According to the Association of Certified Fraud Examiners, payroll fraud accounts for 8.5% of occupational fraud globally, with the average payroll fraud incident costing organizations £57,000.
While those figures might seem barely worth mentioning in an age when annual fraud losses total in the billions, it’s important to remember that the volume and value of fraud has hit unprecedented highs in the past decade. Fraudsters are more creative, determined and sophisticated than ever before. That’s bad news for organizations trying to protect their finances and their reputations while also running a business.
Ultimately, no fraud threat is too small to consider when evaluating security, including payroll fraud. So let’s take a look at the case of UK delivery company Yodel, which was defrauded of more than £300,000 following a Ghost Payroll Fraud incident.
The fraudster in this case duplicated redundancy payments to genuine employees who had lost their jobs. These payments were then paid into eight separate accounts held by the fraudster, along with multiple accounts belonging to family and friends.
There are a number of valuable lessons that can be taken from this case – actions that should have been taken in the three biggest areas of fraud protection (people, processes and technology) that could have prevented this fraud event from even taking place. By making sure attention is paid to these key areas when dealing with matters of payroll security, organizations can hopefully prevent such a fraud from happening.
Lifestyle and background checks of employees should be conducted to identify any disparity between an individual’s lifestyle and/or purchasing habits with actual level of income. Extending this reporting to relatives and friends could have enabled this fraud to be flagged earlier.
Companies must carry out sufficient diligence such as checking DBS and legal databases during the recruitment process. For example, the company that subsequently hired the fraudster may have carried out insufficient due diligence, or else they would have been aware of issues related to his work history and likely wouldn’t have hired him.
Segregation of duty is a critical control when it comes to preventing fraud. Having the HR department manage employee redundancy and the finance team make the payments is the appropriate approach, providing a necessary check and balance in the process. Something was missing in that check and balance system for Yodel, providing a loophole that enabled the fraudster to be successful.
An integrated process would have matched the list of affected staff against actual payments. An additional reconciliation of total expected redundancy payments against actual payments would also help to trigger an investigation at the earliest opportunity.
Had an effective transaction monitoring system been in place it would have flagged suspicious transaction patterns, such as payments being made to unrecognized accounts, recipients not on the redundancy list, or multiple payments listing the same beneficiary, and would have prevented them from being paid.
Reconciling the claimed recipient of funds with the actual bank account details would have highlighted an exception case to be investigated.
A “people, process & technology” approach to fraud prevention is one of the easiest and best methods to protect your organization against all types of fraud threats, including ghost payroll fraud. It’s a methodology that ensures that all aspects of security are considered in complex environments where oversights can easily be made. By taking this approach it’s possible to detect key warning signs and help prevent fraud before it can take place.