The General Optical Council (GOC) publishes the results of the disciplinary hearings it holds, and some make for interesting reading. One particular substantive hearing, held in September 2022, involved a registrant who, on multiple occasions took money from her employer by, for example, removing cash from the till drawer or by processing false refund transactions to her personal account. The dishonesty was proven and the only suitable response was erasure from the register.
Rising risk
Her activity is surprisingly common. A page on thecircularboard.com details 22 Eye-Opening Employee Theft Statistics in the Workplace, which should cause concern. Statistics reveal employee theft costs UK businesses around £190m every year; it usually takes around 14 months before a fraud case is discovered; 22% of retail shrinkage is due to employee theft; and 43% of fraud schemes are detected by a tip.
So, while authorities, firms and staff are now more acutely aware of the risks of fraud and theft, the biggest problem is that few recognise that what goes unseen is just as damaging, possibly more so, than that which is found. Firms ought to think of this as the biggest competitor they did not know they had.
Indeed, Dave Kearns, managing director at the Expert Investigations Group, believes that the figures in many reports are ‘generally not a true reflection as they are based on what is discovered, allowing for small tolerance for unknown losses.’ This is because in most retail businesses stock control and recording measures are not always accurate and therefore the inventory starting point can be wrong from the beginning.
Andrew Northage, a partner at Walker Morris LLP, has seen awareness of fraud and theft rise: ‘It is certainly the case that companies are now more mindful of the policies and procedures they must have in place to raise employee awareness of fraud and to deal with it if it occurs. Businesses are increasingly taking a similar approach to aspects of corporate governance, such as fraud, in order to identify the risks to the business, to determine appropriate mitigation strategies.’
While theft and fraud should be much easier to control in a micro business, Kearns notes: ‘Once you increase the number of employees, staff, sites, locations, procedures and outsourced services, then that risk begins to rise more significantly.’
Where the theft or fraud is carried out by more senior individuals, or by more than one employee, then he says that ‘the median loss is higher and the time to identify or detect the theft or fraud is longer.’
Common fraud and motives
Is there a typical fraud that firms should look out for? None really, but Philippa Dempster, managing partner at law firm Freeths, lists a number of examples that she has seen that include: requests to pay a fake bank account; fictitious invoices; invoices paid in one currency but posted in another; finance employees abusing a system; ex-employees abusing a system, and the overstating of accounts. Of course, there are plenty more.
As to the motives, Kearns says that the rationale to commit crime may be in order to gain monies that will allow a family, in the short term, to eat, heat their homes and enjoy Christmas. However, he notes that it may be because of ‘the materialistic world in which we live,’ that employees ‘do not wish to make personal cuts, savings and alter their lifestyles to maintain their current status quo’, so may ‘turn to employee deviance to keep their existing lifestyle.’ The current economic crisis may increase the potential for greater harm.
Prevention strategy
It is quite interesting that most instances of major fraud are uncovered by chance. For example, the 2013 case of Amanda Stevens, family friend and bookkeeper for Redcat Marketing, a publisher of a magazine for the motorcycle trade, who stole £210,000 over six years. She was only caught because a VAT bill could not be paid. The owners had to make four staff redundant, sell cars and business premises and take out a secured overdraft to keep the firm alive.
Fraudsters do make mistakes according to Northage: ‘One of the biggest frauds the UK has ever seen began to unravel when six seemingly unconnected companies responded to an audit letter on the same single fax.’
Prevention is invariably better than the cure. It is for this reason that Dempster recommends employers ‘create an open culture with regular awareness training and vigilance; sending examples around of latest scams, ensuring good cyber security and basic IT hygiene with regular password changes as part of best practice.’ To achieve this, she adds considering potential risk areas and being vigilant, watching for unusual behaviour, such as an individual living beyond their means, CCTV, and suitable stock control systems in warehouses.
But despite corporate changes, Kearns has seen crime evolve to bypass security measures put in place. He has seen family-based shoplifting with an employee assisting in the theft, which can be ‘extremely difficult to prevent, even with new technologies.’ This is because, as he says: ‘Simple theft of product, materials and associated merchandising is easy to dispose of once it’s out of the retail business.’ He notes that some crime is just a matter of leaving stock in the correct place for removal.
One solution advocated by Dempster is enforcing staff holidays: ‘Often this is the time when things are discovered. And in accounts teams, have particular vigilance and an open culture so that people question and spot check.’
But there is one tell-tale sign, says Northage; employee behaviour. ‘Look for domineering or bullying management, obsessive secrecy and close or closed relationships with suppliers. There may be an unwillingness to delegate menial tasks, or you may notice a significant change in an employee’s lifestyle.’
Northage also says: ‘Different kinds of fraud warrant different approaches. For instance, if facing push payment fraud, or the risk of any kind of fraudulent transaction, email must be closely monitored.’ One suggestion he makes to guard against similar frauds from inside a business is to ‘consider introducing checks beyond emails from supervisors before payments can be authorised; email chains can be easily edited to make it look as though the payment has been authorised, when it hasn’t.’
Major events usually involve senior management, especially those with the authority to override controls. However, employee fraud schemes can involve theft by exploiting systemic weaknesses, such as stealing cash before it has been recorded, fictitious expense reimbursement claims and/or stealing company property – the GOC case above demonstrates some of this.
A classic example of systemic abuse is offered by Northage; and it seems so simple. ‘We acted on behalf of a global food and drink manufacturer bringing a claim against an individual in its accounts department who spotted a weakness in the way in which payments of rebates were authorised [so that he could] amend the bank details of legitimate customers to his own account. This meant that rebates of around £650,000 were transferred to the employee’s account.’ It is not the rank of the fraudster so much as the opportunities available.
It should not be a surprise that employees are the key to detection. On one hand, employees that see solid policies will be deterred from engaging in criminal acts. On the other, honest employees will become critical allies in the fight who, with suppliers, can become key sources of tips and information.
Others can play a role by chance too. As Kearns highlights, employee activities can be discovered accidentally, by other employees, through situational crime measures put in place, as well as tip offs. One such case he investigated involved a neighbour who contacted a retailer stating there was ‘significant product’ in the garage of an employee. For him, having a whistleblowing policy and procedure is an essential tool ‘but only if the credibility of the process is maintained.’
The Wild West
If suspicions are raised, and an investigation is on the cards, Kearns says it makes sense to bring in experts. However, he says to be aware that the private investigation industry is ‘the wild west’; it is an unlicensed and unregulated industry and less than 25% of investigators have insurance and even fewer are GDPR compliant. It bothers him that the majority of investigators do not have a legal or law enforcement background and so ‘do not understand the details in proving a criminal offence, such as relevant points to prove, and case law.’
In other words, as the GOC case above illustrated, proving a case and acting is all about evidence. Without this, employers will not have the option of dismissing and claiming back from an employee via a civil prosecution, or seeking police help to prosecute and subsequently bring a ‘proceeds of crime’ case for recovery of funds, say Kearns.
Ultimately, he adds: ‘Once you have the evidence, you are in a strong position for prosecution.’ And for that, you need to seek good advice.
Summary
Fraud and theft are everywhere, often hiding in plain sight. It is impossible to stop it, but employers can take steps to keep the risk of an incident occurring to the minimum. Considering that fraud can be so destructive, it is an issue that cannot be ignored.