By Danny Boles
Head of Special Investigations Unit at Vhi Insurance & Forensic Accountant
In the previous article on Fraud Risk I talked about the Fraud triangle and how I have moved from the traditional approach of Opportunity, Rationalisation and Pressure to Risk, Opportunity and Reward. The main difference is why people commit fraud v how to protect your business. The previous article (part 1) on fraud risk can be seen by clicking on the following link, How to Reduce Fraud Risk Part 1...
So what does a fraud model look like and why should a business have one? In simple terms a fraud model is a capture of all the coordinated proactive approaches and activities to mitigate the risk by focusing on deterring and preventing fraudulent behaviour. There are various methodologies and approaches that can be adopted and this will be unique to each business depending on the product and associated risks. People often get confused about deter and prevention. Don't they mean the same? Well no. To deter means that no activity has taken place and the fraudster has decided not attempt fraud against your business (difficult to measure). One definition is discourage (someone) from doing something by instilling doubt or fear of the consequences. This has to be the ultimate goal of fraud and crime prevention.
Whereas, for prevention an attempt of fraud has taken place but the business processes are robust enough to identify the suspicious transaction and prevent payment.
Before you can develop a fraud model you need to fully understand and acknowledge what are the issues, problems, exposures and risks that currently exist.
Understand the problem.
- Identify and define the problem
- Understand the problem - do you really understand?
- Detailed analysis of the problem and determine the risk
- Develop and quantity solutions with proactive activities
- Implement solutions
- Evaluate activity - is it working?
You will then need to put yourself in the shoes of a fraudster and look at your own business and say to yourself "why shouldn't I target this business". What will make you think twice and if you cannot answer that question then you probably do not have a focus on deterring fraud. Deterring factors could include a business policy of pursuing offenders via the criminal and civil legislation, imposing penalties such as interest, cost of the investigation on top of any loss that is suffered. But you also need to publicise what your business approach is to fraud management so the fraudster knows in advance as to the consequences of his actions if he targets your business. Whether, this is on your website or in the media you want to plant the seed (but also implement) that your business takes a tough line on fraud. In this example, you are in the minds of the fraudster and you highlighting the risks involved. By focusing on the risk, opportunity and reward as detailed in the previous article you can make your business a less attractive proposition for fraudulent activity. Let's face it, would you rather deter and not be a victim of fraud or become a victim and investigate and try to recover any losses?
Other elements of a fraud model should include detecting fraud, investigating and ensuring that corrective actions are implemented.
In order to capture what you should be doing in a fraud model there are three key areas of controls - Organisational, Situational and Societal. If you work for the Special Investigations Unit, just remember that the fraud model should involve the wider context and requires involvement and support from other departments to make it a success.
As this is a vast area I will only provide examples to get you stated.
Review the business controls and identify where improvements can be made. This could include the culture and business targets and are they aligned across all business areas and if not what can be done - An inter department SLA?
Employee training and awareness programs. Are your employees aware of the fraud risk, do they know how to report, is there a whistle-blower confidential line etc. Do investigation staff have the required expertise to investigate fraud? What up-skilling is required. In my own personal experience I have recently qualified as a forensic accountant (with Chartered Accountants) along with colleagues and this was an activity on the fraud model.
Other areas of consideration are communications (internal and external), use of data analytics, Investigation casework process, auditing to ensure adherence and identify improvement opportunities, and implement international best practice etc.
This area relates to targeting hardening and making it more difficult for offenders and supports the objective of deterrence and prevention of fraud.
The key focus areas are as follows:-
- Reduce the opportunity- Review current business processes and identify any gaps. What improvements are needed?
- Increase the risk of being caught- increased volume of audits
- Recovery process- civil recovery process in addition to criminal proceedings.
- Raise awareness externally- use of media, articles, brochures, meetings. Get the message out there as to what you are doing to make it more difficult for fraudsters and the consequences of targeting your business. See following examples:-
The is an area of focus external to the business where societal and environmental factors can support the business objectives to reduce fraud. Areas of consideration are as follows:-
- Legislation- what exists that can be used by the business. For example the Criminal Justice Act, Section 19 which places an obligation to report cases of fraud where there is information of material assistance to Garda Siochana. How can this be used to your advantage?
- Technology- What technology exists or has been developed that can help your business. Data Analytical tools to assist in identifying trends?
- Protocols- What protocols do you have with other governing or law enforcement agencies that facilitates the legal sharing of information, best practice and intelligence?
Hopefully this article will provide an insight into the process that I have adopted over the years that can be adapted to suit any business type. In 2015, the Special Investigations Unit from Vhi were awarded investigator of the year award at the Health Insurance Counter Fraud Group i(UK and Irish Health Insurers) and the fraud model activities contributed to that success.
I have only provided a taster to get you thinking of what you can do to take action. Fraud modelling is a vast area and in my experience does provide a business focus to reduce the risk of fraudulent activity and also assist with investigations. You need to make it happen and if not you will be the weakest link and will be easy pickings by fraudsters. Don't let that happen and close the gate before the horse bolts.