Mitigating Employee Frauds
Employees are a critical asset of any well-managed organization. It is through the skills, talents and abilities of its employees that an organization thrives. Certain instances, however, are increasingly common in which employees seek to further their own interests at the expense of their employer. When such incidents surface, they put into question the unspoken trust that exists between employer and employees.
Within 2018 itself, several cases of employee fraud caused by misuse of trust by employees have been publicized. These cases lead to questioning the usefulness of the internal system of checks and balances, as they were unable to prevent frauds from taking place. As is often the case, many senior employees in an organization can abuse their power to benefit monetarily. Unfortunately, there is a lack of a rigorous internal mechanism in organizations which could be utilized to prevent fraud by employees.
One of the most recent and largest frauds, which also put the spotlight on the perilous state of a large number of non-performing assets in India, was committed by unassuming mid-level employees in an Indian public sector bank. These employees bypassed the PSU bank’s core banking system and issued LoU’s to overseas branches of other PSU banks by manipulating their access to SWIFT (the international financial communication system). While the fraud exceeded US$2 Bn, those responsible for the fraud within the PSU were mid-level managers.
Another fraud was perpetuated by the employee of an Indian e-commerce portal, who colluded with a supplier to the portal by procuring inferior/fake shoes to sell at them as higher priced originals of the same brand. The employee accused in the scandal allegedly received payment from the supplier in exchange for being allowed to supply inferior shoes to his employer. This move by the employee put a question on the reputation of the e-commerce portal’s
Publicly known or proclaimed employee frauds like these are a tiny fraction of the instances employers, HR and management deal with! Some common types of employee frauds include:
• Embezzlement or theft of assets
• Skimming funds via revenue diversion
• Inflated bills, expenses and allowances
• Stealing or diverting business opportunities, client lists or proprietary data
Therefore, preparing for the aftermaths of frauds like these and having a strong internal check system in place to mitigate and lower the chances of these incidents has become critical for employers. Here are some ways in which companies can lower the chances of employee fraud:
- Ensure it hires properly verified employees (no cookie cutter checks!). This is done by conducting comprehensive background checks, which clarify the candidate’s role and responsibilities with their previous employers, verify their professional degrees and assess anomalies in their application.
- Senior managers, executives, and business owners must observe and interact with employees and all levels of workers constantly and consistently to get to know them. For a senior manager, being involved with those who report to them is always a good thing, both for monitoring and motivating.
- Have a suggestion box where complaints can be shared. Keeping the identity of a whistle-blower anonymous is important to have a successful policy.
- Limit cash transactions by ensuring documentation and approval. Use formal purchase orders for capex acquisition, with at least 3 offers (along with screenshots of online deals) obtained independently by the finance department.
- In many Asian countries, members of the same community or town are expected to help one another - and they often do. This may result in an employee feeling greater loyalty towards the senior member of his community who interviewed or got him/her the job, than towards the organization they work for. The spirit of working for an organization can be instilled with some interactive and outbound activities. This mitigates potential collusion or intimidation.
- A competent manager should hold frequent discussions with the company's vendors and suppliers. Such discussions, at times, should be in the absence of those who interact regularly or as part of their job description with the external business associates. should cover the nature of the working relationship the employees have with its partners. It should also be a time to bring up any integrity or conflict issues and to understand and resolve any grievances.
- Computer passwords must be changed regularly, along with other IT access restrictions.
- There should be frequent training to all employees on zero tolerance towards breach of confidentiality obligations in the event of fraud. Random background checks of existing employees are recommended to identify lifestyle changes which seem to exceed known sources of income.
However, even if after all efforts employers fail to control fraudulent practices and have to deal with one, there are several actions they can take to control the risks to arise from that.
An organization may decide to take legal action against an employee, or employees, who have committed fraud. One method is by using the Companies Act 2013, which imposes civil and criminal liability on fraudsters. In more complex cases, fraud investigations can begin when a special resolution has been passed stating that its affairs need to be investigated. It can also be done in public Interest or at the request of any department of the Central Government.
Under Section 447 of the Companies Act, any individual found guilty of defrauding a company of Rs.1 million, or of more than 1% of the company’s annual turnover, whichever is lower, may be imprisoned for a period not less than 6 months and as long as 10 years. A fraudster may also be made to pay a fine, which will not be less than the amount defrauded and up to 3x the sum defrauded.
Employee fraud may also take the form of data theft. An employee with access to sensitive data may steal it and begin working for a rival company. In case a company has been a victim of data theft,it may file a criminal complaint at the local police station or at State-level cybercrime cells.
In addition, breach of contract disputes can lead to the filing of civil lawsuits. Under the Information Technology Amendment Act 2008, data theft is a punishable offence. If a company believes that it is a victim of data theft by a former employee, it may also file a case in civil court seeking appropriate compensation from the fraudster. Under Section 43 of the ITA Act, compensation can be extensive.