Unless you’ve been living under a rock for the past year or avoiding the news for fear of being bombarded with more Brexit doom and gloom, you’ve likely heard about the controversy of Patisserie Valerie and a suspected £40m fraud involving finance staff and a supplier.
In case you hadn’t heard, the bakery chain found itself in a spot of bother at the start of the year after the discovery of a multi-million-pound black hole in its accounts under its previous parent company Patisserie Holdings.
Business and accounting fraud (suspected in the case of Patisserie) is a serious problem across the country, but you have to question how many businesses are setting themselves up to be victims.
Whether it’s under pressure finance teams dealing with hundreds of invoices a day being expected to spot fraudulent invoices by sight, the fact that accounting and business fraud has become a booming business for organised gangs, or that many businesses have started using online payments and credit cards to make purchases – the opportunity for fraud has never been more prevalent.
Business fraud is much easier than you’d think
All a criminal has to do is send you a letter, or a “spoofed” email, asking you to change the bank account detail of one of your larger suppliers. It looks legit, the change is made, and payments run in the normal way.
The first time you find out about it is when the major supplier calls to say they have not been paid.
If you don’t call your supplier every time a bank account change is requested, you have the increasing risk of being victim.
But how could you not notice a fraudulent invoice, letter or email you ask?
The finance team gets an email from the CEO, asking you to make an immediate payment to a business. The invoice is attached to the email and the bank account details included in the email and on the invoice. What do they do?
This email is one amongst hundreds of requests being dealt with and the team is under pressure to get through a backlog of other payments. Unfortunately, because the team is human, it’s entirely possible the payment gets made.
And in many cases, it is.
This is a very common fraud, because it works. The CEO’s email has been “spoofed” and sent by the fraudsters in the hope you will do what you have been told, no questions asked.
Business credit cards creating vacuum of payment data
But, while fraud from external threats is high, the threat from within – from employees – has certainly never been higher. Fraud costs UK businesses £190m a year – according to NatWest – with 40 per cent of that suspected to involve companies’ own employees. According to Action Fraud, businesses reported £88m of insider fraud in 2018.
This risk has come from the rising number of companies allowing employees to make purchases for the company online from the likes of Amazon or Office Depo, using corporate credit cards to make payments.
Buying online is growing exponentially.
Staff love it because it is simple, fast, the stuff turns up quickly and in almost all cases, it will be cheaper than the “usual” bricks and mortar supplier. What has happened on the high street is now happening with businesses.
But unless an organisation has a formal process, there is no record of what was bought, who bought it – or even where it was delivered to, apart from a value transaction on the corporate card statement.
If you look at the elements of the Fraud Triangle, introduced by Joseph T. Wells in 1997, people (even good people) would be likely to commit a crime like fraud if presented with the Opportunity, Pressure and the ability to Rationalise their actions.
How many of these three points are being fostered in businesses?
Without question, the potential for employees to commit fraud has increased. Businesses need to create stricter rules over approvals, or invest in automated technology which can better identify fraudulent invoices.
Why aren’t companies investing in prevention?
If we’re talking about employee fraud, then obviously you have to put the blame squarely on the employee.
But for preventing fraudulent activity from outside of a company it is wrong to put the blame solely on employees. The fact is, fraud is easy to get away with and it has become a big and sophisticated business.
If a company is going to rely on employees alone to validate invoices (where they came from, is it formatted correctly, is the bank account information or corporation number correct) keeping in mind fraudulent invoices are one among hundreds, then companies must start to take some responsibility.
By using automated invoice processing, technology can be used to identify any discrepancies on an invoice (even if it looks valid with the naked eye).
Automation doesn’t take over the whole process, but it can more reliably flag discrepancies and ensure payments are withheld while the exception is investigated and dealt with.
How can automated Accounts Payable help prevent fraud?
How often do you make duplicate payments to suppliers – process the original invoice and the duplicate because the first “got lost”, or suppliers billed twice in the hope both invoices are approved and paid, or just someone sets up a fictitious supplier account with low value invoices every month below the formal approval process threshold?
These are all successful ways in which criminals are committing invoice fraud against businesses.
And while it seems obvious that these tactics should be caught, stressed employees cannot be expected to catch everything.
A correctly set up automated AP system on the other hand can catch any abnormal accounting behaviour or data anomalies and instantly flag them to be checked. With employees freed from the shackles of approvals and data entry, they can investigate exceptions and ensure unauthorised payments aren’t made.
Automated AP can also create transparent audit trails of invoice approvals. As the invoice moves through the workflow, everyone is kept up to date about who is authorised to sign off particular spend, who the invoice is with, and whether the payment has been made.
The problem is whether businesses are willing to make this investment in their accounts and finance teams. It might seem like an expense (finance is a back-office function after all, right?) but considering the sums at stake in the Patisserie Valerie case, spending some money to prevent fraud seems like a preferential alternative.
Neil Robertson, executive chairman, Compleat Software