Fraud: time to clampdown

NEWS THAT the Serious Organised Crime Agency is being absorbed into a new US-style National Organised Crime body sends out a loud and clear message that the UK continues to treat the war on organised crime seriously.

Organised crime is no longer just focussed on traditional activities, such as racketeering, drug smuggling and armed robbery, but now possesses a powerful economic crime capability with a business objective to attack the government.

In fact, fraud against the public purse rose dramatically (142%) over the last three years, according to the results of the latest KPMG Government Fraud Barometer, costing the UK nearly £700m from April 2010 to March 2011 – the vast majority of which was perpetrated by organised criminal gangs.

There are several interdependencies driving this trend. Perpetrators are, in some cases, switching from traditional, physical crimes such as armed robbery to the electronic hacking of payment systems. Therefore government agencies, UK banks and any other large organisations that electronically handle money in bulk are all under threat.

The evolution of technology, for example the application for benefits online or the receipt of tax rebates electronically, makes remote breaking and entering more feasible for experienced hackers.

The increase of virtual storage systems, such as cloud storage, will only increase this threat in the future. Organised gangs may have help on the inside, either from disgruntled employees or staff they have planted. However, the fact that a fraud can be committed from any computer in the world means the perpetrator can achieve the same returns as a physical theft but for far less risk.

These factors are fuelling the capability, audacity and ambition of the professional financial criminal, which in turn is driving up the average size of a fraud. In fact, while the number of actual legal cases against government-plundering professional fraudsters dropped 15% from 33 in 2009/10 to 28 in 2010/11, the average case value more than doubled from £8m to £18m.

UK Government has been focussed on fighting fraud for a prolonged period of time. Following highs of £679m in 2006/07, fraud against government dropped to £286m in 2008/09 – due to concerted action against the theft of VAT (carousel fraud).

Despite this tax fraud remains the most prolific form of fraud against government, and as new taxes come into force (such as carbon trading and green taxes allowances) opportunity and therefore incidents increase. Money laundering is also a focus for government crime agencies, who are now able to prosecute crimes money laundering under the Proceeds of Crime Act without specifying the predicate offence.

This ensures professional money launderers (the “money men”) can be targeted specifically by law enforcement, which acts as a strong deterrent. Aside from an active approach to prosecution, the government has also made £900m available over the Spending Review period to raise additional revenues from those who undermine the tax system.

They have estimated that this should bring in around £7bn per annum in additional tax revenues by 2014/15.

At the beginning of June, the MoD announced the deployment of cyber soldiers in the ever growing war on electronic crime. However, for government departments and UK businesses, internal action is just as vital to protect funds. We are witnessing the legacy of a more relaxed financial environment during the boom years. The subsequent recession has led to control over budgets tightening and scrutiny on spending intensifying, meaning more fraud is being uncovered and prosecuted. The responsibility for leading the charge on the fight against fraud does not just sit with the financial firector.

Close collaboration between the FD, information security experts and the head of internal audit must exist on a daily basis and should in fact be business as usual.

The starting point for this team is an extensive risk assessment of their total threat landscape, familiarising themselves with all possible exposures and then prioritising their efforts and resources.

Mapping out the worst case scenario and being realistic about the magnitude of that event will help tailor-make a bespoke protection strategy. In a world where this type of crime can be perpetrated remotely the financial director and his team must keep up with external trends in malware, social engineering and the latest hacking techniques.

Even seemingly innocent employee tools such as social networking can be used to devastating effect – a leaked piece of sensitive government information can travel through cyber space in mere seconds, providing an entry point to a system.

IT and accounting controls must keep pace with evolving technologies. It is easy to become fixated by the last incident and not be alert for potential future frauds that may take a different shape.

By international standards, there is very little corruption in the UK public service. The vast majority of public servants are rightly very proud of their very high ethical standards. However, the austerity following the budgetary cuts may potentially amplify fraud risk.

Management fraud within the public sector shot up 80 fold from 2008/09 to 2009/10, and edged up again to reach £133m in 2010/11, suggesting that pay freezes and job cuts have added additional pressure to workers.

This is mirrored by an increase in the manipulation of financial results, both in the public and the private sector. More likely, restructuring has led to a loss of skilled or experienced people managing and interpreting the usual financial checks and balances, weakening the overall control environment.

These vulnerabilities can then be exploited by external criminals or bypassed by internal fraudsters. Given the repeated and extended nature of most frauds, the public sector needs to work extremely hard to detect frauds early, through tight internal controls, data analytical tools, and widely publicised fraud reporting mechanisms.

Leaders must set a tone from the top which goes further than just to discourage fraud, but must create an environment in which staff feel safe reporting their suspicions.

Confidential whistle-blowing hotlines have been on offer for many years now but if they do not exist in a wider anti-fraud culture, their effect will not be maximised. A vigilance of the recruitment of casual or temporary employees is also critical to cut down on insider fraud Therefore leaders must not only work collaboratively, but should actively engage with staff as well (as opposed to just putting them through annual computer based training).

There is a perception that the reporting of a fraud may damage the department or business reputation and can sometimes lead to reluctance to do so – however if a strong anti-fraud culture is embedded, controls installed and all precautions taken at the business-end these instances will reduce.

Clearly the largest fraud threat against government comes from the professional criminal and organised gang, who have, in many cases, swapped swag bags for lap tops.

However, preventative action, albeit against internal or external fraud, should start at home A fraud attempt is almost always happening; not only does the public sector need to get comfortable with that fact but must also recognise that even within Government bodies, fraudsters will exist.

Employees who will feel hard done by during the budget cuts may rationalise the manipulation of numbers or on-going theft. In one case an NHS manager manipulated profit figures in order to keep the PCT operating. Therefore motivation may range from pure financial necessity or benefit to a wider, seemingly “moral” rationalisation.

Government is under attack from an eclectic group of fraudsters, driven by business-like profit and loss targets to a personal desperation to secure the future employment. Therefore when plotting the risk landscape Government departments must capture the entire spectrum of motivation, rationalisation and opportunity in order to understand and apprehend an invisible enemy.

Jeremy Outen is head of fraud at KPMG

Related reading