Last month a law firm employee was convicted and sentenced to four years in prison after siphoning charity donations over a 13-year period. Effected beneficiaries included Cancer Research, Great Ormond Street Hospital and local hospices along with various animal charities.
The employee, along with an accomplice, abused their position as a probate manager whilst operating across two different solicitors’ firms embezzling money from 23 estates between 2006 and 2018.
Fraudulent payments were disguised as gifts or debt settlements with the employee writing cheques to the accomplice, avoiding raising suspicion by specifically targeting estates with no living relatives and thus minimal external oversight.
The offences were finally discovered when the individual moved firms and irregularities were uncovered when a £5000 payment to the accomplice was uncovered, triggering an audit where the scale of fraudulent activity was revealed.
With the increasing scrutiny legal practices are finding themselves under, it’s essential to regularly assess how robust your firm’s anti-fraud practices are, both in relation to external threats and, as is increasingly the case, internal threats.
Days before the conviction was published in the mainstream press, compliance firm HiveRisk hosted a free, in-depth webinar in which technical director Gavin Ball, along with Peter Taylor, ACFS (AKA ‘the fraud guy’) and counter fraud specialist Nina Dayal covered the essentials on fraud and how to immunise your business against it.
One of the areas focused on was – opportunity. This is usually a failure of processes; a lack of supervision, inadequate documentation or weak accounting measures. This can often be a top-down issue with management allowing or encouraging a lax approach to ethical standards and practices.
The Fraud Triangle
It’s incredibly rare that large-scale frauds develop in a vacuum; research conducted by criminologists Edwin Sutherland and Donald Cressey showed that individual acts of fraud are rarely the direct result of inherent personal traits, but rather are highly influenced by conditional environmental factors. As such, many frauds often require one or more conditions of ‘the fraud triangle’ to be met.
- Opportunity – This is usually a failure of processes; a lack of supervision, inadequate documentation or weak accounting measures. This can often be a top-down issue with management allowing or encouraging a lax approach to ethical standards and practices. This is something all compliance teams should be aware of, in that it’s not merely a case of drafting watertight policy, it’s also a matter of encouraging management into both adopting and disseminating said policies amongst staff. If there isn’t a strong internal control system some people, as was the case with Ms Porter, can use their knowledge to identify and exploit weaknesses in the system.
- Incentive or pressure – This is harder to quantify as companies cannot know what external pressures employees may be experiencing (e.g. gambling addiction or other mounting debts, threat of unemployment etc). There could also be an inbuilt incentive within the company to resort to underhand tactics (for example, bonuses linked to financial performance which might encourage employees to ‘caress’ their figures). This is why it’s important for companies to constantly be evaluating and making the distinction between healthy and unhealthy competition. Also, it’s crucial to foster an open-door policy to reporting issues/potential breaches. Specifically, if an employee feels they can freely and openly discuss issues or problems before they escalate, it’s far easier to provide solutions. A culture of transparency is a vital part of helping to prevent fraudulent behaviour down the line.
- Rationalisation – Given enough time, people can convince themselves of almost anything if unchecked. Related to the top-down examples set by management we discussed earlier, if employees observe that senior staff routinely bend or break the rules, it makes it easier for them to justify similar behaviour to themselves. Further, if an employee deems fraudulent behaviour as necessary – for example, a fraudulent act could provide a net-positive for the business -, or perhaps they might consider it a harmless or victimless crime (‘A small embezzlement wouldn’t even register against this huge multi-national…’) Disgruntled employees might also be able to rationalise frauds if they felt an employer was treating them unfairly.
This is something all law firm compliance and management teams should be aware of, in that it’s not merely a case of drafting watertight policies, it’s also a matter of encouraging management effectively implementing and enforcing these processes. If there isn’t a strong internal control system some people, as was the case mentioned above those with opportunity can use their knowledge to identify and exploit weaknesses in your system. An independent fraud review could help you see threats hiding in plain sight.
For a more in-depth look at criminal behaviour in law, what expect and how to immunise your business against fraud, be sure to watch HiveRisk’s free webinar ‘How to rip off the business: A masterclass in Fraud Threats and Vulnerabilities in Law Firms’.