Fraud is on the increase and is now an epidemic costing the UK £110 billion a year, according to the Financial Cost of Fraud 2018 Report. The new 2019 figures from Action Fraud also reveal that nearly £35 million was stolen in cyber crimes reported to UK police forces between April and September 2018. APSE Direct spoke to Pinsent Mason’s Jenny Craven, Senior Associate, and Tom Fayle, Trainee Solicitor, about the fraud epidemic and its growing threat to local authorities.
One of the great financial risks local authorities face is exposure to fraud. The CIPFA Corruption and Fraud Tracker 2018 estimates that the total value of detected or prevented fraud in the UK was £302 million in 2017/2018. While this might appear substantial, when compared to the £110 billion that fraud is estimated to cost the UK per year it barely registers.
The types of fraud that local authorities may encounter vary widely in terms of scale and complexity, from sophisticated external attacks, such as cyber fraud, to more underappreciated, ‘internal’ types of fraud, like employee fraud. Therefore, local authorities must be equipped, so far as possible, to prevent all variants of fraudulent activity and, where fraud is successfully perpetrated, to take the appropriate steps to attempt recovery.
‘Invoice hijacking’ is one of the most difficult forms of fraud to guard against, typically being where an email account is hacked and a legitimate invoice is replaced with one where the bank details have been amended to those of the fraudster. In many cases, victim organisations remain unaware for some time that their systems have been compromised, allowing significant sums to be diverted. Often, the most effective means of preventing such attacks are the simplest. For instance, a tried-and-tested strategy, when transferring large sums of money, is to send a token payment first and only to send the remainder once confirmation from the intended recipient has been received. This idea underpins the ‘confirmation of payee’ checks, where banks will check that account names match up with account numbers, that were due to be introduced in 2019 (now likely to be implemented in 2020).
On the other end of the scale, fraudulent claiming of expenses, and similar internal employee fraud schemes, can be no less effective a drain on local authority finances; indeed, often more so since there is a natural presumption of trust between employer and employee which allows for long-term abuse of that trust. Whether it be the inflation of legitimate expenses claims, failure to repay advances on wages, or claiming illegitimate overtime (to name but a few), these activities often go undetected. Again, the key to early detection is to have robust, simple procedures in place to audit internal finances and properly flag potential issues.
Another form of fraud that can be notoriously difficult to detect and investigate is procurement fraud, a term that covers a broad range of issues. A classic example is where suppliers inflate invoices, but it can also involve elements similar to internal employee fraud, as above, where members of the procurement team are complicit in bid-rigging or purchasing unnecessary goods or services. In instances of the former, having clear and easily accessible records of agreements and correspondence allows discrepancies in invoices to be identified. The latter is much harder to address, but requiring employees to declare conflicts of interest and giving the authority’s anti-fraud personnel adequate powers of oversight are a good foundation on which to build.
A related issue for local authorities to consider is the prospect of bribery. Although not all of the offences under the onerous Bribery Act 2010 are likely to apply to a local authority (one notable example being that the section 7 offence of a commercial organisation failing to prevent bribery arguably does not apply to statutory bodies), they should still be aware of the risks. Chief among these are reputational issues, such as the embarrassment caused by a local authorities’ association with a contractor who is found to have contravened the Act. One way to address this is to require an explicit right to audit the contractors’ books and treat contraventions of relevant anti-corruption requirements as events of default leading to termination of contracts. Whilst this would not necessarily prevent bribery, it would indicate that the local authority had taken appropriate steps to discourage such activities and that it had appropriate means to respond.
Although the risk of fraud can never be wholly eliminated, no matter how rigorous the safeguards, a significant part of the problem frequently stems from an inadequate identification of risk. Being able 17 to comprehensively map supply chains and potential sources of risk can allow for effective monitoring and precautions which could make all the difference. Whilst complex fraud is a real possibility, most instances occur where the basics have been neglected.
In all cases, complex or simple, the element that victim organisations most consistently neglect is what to do once the fraud has been discovered. There is a wide range of options. The most obvious is to report the fraud as a criminal matter. Historically, this meant simply contacting the police. However, under severe budgetary constraints of their own, the police often do not have the resources to investigate allegations of fraud, particularly complex cases. Action Fraud has increasingly taken on the role of a triage system, allowing organisations to report cases and escalating them where necessary, but this does not circumvent the budgetary difficulties that can hamstring the police’s ability to pursue cases. A further element to consider is the practicality of a criminal investigation, since the amount of time elapsed prior to discovery of the fraud may impede the police’s efforts and evidence in such cases can be scant regardless of how promptly they are detected.
Therefore, whilst reporting cases to the police is an important avenue, the option to pursue a civil claim in tandem should not be forgotten. Civil remedies are an essential, yet much underutilised, weapon when dealing with the aftermath of fraud. There is a broad range of interim remedies available to support civil claims. Freezing orders are just one example; these allow stolen funds to be preserved in the recipient bank account until the claim is successfully concluded, whereupon the judgment can be enforced against the account and the funds returned. If civil remedies were more routinely used, it is possible that this would have the broader effect of deterring would-be fraudsters; at the very least, victim organisations can boost their chances of recovery and their efforts could unearth information that could support any criminal investigation.
In order to give local authorities a much-needed edge, APSE’s upcoming Civil and Criminal Fraud Investigations 1-day awareness training sessions offer those on the front line of anti-fraud efforts the opportunity to gain greater familiarity with the threats that they face. Experts from APSE and Pinsent Masons, an international law firm with sector-leading expertise, will offer insights into how best to prevent, identify and remedy instances of fraud when they occur. There will also be an exploration of the pitfalls that organisations commonly fall into.
• 16 October 2019, Glasgow
• 23 October 2019, Manchester
• 22 November 2019, Central London
For more information about the course, and to book your place, please visit the APSE Training webpage. Alternatively, please contact Head of APSE Training Fiona Sutton Wilson on 0161 772 1810 or email FSuttonWilson@apse.org.uk.