The past six months has seen a number of Australian businesses and their customers fall victim to corporate fraud, resulting in millions of dollars in stolen funds and several lengthy prison sentences.
Do businesses need a Fraud Management Framework?
It is strongly recommended that businesses establish and implement a robust Fraud Management Framework that includes a comprehensive Fraud Control Policy to:
protect their assets, customers and reputation;
avoid being excluded from, or delaying, future business dealings (as more organisations make fraud control a priority, having an appropriate Fraud Management Framework in place is regularly a prerequisite for commercial relationships); and
ensure that its insurance policy will cover losses caused by fraud (insurers may request fraud or crime controls are in place before approving the “risk”; or the insurer may apply additional conditions on insurance policies whereby a business’ fraud controls are considered insufficient).
What is fraud?
‘Fraud’ is dishonest activity that causes actual or potential gain or loss to any person or organisation – for example:
an employee creating and processing invoices for goods and services that were never provided;
a supplier invoicing for a greater amount than is owed or more regularly than agreed;
an employee submitting false reimbursement requests;
a scammer ‘phishing’ for login information using malicious links or by impersonating a member of staff or known associate;
an employee concealing or falsifying documents or data to hide personal mistakes or misconduct;
a scammer infecting a company’s computer system with ransomware and demanding payment in exchange for its removal.
As demonstrated by these examples, the common features of fraud are deception, concealment, fabrication, impersonation, coercion, and exploitation.
Fraud can be perpetrated by individuals within an organisation (e.g. a director or an employee) as well as those outside of it (e.g. a customer, a third-party service provider or an unknown malicious actor).
What are some recent instances of fraud?
In 2020, a Bank of Melbourne branch manager was found to have engaged in fraud by redirecting $4.09 million in customer funds to accounts that he controlled. The bank was required to repay the victims immediately and file legal proceedings against the ex-manager to recoup the stolen funds.
In 2022, a former director of Deloitte was found to have used his work credit card to buy over $3 million worth of luxury items, including fine art, furniture, jewellery, watches and a hot tub. The director was able to avoid detection for approximately six years by falsifying invoices and forging emails from another partner.
These are just two of the many instances of employee fraud that have been perpetrated in recent years. A study by Warfield & Associates of 102 such instances revealed:
the average amount stolen was $3.4 million;
the age of the perpetrator ranged from 26 to 70 years old;
only 9% of perpetrators had a criminal history involving a deception based offence;
the banking and financial services sector was the most affected;
the most common reason for engaging in fraud was ‘lifestyle improvement’, closely followed by ‘gambling addiction’;
the most common type of fraud was electronic funds transfers to the employee’s own bank account, followed by false invoicing;
51% of cases took over five years to discover; and
90% of the time, the perpetrator was acting alone.
If you have any questions about the fraud risks that are relevant to your business or what you can do to control them, please get in touch with Richard Hopkin or Emma Johnson from Cowell Clarke’s Financial Services Team. Our team has experience assisting clients to establish and implement Fraud Management Frameworks to mitigate the myriad risks inherent in their everyday operations.
Thank you to Alex Dorrington for his contribution to this insight.
This publication has been prepared for general guidance on matters of interest only and does not constitute professional legal advice. You should not act upon the information contained in this publication without obtaining specific professional legal advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication and to the extent permitted by law, Cowell Clarke does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting or refraining to act in relation on the information contained in this publication or for any decision based on it.