03.03.2008 KNOWLEDGE OF PEOPLE IS POWER

 In my career as an auditor I have seen a marked change in society’s view of fraud over the past 15 or so years.  The Enron, WorldCom and now Hollinger International scandals, and the growth of global terrorism financed by money laundering, mean that fraud is rarely out of the headlines for long.  The world has changed so since the early 1990s that the would-be fraudster arguably has more opportunity to divert funds for his gain.

Electronic communication, banking and access to personal data present a veritable feast of opportunities for the enterprising modern fraudster.  Take, for example, the IT worker in the newly formed Her Majesty’s Revenue and Customs service (HMRC) who was convicted in March last year of selling the identities of over 1,000 people to a gang which then claimed £1.3m in tax credits.

Here was a low-paid IT worker who had the opportunity to make a quick buck by selling information and who had a sufficient level of access (or indeed ways of circumventing access controls) to obtain that information.  What this employee did was nothing new, as all fraud tends to be carried out by opportunists taking advantage of poor systems or controls.  To complete the fraud, add in some dishonest intent or actions (e.g. forging fictitious supplier invoices or creating fictitious employees for salaries or tax refunds to be paid to) and finally some form of collusion (in this case with an external gang).  Fraudsters today can arguably access more data, cover tracks electronically and perpetrate a systematic and repeated fraud with speed.

As society has become more depersonalised, and as we rely more and more on distant, impersonal transactions involving overseas call centres and internet banking, so the ability for the business community to spot unusual events or transactions has reduced.  Consider the local branch bank manager of 20 years ago involved in cashing up every night, knowing the small business customers he dealt with on a personal level.  The fraudster would live in fear of being caught out as habits and changes in pattern could be more readily picked up in a more personal, slower-paced society.

The recent scandal of HMRC’s loss of 25m people’s personal child benefit records – including names, addresses and dates of birth of children, as well as National Insurance numbers and bank details – will have alerted many to the problem, though the impact of this episode will not be known for several years.  This “mistake”, again by a low-paid worker, presents an opportunity to the fraudster of tomorrow to access children’s personal data, providing a stepping stone to their personal financial records and to abuses which will become evident in the next 15-20 years.  IT systems, processes and controls will continue to become ever more sophisticated, and detection programmes such as those used by credit card companies will continue to evolve in the fight against fraud.  I do, however, believe that as the pace of change continues to gather speed, more and more opportunities will present themselves to the criminally minded – each system is only as strong as its weakest link, and in systems such as these the weakest link is the human one.  Where controls rely on people, there will always be an element of human error or deceit that can circumvent even the most sophisticated of system controls.

The media attention given to high profile fraud cases could, in theory, act as a deterrent to the would-be fraudster; however, motives and opportunities for significant financial reward will remain a powerful incentive to exploit remaining loopholes.

That said, the regulatory environment has responded by increasing the burden on professionals, including auditors and bankers, to consider fraud, money laundering and the proceeds of crime in their day-to-day activities.  The auditor’s responsibility for fraud detection has increased significantly in the wake of the scandals that have shaken the accounting world, and in the post-9/11 drive to shut down murky sources of funding for sophisticated, mobile terrorist groups around the world   While there are arguably many more opportunities for the would-be fraudster, there is a regulatory and supervisory regime in place to catch them which is tougher than ever. 

The challenges faced by the wider business community in responding to the evolving fraud risk are manifest.  As a banker, you can help your customers by getting back to the basics of relationship banking.  The weakest link tends to be the human one.  By understanding and knowing the people we all do business with, and relying less on systems and process, we can collectively add another layer of defence against the fraudster. 

Publication: The Scottish Banker
Date: 03 March 2008