Knowing employees is as important as knowing customers.
To Minimize internal Fraud Risk;
- Issue a statement of company integrity. This should provide a clear message from the boardroom about the organisation's legal and ethical values.
- Develop an anti-fraud policy and culture which ensures that commercially prudent measures are taken. This should be determined by management, and be commensurate with operational activity.
- Know your staff. Many frauds are committed in collusion with staff.
- Check CVs and take up references. The more sensitive the holder's position, the more detailed your enquiry should be.
- When staff move within an organisation, remember to change their computer and building access level.
- Encourage a whistle-blowing philosophy within your company. Very often other employees know or suspect something but do nothing about it.
- Have broadly-based and effective contingency and recovery plans. Have powers vested in managers to cancel or freeze transactions as soon as fraud is discovered. Undue delay often means that funds have been transferred beyond reach.
- Take a hard line on culprits. Give a clear message that they will be caught, prosecuted and, where necessary, pursued through the civil courts to recover losses.
The major cases involving identity theft, impersonation and the take-over of customer accounts have shown that many cases depend on the complicity of collusive employees.
Known as 'insiders', these employees are unlikely to be working independently and more often than not are part of a larger, organised group obtaining personal details from various sources.
If compromised within one business, they will often be re-positioned into similar employment with access to the same material and the same potential to inflict financial loss.
They are especially valuable to the criminal fraternity while working at bank counters, as they can serve the "foot soldiers"sent out to present stolen or counterfeit cheques or withdraw cash in fraudulent card transactions.
This instantly negates the need for detailed, credible identity documentation to be produced and other preventative systems can be over-ridden.
Knowing employees is as important as knowing customers.
As well as placing people within your organisation, be aware that criminals do also try to recruit existing employees. They typically target specific workers and make their initial approaches in a social setting, such as in a pub. Often, employees inadvertantly give away a few pieces of seemingly harmless information in conversation and due to their worry that they have committed a crime can be coupled with threats of violence if your employees do not agree to provide the information which the criminals need.
Assess risk means: "Thinking Like A Fraudster" !
What information has value?
–Customer data
–Vendor data
–Employee data
–Data protected by patent/copy write
–Attorney/client data
–Competitive data
Preventive:
What you do to ensure that the right things happen; wrong things do no happen
Detective:
What you do to find the things that preventive control did not prevent
The following websites useful:
The British Bankers Association Website
The National Hi-Tech Crime Unit Website
the Bank Safe Online Website
