What should you do and not do if you suspect your company has suffered a fraud?

The call may come from any number of sources  -  a customer, your bank, a colleague, a supplier, the auditor – but the news will be no less bleak regardless of who has delivered it. The person making the call has information which they believe indicates one of your employees is perpetrating a fraud.    

The next steps you take will be critical to ensure that  no further loss arises and that any investigation is conducted  successfully, resulting in a criminal or disciplinary prosecution if fraud is proved, and to ensure that you are not at risk of a claim for unfair dismissal by the employee. In this article Andrew Brown and Laura Burge discuss the immediate steps to be taken on Day One – when the call is received.  

In our experience, the earlier we are contacted by clients to assist them, the better their chances of stopping further loss, preserving key data and evidence, and ensuring that their investigation is undertaken to the required legal standard to pursue the case as a civil or criminal matter.

Understand the allegation

When the suspected fraud has been uncovered, emotions are likely to be running high. Our experience has shown that employee frauds are more likely than not carried out by long standing employees, in a relatively senior position. The temptation will be for some members of the management team, particularly where senior management knows the suspect employee well, to want to confront the suspect employee directly.  Regardless as to how the fraud has come to light, you will need to step back from the personal aspects of the allegation, and obtain as much information as possible from the potential witness about the allegation being made – how the fraud was carried out, the persons possibly involved, the extent of any loss, where any evidence may be held.  

At this stage, you will need to take steps to ensure that the knowledge of the allegation is contained. This is for a number of reasons. Any employee is “innocent until proved guilty” and the investigation needs to be conducted on that basis, to ensure that the employee’s rights to natural justice are protected. If handled incorrectly at this stage, you could face a constructive dismissal case down the line. Secondly, it might be the case that others are also involved in the fraud, or that certain employees might feel a sense of loyalty to the suspected fraudster. In this case, there is a risk that evidence could be destroyed or recollections amended if the allegation is circulated widely before steps are taken to preserve any evidence.  

Identify a key person to be responsible for the investigation

Where an organisation has a fraud response policy in place, this will set out the appropriate person to act as “point person” in supervising the investigation. The person who wants to carry out the investigation, may not be the best person to do so as they may be too closely connected to the issues under investigation. A company’s Fraud Response Policy should clearly set out who will be responsible depending on the circumstances of the fraud i.e. where the fraud appears to have been carried out by a senior person in the finance function, the fraud policy may stipulate that a senior member of the HR department is responsible for supervising the fraud investigation.  

Regardless of which individual will be responsible for supervising the investigation, he or she will need to liaise with both the HR department and the company’s in house Counsel or external legal advisers to ensure that the steps taken comply with the company’s disciplinary procedure and do not breach any laws or regulations such as privacy and data protection.  

Stop any further loss arising

The nature of the fraud could vary – examples would be unauthorised payment from company bank accounts, approval of false invoices, the removal of goods from a warehouse. The company will need to take immediate steps to ensure that any further loss is prevented. This may involve removing access to bank accounts for some or all employees, access to computer systems, remote access log in capabilities, physical access to certain areas which could include changing locks, or updating swipe card access rights. In most cases, it would involve the removal of the suspect employee, usually by placing the employee on paid or administrative leave.  

At this stage care may need to be taken for the reasons outlined above – in relation to both “tipping off” and “innocent until proved guilty”. This is where a clearly set out Fraud Response Policy and disciplinary procedures can help protect an employer by setting out that all allegations are treated in the same way, regardless of the individual involved.  

Secure any evidence

At the initial stage of the investigation, you might not know what evidence might be relevant at a later date. We would always recommend taking steps to preserve the electronic data available including servers, accounting systems, back up tapes and so on. Where the IT function is outsourced and data is held offsite, the company will need to carefully consider how much to tell the IT company, but it will need to take steps to ensure its data is protected. Of key importance will be the personal computer or laptop used by the suspect employee(s), as well as any other sources of electronic data identified such as USB drives of external hard drives, CDs/DVDs etc. Other sources of electronic data include phone logs, electronic swipe access logs, firewall records held by an IT department which might include large uploads of data and so on.  

Any electronic evidence needs to be handled in such a manner that the evidence is not corrupted or compromised and that it can be relied upon in Court if required at a later date. We would always recommend using IT Forensic professionals to carry out this work.  

It will also likely be necessary to seize hard copy files from an employee’s office or desk. Where we have conducted office searches and seized information on behalf of a client, we would request that a member of the firm’s HR department or legal department observe the search to ensure that the search is conducted in a manner that will ensure any evidence obtained will be admissible in Court if required at a later stage. Typical queries which would arise during office searches would include the treatment of items such as locked cabinets or desk drawers, diaries and personal correspondence.  

Reporting obligations

We have included this as the last step in this article, but it may not be the last step you take, and it is not the least important one. In addition to an Garda Siochana, you and/or the company may have an obligation to inform other parties of the alleged fraud – for example the Revenue, a regulator (such as the Central Bank), or the Office of the Director of Corporate Enforcement.

In practice, we would consider that you would carry out some initial investigations to assess the extent of the fraud and take the steps outlined above so that when you are reporting to the relevant authorities, your report is as complete as possible.  

The Criminal Justice Act 2011, at Section 19, sets out that a person “shall be guilty of an offence if he or she has information which he or she knows or believes might be of material assistance in preventing the commission by any other person of a relevant offence or securing the apprehension, prosecution or conviction of any other person for a relevant offence and fails without reasonable excuse to disclose that information as soon as it is practicable to do so to a member of the Garda Siochana.”  

If you, or your company, are in doubt as to whether or not a report is required to be made, we would recommend seeking legal advice.

Conclusion

By taking the above steps, your investigation has started on the best possible footing – you have stopped any further loss, you have secured the necessary evidence and are now in a possession to plan your investigation to find out what happened, who was involved, the extent of the financial loss and any possible recoveries, and identify the weaknesses in controls which allowed the fraud to take place.  

Enterprise Risk Services
Enterprise Risk Services (ERS) offers an array of services designed to analyse business risks, determine acceptable exposure levels, implement controls and provide follow-up and constant monitoring of the risk environment.

We help manage the uncertainty created by the diverse risks and new regulations constantly threatening organisations' value generation.

For further information, please contact: