With high profile news stories about data theft and cyber-attacks, business is properly focused on managing risks from these external sources. As a result, less attention can be paid to risks from within the business. Bartier Perry explains the risks.
An obvious risk is that posed by employees, who, for whatever reason, decide to do the wrong thing and take from the business.
The good news is there are a number of simple steps a business can take to reduce the risk of loss from employee fraud and theft. Such steps include:
- Effective screening prior to employment, including proper reference checking and, where applicable, a criminal record check. Admittedly, these measures are not guaranteed to be successful and will only identify past indiscretions. Be careful not to discriminate against someone because of their criminal record; their criminality must affect their ability to perform the inherent requirements of their job;
- Prepare and promulgate policies and systems including:
- A policy which allows the business to access and monitor computer, email and internet use. Importantly, those policies must be supported by systems to track and record data and the policies must allow the business to use that information for disciplinary processes, if required;
- Leave policies which encourage employees to take a genuine break from work. It is not uncommon for fraudulent behaviour to require constant management in order to avoid detection. Encouraging employees to take leave in longer blocks (for example two weeks at a time) means other employees will have to take over that employee's responsibilities. This increases the chances of suspicious activity being detected;
- Multiple level sign-off for funds transfers and for procurement. Businesses should consider who can authorise the transfer of funds out of accounts and whether there should be multiple levels of sign-off. These policies could be supplemented by systems for exception reporting for unusual transactions and external auditing of accounts. In addition, businesses should consider whether they should review procurement decisions to ensure the process is not being influenced for an employee's personal benefit.
- Fraud or fidelity insurance. All businesses should make enquiries with their insurance broker to ensure they have an adequate level of cover under an applicable fraud or fidelity insurance policy, either as a standalone product, or as part of a business pack policy.
The business's systems and processes should be structured to ensure the best chance of the policy responding to any claim.
If a business finds itself a victim of fraud at the hands of an employee there are a number of practical steps it can take. Those steps are:
- Terminating the employment. Don't unnecessarily let the laying of criminal charges prevent the business from investigating the allegations and, if substantiated, terminating the employee's employment;
- Commencing urgent proceedings seeking injunctive relief. There
may be occasions where it is important to seek urgent orders of the
Court. In those circumstances, the Court is often asked to make:
- Freezing orders which may stop the employee from removing any asset located within or outside of Australia or from disposing of or diminishing its value; or
- Search orders for the purpose of securing or preserving evidence the employee may have in their possession and which there is a genuine belief will be destroyed.
- Commencing proceedings against the employee for the loss sustained. Once the business has the information about the losses sustained as a result of the fraud, it is then able to commence proceedings to recover the loss together with interest and costs.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.