Rotten apples

Regardless of their size or the industry in which they operate, all businesses are at risk of loss from fraud and theft.  While most businesses are aware that the risk is out there, many underestimate its impact, which accrues to billions of dollars of losses each year.

The reality is that the larger the organisation the more vulnerable they are to fraud and theft, with financial institutions most at risk. Zurich Asia Pacific Head of Financial Institutions Damian Lynch says when it comes to Australia’s largest organisations it’s not a question of whether there is fraud; it’s how long it takes them to catch it.

The global financial crisis drove an uptick in employee fraud and theft. When an organisation is struggling financially two things happen. Firstly, management cuts back spending on controls and procedures, allowing discrepancies to slip past. At the other end of the spectrum, more cases of fraud are identified as management pays closer attention to the finer details of their finances.

A survey conducted by KPMG found that over the past 15 years the fraud losses experienced by 280 Australian and New Zealand businesses has tripled. Between 2007 and 2012 alone the value of these losses increased from $105 million to $373 million.

Cutting the rot

Employees can defraud their companies in a number of ways, including embezzlement of funds, false invoicing, theft of cash, false inventory, payroll fraud, computer fraud and counterfeiting.

The type of cover businesses need to insure against these risks depends largely on their size. A Management Liability (ML) policy is a modular insurance product that is generally sold to SMEs. Where previously SMEs would have purchased separate policies for insured persons liability, company liability, employment practices liability, statutory liability, commercial crime and Internet liability, ML incorporates them into one cost effective policy. For the majority of ML policies, the crime component covers internal crimes, meaning dishonest acts committed by an employee, external crimes committed by third parties and investigation costs associated with a covered loss.

Where ML falls short for larger organisations is that the cover against crime is sub-limited, generally offering no more than one to two million dollars worth of protection. With a stand-alone crime policy, much higher indemnity limits are available and there is no risk that the aggregate limit will be eroded by other losses.

When it comes to Australia’s largest organisations, it’s not a question of whether there is fraud; it’s how long it takes them to catch it.

Zurich’s Head of Financial Lines Stephen Bonnington says: “The key thing to remember about crime is that because businesses are buying balance sheet protection it needs to provide cover to a limit that is meaningful.”

“It’s not a case of clients making a decision between ML and crime cover, but rather that businesses with a turnover higher than $100 million have no option.”

A third type of cover specifically designed for financial institutions is a Financial Institution Bond or Blanket Bond. This covers typical exposures such as mortgage fraud, fraud securities, taking counterfeit currency and theft from AGMs.

Shock to the system

As a Forensic Accountant and Director of Dolman Bateman & Co, Arnold Shields conducts many investigations into fraud and says usually businesses are not only shocked to find it exists but that it has gone undetected for such long period of time.

“Where a business expects it has gone on for three months, we will find it has been going on for three years,” he says. “We can also say with a fair degree of confidence that it will be three times more than what they expect.”

Insurance House’s NSW Manager of Broking Daniel Johnson agrees that there is an understated perception of fraud in Australia. “We see claims from businesses on a weekly basis and the universal comment is, ‘I never thought that person would steal from me’.” For Johnson the solution is simple: just because you trust your staff, does not mean businesses shouldn’t take precautions to remove the potential for fraud to occur.

In terms of internal fraud risk controls, the key is to have transparency in business operations and a separation of duties. This means businesses should never be in a position where one person handles the bulk of administration tasks or is in a position to both write and authorise cheques.

“This level of control leaves businesses wide open for fraud and theft,” Shields says. To further reduce their susceptibility businesses should conduct unannounced audits and closely review the wording of their policy manuals, codes of conduct and recruitment policy.

Zurich’s Damian Lynch says fraud is often allowed to continue because other employees are concerned about retaliation if they say something. For this reason, he strongly recommends businesses implement a whistle-blower policy, where employees can report anonymously and without repercussions.

The impact of fraud and theft on a business is not only limited to physical and financial loss but extends to business reputation. “No-one wants to work in an environment where theft is rife,” Zurich’s Stephen Bonnington says. “And by the same token you need to preserve your credibility at all times if you hope to maintain client and shareholder confidence.”

As an insurer, Bonnington says it’s up to the broker to bring out the strength of a business’s internal controls, in addition to their responsibility to find the most appropriate product for their client.

Theft and fraud – ten warning signs

  • Staff who are overly diligent or who do not take holidays in the year
  • Staff who are obsessive about looking after their own portfolios and responsibilities
  • Financial information that isn’t consistent with key performance indicators
  • Lack of supporting documentation for transactions
  • Staff who request access to records they have no need to look at
  • Failure to reconcile cash or stock
  • Signs of excessive wealth or spending
  • Bypassing procurement processes when purchasing goods or services
  • Unusually close relationship with particular customers or suppliers
  • Failure to declare potential conflicts of interest

Zurich Asia Pacific Head of Financial Services Damian Lynch says:

“By far the biggest warning sign is staff that don’t take holidays. Just by requiring staff to take a minimum two weeks leave per year you prevent a lot of issues arising.”

Rogue’s gallery

Recent high profile fraud cases

  1. In late 2011 an accountant from ING Australia was sentenced to 15 years in jail for embezzling $43 million from her employer. Rajina Rita Subramaniam spent the money on seven properties, 600 pieces of jewellery and countless beauty products and perfumes. It is the largest case of fraud by a woman in NSW history.
  2. In 2009 the payroll manager at retailer Clive Peeters used $20 million in company funds to purchase 40 properties over a period of 18 months.
  3. Earlier this year underwriter Dual Australia discovered its Senior Claims Officer Josie Gonzalez and her husband had allegedly defrauded the company of $17. The pair set up a law firm and repeatedly invoiced Dual for legal charges.
  4. In 2011 a Railcorp NSW Officer pleaded guilty to paying a company he set up for $4.3 million worth of trackwork. Between 2004 and 2007, Allan Michael Blackstock received net payments of $1.35 million, while his partner made $1.1 million.

Case studies

Telco company

A company with good reputation had its identity cloned. A virus was placed on the insured company’s accounting system, which allowed the fraudster to access necessary information and passwords and send seemingly legitimate instructions for transfers to the insured’s bank. Zurich’s client was faced with a loss of $800,000.

Restaurant

The maître de was responsible for close of business reconciliation. It was discovered he was stealing cash and helping himself to the premium wines over an 18-month period. The amount of claim was $55,000. No recovery was possible as all monies were lost in gambling and he had no other assets.

Source – Zurich