tempted into fraud in any situation. But in many more cases, the propensity to carry out fraud festers in uncertain socio-economic situations, such as now.

Insurers and other financial services companies are vulnerable due to the access that many employees have to customer records and financial details, along with the benefits these can provide to themselves or organised gangs.

Preventative measures

So, what should companies be doing to combat this continuing threat? The Cifas report showed that good internal controls remain the most effective deterrent, with about 60% of attempted frauds being discovered in this way. In particular, companies should avoid situations where an individual employee is responsible for multiple parts of a customer transaction. Employers must remember this when planning internal change and restructuring programmes.

Staff-notified fraud currently accounts for approximately 15% of the total. Yet the role of employees in preventing fraud presents an interesting dichotomy for companies in the services sector. Staff members are typically their biggest asset and a culture of empowerment and trust can be a significant factor in business success. Against this background, it is understandably hard to acknowledge the fact that employees typically contribute to at least one-third of frauds, and offset this by encouraging team members to act as an early warning system for deception in the workplace. Achieving the right balance only works if the senior management communicates the negative wider business impact of internal fraud and demonstrates that it is serious about stamping it out by fully supporting employees who choose to 'out' dodgy colleagues.

The easiest way to do this is to have a clear whistleblowers' charter backing up the legal protection afforded to employees who report wrongdoing. That legal protection is covered in the Public Interest Disclosure Act 1998, which essentially protects the whistleblower, assuming they have acted in good faith and do not stand to gain from their actions personally (see box, below).

Beyond the legislation, however, a clear charter needs to address the perception of whistleblowing in the eyes of employees. The essential starting component is that it clearly sets out its purpose, laying out how whistleblowing supports the interests of all company stakeholders and why senior management will back individuals who do it within the framework of the law.

It needs to make clear who an employee can go to in the event that they suspect some wrongdoing, and to define the process with approximate timeframes. The purpose is to assure the employee that they will be supported throughout, and that investigations and actions will be followed through. This includes a plan for how lessons learned from reported incidents will be integrated into the business.

Protecting the employee is paramount, but having a clear, written policy will benefit the company as well. It encourages internal resolution of sensitive issues and helps protect the organisation from unexpected public disclosures of information. If word leaks out about internal fraud, it can do serious damage to an organisation's reputation and customer perception — particularly if there is a suggestion that not every avenue is being pursued in eradicating it.

Regulators also are increasingly interested in the measures that companies have for dealing with fraud, no matter the source. Investors have a vested interest too, quite apart from the impact on profits. Corporate social responsibility and ethical codes of conduct are increasingly coming under the microscope.

And let's not forget a charter that is used and well policed should help a company save money. No business is averse to that.