For many, the coronavirus pandemic has meant a sudden shift to a new way of working, and there is a lot of talk around the vulnerability of businesses to social engineering fraud as staff are working remotely through potentially less secure networks. Wire frauds and ransomware attacks carried out by faceless third parties are certainly a very real problem that we come across regularly, but businesses should not overlook the threats that also exist from within their organisations, and particularly so at this difficult and unusual time.
Fraud by employees or managers raiding the coffers (often called “fidelity” fraud) has flourished in previous economic downturns. There are two main reasons why this might be. First, during times of hardship, businesses tend to scrutinise their books more closely and financial irregularities become more apparent. Second, when those hardships also affect personal lives, the temptation to dip the hand in the till can, for some, become irresistible and perhaps even be considered necessary by them.
The new ways of working during the coronavirus pandemic may mean that some employees and managers are subject to less effective oversight, and in turn the opportunities for fraud are greater. The instances of fidelity fraud we see typically involve the fabrication or manipulation of third party invoices, with the result that payments processed by the business are directed to the account of the fraudulent employee or manager. In a business with a high volume of transactions, these payments can easily go unnoticed, potentially for years. This is particularly so now if the remote-working systems in place for checking and approving payments are not as robust as usual, or if relevant members of the accounts team have been furloughed.
Further, in many of the fidelity frauds we deal with for businesses and their insurers, there is a gambling addition involved, or some other feature in the individual’s life that places them under significant financial and emotional pressure. The Gambling Commission has just issued guidance for online operators following evidence that some gamblers may be at greater risk of harm during the coronavirus lockdown. This does not mean that a rise in fidelity fraud will necessarily follow, but there is good reason for businesses to be extra vigilant.
Organisations may find insurance cover for losses sustained at the hands of a fraudulent employee or manager under a fidelity or commercial crime policy, or within an all-in-one corporate protection policy that is available to mid-market businesses. It is important to note that this cover will typically respond by reference to the date that the fraud was discovered (or ought reasonably have been discovered), and not when the fraud actually look place. The level of indemnity available for fidelity fraud losses may also be sub-limited (ie, less than the main level of indemnity under the insurance policy) and so businesses need to ensure that the cover they have in place is suitable for their size and for the degree of financial authority given to individuals within the organisation.
When losses are suffered, there are numerous legal mechanisms available to businesses or insurers for the investigation of the fraud, assessment of the loss and, hopefully, the recovery of funds. These include Freezing Orders and Proprietary Injunctions against the employee or the manager if they continue to hold significant funds. However, we have found that one particularly effective tool is a “Norwich Pharmacal” order, which we often use to compel the bank of a fraudulent employee or manager to disclose full statements of accounts for the whole period of the fraud; and do so without the employee or manager knowing that we are doing all of this. See here a previous article that looks at Norwich Pharmacal disclosure orders in more detail.
The disclosure can prove critical in a number of respects, including helping to establish (for both the business and its insurers) the true and accurate extent of the loss, and tracing the stolen funds to determine whether any remain or into whose hands or into what assets of value they might have gone, for the purposes of a subsequent recovery action. Further, where a gambling addiction is involved, the disclosure can also trace the funds spent on gambling and help produce a clear picture of the nature of that gambling and whether there are grounds for complaint (we will sometimes see fraudulent employees spending in one single day with an online gambling operator more than they earn in a year). All of this information provides the best possible view on the options and prospects of a valuable recovery, and it also helps businesses learn from the unfortunate events.
At a time when the nation is seeking to come together (albeit in a way that respects social distancing), it may seem a little cynical for businesses to proactively seek out potential fraud by their employees or managers. However, the inside job is a risk that should not be overlooked as we enter a period of economic uncertainty.
If you would like to know more about how we can help you take steps to preserve and recover assets during the current crisis, see our briefings Coronavirus – a golden opportunity for fraudsters? here and Tackling fraud in the UK: freezing injunctions and similar orders here.