Despite a collective multi-million fraud bill, companies still consistently fail to implement even the most basic financial safeguards. Financial payment systems in particular are left wide open to abuse and misuse, warns Harry Hornby
Over the past decade there has been an extraordinary shift in corporate behaviour. From the rise of the entrepreneurial led business to the adoption of low cost electronic payments, the old, traditional processes that delivered financial probity and rigour have been apparently consigned to history. But at what business risk – and what cost?
There is a growing incidence of employee-led fraud that bypasses the internal controls of the Bacs payment system. In some cases the fraud will continue for a number of years without being spotted by accountants, Bacs, regulatory authorities or the business owners.
This rise in fraud is being fuelled by changing consumer attitudes. Stories now abound of companies that have lost several million pounds to fund employees’ gambling habits or pay off credit card debt. Unless an organisation has fidelity cover as part of its insurance programme, there is no way of recouping this loss.
With the escalating economic crisis, organisations simply cannot afford to place temptation in front of employees. The often quoted saying that only 20% of individuals are honest, 20% dishonest and the rest dishonest when the opportunity arises, becomes ever more relevant as desperate employees are tempted by blatant lack of financial controls in place across many companies.
Business leaders are complicit in this escalating fraud. They are too focused on business growth and not concerned enough about financial process and control. Far too many are happy to delegate important financial roles to junior, even part-time finance personnel, in a bid to concentrate exclusively on business development.
Financial probity may be dull when compared to the fun of winning business and developing innovative products and services. But there is little point in achieving business growth if the profits are being siphoned off by an employee exploiting financial inexperience and negligence.
Far too many companies now completely ignore standard good business practice that has developed over many years to ensure financial security. In the past, every company payment required a cheque to be signed by two directors or senior managers. Any payment above a fairly low limit would also have required senior management approval. Today, even the most junior staff appear to have purchasing power, and the Bacs payment process is often managed by a single individual, leaving the company open to financial exploitation.
The move to electronic payments via Bacs for paying staff and suppliers has significantly reduced costs, and transformed the business finance process. However, while Bacs itself has made important developments to improve the security of the Bacs systems, organisations cannot afford to hand over corporate responsibility in this lackadaisical manner. Relying on one person to manage thousands of pounds of payments on a weekly basis is fundamentally irresponsible.
With no check point in the electronic payment system to verify the identity of the payee, it is a simple process to make multiple fraudulent payments – and to continue making those payments unchecked and unnoticed for many years.
“Relying on one person to manage thousands of pounds of payments on a weekly basis is fundamentally irresponsible
Organisations can take simple measures to reduce the risk. Since fraud is far less likely to occur via employee collusion, the reintroduction of the two step process – one member of staff to prepare the payments, one to execute the instructions – is a good start. This control can be reinforced by using an independent database of bank details to verify all payments and flag up both incorrect and potentially fraudulent transactions.
Adding a spot check process on past transactions also sends a strong message to employees and will significantly reduce the temptation to defraud. Simply taking the time to get to know both employees and the systems used, combined with regular reviews and audits, will fundamentally diminish the risk of tempting those 60% of employees that are dishonest only when presented with an opportunity.
A growing number of organisations are also opting to reinforce probity via the services of a third party bureau. The independent advice provided by a Bacs bureau, combined with additional submission authorisation and validation, will ensure any attempts at fraudulent transactions are immediately highlighted. The ‘watching eye’ of the bureau also acts as a deterrent, and a bureau will always ensure that payments are only made with the full authorisation of a company signatory.
This process is especially important for emergency Bacs submissions – those situations when the core Bacs system has failed and the third party agreement swings into action. For many companies this is a high risk situation, offering an employee a one off chance to add fraudulent payments to the list, on the assumption that the bureau will be none the wiser.
A good emergency Bacs submission process will only be undertaken with full, written authorisation of a company officer – not at the behest of a book-keeper. With additional validation via a separate database of banking details, there is no opportunity to exploit a Bacs glitch.
It has never been more important to undertake these simple steps to reintroduce financial control. Company identity fraud is on the rise and the credit crunch is placing ever greater pressure on employees. Leaving the corporate coffers open is not only tempting fate – it is irresponsible.
The fall out from fraud is significant. Individuals end up in court; authorities will often launch a tax investigation to ascertain the accuracy of records; the credibility of an organisation will be damaged and employee morale will tumble. Directors are tasked with looking after the assets of the company. Failure to put in place the right controls could be deemed negligent and will certainly raise the ire of shareholders. If, in the worst case scenario, the fraud actually leads to business failure, creditors could well hold directors personally liable.
Fraud is typically an opportunistic crime. By putting in place the right financial controls, based on sound third party advice and support, businesses can reduce the risk of fraudulent financial transactions, thereby protecting corporate assets.
Harry Hornby is managing director of BACScontingency.com