The term fraud is a vast legal concept. Unlike the term error, fraud is done intentionally and often involves concealment of facts deliberately. It may involve the Directors, Management, Employees, Third Parties or an Individual.
Fraud can occur in any organization and can be committed by any individual; anyone is capable of committing a fraud if given the circumstances.
Today’s environment and times have made businesses more vulnerable to fraud(s); have increased the risk of fraud, due to technological advances, impermanent or short-termed employees and the ease of access to information among other factors.
Fraud is also a major business risk that all businesses need to manage like all other business risks. The risk can be reduced through setting the right policies and the acts of prevention and detection.
Frauds are often difficult to detect as they involve concealment and falsification of facts, information and documents internally or externally, hence it is very important to place high importance on fraud prevention, which intends to reduce the opportunities for fraud to take place with the fear of detection and penalty.
Asset Misappropriation: it happens when people who are given the responsibility of managing the assets of a company steal from it. It involves employees or third parties who abuse their power and/or position.
Cash Misappropriation or Cash Theft: it happens in the following circumstances,
- when a fraudster gets the organization to disburse funds though trickery such as submitting false invoices or forging signatures on checks.
- when an employee gets the organization to make a payment for false claims.
- when an employee claims for reimbursement for fictitious business expenses.
- when a fraudster takes/transfers/claims an organization’s funds by stealing, forging or modifying checks, account numbers/account details of an organization or checks that the organization has issued to another payee.
- when an employee makes false entries in the cash register.
- when a fraudster steals cash from an organization before it is recorder in company’s books.
- when a fraudster steals cask from an organization after it has been recorded in the company’s books.
Corruption: it happens when fraudsters influence business transaction(s) in an unjust, unfair or illegal manner. The transactions are modified to procure personal benefit of any manner, including monetary benefits.
This fraud prevention document identifies the measures that ………………. Ltd. (hereinafter referred to as the “Company”) shall implement to prevent, deter and detect fraud:
- Create and maintain a culture of ethics and honesty;
- Promote and encourage the awareness of risks, frauds and fraud control;
- Identify potential risks, frauds and thefts; implement processes, procedures and controls to reduce the opportunities for fraud;
This document aims at:
- Assuring that the Management, Directors, Partners, Employees, Affiliates and Associates, Subsidiaries and Third Parties are aware of this document and about fraud prevention and risk management and for establishing procedures to prevent and/or detect fraud and its occurrence.
This document applies to all directors, shareholders, employees including contractual staff, agents, departments, associates, intermediaries, service providers, consultants, vendors, contracts and sub-contractors, customers and anyone else with a business relation with the Company at whatever level, position, title, location, tenure of employment, hours of work, length of service, etc.
- Providing a clear and written guidance to employees and all others in business relation with the Company, forbidding and warning them against participating in any fraudulent activity while being associated with the Company or helping them take the appropriate course of action when they suspect a fraudulent activity when in the Company or associated with the Company.
- Providing a mechanism to all directors, shareholders, employees including contractual staff, agents, departments, associates, intermediaries, service providers, consultants, vendors, contracts and sub-contractors, customers and anyone else with a business relation with the Company to report any incident of fraud without the fear of any action/harassment/dismissal against them for reporting the incident.
- Providing a clear guidance on how the Company will investigate fraudulent activities.
- Providing assurance that all fraudulent activities will be investigated and dealt with.
- Assuring that no fraudulent activity will be tolerated or taken lightly at any level.
- Assuring that the Company is taking preventive measures both internally and externally to avoid frauds both inside and outside the Company.
- What is Fraud?
Fraud in simple terms means an intentional act or omission designed to deceive someone, resulting in the victim suffering a loss and the fraudster attaining a gain.
It includes a wide range of illegal acts characterized by misrepresentations and deceptions, which are intentional in nature. A fraudster, the person committing a fraud is well aware that committing the fraud will result in benefitting him/her in some or the other form. The fraud can be perpetrated by an individual either inside or outside the organization.
Fraud maybe committed by misappropriating assets, intentionally concealing, misrepresenting, or not disclosing facts, information, or data relevant to a decision or transaction.
Fraud falls into the following categories:
Internal Fraud: Fraud/misappropriation by the directors, shareholders, employees including contractual staff, agents, departments, associates, intermediaries, or any staff member (by whatever name called). It encompasses a wide range of deliberate misconduct, misuse or misapplication of an organization’s resources or assets.
Third Party Fraud/External Fraud: Fraud committed by third parties such as service providers, consultants, vendors, contracts and sub-contractors, or customers or the general public at large.
A fraud may involve one person or a large number of people from within and outside the organization.
Examples of fraud include (The below list is indicative only and does not intend to be exhaustive):
- Receiving, demanding, accepting, and seeking of gifts or anything of material value from contractors, vendors or persons providing services/materials to the Company.
- Divulging confidential Company details to another employee or an outsider for personal interest/profit.
- Forging or altering Company documents or accounts for personal interest.
- Concealing or misrepresenting or modifying assets, liabilities or transactions, such as:
- Company reports or books,
- Confidential information,
- Vendor information,
- Check details or information,
- Payroll details,
- Tax details,
- Financial reports and/or documents.
- Utilizing Company funds for personal use.
- Bribing or corruption.
- Unauthorized use of Company information, confidential information and Company resources.
- Destroying Company records, furniture, fixtures and equipment.
- Unauthorized use of Company’s systems, server, information technology networks or operating systems, etc.
- The Fraud Triangle
The three stages that contribute to the occurrence of fraud are:
Pressure: The motivation behind the fraud can be that the management or employees have a motive or are under a personal or any other pressure to commit fraud. The kinds of pressures can be personal and/or financial needs, a spouse who has lost a job, maintenance of a lifestyle, debt, gambling, drugs, and pressure to succeed, etc.
Opportunity: This is the means and/or circumstances that provide the opportunity to commit the fraud. These opportunities can be ineffective or absence of controls, poor management, or abuse of power can be opportunities where an employee can commit a fraud in the organization.
Rationalization: This is usually the final stage. This is where the fraudster justifies the crime, both internally and externally. This stage includes rationalizing or justifying the act by blaming the management, employees, values of the organization, personal or professional pressure, etc. Most fraudsters do not see themselves as criminals but rather as a victim of the circumstances.
- External Fraud vs. Internal Fraud
Fraud can broadly be categorized as either External Fraud or Internal Fraud. Internal fraud usually involves at least one party from the organization whereas external fraud is solely committed by third parties.
All employees and individuals who are part of the Company include associates, subsidiaries are considered as internal parties. Internal fraud (hereinafter referred to as “fraud”) is defined as an intentional act or omission designed to deceive someone, resulting in the victim suffering a loss and the fraudster attaining a gain.
External fraud on the other hand includes fraudulent activities committed by third parties by issuing fake/forged checks and/or policies or making fake commitments and promises in the name of the Company.
6.1 External Fraud
Management shall establish a Fraud Prevention Committee with the objective of defining and implementing procedures and controls to prevent and detect external fraud. The committee shall be responsible for maintaining an external fraud database where incidents of external fraud are recorded, capturing information such as incident description, fraudster’s details, estimated fraud loss and recovery amount(s), and resolution.
The committee members are required to be alert and vigilant with respect to external frauds. If any external fraud comes to the attention of a committee member, he must immediately report the same. In the event of details received by the customer service department or by any other employee of the Company, they must immediately contact the concerned persons/complainant/aggrieved customer and obtain in writing the complete facts and information and contact details.
The Fraud Prevention Officer shall report any suspected or alleged external fraud case to the Fraud Prevention Committee for initiating an investigation into the incident.
6.2 Internal Fraud
Employees shall promptly inform the Fraud Prevention Officer or Fraud Prevention Committee about any concerns regarding unethical behavior and report any actual or suspected incident of fraud or violations of the code of conduct on a confidential basis.
The Company offers several channels for reporting any actual or suspected incident of fraud. Employees and officers are encouraged to use the channel with which they are most comfortable, starting with their manager or supervisor. Other reporting channels include:
- Another Manager or Supervisor;
- Fraud Prevention Officer;
- Human Resources;
- Chief Executive Officer
- The Management.
Any reporting channel who receives a report shall treat the concern or allegation with utmost discretion.
Any employee who suspects any fraudulent activity shall notify the abovementioned persons immediately and should not attempt to personally conduct any investigation.
Any alleged or suspected incident of fraud shall be reported in writing to ensure a clear understanding of the incident. Any anonymous disclosures or statements containing general, non detailed or offensive information will not be entertained.
The internal reporting mechanism shall be made known and available to third parties such as customers, vendors and anyone else who conducts business with the Company through mention on the Company’s website and other external communication materials.
In addition, in order to facilitate the reporting of alleged or suspected incidents of fraud, management may set up opinion boxes, help lines and/or dedicated email addresses and clearly communicate their existence.
- Fraud Risk Governance
The Company places high value on integrity and honesty. It encourages openness from Top to Bottom and Vice-Versa to prevent frauds and create a positive workplace environment where employees do not feel misused, threatened or ignored.
The Board of Directors, managers and supervisors set the tone for ethical behavior by behaving ethically and openly communicating expectations for ethical behavior to employees.
The commitment to prevention of fraud is communicated to all personnel in an understandable manner through several means including but not limited to the employee manual, the company website, intranet, and training courses, etc.
All employees within senior management and the finance department, as well as other employees in areas that are exposed to the risks of unethical behavior are required to either electronically or manually sign a confirmation statement, acknowledging that they have read, understood and complied with the Fraud Prevention Policy.
The confirmation statement shall include statements that the individual understands the Company’s expectations, has complied with the Fraud Prevention Policy and is not aware of any incidents of alleged or suspected fraud or violations of the Fraud Prevention Policy other than those the individual lists in his/her response. Any non replies shall be followed up by the Human Resource Department.
Regular and periodic orientation and refresher training sessions concerning fraud prevention shall be provided to all personnel, upon joining the organization and throughout their association with the Company. The training material should contain examples of the types of frauds that could occur internally and externally.
As part of the Company’s fraud detection and prevention, background checks including the educational background, work experience, criminal records, etc. on new employees and personnel/intermediary shall be carried out in order to prevent frauds.
Exit interviews shall be conducted with terminated, resigning or retiring employees regardless of their position to identify potential frauds and suspicions.
- Fraud Risk Assessment
The Company shall be proactive in reducing fraud by (1) identifying fraud risks, (2) taking steps to mitigate identified risks, (3) implementing and monitoring appropriate preventive and detective internal controls and measures.
Employees from different departments such as accounting/finance, operations, legal and fraud prevention team, etc. with varied skills, knowledge, and perspectives shall be involved in the fraud risk assessment.
Through the fraud risk assessment, the vulnerability of the Company to fraudulent activities such as misappropriation of assets, corruption, fraudulent financial reporting, etc. is considered, evaluated and emphasized. The fraud risk assessment shall identify where the fraud may occur and who the perpetrators might be.
The assessment shall be performed, documented and updated periodically to identify potential fraud schemes and scenarios. Updates shall include considerations of changes in operations, new information systems, changes in job roles and responsibilities, and new industry trends, etc.
The fraud risk assessment shall be performed at all levels within the organization; and the fraud risk assessment shall include fraud risk identification, fraud risk probability and fraud risk response.
Besides Company management it is critical that individuals outside of management are also involved in the fraud risk assessment.
Once the fraud risk assessment has taken place, management shall reduce and eliminate identified fraud risks by making changes to the Company’s activities, processes, procedures and policies.
Effective and appropriate internal controls, whether automated or manual, including a controlled environment, secure information system, and appropriate control and monitoring activities, are essential to reduce and eliminate identified fraud risks.
- Roles and Responsibilities
The Management and Fraud Prevention Committee are responsible for designing and implementing policies, procedures and internal controls for the prevention and detection of fraud.
Together they shall evaluate identification of fraud risks, implementation of anti-fraud measures and creation and implementation of appropriate policies.
The Fraud Prevention Committee shall generate periodic reports describing the nature, status and character of any fraud or unethical conduct.
The Fraud Prevention Committee shall establish an open line of communication with members of management one or two levels below senior management to assist in identifying fraud at the highest levels of the organization or investigating any fraudulent activity that might occur.
Through the Fraud Prevention Committee, the Board of Directors shall be timely informed of any fraud or alleged fraud involving any member of the senior management.
Employees at every level, in every department and at every location have a responsibility to inform the Fraud Prevention Committee if they have any knowledge or suspicion that a fraud is being committed.
The Fraud Prevention Committee shall be responsible for uploading information in relation to incidents of internal fraud in the internal/external fraud database, as appropriate.
Fraud Prevention Officer shall timely report any fraud occurrences to Fraud Prevention Committee as per the current procedures in place, so that the latter can inform the Management accordingly.
- Fraud Investigation
10.1 Zero Tolerance Policy
The Company does not tolerate any unethical or dishonest behavior, be at any level. The perpetrators will be suspended or terminated or referred to the appropriate authorities.
The following steps will be taken in case of a suspected incident of fraud:
- Investigation of the incident.
- Appropriate action against the perpetrator(s).
- Relevant controls shall be implemented or improved.
- Communication and training to reinforce the Company’s values, code of conduct and policies.
Registering: The Fraud Prevention Officer maintains an internal fraud database where all the internal fraud cases are logged. When a new case is reported, the Fraud Prevention Officer logs the case in the internal fraud database and a number is assigned to the case. This is necessary for the Company to track the progress or review the case later on.
Inquiry: In the next step, the alleged fraud case is reviewed by the Fraud Prevention Officer and Human Resources. The following points are discussed at this step:
- The names of the individuals or departments who will investigate the case;
- The types of resources needed during the investigation;
- How will the committee gather information;
- The timeframe for the completion of the investigation; and
- The format of the results.
Investigation: The committee must be very careful while investigating the suspected fraud so as to avoid unwanted accusations or alerting the suspected individuals that an investigation is in process.
The fraud investigation starts by gathering sufficient information about the fraud, the loss associated with the fraud, who was involved in the fraud and other details.
The members of the Fraud Investigation Team will have free and unrestricted access to all Company records and premises, whether owned or rented. They will have the authority to examine, remove and/or copy the contents of digital and physical files, desks and any other storage facilities on the premises without prior consent of any individual.
The alleged fraudster will not be informed of the investigations during the initial stages but once the committee has a substantial proof in hand.
The investigatory or disciplinary hearings shall be carried out with the assistance and under the supervision of legal guidance.
The Fraud Investigation Team shall timely take into custody all relevant records, documents and other evidence to protect them from being tampered, destroyed or removed by the suspected perpetrators or any other party.
The full records of the investigation shall always be kept securely. The investigations shall be kept as confidential and private as possible to avoid causing any disruption to the Company. Confidential information will be shared only on a “need-to-know” basis.
The investigations shall be completed within thirty days from the date of registering of the case.
The results of the investigations must be duly documented in writing. The report shall capture the fraud incident description, the perpetrator details, the estimated loss and recovery amount (if any), and the resolution.
Once investigations are completed and the report has been collated, the Fraud Prevention team shall take necessary action.
Resolution: Once the investigation is complete and if it proves that the fraudulent activities have occurred, then the Fraud Prevention team shall recommend to the board of Directors of the Company to take the necessary disciplinary or corrective actions as the Fraud Prevention team may deem fit.
Disciplinary or corrective actions may include: employee dismissal; determining whether internal procedures or controls need to be changed; termination or modification of a contract; criminal prosecution, civil lawsuits against the perpetrator to recover stolen funds, disciplinary actions such as termination, suspension, demotion or warnings, etc.
The Fraud Prevention Officer will monitor the implementation of the resolution to ensure that proper corrective action has been taken and report to the Fraud Prevention Committee accordingly. Once the resolution has been implemented, the case can be closed.
Reporting: The Fraud Prevention Officer and the Fraud Prevention Committee will keep track of all cases and timely and periodically submit a report to the Management of ………………. Ltd. about the status and results of the investigations and the corrective actions taken.
The Fraud Investigation Team shall treat all information confidentially and store it safely and securely; the detailed investigation results shall not be disclosed or discussed with anyone other than those who have a rightful/lawful need to know. This is important in order to avoid damaging the reputations of the person(s) suspected, accused or proven guilty.
The Fraud Prevention Committee will not be unfair to individuals who have reported an alleged incident of fraud in good faith. As a policy, the Company condemns any kind of discrimination, harassment, victimization or any other unfair employment practices against the person who has reported an alleged incident of fraud.
The person who has reported an alleged incident of fraud will be kept confidential and his/her identity will be protected to avoid retaliation, threat or intimidation of termination/ suspension, transfer, demotion, and refusal of promotion, etc.
However, any abuse of this protection such as any false or bogus allegations made by a person knowing them to be false or bogus or with a mala fide intention will warrant disciplinary action.
If an employee reports a suspected or alleged incident of fraud for personal gain or to disrupt the working environment or for blackmailing, the concerned person would not get any protection and would also constitute a disciplinary offence.
- ………………. Fraud Prevention Committee
The Company’s Fraud Prevention Committee will ensure the effective implementation of this Policy or any amendments thereof.
The committee shall be responsible for the following:
- Laying down procedures for internal reporting.
- Creating awareness among employees/intermediaries/subsidiaries.
- Furnish periodic reports to the Board of the Directors of the Company.
- Communication About the Fraud
The fraud investigations shall be communicated on a strictly no-name basis and without any references or evidence.
Alleged and/or proven fraud cases (either internal or external) shall be reported to the following:
- Internal Frauds: Fraud Prevention Officer
- External Frauds: Fraud Prevention Officer
The fraud incident reporting shall take into account all crucial details regarding each fraud incident, description of the incident, fraud perpetrator details, loss estimates and recovery, and proposed or completed actions taken.
Any public communication or statements made by the management to the press, law enforcement authority or any other external parties in relation to incidents of fraud shall only be made by authorized spokespersons and after approval from the Fraud Prevention Committee and Management.
- Policy Document
The management of the Company shall inform the clients as well as employees about this policy or any amendments by uploading this policy on the Company’s web-site.
The Fraud Prevention Committee of the Company is responsible for the revision, interpretation and application of this document. This document will be reviewed and revised periodically. Any revised version shall be submitted to the Board of Directors of the Company for review and for final approval.