HR teams needs to make fraud prevention a key part of their responsibilities.
That’s according to David Chernick, an expert on insider threats, specialising in employment screening, identity crime and security.
He spoke exclusively to HR Business Network this week, and said no organisation is immune from staff crime.
David is chairman of PREFIT, a not-for-profit network of police, counter fraud and security experts that aims to reduce the harm caused by insiders to employers and their stakeholders. He also runs TREACL as a communications expert, and as part of that service can help HR directors convince their board that they need to take fraud prevention seriously.
He said that fraud from within companies has been on the rise for decades, but that the current economic climate could make things worse.
“Some presume that perpetrators of staff fraud may be on the increase because they are more desperate for money, but I think it’s more complex than that. In an economic situation like the one we have now, people are less inclined to invest in internal controls, and that makes you more vulnerable.
Make sure budget cuts don’t cause a security risk
“For example, if you want to trim an HR department back, you cut a bit from resourcing, a bit from benefits, and each other part of HR. But if that means the person doing your staff screening is now the same person that does the actual recruitment, suddenly, you’ve got a bit of a conflict of interests.”
The two roles need to be kept separate, he said, as one role is to get the right people in quickly, while the other has the responsibility of keeping the wrong people out.
He added that another factor is that as the economy suffers, there are more candidates for each post, so HR can become less selective when hiring.
If it costs around £2,000 to recruit to a position. David estimates that companies who screen staff spend around five per cent of that – £100 – checking the candidate is who they say they are. He recommends doubling that, but if organisations can’t afford to, they at least need to invest that £100 more wisely
“Make whatever you invest work harder for you. Instead of immediately jumping to do a criminal record check, focus on identity, because that is definitely on the rise.”
He says that there is a misconception that references aren’t worth the paper they’re written on, but that’s possibly because people aren’t reading them in the right way. Instead of hoping that a wronged employer will tell all in a reference, use it to check the important facts including employment dates, job title, and reason for leaving, as this is where most dishonesty can be found. After all, a recent survey by Monster revealed that a third of candidates said they would lie on their CV to get a job.
It would never happen to us
Every organisation is a potential target and nobody can afford to be complacent. Almost without fail, organisations who have fallen foul of fraudsters will say ‘I would never have thought it would be that person, they’ve been with us for years’. But really, this makes sense, because almost 90 per cent of fraud is carried out after two years in a job, by which time the perpetrator has got comfortable in their position, seen the weak-spots, and had time to plan their attack.
Which means that as well as carrying out checks at the start of someone’s contract, it should be done at intervals throughout their employment. This of course raises a further question: how can an organisation do this without intimidating their staff?
HR is vital
David says HR is in the best position to do this. “People in human resources tend to have the deepest understanding of behaviour and employee relations, so the onus is on the skills HR professionals have – the ability to bring teams together, to communicate the reasons why checks are carried out regularly – to foster that feeling of trust in an organisation.”
And although every organisation is different, he says there are some areas that every organisation should focus on.
1. Don’t take a hierarchical view
Organisations assume those at the top have the most opportunities for fraud because they have greater access, so focus their attention on them, not on those joining the organisation lower down. Far better to look not at seniority, but at individual roles. For example, a cleaner may have more opportunities for fraud than any other employee because they have access all areas, at all times of the day and night, and often work unsupervised.
2. Identity checks are crucial
Many organisations do the bare minimum, just photocopying passports and filing the papers away. But with the price of UV and infra-red scanning services coming down, using one of these to check passports would make a huge difference. A group of organisations could even share resources to cut costs.
3. Understand your business
HR can become far more valuable to the business if it analyses the business agenda and advises the board about risk. By helping ensure that the entire business is protected from risk, HR can clearly demonstrate its value.
4. It’s not just about money
While traditionally people think about fraud as the theft of money or services, increasingly it’s confidential information that is most attractive to the fraudster. A member of staff may not be able to get anywhere near the money, but with the right IT privileges, they could potentially steal the identities of every customer on the company’s database.
What more can HR do?
There is one thing organisations are not doing enough of, and that’s talking about fraud publicly, he says. Many companies don’t take cases to court because they don’t want the market to know they had a fraudster in their midst, or if they do press charges, they keep it secret, fearing that their reputation will be damaged if it went public.
But David says there is no point pretending these crimes don’t happen, and it’s far better to discuss it openly, which would make companies more vigilant, and would send would-be perpetrators a message that organisations are fighting back.
“There is a lot of help available to people from security experts, consultants like myself, government departments, and police who are making it harder for perpetrators to commit crimes, so now it’s down to HR now to step up a gear, get to know where the risks are, and make sure they are executing proper screening that builds trust.”
As always, we want to hear from you, so what do you think about fraud within organisations? Have you experienced it yourself? Is it a top priority for your teams? Is it getting worse or better? Let us know in the comments.