Profiling the fraudster: understanding the threat of insider fraud
By Stefan Lia
To describe insider fraud as simply one of the many threats that organisations face, is to risk complacency. To begin with, there are many ways in which internal frauds can be perpetrated and the deliberate nature of fraud can make it difficult to detect. Moreover, anyone in the organisation can present a potential fraud risk regardless of their position, age, gender or length of service. When it crystallises, the impact of an insider fraud can go beyond pure monetary loss, affecting staff morale and damaging reputation.
The threat from inside
The archetypal insider fraud involves a “low and slow” approach. By stealing small amounts over a long period of time, this type of fraudster can reduce the chance of detection. As a result such fraudsters tend to inflict more damage. As the diagram below shows, it is common for a fraud to go on for years before it is detected.
Many fraudsters would have been working with an organisation for a substantial period of time before starting to undertake fraudulent activity. This provides time for the fraudster to understand how the business operates and exploit any vulnerabilities. They can also gain the trust of their superiors and increase their authority within the organisation. Additionally, the perpetrator’s seniority within an organisation is highly correlated with the size of the fraud.
In addition, most insider frauds are not technically sophisticated and do not require specialist knowledge (e.g. networks or financial instruments) to commit the crime. For example, one of the most common fraud techniques is creating or altering physical documents and signatures.
Yet, whilst some people would not normally contemplate perpetrating a fraud, others might be tempted if they thought they could avoid detection or find themselves under some sort of pressure. Some individuals will also try to secure a position within an organisation with the intention of committing fraud.
It is therefore imperative for organisations to have the ability to prevent and detect fraud before it is perpetrated. Organisations also need the capability to investigate fraud and pursue sanctions to deter potential fraudsters. One key element in the fight against fraud is to understand fraud typologies and common profiles of a fraudster. Knowing what can motivate an individual to commit fraud, including the environment and triggers, can help companies design the right preventative controls.
There is no homogeneous way to describe a fraudster; however, a common factor is the motivation to commit fraud. What can motivate individuals to commit fraud varies. Apart from the usual financial stress factors, one key motivating factor is the feeling of being treated unfairly by the organisation. A typical example of this is when an individual feels that they have been unfairly denied a promotion.
Given the opportunity, it is easy for such individuals to commit fraud and justify their actions. Yet that does not mean that every disgruntled employee, or person going through a rough patch, will commit fraud.
The Chartered Institute of Management Accountants (CIMA) has tried to identify a set of typical fraudster profiles. Whilst by no means exhaustive, this list provides a fairly comprehensive picture, especially about the mind-set of individuals committing fraud:
- Pre-planned fraudsters, are those who intend to commit fraud from day one. Such fraudsters can have a short-term outlook, like many who use stolen credit cards or false documents. They can also can be longer-term, like bankruptcy fraudsters and those who execute complex money laundering schemes.
- The second group are the intermediate fraudsters, who start off with honest intentions, but turn to fraud. This change in attitude may result from hardship or life-changing events. The latter might include the need to pay for care for a family member, a divorce or other personal circumstances which might have an impact on an individual’s income. Other factors might include fear of failing to meet performance standards or pressure by family members.
- The final group identified by CIMA are the slippery-slope fraudsters who slip into fraudulent or unethical activity. This group might include the owners of an organisation who simply carry on trading even when, objectively, they are not in a position to pay their debts.
It is also important to point out that the type of person committing the offence depends on the nature of the fraud being perpetrated. Employees are most likely to be involved in asset misappropriation, whereas owners and executives are responsible for the majority of financial statement fraud.
Moreover, employees from certain departments might have a higher propensity to commit fraud. For example, employees working in Finance or Accounting Departments who are generally responsible for processing and recording the organisation’s financial transactions have the greatest access to its financial assets and more opportunity to conceal fraud. Having strong controls in this area is therefore crucial.
Preventing the occurrence of fraud
Early detection is a key damage limitation measure. The main way of achieving this is through establishing a comprehensive system of strong internal controls around all business processes. This should ensure a suitable level of regular oversight and the possibility of detailed, random spot checks. In support of this, a strong recruitment process should be in place, which is key to weeding out potential fraudsters from the outset.
The ultimate aim should be to prevent fraud as far as possible, and where fraud is not prevented, to increase the likelihood of detection and the demonstrable cost to the fraudster. Where prevention fails, having a trusted whistleblowing system and promoting an ethical culture should go a long way in helping organisations with their fight against fraud.