By Nature L. Mogotsi, Operational Risk Manager, Banking
I recently had a great conversation with a colleague, who is a Head of Risk at FirstRand Group, SA. The chat was on drawing comparisons in the fraud landscape for both the Botswana and South African contexts and various factors in place around deterrence and measures of recourse in the two countries.
As we concluded our conversation, we noted that people have proven to be the constant variable in every fraud scheme. No matter what preventative measures are put in place, people will always identify a loophole.
Fraud, defined as an unlawful activity with intent to cause actual or potential harm or prejudice, is perpetrated by people. They can do it physically, such as bribery, or through navigating systems, such as in cybercrime. People are therefore the constant variable at the centre of every fraud scheme.
In unpacking the role of people in fraud, I would like to take us to the basics of fraud causation. The famous fraud triangle theory by American sociologist, Donald Cressey, suggests that fraud occurs as a result of Opportunity, Pressure and Rationalisation. Another theory, the fraud diamond, which was developed by Wolfe and Hermanson, submits that in addition to the fraud triangle, the fourth element is Capability.
These theories suggest that people will commit fraud only when there is an opportunity to commit fraud. There must be a control breakdown or lapse that gives rise to fraud occurring, although criminals are creative and will always find a new way to bypass reviewed controls. People also commit fraud because of situational pressures. When, for instance, an employee is under financial pressure, they are likely to defraud their organisation. This indicates that not all fraudsters commit fraud for selfish reasons, although this is not a defence that can make fraud legal. While there is no excuse to commit fraud, people often find themselves in difficult situations that can compel them to end up committing fraud. Organisations need to keep close with their employees and understand their needs.
Fraud can also occur due to rationalisation. This is where employees defraud the organisation due to rationalising their illicit conduct to somewhat feel as though it is not entirely fraud. Employees can steal from the company and regard it as paying themselves because they are underpaid. Some employees can defraud the organisation or business by rationalising that they are only borrowing themselves and will soon pay back. This is common with lapping schemes where they ‘rob Peter to pay Paul.’
Capability, which is the fourth element in the fraud diamond theory, suggests that opportunity, pressure, and rationalisation notwithstanding, people cannot defraud an organisation without the capability to do so. The theory argues that without the skillset and knowhow, people cannot commit fraud even if there is an opportunity. An example is that of hackers. They need to be computer savvy and have the skills to hack into systems and transfer funds without leaving a trace. Otherwise they would not steal the funds.
In an effort to fight fraud, organisations and businesses need to understand the fraud causation theory and internalise it for their environment. It is actually more practical than you may think. Once they get this right, they will stop-gap all the opportunities to ensure that they are limited in order to discourage the efforts of fraudsters. Remuneration policies and staff incentives should also be favourable to reduce the pressures that employees may find themselves in. Stricter employment policies should apply for high risk employees such as those who work directly with cash or authorise transactions to ensure that where it is evident or where they declare that they have financial difficulties, they are immediately redeployed to a different role and enroll on a financial rehabilitation programme.
Paying employees well will also reduce the need for rationalisation. It is also important to apply leadership concepts like keeping employees holistically satisfied beyond monetary reward. This can be derived from the likes of Maslow’s Hierarchy of Needs theory. Organisations should also understand their people from the context of their skillsets and capabilities. People who are highly capable should be well managed to ensure that they do not use their skills to defraud the organisation. Such employees should not have unlimited access to the organisation’s assets.
It is crucial for Risk Management practitioners and management to take time to reflect on their organisations and evaluate whether the controls in place address all the elements of the fraud triangle and fraud diamond and to continue to assess the adequacy of the control environment. People will always be at the centre of fraud. The irony is that while people are the lifeline of an organization, they can also be an organisation’s nightmare!
For Risk Advisory and related offerings: firstname.lastname@example.org