Opportunity for Fraud

Employee fraud, theft and dishonesty are not new concepts. Employees most affected by financial uncertainty face mounting pressures in times of economic downturn. These pressures are typically amplified by socioeconomic-related influences, often lifestyle or dependency-driven in nature.

While there are many factors that may lead employees to commit these types of acts, a combination of socioeconomic-related influences and work-based opportunity is largely what drives employees to harm their companies through incidents of employee fraud and dishonesty.

While the motivation for committing these acts is largely unchanged over time, the medium through which they are committed has changed drastically. Gone are the days when employee dishonesty required a person to physically break into the company safe, write fraudulent cheques or hand over a bribe in cash – though these acts certainly still occur. Today, company assets can be diverted, secret commissions and kickbacks can be paid, and payroll can be manipulated, all seemingly without a trace.

Cheque forgeries have become more refined, and confidential documents can be stolen without walking out the door with a conspicuous stack of paper in hand. One need only look to the allegations of fraud and corrupt practices that SNC-Lavalin Group Inc. is facing, or on a smaller scale, the $2-million employee fraud that occurred at York University in Toronto, to see the ease with which fraud in the workplace may be perpetrated.

TECHNOLOGICAL LEG-UP

The assistance of increasingly sophisticated technology provides greater opportunity for employee fraud to be committed discreetly, making recovery also more difficult as fraud, theft and dishonesty are harder to trace to a specific perpetrator, and funds or assets, if stolen, can be easily moved out of the jurisdiction.

However, there are measures that businesses can employ to reduce the risk of employee dishonesty and related losses, as well as increase the chances of recovery. A number of risk management tools are available to employers, including increased screening of all potential employees at any level of employment, monitoring for sudden lifestyle changes or general behavioural changes, financial cues such as difficulty reconciling the company’s financial information, ethics training and insurance-related products.

In addition, internal technology policies and whistleblower protection programs are important tools that can assist companies in reducing the opportunities for employee fraud by providing a mechanism for oversight and surveillance.

Technology policies require specificity as to the types of technology and/or media covered by the policy. It is important to outline what, if anything, an employee has a reasonable expectation of privacy over, in relation to e-mail accounts and any use of company property, including computers, laptops and mobile devices.

This has become increasingly important as many businesses are moving towards allowing employees to use personal devices for employment purposes to remain flexible and in step with technological advances. Such “bring your own device” policies carry with them inherent monitoring difficulties and privacy considerations.

In addition, whistleblower protection programs encourage employees to report wrongdoing within the company. Such programs ensure that any reported concerns raised by whistleblowers are taken seriously and are thoroughly investigated, resulting in a final report or finding with respect to the investigation.

PROPER IMPLEMENTATION KEY

As with any internal policies and procedures, however, these tools are only useful if properly implemented and maintained. Companies should seek the assistance of

employment counsel when drafting and updating such policies, and when conducting investigations pursuant to these policies, to minimize the associated risks.

For example, internal technology policies must be drafted with a recognition of the competing privacy interests of employees, and should be regularly updated and brought to employees’ attention. Failing that, employers may find themselves subject to damages for claims for breach of privacy.

Conducted improperly, investigations could lead to claims of harassment or discrimination. Perhaps most important, a proper investigation will minimize the risk of wrongful dismissal claims brought by former employees, and increase the ability of employers to defend against them if those individuals involved in the fraudulent misconduct are terminated from employment.

Employment counsel can also provide guidance as to whether the fraud or theft provides sufficient grounds for dismissal, or whether other disciplinary measures are more appropriate in the circumstances.

It is exceptionally important for companies with global operations to obtain the advice of employment counsel well-versed in multi-jurisdictional employment law issues to ensure the various policies and programs are compliant with local laws.

For example, there may be issues regarding the employment and monitoring of local employees for operations in foreign jurisdictions, particularly in countries where there is a significant focus on governmental oversight, or where there are more lax regulations, thereby providing local companies with greater opportunity to use local employees as pawns for fraudulent activities, including corporate espionage.

SECONDARY LINE OF DEFENCE

Even with these measures in place, including strong internal control mechanisms to segregate duties and internal authority, it is naïve to assume employee theft and fraud will not occur. Fidelity insurance provides a secondary line of defence against such misconduct.

Crime insurance policies, among other types of fidelity insurance, can act as a shield for companies against the potential harm that is caused by employee theft and fraud.

Crime insurance policies typically protect the insured from financial loss due to dishonest acts of employees. This may also include coverage for certain types of acts of non-employees, including loss associated with theft of property located on the insured’s premises or while in transit, loss as a result of forgery or alteration of negotiable instruments, and loss from electronic funds transfer.

Employees are specifically defined in this type of policy, and generally include those who are compensated by salary or commission and are directed by the insured in the performance of their service. As such, businesses that utilize independent contractors should carefully consider the compensation, capacity and governance of any such “contract” employees.

While there is some variation among the forms of coverage available in the marketplace, in general, a dishonest act is an act committed with the intent both to cause the insured to sustain a financial loss, and to provide a financial gain for the employee, which is outside the scope of normal employment compensation. Crime insurance policies will generally cover property owned by the insured, property of third parties held by the insured in any capacity, and property for which the insured is legally liable.

Such policies generally require the insured to provide the insurer with written notice as soon as practicable, but no later than 60 days after the loss is discovered. Policies also require that the insured provide a proof of loss within six months of discovery.

From a timing perspective, whether or not the financial losses sustained are covered depends on the type of policy: “loss-sustained policies” cover losses that occur and are discovered during the policy period, while “loss-discovered policies” cover losses that occur at any time, but are discovered by the insured during the policy period.

FIT TO RISK

As with any insurance policy, it is important for a company to tailor its crime insurance policy to unique risk profile and exposures. For example, careful consideration shou ld be given to a business’ global footprint since crime insurance policies often have territorial limits, although such limits may be expanded worldwide.

Another area companies should consider is exposure to cyber and privacy risk. Increasingly, sophisticated technology has not only amplified the risk of occurrences of employee fraud and dishonesty, but also carries with it cyber risks with regard to confidential information.

The data breach at retailer Target provides a prime example of the severity of this risk. Traditional crime insurance policies require intent and/or financial loss, and only cover money, securities and tangible property.

Companies in many industries conduct transactions using a computer network, and may want to consider special network security and privacy insurance products to cover such exposure. It is, therefore, important for companies to properly defend against the growing threat of cyber risk by looking beyond the traditional suite of insurance products.

VALUE OF INTERNAL POLICIES

Properly implemented internal policies will help reduce the risks of employee-related fraud occurring, as well as minimize exposure to employment law claims.

Where fraud and dishonesty occur in spite of strong internal control mechanisms, fidelity insurance products will help to maximize the likelihood of recovery and to reduce a company’s overall loss.

Appropriate external legal review of both internal corporate policies and insurance policies will help to ensure that the two dovetail in providing coverage to prevent gaps in company protection.