How Far Do You Know Your Employee?
What keeps you awake at night?
A question often asked of senior bank and corporate executives. In your personal life, it could be your next mortgage payment or the problem of deciding where to take your next holiday. Professionally, it is the ultimate nightmare: waking up to find your company's name splashed across the newspaper headlines for all the wrong reasons - not because of the new and improved quarterly results but because an employee within your company has been acting fraudulently. It doesn't matter whether they were doing something illegal outside the workplace or in the workplace, the net result is much the same: bad publicity and potential damage to the company's reputation.
KYE - The Next Step from KYC
Although the first bank was founded by the Medici family in Italy over 600 years ago, know your customer (KYC) requirements were only introduced about 25 years ago to prevent and deter the use of international banking operations by narcotics traffickers. Recent events have also increased the pressure on KYC, such as anti-money laundering actions and fears about terrorist financing.
To return to the senior bank or corporate executive's nightmare, to avoid the threat of fraudulent action, effective KYC measures must be accompanied by an effective know your employee (KYE) policy as well. Few companies escape the reach of employee fraud. For example, typical losses due to employee fraud in the US average 6 per cent of annual revenues, that is $6.6bn a year. It is essential that financial institutions not only know their employees but also their agents, their vendors and their outsourcing companies. Prevention and detection should be the primary fraud and financial crime related goal of every business.
Prevention and Detection
Where should KYE begin? I suggest the perfect starting point should be just that:
- at the beginning. To be effective, due diligence must start with human resources or personnel at the recruitment stage.
An important part of the verification process is references. What procedures are in place within your company for checking references? For example, who obtains them? Is there a check on the referee, i.e. address and other pertinent details? Are comparisons carried out with other references? Are you allowed to audit or check for yourself? Failure to check references properly can later cause severe embarrassment and reputational damage.
The following list provides some suggestions for checking references:
- Do a criminal conviction search in jurisdictions where it is possible.
- Credit checks - you do it before you offer a loan, why not before you hire?
- Electoral register - does the prospective employee really live where they say?
- Conduct a private investigation if it is thought necessary.
- Do your own Internet check before you hire. In fact, a new term has entered the hiring lexicon: 'google them'. You may be amazed what you find that other enquiries, such as a criminal background check, do not.
- Remember to check what is not there as well. The gap in the resume or CV that is glibly explained away and summarily dismissed as of no consequence is often not pursued as it may be considered bad manners or is just accepted as true by the interviewer. However, it may hide a criminal conviction or an episode in the candidate's life that, if explored, would totally exclude them from the company.
- Do you do your own checks or do you rely on a vendor, agency or outsourcing organisation? If you do then you must ask yourself these questions: what standards do they apply? Are they maintained? What levels of verification do they achieve? Are their standards comparable to yours? What checks do they have in place? How often are spot checks carried out and by whom?
Know Your Employee
There can be potential problems once employment has commenced despite stringent reference checks. For example, it may be determined that a pattern of conduct is developing that may give cause for concern, i.e. customers defaulting early on major loans - this may mean you need to pursue customers but circumstances might suggest that you also look at the loans officer. It is also advisable to pay attention to bank or company officers who are closer to clients than is deemed reasonable or acceptable, or clients frequenting private bank or company functions.
One only has to read recent headlines to see how employees, including CEOs and CFOs, have caused damage to company reputations and wrought havoc with share prices. How does this happen and, more importantly, how can it be prevented? The reality is that human nature being what it is, not every person is as honest as one would like. Although total prevention is impossible, minimizing the risk through stringent reference checks, for example, is a very practical solution.
Processes, not police
While KYE should not entail the institution acting as a ‘police officer’ that constantly watches over employees, it is likely to involve increased and more consistent monitoring of certain activities. Many institutions have already taken steps in this regard.
In a recent webinar on KYC and KYE in Asia Pacific staged by Wolters Kluwer and the Risk Management Institution of Australasia (RMIA), 50% of 130 respondents to a live poll said they had a manual process in place that assessed employee activities related to personal trading, personal account dealing, compliance certification and potential conflicts of interest on a regular basis. Another 34% reported having an online system that performed such assessments; only 16% said their institution seldom conducted evaluations of these activities. More companies are likely to opt for automated solutions in the future as a means to formalize the monitoring process, and reduce room for inconsistencies or errors.
Do occasional random checks where necessary to see if an employee has recently moved 'up market' for no apparent reason, or acquired a fancy car, or started private education for children in expensive schools. The bottom line is: do they seem to be living beyond their known means and income? If they are, you might be the unwitting benefactor.
It is also important to be cautious of contacts introduced to your company from internal sources. In particular, beware of:
- New business introductions from an unusual internal bank source.
- New business introductions from new clients offering potential large deposits from other jurisdictions.
- Promises of large future business through third parties from small business clients.
Employee-associated fraud can potentially devastate a business and destroy reputations. Don't take a chance with decisions based on assumptions - always check your facts so that you really do know your employee.
Who is Most Likely to Commit Fraud at Your Company?
Key findings about fraud perpetrators from the 84-page Report include:
High-level perpetrators cause the greatest damage to their organizations. Frauds committed by owners/executives were more than three times as costly as frauds committed by managers, and more than nine times as costly as employee frauds. Executive-level frauds also took much longer to detect.
Fraud offenders were likely to be found in one of six departments. More than 80 percent of the frauds in the study were committed by individuals in accounting, operations, sales, executive/upper management, customer service or purchasing.
More than half of all cases in the study were committed by individuals between the ages of 31 and 45. Generally speaking, median losses tended to rise with the age of the perpetrator.
Most of the fraudsters in the study had never been previously charged or convicted for a fraud-related offense. Only seven percent of the perpetrators had been previously convicted of a fraud offense. This finding is consistent with prior ACFE studies.
Fraud perpetrators often display warning signs that they are engaging in illicit activity. The most common behavioral red flags displayed by the perpetrators in our study were living beyond their means (43 percent of cases) and experiencing financial difficulties (36 percent of cases).
The information helps arm owners, managers, anti-fraud professionals, law enforcement and others with more insight into the risk factors of fraud.
In its 2016 study, the Association of Certified Fraud Examiners (ACFE) report to the nation cited several factors that correlate with an employee's likelihood of committing occupational fraud and may indicate the size of the loss:
Position in the organization - As a fraud perpetrator's level of authority increases, so does the amount of the associated loss.
Annual income - The size of the fraud generally increases with the perpetrator's annual income. Fewer than 5 per cent of the cases in the ACFE study involved a perpetrator earning more than $200,000 per year, but in those cases the median loss exceeded $1m.
Tenure with the organization - The report found a direct correlation between a perpetrator's term of employment and the size of the loss. The ACFE attributes this to the fact that employees gain higher level positions over time and, perhaps more importantly, greater trust from supervisors and co-workers. The more an organization relies on an employee, the more authority that employee exercises, in turn increasing the opportunity to commit fraud.
Gender - Perpetrators in the study were almost evenly split between males and females, although the median loss was greater in schemes carried out by men.
Age - The ACFE found a direct link between the age of the perpetrator and the size of the loss. Forty-nine per cent of perpetrators were over 40 years of age, and only 17 per cent were under 30.
Education - About half of the perpetrators failed to go beyond high school, 42 per cent earned bachelor's degrees and only 9 per cent boasted postgraduate degrees. But as the perpetrators' education levels increased, so did the size of the fraud loss.
Number of perpetrators - About two-thirds of the cases in the ACFE study were committed by a single perpetrator. When multiple perpetrators participated in a scheme, the median loss rose dramatically.
Criminal history - Most of the perpetrators were first-time offenders, suggesting that employee fraudsters typically aren't career criminals