Fraud Symptom 7- Ineffective Human Resources Function

Every organization wishes to be a great place to work as it can attract and retain the best talent. Every employee wishes to work in an organization, which has a good work culture as s/he get fair treatment, growth opportunities and remuneration. In this one aspect, management and employees are in complete agreement as it benefits both. The key player for achieving this goal is the human resource function. However, an ineffective human resource function can cause the most damage not only for achieving business targets but also for also increasing fraud risks.

As I had mentioned in the earlier post – “Employee Disengagement Risks” as per Blessing White Employee Engagement Report Survey 2011, in India 37% of employees are engaged and 12% are disengaged. According to surveys conducted by LSA Global Learning Solutions, “lower employee engagement scores result in: 12% lower profits, 19% lower operating income and 28% lower earnings per share.Kroll Global Fraud Report 2010 states that in India, in 48% of the cases, the key perpetrators were employees. Hence, the question that needs an answer is how does this increase fraud risks?

1.   Recruitment & Selection Process

Human resource department (HRD) along with the business teams is responsible for recruitment and selection of the resources. In India, this becomes especially critical as human resource survey reports indicate that 25%- 30% candidates submit fake or inaccurate resumes. The second aspect is that with the increase in financial crime and terrorist threats, the organization becomes more vulnerable. Organized crime groups infiltrate companies to give a cover to their sleeper agents. Financial institutions are the most vulnerable, as understanding the systems also helps the crime groups in money laundering and organizing funds for their activities.

Under such circumstances, the HRD role is critical. HRD is responsible for background checks of the candidates. Any lapses in the process can cause high risk to the organization. Here are some examples of what can go wrong-

a)   Hire people for critical positions without verification – For example, risk management functional heads and second-in-commands positions are critical. They are subject to stringent checks. Without background verification, they shouldn’t he hired. In one organization, my superior was hired without any verification whatsoever. When his name was announced, me being a nosey parker did an independent personal verification and was quite amazed that he was hired since his professional background didn’t fit. I decided to give benefit of doubt and see for myself. Within a week of his joining, I knew that he didn’t even have the fundamentals of the areas I was managing. I thought he knew about the other areas of the department. My colleagues in that area informed me that he was clueless about their area. There was absolute chaos in the function, because he refused to take responsibility for any work whatsoever.

b)  Hire people for critical position with insufficient verification – For example, an executive assistant was hired for a senior manager without checking criminal records. She was previously involved in a high profile data theft case. On investigation, it was found out the vendor who was conducting background verification for the organization, didn’t even have an office in the city. The vendor was just generating verification reports with superficial checks.

c) Hire people knowing they have submitted false information – For example, in a case I found out that the new candidate was a plant by someone, most probably with the knowledge of local HRD team. The employee was subsequently found to be involved in a huge fraud.

Hence, if HRD team looks the other way or doesn’t put in effective measures for background verification, things can really go wrong for the organization. The fraud risks increase quite significantly.

 2.   Working environment

As I repeatedly say, organization culture makes or breaks the organization. Employees work best in an environment, which is free and fair. Even perceived unfairness by senior managers can cause the work culture to deteriorate. UK and US studies show that nearly 50% of the employees reported being bullied. In Asia where focus on organization culture is still in nascent stage, the percentages are higher. Now HRD has the role to provide a safe working environment. Any lapses from its part can cause a chain reaction in the organization and give encouragement to others to show deviant behavior. Here are some examples of it.

A senior manager has better relationships with the HR team than the juniors do. I would say, in some context HR team is there to protect the senior managers. However, when it is apparent that a senior manager is unethical, and a junior is ethical, HR should ideally arbitrate disagreements fairly. However, if it knowingly supports the senior manager in forcing the employee to leave his/her job, then incorrect messages are sent across the organization.

The second problem arises when HRD commences, participates or encourages top end mobbing. The report –Women and Workplace Mobbing by Dr Jocelynne Scutt states –

The politics of ‘high end’ mobbing are important to fathom, because this type of bullying is generally directed at change makers or change agents. If change agents are halted in their tracks, change will be stultified and the hopes we have for a different world, where bullying, abuse, discrimination, prejudice and bias become of historical interest only will be stymied. The hopes we have for construction of a world where disadvantaged and dispossessed groups are elevated to equality, and the misuse and abuse of power is ended, will not be fulfilled”.  

In such a case, the target is being an effective change agent that certain senior managers do not wish to occur since it is against their personal or political agendas. The message is sent across to attack the target, the abusers will not be prevented or stopped and will be provided protection. In such situations, the victim does not have any recourse with the HRD department, as they themselves are supporting the mobbing.

In such situations, the organization culture becomes deviant and aggressive. Employees are concerned about their safety. They face a psychological battle on whether to report or not to others. Read the article “Whistleblowing – The Psychological Paradox” to understand more.

The target employee may leave the organization or maybe forced to leave. Situation worsens when the mobbing continues after leaving the organization. Employee can be stalked; his/her reputation ruined and/or is given negative references on prospective jobs. If other employees know of such instances (sometimes there are more than one) they are terrified of facing the same situation. Hence, the senior managers responsible for initiating mobbing keep control of the others from reporting to other seniors by way of threat and punishment. The target employee is basically the sacrificial goat to ensure silence of others.

This is kind of worst-case scenario and the organization has extremely high fraud, legal and reputation risks.

Recommendations

 a)    Organizations must implement policies, procedures and systems for proper background verification of employees.

b)    HRD function must build a healthy work culture within the organization and maintain impartiality.

c)    If HRD team is participating in damaging work culture or mobbing etc. the individuals must be terminated.

d)   Organization must implement internal whistle blowing system that is not directly dealt by HRD team.

e)    Senior management must review the whistle blowing information on a monthly basis and ask the audit committee to independently investigate the reported cases. Investigation reports must be reviewed by senior management.

To read more articles on Fraud Symptoms, click here

Identity Theft at Banks

Last few weeks the news is that the top banks are doing massive job cuts to reduce operating costs. In my view, cutting jobs is a desperate move and not the best way to reduce costs. As a tactic to cut costs, it should be used last because of the long-term repercussions on employee morale, organization culture and performance. Thoroughly explore other aspects or line items to determine whether costs can be reduced in other areas. One of the areas where banks are facing a problem is the increasing amount of frauds, especially identity thefts.

I am using the report “Measuring Identity Theft at Top Banks (Version 1.5)” prepared by Chris jay Hoofnagle to support my argument. Secondly, the Fraud Survey 2010 conducted by SMG Group is relevant. Although the reports provide a little old data, I recommend both of them for a read to banking industry professionals. Below are some of my points.

To give a backdrop, according to the survey findings 76% of the frauds are detected in banks when the customer notifies the bank. This doesn’t reflect very positively on the fraud prevention measures put in place by the banks. An organization has high fraud risks for three reasons:

1)    Senior management is not committed to preventing frauds

2)    There is insufficient investment in technology and systems to detect and prevent frauds.

3)    The fraud investigation teams are either incompetent and/or deviant.

Chris Hoofnagle study states that the biggest banks are having the largest problems (page 16). Now this is interesting, because large banks would have the money to invest in technology and systems to prevent fraud. Hence, why are they failing?

On page 20, the graph titled “Top Credit Card Issuers by Volume, 2006” depicts an interesting picture. Quote from the report –

“When the estimated annual events are applied to the top ten credit card issuers according to the Nilson Report, by volume of cash advances and purchases made in 2006, American Express emerges as the least likely to suffer an identity theft event, followed by USAA. While Bank of America ranked highly in overall events, adjusting for credit card volume, Wells Fargo, HSBC, and Capital One emerge at the top.”

See the graph below, which gives the number of fraud events per billion in annual volume.  The top 25 banks in US accounted for 49.9% of identity theft complaints.

A second graph on page 22 gives a comparison on the top 25 banks identity thefts per 1000 customers, including the difference between retail depositors. Again, the top banks are doing badly. See the graph below:

Now in my view as most of these are credit/debit card frauds, then controls need to be put in place here. In credit/debit card frauds, the most frequent is that of “Card Not Present”. This can be through either internet or telephone banking. Now to actually verify the authenticity of the customer, banks must ask a series of questions from the customer – name, date of birth, place of birth, address etc. Secondly, for cards additional information needed is- credit card numbers, credit card holder name, expiry date and CVV number. Now how difficult is that to check and control. Why are fraudsters able to use Bin Card generating software and get away with millions in fraud?

In my view, something is not right. Banks should focus on reducing fraud costs to improve operating profits. What do you say?

References:

Measuring Identity Theft at Top Banks (Version 1.5) by Chris Jay Hoofnagle –
University of California, Berkeley – School of Law, Berkeley Center for Law & Technology

2010 Survey Results- The Faces of Fraud- Fighting Back by SMG Information Security