Keeping fraud under control

February 2016 Editor's Choice, Integrated Solutions, Security Services & Risk Management

Three-quarters of African countries scored less than three out of 10 on the Transparency International Corruption Perception Index for 2014. South Africa ranked 67th. Unfortunately this corruption is not only apparent in the more high-profile employment categories, but filters down to the lower levels and is most apparent where people are in positions of financial trust. Hi-Tech Security Solutions spoke to two industry professionals about the endemic fraud issues and possible counter-measures organisations can take.

Steven Powell, a forensic lawyer and director of forensics at ENSafrica.
Steven Powell, a forensic lawyer and director of forensics at ENSafrica.

Steven Powell, a forensic lawyer and director of forensics at ENSafrica, says that fraud occurs when three factors converge. Employees who are generally under pressure identify the opportunity to commit fraud, assuming there is a low risk of detection. The employee then justifies the commitment of these fraudulent acts by rationalising their behaviour, by relabelling it to remove the moral stigma that occurs with fraud.

He says that procurement and tender irregularities feature high on the list of common fraudulent behaviours and are committed in a number of ways:

1. Electronic funds transfer (EFT) payment manipulation.

2. Overpayment to legitimate suppliers (refunds directed to private accounts).

3. Fictitious suppliers/supplies.

4. Unethical procurement staff taking bribes to award contracts/tenders.

 Kyle Condon, MD of D&K Management Consultants.
Kyle Condon, MD of D&K Management Consultants.

Kyle Condon, MD of D&K Management Consultants adds two others to this list:

1. Stolen company stationery (such as letterheads and stamps).

2. Ghost customer scams.

Powell says that external sources generally struggle to gain access to sensitive organisational information and therefore recruit employees to collude with them and defraud the company. Criminal syndicates either bribe or threaten employees to gain access to company/client information in order to then create false change of bank account or payment requests, often involving a form of identity theft.

One of the most prevalent frauds in the marketplace at present is EFT (electronic funds transfer) fraud which happens in two ways: creation of an alternative vendor profile which is then selected to perform illicit transactions; or substitution of supplier bank details with those of the employee or a third-party bank account number.

The key control factor here is to prevent any amendments to the bank details being allowed without rigorous multiple authorisations. This calls for a segregation of duties and intensive management control, with the appointment of more than one signatory to a company bank account.

Abuse of trust

Another form of fraud is where the employee deliberately overpays a legitimate supplier, waits for the funds to be credited to the supplier’s account then calls them to say that an overpayment was made. They then ask the supplier to quickly make a reimbursement payment into a third-party account which the supplier is led to believe belongs to the company. Since they deal with the accounts employee on a regular basis, they have generally built up a relationship of mutual trust and therefore do not query the request.

Kickbacks and inducements form part of procurement and tender frauds. In addition, bid fixing occurs whereby tenders are opened early or prices provided by one supplier are made available to another one, which then allows the second bidder to lower or raise their bid to their advantage. Other tender irregularities include instances where management or directors have a direct undisclosed interest in an entity or transaction.

Kickbacks also occur where fictitious invoices are submitted by a supplier who is colluding with an employee. The corrupt employee approves payment for the invoice and once payment has been received by the supplier, the employee receives a kickback. Undelivered goods are allocated to negligent departments.

The development of ghost customers or suppliers is another rampant type of fraud. With respect to ghost customers, an employee will tip off an outside party on what stock the company holds and what the legitimate ordering process is. The paperwork for a sale is then processed and the ghost customer collects the goods in his vehicle with payment for the goods taking place on collection. Funds will later be declared as insufficient, but only after the collection has taken place.

In the instance of a ghost supplier, a letterhead is designed and a bank account is opened in the name of a supplier. The corrupt employee then signs off requisition payments for a company which does not actually exist and payments are made to this entity, which is usually the employee’s, a family member’s or a friend’s account. Obviously, no services or goods are supplied.

Powell cites an example where a financial manager in the Stellenbosch area had defrauded R4,2 million from her company over an eight-year period using three different schemes. She overpaid suppliers then asked for refunds; she paid R1,3 million on her house by generating a false credit on the accounts payable system at the company, which then prompted her company’s system to pay the money to the conveyancing attorneys; and she placed personal stop orders on the company’s main bank account. Judgement in the case was that the perpetrator had acted out of greed, not need and she was found guilty of 699 counts of fraud and sentenced to 12 years imprisonment with four years thereof suspended.

Fraudster profile

The exact cost of fraud to the country’s business sector will never truly be known for two reasons: often fraud goes undetected; and some companies choose to sweep fraud under the carpet due to embarrassment or concern for the reputation of the perpetrator.

So is there a typical profile for employees who commit fraud? And how can organisations identify possible perpetrators?

Trigger events to fraud include divorce, extramarital affairs and medical emergencies. Powell points out a number of red flags that help management to recognise corrupt employees, but cautions that checks and audits need to be done on a regular basis, covering:

• Lifestyle costs that exceed income.

• Problems with excessive gambling, alcohol or drug use.

• Employees who constantly claim they are underpaid.

• Close relationship with suppliers.

• Favouring just one supplier.

• Poor credit rating.

• Poor communication and reports.

• Indulging in affairs.

• Not taking leave.

• Refusal of promotion.

• Excessive and unexplained overtime.

• Criminal record.

Is it fraud?

Determining whether fraud is taking place requires effort and time. Often, fraud is only discovered when fraudsters become careless or excessively greedy. In addition, fraud may be uncovered when a disgruntled mistress or ex-wife decides to blow the whistle on the errant partner.

Condon says that management needs to look out for duplicate payments, low sequential invoice numbers, duplicated invoice numbers, and rounded-off amounts on invoices.

Fraudsters often bypass the payment system by conducting a manual payment override which they justify by saying the automatic payment system has an issue.

Stopping them in their tracks

At the outset, Condon says, an employee contract should be designed to ensure that the organisation is fully protected. Therefore, a pre-employment and ongoing strategy whereby polygraph testing is implemented and lifestyle checks are customary should be created. In conjunction with this, awareness campaigns should be instituted in companies to provide fellow employees with the tools to recognise when fraud is being conducted by their colleagues.

Finally, a whistle-blower hotline must be implemented to allow the reporting of any misconduct in a non-judgemental and anonymous manner.

Powell says that it is a good idea to introduce exception reports and conduct regular internal audits to check that bank account numbers are legitimate and that staff bank account numbers do not match the bank account numbers of supposed suppliers. SAP, for example, has a number of anti-fraud controls which users simply need to activate.

A lifestyle audit will look at elements within an employee’s personal life such as the type of car they drive and house they own, as well as any expensive clothing purchased or holidays taken. Powell points out that while the Credit Act restricts the access to private account information, Section 18 allows companies to use the information to detect or prevent a fraud in cases where it is suspected there may be intent to commit fraud.

Property ownership information is in the public domain so companies can determine how many properties employees own. Multiple property acquisitions are often an indication of fraud being perpetrated, especially where income is insufficient to cover purchase or mortgage costs.

Social media can provide great insight into the personal life of employees, including their known associates and information on where they are socialising, taking holidays and spending money.

Organisations can use the CIPC to check the registration of businesses in the names of employees to determine conflicts of interest. This is valuable when investigating tender irregularities. Powell says that it is good business practice to ask all employees to divulge their personal business interests at an early stage of employment and to ensure that any updates on this status are shared.

Conclusion

While some fraud may go undetected, it is critical that companies conduct due diligence with regard to both their employees as well as suppliers to determine misappropriation of funds. A policy of zero tolerance needs to be adopted to discourage similar behaviour by other employees and would include following the relevant prosecutory processes to bring the employee to task. Protection of passwords needs to be strongly encouraged as many fraudulent events may occur without the awareness of the password holder, due to carelessness.

It is always advisable to employ the services of a reputable service provider that has a long history of successfully implementing anti-fraud campaigns and bringing fraudsters to task.

Section 43 of the regulations to the Companies Act requires companies to put measures in place to prevent corruption risks. The anti-corruption controls regulate good corporate governance, which also assists in managing fraud risks. All state-owned and public-listed companies have to establish social and ethics committees, which monitors management’s implementation of compliance initiatives, such as the implementation of programmes that measure compliance through a system of financial and accounting procedures that include internal controls. Any identified risks should be regularly monitored and reassessed to ensure that the programme’s controls remain effective.

Fraud prevention is better than cure; companies have to be proactive in managing fraud and corruption risks.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
Standards for fire detection
SAQCC (Fire) Editor's Choice Fire & Safety Associations
With the increased number of devastating fires reported throughout South Africa, adequate and suitable fire detection cannot be overstated. SAQCC Fire will publish a series of articles in SMART Security Solutions to provide insight into fire detection requirements and importance.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
The best of local and international
Technoswitch Fire Detection & Suppression Editor's Choice
SMART Security Solutions speaks to Technoswitch’s Managing Director, Brett Birch, to learn more about the company and how it serves the fire safety market in South and sub-Saharan Africa.

Read more...
Surveillance on the perimeter
Axis Communications SA Hikvision South Africa Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Cameras have long been a feature in perimeter security, with varying reports of success and failure, often dependent on the cameras’ planning, installation and configuration, as well as their integration with other perimeter solutions and centralised management platforms.

Read more...
Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
Visual verification raises the security game
Technews Publishing Inhep Electronics Holdings Videofied SA Editor's Choice Perimeter Security, Alarms & Intruder Detection
Incorporating alarm signals with live surveillance footage, visual verification enables a human observer in a control room (onsite or offsite) to gain a clear understanding of the situation, thereby facilitating informed decision-making.

Read more...
The AX Hybrid PRO Series offers reliable wired and wireless protection
Hikvision South Africa Editor's Choice Perimeter Security, Alarms & Intruder Detection Products & Solutions
Hikvision has announced the launch of a new AX Hybrid PRO alarm system with innovative Hikvision ‘Speed-X’ transmission technology. This system offers reliable wired protection while delivering expanded flexibility with seamless wireless integration.

Read more...
Advanced Perimeter Intrusion Detection Systems
XtraVision OPTEX Technews Publishing Modular Communications Perimeter Security, Alarms & Intruder Detection Integrated Solutions Products & Solutions
Making full use of fibre installations around the perimeter by adding Perimeter Intrusion Detection Systems means you can easily add another layer of security to existing surveillance and fencing systems.

Read more...