Fraud is estimated to cost the UK economy more than £50 billion and cybercrime nearly £30 billion annually. Fraud, bribery and corruption can be internal, committed by an employee or senior manager, or external, committed by suppliers and customers (though external frauds often require insider assistance).
Types of fraud include: asset misappropriation (theft of cash, information and IP), procurement (false invoicing and false expenses claims), bribery and corruption, and concealed off-record business.
Determined fraudsters are becoming more ingenious. The increase in the corruption of the supply chain is marked. Procurement functions seek protection by way of due diligence tests on suppliers but fraudsters are increasingly smarter at circumventing traditional processes.
Prevention
Failure to implement basic financial and fraud prevention controls can lead to an environment that is vulnerable to internal and external fraud.
Nominated Advisers (NOMADs)
Taking steps to prevent fraud is essential for the NOMAD community. When vetting Qualified Executives, the London Stock Exchange will (among other things) consider whether the applicant has been the subject of disciplinary action by any legal, financial or other regulator, and also the commercial and regulatory performance of their clients.
A NOMAD who fails to foster a “tone at the top” fraud and bribery prevention programme will be exposed to scrutiny. A good programme should provide for:
Detection of fraud
Certain red flags should raise suspicions of fraud, including:
Suspicion may also arise through whistle-blowing or audits which reveal loss. Business information systems can point to wrongdoing and data analytics tools can be used to focus detection efforts.
What should you do if you are the victim of a fraud?
It is imperative to acknowledge the issue. An investigation team should be put in place. Clearly fraud is a sensitive matter with reputational as well as commercial risk. In the early stages of an investigation often the fewer people aware of the position the better, as this prevents wider circulation and also the possibility of “tipping off”.
The manner in which the issue is handled could have consequences both personally for a senior officer of the company and for the company as a whole. The Proceeds of Crime Act 2002 (POCA) and the Bribery Act 2010 are relevant laws where external notification may be required and have consequential effects. Likewise, the FCA imposes general reporting requirements which must be adhered to.
It is advisable to instruct specialist advisers. Independent advice which is objective and impartial is vital. It also has the advantage of the protection of legal professional privilege in relation to communications between the organisation and its legal advisers. Speed is always of the essence.
Once the evidence has been reviewed a response needs to be forthcoming. A strategic plan is needed to coordinate the organisation’s response to (i) protect its position; (ii) comply with its regulatory and statutory duties; (iii) manage the risk of damage to the organisation’s reputation; (iv) minimise any possible ongoing damage; and (v) seek to recover the financial loss, taking pre-emptive measures to protect the business’s position.
The company will need to consider a number of different actions, including whether to:
Recent legislation including the POCA and the Bribery Act, and the culture of whistle-blowing, enshrine and encourage an ethos of reporting. Statutory duties are found in the Money Laundering Regulations 2007, the POCA and the Terrorism Act 2000.
Insurance policies need to be reviewed, to ascertain firstly whether to report the matter to insurers and secondly whether it is possible to claim under the policy.
You should also review whether the company might have an exposure to third party claims as a result of the fraud and the imposition of vicarious liability. Consideration should be given to whether clients and other third parties should be notified.
The organisation must also consider its communication strategy with the press, with a coordinated policy to deal with all aspects of reputational protection.
Conclusion
Prevention is better than cure, but be alert to the risk and apply your control measures. This will ensure that the organisation is ready to deal with any crisis effectively.
Sophia Purkis, Partner, Fladgate LLP (spurkis@fladgate.com)