We were delighted to be joined by Robert Brooker, Head of Fraud and Forensics and PKF GM on the latest instalment of our brand new webinar series, Wired-In. In a thought-provoking session, Rob examined emerging fraud trends and presented actionable guidance to enhance your fraud detection methods.
Below, you’ll find a full transcript of the session.
If you’d rather watch the session on-demand, simply click here to catch up on the recording from the webinar.
Reece Baggott, Digital Marketing Executive at NorthRow: Welcome everyone, my name is Reece. I’m the Digital Marketing Executive here at NorthRow. Welcome to the first Wired-In of the New Year, I’m delighted to have you with us.
I’d just like to say a massive thank you to everyone on the line, so far. This is only the third Wired-In session, and the response we’ve had to this session in particular has been great.
So to anyone new, or returning, welcome and I hope you enjoy this session!
If there are any topics you’d like covering in the future, please do drop a line to email@example.com and I’ll be able to pick that up and get a guest on to cover that topic. So please do let us know.
As mentioned, today is going to be ‘The Fraud Landscape: Fight or Flight’ with Robert Brooker. Rob’s the Head of Fraud and Forensics at PKF GM, he’s formally the Head of Fraud at Transport for London, TfL. He’s an accredited counter-fraud specialist, he’s lead disciplinary, civil, and criminal investigations in fraud, bribery, corruption, security breaches, cybercrime, intellectual property, and prosecuting allegations.
He’s worked in the private, public and not-for-profit sectors in fraud, bribery, corruption and fraud risk management for over 20 years. He’s also the chair of the London Fraud Forum, a public/private partnership dedicated to best practice, preventing, detecting and investigating fraud, bribery and corruption.
That was a bit of a mouthful for me! But I’d just like to say, I attended the last Fraud Forum with Rob. He put on a great event, some great guest speakers and like minded people. I’m quite new to the space in particular so I learnt a shedload! And if you take anything away from this session bar what Rob’s going to say, is please go check out the London Fraud Forum. It’s a great day, a great event and I’m sure Rob will be pleased to see you!
So Rob, if you don’t mind flicking forward one slide for me.
To anyone who has recently joined the series, or is new to NorthRow. Just a tiny bit about us. We provide software that empowers compliance officers to make faster decisions and onboard customers in seconds, not days while also complying with ever-changing legislation to contribute to their business’ growth safely.
Robert Brooker, Head of Fraud and Forensics at PKF GM: Good morning, all.
Thank you, Reece, for a great introduction. Hope he hasn’t hyped me up too much! I hope it is a decent webinar for the next half an hour, and please make it as interactive as possible.
What’s keeping you awake at night in the fraud world? What’s really worrying you in your day-to-day jobs? Keep them coming, because ultimately, I’m here to help you. It’s your half hour, not mine.
You’ll notice, I’ve got no slides. I’m going to talk to you rather than death by PowerPoint! Anyone who’s suffered during the last two years of COVID, that’s all we’ve had. PowerPoint, PowerPoint, PowerPoint. I’ve tried now to not use it, because I think it is more refreshing not to use it! Hopefully you benefit from it too!
At the end, anyone who wants to ask me any questions, or anyone who actually wants any information or anything from me, please feel free to reach out. I’m more than willing to help people wherever I can.
I think my introduction has all been done! So, we can go straight into it and we’ve got four bullet-points there at the beginning. I won’t necessarily take them in order, and will give a bit of background to it.
Those who know me, good morning and welcome. Those that don’t, hello! I hope this is of benefit to you, and hopefully we manage to iron out some of the misconceptions around fraud, bribery and corruption at the moment.
But ultimately, I think we all know, fraud, bribery and corruption at the moment is huge. Absolutely huge.
I don’t know if any of you have seen some stats or data on it recently? I believe that fraud and cybercrime equates to 41% of all crime committed in the UK.
Just think about that.
41% of all crime.
But only 1% of policing is dedicated to combatting economic crime. Fraud levels are higher than pre-pandemic. The latest data shows losses over the past year are £4bn. What that actually means is all residents aged 16 or over, in the UK, are more likely to be a victim of fraud than they are of any other type of crime including violence, robbery, burglary etc.
Just think about that for a moment.
41% of all crime is fraud-related. And only 1% of policing is dealing with it. Hence the reason why people like myself, accountants, lawyers, fraud investigators, per se. We all have a role to play, we can help and assist, because ultimately, the police won’t.
We’re going to look at that a little bit later as to why they won’t, how that doesn’t happen. I can hear people now in their minds, and I’ve had this, and this is a quote from when I visited a client: “I don’t have any fraud here.”
You don’t have any fraud? What does that mean to me? Because I don’t believe that, I’m afraid.
We all have fraud, whether we know about it or not, is a different matter entirely.
We all have fraud happening in our organisations.
My first question, my retort to that, is “how much education and awareness do you do?”
“I don’t educate my staff about it, what do I want to tell them about fraud for? That’ll just encourage them to commit it!”
My response was: “That’s great, but how do I report fraud in your organisation if I don’t even know what it is? How can we get anybody to report fraud? If I don’t know what fraud is, and we don’t educate people, how can we expect them to report it?”
Yes, there’s a flipside to that and people will say that actually if they don’t know about it, and all we’re doing is encouraging them. I don’t subscribe to that theory, I’m afraid.
You educate people, they’ll come forward. They don’t know how to report, who to report, what constitutes fraud, bribery, corruption and whatever other financial crime it might be.
But once I know how to report it and what to do, then hopefully I’ll have confidence in doing that.
And this all leads into that ‘tone from the top’. Behaviours, culture, consequences. And that for me is about consequences and behaviour, that is fraud risk management. And the tone from the top is that exec board within each organisation that we represent.
So, ultimately, we say we don’t have any fraud, we do not educate people on what fraud is, sure enough, will end up receiving allegations of fraud, bribery and corruption.
Do you have a whistleblowing line? Do you have a whistleblowing telephone line or email address? Is it run by a third party, is it run by yourselves? What’s the best way of doing that? There are apps out now as well. And I’ve got a lot of time for the app, I think it is a really easy, convenient way of people being able to report it, remaining anonymous and hopefully, it being dealt with at a later date.
But what do we mean by ‘tone from the top’?
What do we expect that exec board to do for us? And that is part of it, education and awareness. How do we educate? On our intranet, we could have daily or weekly bulletins about fraud, what constitutes fraud, what fraud is out there at the moment?
We’re in a real crisis at the moment in the UK aren’t we?
Energy crisis, cost of living crisis. Desperate times call for desperate measures. There’s plenty of fraud out there unfortunately, so it’s easy to educate people around what fraud is. And when you tell them the legislation behind it, what constitutes fraud, examples of that, and from there we can move on to educating and making them aware.
We run annual, and I’m sure in compliance you also run annual, financial crime advice and awareness sessions. But you have it more often than that. We can have posters in lifts, posters in toilets, just reminding people of the whistleblowing details or just reminding people to be on their guard because fraud is paramount at the moment.
Just educating people, making them aware of exactly what fraud is, what constitutes it and how it affects them.
The best way of educating people is to get them to think about it in their daily life. Get to thinking about it in their personal life and then you’ll bring it to work. It’s really hard to start from scratch and get people to educate around fraud in their work life.
The UK Finance Take 5 campaign is fantastic. Take five minutes, think “is that too good to be true?” There you go, that is a piece of education. Just take five minutes, and we’ll talk later about push payment fraud and that kind of thing, but actually what does it mean in that workplace?
Social engineering is a big part. If you’re working in accounts payable or accounts receivable, it plays a massive part. And people are doing that now, emails, telephone calls, building up that rapport, building up that relationship. Before ultimately, you receive a change of bank account details for instance, for a supplier and it’s not really the supplier. It’s the fraudsters. And what happens is you pay the next payment to them, the next invoice goes out and it ends up going to the fraudster. The only time you know that you’ve done that is when the actual supplier contacts you and says: “Any idea when we’ll be paid for invoice number 1234, please?”
“We paid it six weeks ago.”
“No, I’m afraid we’ve not received it.”
“Yeah, you changed your bank account details?”
“We’ve never changed bank account details.”
And that’s when the penny drops and all of a sudden you’ve lost six figures or whatever it might be, to a fraudster.
But they build up that rapport. “I knew that person, I’ve been speaking to that person!”
What can you do to overcome that? Take five.
Any change of bank account details, don’t act upon the email you have. Don’t act upon any phone call. Go back to your original paperwork, back to your original contacts. Telephone calls, rather than an email that could be possibly intercepted. Just have that conversation and make sure you actually know that it is the company and whether they have actually changed their bank account details or not.
So the behaviours within an organisation, and obviously the culture are important. We want the culture to be fraud aware, to be financial crime aware for all staff. And not only staff, contractors. Not only contractors, but suppliers. Do we ever run sessions with our supply chain around what fraud is and how you’re aware of it and how seriously you take it?
I’m sure many of you have Cyber Essentials or ISO 27001, how many of you have got any prevention against fraud? Yes, IASME who produce Cyber Essentials, they have something called Counter Fraud Fundamentals. Have a look at it, it might be worth having in at least your supply chain or your suppliers give you assurance that actually you know what they are doing and they have some kind of embedded processes and structure in place.
That’s how you can improve the culture of your organisation. And then it is down to the behaviours of your staff, your contractors, your supply chain. So what does that look like?
What do we mean by behaviours? We mean the way they act, the way they behave, the way they want to interact with us as an organisations. Whether it is your staff, or whether it’s your contractors, whether it’s your supply chain.
We educate them, we want them to listen to that. We want to give an attestation at the end of our annual training and make sure that they’re educated. Because the first thing you’ll be asked if you end up in court in a situation with a member of staff or a supplier is: “Were they aware of what fraud is? Did you ever educate them?”
“Yes, on the XYZ date of last year, they completed an online fraud awareness course or they attended an in-person course.”
Therefore, you’ve got a bit of backup when it comes to it, and you’re showing the right behaviours for your staff. They won’t then be looking at committing fraud because they know you’re looking at it.
But the biggest point of that is your staff. And ultimately, what does that mean to your staff? What does it really mean to them?
It means you’ve educated, and they should have assurance from it. They’re happy working in an environment where they know that fraud goes on but you deal with it.
How many times do we hear “I know so-and-so committed fraud and they’re still working here”?
That’s not behaviour, culture, or tone from the top. That has no consequences, and the problem with that is that everybody knows it is going on, everybody knows that people are committing fraud and you don’t deal with it.
If you don’t deal with it, that doesn’t deter anyone else in the future. If you don’t deter people, it just snowballs and more people join that clan.
I’ll give you an example from my time at TfL. We had a call centre and, unfortunately, we had people taking payments and during that time, they were basically top-slicing people’s bank account details. And that grew, and grew, and we had a few people doing it. Because, by the time they came to us as a fraud team, they already knew about one or two people and they quietly got rid of somebody, and didn’t do anything else about it. And people thought “there’s no real consequence to that. We all know he was the ringleader, he’s taught us how to do it!”
All of a sudden, more and more people started to do it. But, no disrespect, the jobs were two-a-penny at the time and people could walk out and get another call centre job.
And that’s what they did, they worked as a group and would go from organisation to organisation.
So please, ensure that you publicise it internally if you have dealt with somebody. You don’t have to name them, just say that somebody was dismissed for fraud. And this is what you’re doing, you don’t have to give the details. But it sends out that right message. That is the tone from the top. That’s behaviour. And you create that culture then, that you are anti-fraud and you won’t be dealing with such people. That is the fraud culture.
If you’re countering fraud, that makes life so much easier.
I know a guy who worked in, and this is a case I worked on, accounts payable in a professional services firm. He had autonomy over payments, all the invoicing, and he just paid them all. Went in there as a contractor, and said “I’m not really happy with this autonomy, nobody else is involved in this, it’s all me.”
There was a backlog in accounts payable, and he brought it up again, about three months later and was again promised that once the backlog was cleared, they would look at how they could bring some more structure to it, other people, ensure an approval process etc etc to try and minimise that risk of fraud.
It didn’t happen.
And in the end, he’s seeing invoices go out for hundreds of thousands of pounds and thought “Do you know what? I’m going to set up some invoices, some fake invoices, pay myself, see what happens.”
And sure enough, that’s what he did. Just paid the invoices, wasn’t that clever, it just went into his own account. It wasn’t like a separate account or anything, the same account where he was being paid his wages, and over an 18 month period, he stole a quarter of a million pounds. £250,000 over an 18-month period, that’s a lot.
The day he was arrested, the company was totally unaware. It had been raised by suspicious activity reports, between the banks because he’d got greedy and paid himself too much money in one lump sum. How much of that money was left, when he was arrested, in his account? £250,000, the whole lot. Why? Quote, unquote from the fraudster: “Because I could. I wanted to make a point of what I could do.”
It didn’t stop him getting three years at Her Majesty’s Pleasure at the time, thankfully. But ultimately, there is a lesson to be learned there. It’s really quite simple, how many of you compare your employees with your supply chain? i.e. their postcode and address, and the bank account details. Yes, you might be fully aware that somebody’s spouse works for you and they’ve got a joint account so therefore the money will be going into the same one, or they live at the same address, that’s not a problem. We know about those, cross them off.
But unfortunately, and it does happen, and it’s one of the first things we do when we go into an organisation, just quickly run that check and see what the situation is and whether we’re aware of it or not. If you’re committing fraud, they’re not necessarily always the brightest and they’ll just pay that money into the same account. Or, the heading on the company invoice would be that person’s home address. So it is worth looking at.
With that, we look at insider fraud, and the insider threat. What do we mean by ‘insider’? Do we only mean staff? No we don’t. We mean people working as contractors, they might be temporary staff, they might be working on behalf of other organisations, and that is what we get regularly.
At the moment, as I said, unfortunately, in a cost of living crisis, the insider threat will increase.
I have no doubt about it, and it already is. As we said, desperate times call for desperate measures. And people need that money.
There are two types of fraudsters. There’s the greed and there’s the need. When you look at the need, at the moment that’s to put bread on the table and keep a roof over your head, or pay the electricity bill. But the greed part of it, and particularly during the pandemic, is feeding a habit, addiction. During that time, a lot of people were at home on their own and subscribing to gambling sites online, and unfortunately, you need money for that. And people were taking money from their firms. And that will still happen. That was during COVID, whereby people didn’t necessarily have complete oversight of what their staff were doing at home.
But now, it’s a different world. That insider fraud, that insider threat is now about your staff and that they need to just cover their heads, ensure that they’re feeding their children, ensure that they are able to pay their bills. And it will increase.
But the insider threat, what do we really mean?
There are three types of insider, in my mind. One is malicious people who take advantage of their position to cause harm to an organisation for personal gain, as I described earlier at TfL in the call centre. They targeted organisations, just remember it’s also about your confidential information, what can they glean from you? If they can ultimately put together a lot of names, addresses, bank account details, dates of birth – whatever it might be, they can go and sell that on the DarkNet. It’s worth a fortune.
And then it gets spread around on the DarkNet, so when we hear about people getting text messages, voicemails, telephone calls, unfortunately this is what is known as a ‘sucker list’ and they get shared amongst the fraudsters.
That’s the malicious insiders.
Negligent insiders. People who make errors, circumvent controls and disregard policies which place their organisations at risk. They might not do it on purpose, but is there an undertone to that? You can only ignore things a certain amount of times.
Then we have the infiltrators. The external actors that obtain legitimate access to credentials without authorisation and use them to exploit the organisation. And people do exploit their organisations, they get money out of it, they get time out of it. Just don’t forget, I appreciate many of us have things in place to prevent a big fraud. We have controls, we have continuous monitoring. But why do I need to steal £1m off of one person, when I can steal £1 off of a million people? Just think about it.
There are two types of fraud: high value, low volume and low value, high volume. And that is what goes unnoticed, would you miss it? Probably not a pound here and a pound there.
But when it is all put together, and it’s a million pounds, of course you will. Doesn’t matter what organisation.
So yes, the insider threat is there. Yes, it’s really rife now. It has always been around, but I think it will increase considerably during this time of uncertainty and people will be looking to make money wherever they can.
And as I say, I don’t think they will be the biggest frauds, but you can have a look in your local areas. I know from my local Facebook pages, and police notices, at the moment, car crime and burglary has increased. I don’t know how many-fold, but I’m sure it will be announced and come out. It’s huge, absolutely huge. This kind of disappeared for a while, and unfortunately it probably goes back to 2008 when we had the financial crash, it probably disappeared after that and it’s raised itself again because desperate times call for desperate measures. And that is what people are into, just breaking into cars, breaking into houses, selling stuff for whatever they can.
And that’s the need, it’s not greed. We need to be aware of that in our organisations from a security perspective as well as a fraud perspective.
Which leads us into the liability of action for you as an organisation to prevent fraud within your own environments.
Yes, we all know about the Bribery Act, Section 7, I’m sure, which is the failure to prevent bribery in your organisation. That falls into your corporate governance. What policies and procedures do you have in place to prevent it? What education and awareness do you do? Risk assessments. How many of you undertake a risk assessment? I’m sure you do, how detailed are they?
This is all within Section 7 of the Bribery Act. Then we now talk about fraud and the Fraud Act, which is from 2006. We’re in 2023 now, it’s 17 years’ old.
Hopefully, some of you will know Breaking the Chain which was a paper produced by the House of Commons recently. And one of their points was to include within the Fraud Act now, an amendment to the legislation to include failing to prevent fraud within an organisation.
So if you’re not doing it, you need to look at your own awareness and education. You need to look at the risk assessment points too. What do we carry out as risk assessments? What do we do as awareness and education? What do we do in our organisation to prevent fraud?
If you’re not doing it, and you become liable, as we’re finding out and some companies have already found out with the Bribery Act, there is a huge percentage based on turnover which you will then be fined.
Ultimately, could there then be people being held culpable or neglectful at the top? We’ve talked about tone from the top, and you’ll see some senior executives held accountable. And that won’t be financially, that could be at His Majesty’s Pleasure.
It’s really interesting to see how that legislation develops. It’s at the report stage at the moment, going through the House of Commons with the Economic Crime Bill and hopefully, it will fit in. The sooner we get it, the sooner organisations will need to start to take on that responsibility.
It’s the same as the banks, and push payment fraud. Is it preventable? I think it is. Do these banks have to take all the responsibility? Are you neglectful in your transactions? How many of us are checking our payments, who we’re paying?
As we said earlier, it’s the same as the mandate fraud, direct debits going out, standing orders. It’s the same really when making a payment online.
Interestingly, the Breaking the Chain report also includes a paragraph all around delaying payments. They are looking at delaying payments, no more than several hours. We are looking at slowing it down. We know, with push payment fraud at the moment, everything happens in moments. So I do know it has been brought forward, that it should be considered. We should look at it and consider whether these payments need to be made immediately or otherwise.
But also, in your organisations, think about it. Even in your own life, the one we always see is the text message, the emails, the voicemails, we try and pay for something – do we always do it straightaway? I’d like to think we all work in this world and we wouldn’t but has that really been educated to the UK public? Has it really got people slowing down?
Back to that point, is it preventable? I think we can do more awareness and education, I really do. I don’t think we’re doing enough. Does that include the banks? Possibly.
Many of you on here will know about the Barclays situation, whereby they were making payments to alleged investors and unfortunately, despite police even knocking on their door and telling them they were fraudsters, they continued to make payments.
And there’s that ongoing law decision, legislation, court decisions with regards to who is liable in that case. They were educated, they were told not to pay it, but they continued to.
More and more, as we look at crypto now and foreign exchange particularly, people are paying and getting good returns on their investments. They even give you a payout! But they’ll only give you one or two payouts of small amounts. You then build it up and take out the rest. Guess what? It’s all gone in commission, in fees and heaven forbid, how they do this, the third one I’ve heard of just recently is that they’ve paid your capital gains tax on that amount of money for you as well.
Again, easy for us to sit and say “Really? That doesn’t surely happen!”
But it really is happening.
That same thing really, push payment fraud runs through your tone from the top. Let’s recap, the liability and action for failing to prevent fraud, leads into push payment fraud. If you’re going to be liable for it, hopefully you will take a bit more care.
Should we have that in our day to day lives as well? Do we need to look at whether we are neglectful or otherwise?
Okay, there is Confirmation of Payee (CoP) on banks, we all know about that and a lot of us now get asked the question whether we’re happy that it is Robert Brooker that we are paying and it is account number 12345…
How many of us ignore that and just pay it anyway? We think we’re paying an individual and it’s a company or vice versa. That is where push payment fraud is preventable. The banks are doing bits, not all, but more can be done. Particularly, around education and awareness for everybody.
Same as that insider threat. It’s interesting when you look at insider fraud, just remember to look in your own organisation and ask “where would you commit fraud in our organisation?”
Get an understanding of where your risks lie, what mitigations you have in place and what you can do about it if it’s not there. Because it will be. As I said at the very beginning, I don’t believe there’s no fraud here. I just don’t see it, it’s everywhere at the moment. We need to dig deeper, we need to look for it. I appreciate it’s knowns and unknowns, and it becomes a myriad of different questions, but that’s the culture we want to create, create the behaviours within your staff to report stuff. Not just let it fester away, because when it does happen, it becomes huge. And the impact of fraud is devastating.
It isn’t just you as employees, it’s your supply chain, it’s everybody that is involved in that company.
I work closely with insolvency practitioners, and companies that are becoming insolvent and unfortunately, that is increasing whereby people have committed fraud which leads to that company becoming insolvent.
I just dealt with a case, back at the end of last year, very sadly whereby a small company, a bathroom showroom company with a few outlets. They were all friends, set the company up some years ago, and unfortunately one of their members of that directorship had been helping himself and making payments to himself. They were friends, he got imprisoned and lost the money, but what meant more to the other three, was their friendship. And that is the problem we get. They had to shut a couple of their showrooms, lay people off, cut their supply chain, the spouses of those staff – it just has such a large impact.
And it stays with you forever, and it’s a hard way of learning. We talk about education and awareness, I don’t want people to learn the hard way. I’d rather we learned the easy way.
Let’s have a look at the questions and answers now then. Reece if you can take those through? Thank you for your time all, as Reece said at the beginning, I really appreciate those of you putting questions in. It is an interesting area, as I said at the beginning, I’m a bit of a parasite. Everyone else’s downturn is my upturn!
You can imagine at the moment, we’re really busy. It’s not a great situation for any of us to be in, and I’m presuming yourselves in compliance are also experiencing the same across the whole financial crime piece.
So thank you for giving up your time to listen to me and I welcome the questions.
Reece B: Amazing, thanks Rob. I think everyone can see how eager we were to get Rob on the series, real-life examples, insightful, well-spoken, just great stuff Rob!
Questions. We’ve had a boatload come in! I’ve tried to pick a few that stand out, I’m sure that Rob will be happy to respond to any others in his own time as we have had quite a few come in!
So Rob, what are your thoughts on the BBLS and the amount of fraud committed during that time. Was the application process too good for fraudsters?
Robert B: It’s an interesting concept that’s rolling on and on, isn’t it? Let’s be absolutely honest about it, we know the process wasn’t perfect. We know it was all too easy. Whether we look at the Bounce Back Loan Scheme, whether we look at the eating out scheme, everything we look at, there was fraud. Unfortunately, some of those people, when we talk tone from the top, probably aren’t the people that should be involved in it. I.e. MPs themselves, even those allegedly sitting on the Cabinet. Yes, we made it easy. What were they to do at the time though? I don’t know. Could they have put in more prevention, more due diligence in place? Of course. But hindsight is a wonderful thing and it’s like anything, you’ve got to take that due diligence in the first place. You need to know who you’re paying and what you’re paying.
We’ve heard of stories where companies didn’t even exist, they weren’t even in the locations they said, they had folded the company times before but they still paid the money. Of course, we could have done more to prevent it, I think it’s easy to be clever after the event. But at the time they were just trying to help everybody and get the money out.
The bit that bothers me now, is the lack of pursuing those payments that have been made fraudulently. And this is something that is bouncing around time and time again, if you excuse the pun. But it is circling back all the time.
I appreciate that there is a pot that is bad debt provision and we can leave some of it be, but it doesn’t sit comfortably with me. There are too many people who have defrauded the situation, spent the money on cars, high life and holidays, when actually, they were well needed bounce-back loans to keep companies afloat to ensure that people have actually got a job.
More could be done, it’s easy to be clever afterwards, but like anything, when you’re making a payment, please undertake some more due diligence and then pursue it if you do become a victim, don’t just leave it.
Reece B: Awesome. While that question was being answered, we’ve had a lot of people just saying thank you Rob – and that they’ve loved the non-presentation style PowerPoint.
Robert B: Great, thank you!
Reece B: I have seen a lot more questions come in, and sorry to you guys but we’re going to have to prioritise the people that asked first.
Robert B: If we’re able to have contact details, or via Reece and the guys at NorthRow, I’m more than happy to answer every single one. Those of you that want to reach out, I’m on LinkedIn or my email address is: firstname.lastname@example.org – but Reece has all my details as well, I will answer as many as I can, if not all of them!
Reece B: We’ll be able to send the questions over to Rob after and, as he said, he’ll get back to you when he can.
Why don’t more companies reward whistleblowers, especially the anonymous ones?
Robert B: Love it, a great conversation again! Whistleblowing is gaining momentum at the moment through the EU Directive as many of you will know. But actually, what are the advantages and disadvantages of rewarding whistleblowers? It’s a conversation I’ve had recently within the construction industry. Let’s look quickly, what are the advantages? Yes, it will encourage others to come forward. It’s very well used in the US by the way, extremely well used in day to day life. While it would encourage others to come forward, there’s a lot more work to be done to ensure that those reports are not vexatious or vicious. So there needs to be a lot more work around that, because obviously if there is a pound note hanging on the end of it, then unfortunately, as we all know, people would act in that way.
What are the advantages? You’re getting people to report, and hopefully they want to because they want something in return. There are genuine people in there that are reporting for that reason. As in everything with fraud, there’s the good guys and there’s the bad. And it will be exposed. People weigh up the risks of you as an organisation and the long term effects. It’s not just the financial impact on you as an organisation, reputationally, your supply chain, what does that look like to the consumer? It’s not great is it if you do actually pay somebody out, and there’s not anything in it at the end or it’s a little bit mixed and it is vexatious.
People look at it, they look at the risks, undertake their own due diligence around it in the first place, try and have a look at risk assessing the situation, and generally speaking, in the UK people aren’t giving rewards for whistleblowing. Will it change? Potentially, as we seem to follow America in a lot of ways and I think it probably will.
But at the moment, I think there is still too much grey matter that people aren’t comfortable about.
Reece B: Great stuff. When should organisations make the announcement once a fraud has been discovered? They’re thinking about the possible impact there could be if multiple people are involved in committing a fraud.
Rob B: Great question. Is there ever a good time? No.
You need to keep that really small, in a compact, tight few people that know about it in the very first instance for exactly the reason you’re saying. It’s giving away evidence and compromising the investigation, and people get rid of vital evidence or they do a runner themselves. But once you’ve carried out your investigation, and you know who you’re dismissing, there are three options.
Dismissal and disciplinary. The ultimate is prosecution which can take a long time. And then the other side of it is the recovery of the monies lost or the goods.
Let’s just look at that very quickly, what do we do and when do we report it?
The minute you’ve taken an investigation and you’re happy that you’ve got everybody you want to, whether that be disciplinary or they’re going out the door, report it. The fact that there’s a court case ongoing doesn’t particularly matter, because you can still say that someone has been dismissed pending the outcome of a court case. Even if they don’t get found guilty in court, don’t panic. There are two levels of evidence-based testing. In a HR disciplinary investigation, it’s beyond all possibilities. Then in court, it’s beyond all reasonable doubt.
So on the balance of probabilities, you were happy to dismiss. That’s great, not a problem at all. Beyond all reasonable doubt, and the fraudster won’t be looking at whether they’ve committed the fraud or not, it’ll be on the technicality to do with legislation, the way you’ve collated the evidence etc, then that can be a different story.
For me, back to the question, report when you’re in a position where you’ve dismissed, you don’t have to name the people, and say that it is an ongoing case. But ultimately, don’t do it during the investigation because you’ll send hares running, too many people involved that you don’t need. The minute you’ve got a conclusion, deal with it. And if you can recover the money in between, please promise me, and there are still companies out there dismissing people and letting them have their final salary payment. Please don’t do that. Take that money off them before they walk out that door. Don’t make life easy for them.
Also, if you’re a member of CIFAS or even if you’re not, look at reporting them in our world and make sure they can’t then go and work elsewhere. All you’re doing is moving the problem as opposed to solving the problem. All they will do is leave company A and move to company B and do the same thing.
So, please report to CIFAS as well.
Reece B: Excellent response, Rob. I think we’ll go for one more just so we’re not running over on time. But as mentioned again, Rob will do his best to get in touch with you.
Regarding international cooperation, where does the trail typically go cold? Dubai is seen as a tactical destination or transit location, but also a strategic one. Rob, do you have any thoughts on that?
Robert B: Well, what a great question and probably, a whole webinar on its own if I’m really honest! As you rightly say, where does that fall down, whose responsibility is it, why does it fall down, what can we do internationally, who do we need to include, who do we need to make sure is aware of it at the right time to make sure people are aware – and this isn’t really answering it because we’re only touching on the surface!
But back to your point in your question, I think there is a combination of all of those parts that contribute to it falling down and yes, it can be overcome. It needs to be structured, it needs to be a well-built investigation and then, most importantly, the communication needs to be right. Is it at the end, is it at the beginning, who do we include and when do we include them. I’m happy to respond to that in a lot more detail, but as I say, I think that’s probably a webinar at a later date on its own!
What a great question and a really interesting subject when it comes to international.
Reece B: Well, you’re more than welcome back Rob so maybe let’s make that happen!
Before we move on, Rob, is there anything you want to promote from your side? I know you’ve got a few things on the go at the minute!
Robert B: I have indeed! As many of you know, and has been mentioned by Reece at the beginning, I am Chair of the London Fraud Forum. There are Fraud Forums throughout the whole of the UK, from Wales to Northern Ireland, from the North East right the way down to the South West. If any of you are in those areas, please look them up online or reach out to me to support the Fraud Forums!
In addition, there’s another social enterprise that I’m involved with called UKIFA.co.uk – United Kingdom Identity Fraud Advisory. If you’re a victim of identity fraud, whether you’re a business or individual, it will tell you what to do and how to go about repairing your identity.
Back to the Fraud Forums, I’ve just set up something called the UKFF: UK Fraud Forums which will be a strategic body bringing together all of the Fraud Forums throughout the UK with the hope of saving you time and money as members and ensuring that, as members, you’re getting the right information and intelligence spread, and equally that you’re also receiving economies of scale when it comes to conferences etc.
So, thank you very much indeed. As I say, I do work as Head of Fraud and Forensics at PKF, which is a top 10 chartered accountancy firm, working as a consultant within fraud, bribery, corruption, financial crime and forensic accountants. So if any of you have issues or problems from prevention, detection, deterrents or heaven forbid, investigation or restoration of losses, please reach out to me.
Reece B: Please engage with Rob, he’s great. Do you mind just flicking the slide forward two slides please Rob?
Amazing, so our next webinar is going to be next month on February 22nd. The cost of compliance has never been steeper and regulators across the globe show no sign of letting up despite political promises. This is going to be a session that looks into RegTech, it’s going to be a very interactive session, a whole session based on a Q & A.
We’ve got John-Paul Eaton, you may have seen him on LInkedIn where he is very active. He’s the Global Community Director at FinTrail and FinCrime Exchange so another great guest to have on the series. Invites will be going out next week so do keep an eye out for that, it’ll be the same time, same format and I really hope to see you there.
Just one more slide for me Rob.
So just a bit of a plug from NorthRow! We help you to accelerate growth safely with AML compliance, from onboarding, monitoring and remediation. We have just launched our new website, as you may have been on the series before, we’ve changed our branding as well. There’s tonnes of new resources and content on there if you’re looking to start your buying journey into AML software, anything from KYC and KYB screening, ID&V, case management and remediation…there’s lots and lots of stuff going on.
So please do check us out on northrow.com!
Just a massive thank you to everyone who has joined, we had a lot of people on the session today, lot of questions! Rob, you’ve been a fantastic guest, hope to have you back on the series later down the line as well! We’ll send everything across to Rob, any questions that didn’t get answered, but also the ones that did, just in case Rob wants to elaborate.
But that’s it from me! And a massive thank you to everyone for joining. Rob, any words before we leave it?
Robert B: No, just a massive thank you as always. I’ve worked with NorthRow for a long time, on and off through various people and they’re always a pleasure to work with for the benefit of everybody listening. Thank you very much indeed.
Reece B: Likewise Rob. Thank you again to everyone for joining, enjoy the rest of your day. Stay safe and look forward to seeing you on the next one as well.