In August 2022 the CEO of the Australian Criminal Intelligence Commission, Michael Phelan, disclosed that organised criminals were exploiting systemic weaknesses in the NDIS to rort it on an unprecedented scale. As much as 15 to 20 per cent of the $30 billion the NDIS costs each year is estimated to be misused by organised criminals involved in drug trafficking, violence, money laundering and other illicit ventures.

The NDIS Quality and Safeguards Commission maintains and publishes a register under the National Disability Insurance Scheme Act 2013 (NDIS Act). The register lists banning order recipients and 'other compliance and enforcement actions'.

As at the date of this article, 129 individuals and organisations are listed with banning orders under section 73ZN of the NDIS Act.

The NDIS, through its code of conduct, requires integrity, honesty and transparency from workers and providers delivering care under the Scheme. Repeated instances of criminal misuse of a scheme intended to care for the most vulnerable in society is disturbing.

Just as unsettling though are the inconspicuous acts of dishonesty involving qualified providers in the day-to-day delivery of services under the NDIS. Acts of employee fraud, left unnoticed, not only erode social confidence in the integrity of the NDIS, but also pose serious reputational and business risks for NDIS provider employers.

NDIS fraud is often committed by employees in unsophisticated ways. Employees may obtain and misuse confidential information or restricted data. They may provide false or misleading information, including preparing fake documents and invoices. It may also be simply a matter of an employee making false claims for time not worked and services not provided. Such unacceptable fraud not only compromises those who should benefit from NDIS services, but gives rise to serious reputational and business interest risks for NDIS provider employers.

We explore below a recent example of employee fraud and look at the steps businesses can take to minimise their risk.

Health Care Complaints Commission v Vaughn [2022] NSWCATOD 82

The case of Health Care Complaints Commission v Vaughn [2022] NSWCATOD 82 is a recent reported example of employee dishonesty and NDIS fraud.

The Health Care Complaints Commission brought proceedings against Brendan Luke Vaughn, an Occupational Therapist in relation to overbilling clients of his employer, TBS, on at least 83 occasions. Mr Vaughn overbilled 21 clients in receipt of NDIS funding.

Mr Vaughn's employer was alerted to Mr Vaughn's actions when they reported, "I have just seen the statement for NDIS and I'm shocked to see that charges have been made right through this year when [name redacted] hasn't had services yet."

Mr Vaughn explained that his dishonesty was a product of feeling overwhelmed and under pressure servicing over 20 clients. He made the fraudulent entries in demonstration of this. He managed to conceal his fraud and minimise the effect on specific clients by spreading it across his client base.

The Tribunal ordered that Mr Vaughn be disqualified from registering as an Occupational Therapist for a period of two years and that he pay the costs of the Health Care Complaints Commission in bringing the proceedings.

The legal and business risks caused by Mr Vaughn may have been avoided or identified earlier had there been independent checks and balances in place to verify whether actual services were being provided against the time/fees recorded for specific clients. The case also highlights other important considerations arising from the risks of employee related NDIS fraud.

What this case demonstrates:

  • Employee fraud exposes not just individual employees and their employers to liability to the National Disability Insurance Agency and to overcharged clients, but also poses serious reputational and business risks for NDIS provider employers.
  • Where the fraudulent employee or their employer has obtained financial advantage as a result of deception then both may be subject to criminal prosecution and civil recovery proceedings.
  • Mandatory notification obligations should be considered with the benefit of early legal advice. Many NDIS providers are also registered charities, giving rise to additional reporting obligations.
  • Any internal risk management decisions, including potential investigation and recovery options for misappropriated amounts, should be undertaken with early legal advice so that internal deliberations and communications can be formed with the benefit of client- solicitor legal privilege.
  • Legal recovery options may involve seeking urgent court orders, to freeze or preserve money or other assets of the perpetrator, as well as other non-court claim and resolution options.
  • The early warning importance of having appropriate policies and mechanisms in place for dealing with complaints from employees and clients, including whistle-blower related policies, cannot be overstated.

Steps businesses can take to reduce employee fraud or dishonesty

There are a number of simple steps a business can take to mitigate against employee fraud risks. Such steps include:

  1. Effective pre-employment screening, including proper reference checking and, where applicable, criminal record checks. Such processes should be supported with employment contract terms requiring disclosure of criminal charges or other integrity or investigation matters which may be relevant to performance of employee duties. While these measures may not guarantee pre-employment detection of risks, dishonesty at recruitment may find a lawful basis for dismissal action later. Care needs to be taken not to discriminate because of a criminal record in pre-employment screening.
  1. Legally compliant policies and systems to permit businesses to monitor and assess typical risk areas such as:
  • Computer, email and internet use, and systems to track and record data
  • Employee leave and attendance record keeping. Many frauds are committed by 'presenteeism employees' - those who do not regularly take or do not properly record their leave absences - and fraud is often detected by relief staff who discover irregular or unusual work practices
  • Authorisation, delegation and sign-off processes, especially for funds transfers and procurement. Businesses should consider who can authorise the transfer of funds out of accounts and whether there should be multiple levels of sign-off. These policies could be supplemented by systems for exception reporting for unusual transactions and external auditing of accounts. In addition, businesses should consider reviewing procurement decisions to ensure the process is not being influenced for an employee's personal benefit.
  1. Fraud or fidelity insurance. All businesses should make enquiries with their insurance broker to ensure they have an adequate level of cover under an applicable fraud or fidelity insurance policy, either as a standalone product, or as part of a business pack policy.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.