Are NOMADs at risk?

Fraud is estimated to cost the UK economy more than £50 billion and cybercrime nearly £30 billion annually. Fraud, bribery and corruption can be internal, committed by an employee or senior manager, or external, committed by suppliers and customers (though external frauds often require insider assistance).

Types of fraud include: asset misappropriation (theft of cash, information and IP), procurement (false invoicing and false expenses claims), bribery and corruption, and concealed off-record business.

Determined fraudsters are becoming more ingenious. The increase in the corruption of the supply chain is marked. Procurement functions seek protection by way of due diligence tests on suppliers but fraudsters are increasingly smarter at circumventing traditional processes.

Prevention

Failure to implement basic financial and fraud prevention controls can lead to an environment that is vulnerable to internal and external fraud.

Nominated Advisers (NOMADs)

Taking steps to prevent fraud is essential for the NOMAD community. When vetting Qualified Executives, the London Stock Exchange will (among other things) consider whether the applicant has been the subject of disciplinary action by any legal, financial or other regulator, and also the commercial and regulatory performance of their clients.

A NOMAD who fails to foster a “tone at the top” fraud and bribery prevention programme will be exposed to scrutiny. A good programme should provide for:

• identification and assessment of the risk areas of the business;
• a fraud prevention policy and implementation of controls to protect against identified risks;
• an anti-bribery and anti-money laundering policy;
• risk management and compliance to be seen as non negotiables and followed by all, and a cascading of information from management to employee;
• an effective and independent whistle-blowing policy;
• employee training to ensure they:
  • follow optimal work policies and procedures;
  • comply with the organisation’s code of conduct and ethics policy;
  • report any suspicions to a fraud prevention officer, if one has been appointed; and
  • alert the money laundering reporting/compliance officer to any suspicious transactions; and
• effective measures to engender a culture of intolerance to fraud with a more transparent working environment.

Detection of fraud

Certain red flags should raise suspicions of fraud, including:

• significant changes in the behaviour of individuals;
• if an individual is known to have large personal debts or financial losses;
• individuals who work late or start early and do not delegate their work;
• audit findings deemed to be errors or irregularities;
• transactions taking place at odd times, with odd frequencies or involving unusual amounts to odd recipients;
• internal controls not being enforced;
• discrepancies in accounting records and unexplained items on reconciliations;
• missing or altered documents;
• missing inventories of physical assets;
• addresses of paying customers with common names against them; and
• collusion among employees with little or almost no supervision.

Suspicion may also arise through whistle-blowing or audits which reveal loss. Business information systems can point to wrongdoing and data analytics tools can be used to focus detection efforts.

What should you do if you are the victim of a fraud?

It is imperative to acknowledge the issue. An investigation team should be put in place. Clearly fraud is a sensitive matter with reputational as well as commercial risk. In the early stages of an investigation often the fewer people aware of the position the better, as this prevents wider circulation and also the possibility of “tipping off”.

The manner in which the issue is handled could have consequences both personally for a senior officer of the company and for the company as a whole. The Proceeds of Crime Act 2002 (POCA) and the Bribery Act 2010 are relevant laws where external notification may be required and have consequential effects. Likewise, the FCA imposes general reporting requirements which must be adhered to.

It is advisable to instruct specialist advisers. Independent advice which is objective and impartial is vital. It also has the advantage of the protection of legal professional privilege in relation to communications between the organisation and its legal advisers. Speed is always of the essence.

Once the evidence has been reviewed a response needs to be forthcoming. A strategic plan is needed to coordinate the organisation’s response to (i) protect its position; (ii) comply with its regulatory and statutory duties; (iii) manage the risk of damage to the organisation’s reputation; (iv) minimise any possible ongoing damage; and (v) seek to recover the financial loss, taking pre-emptive measures to protect the business’s position.

The company will need to consider a number of different actions, including whether to:

• report the matter to the police or the regulators;
• seek redress in the civil courts; and/or
• rely on the internal disciplinary procedures.

Recent legislation including the POCA and the Bribery Act, and the culture of whistle-blowing, enshrine and encourage an ethos of reporting. Statutory duties are found in the Money Laundering Regulations 2007, the POCA and the Terrorism Act 2000.

Insurance policies need to be reviewed, to ascertain firstly whether to report the matter to insurers and secondly whether it is possible to claim under the policy.

You should also review whether the company might have an exposure to third party claims as a result of the fraud and the imposition of vicarious liability. Consideration should be given to whether clients and other third parties should be notified.

The organisation must also consider its communication strategy with the press, with a coordinated policy to deal with all aspects of reputational protection.

Conclusion

Prevention is better than cure, but be alert to the risk and apply your control measures. This will ensure that the organisation is ready to deal with any crisis effectively.

Sophia Purkis, Partner, Fladgate LLP (spurkis@fladgate.com)