What is ‘profiling’ and what can it tell us about fraudsters?
Profiling is where we can explore and model a large amount of data to unravel previously unknown trends, which may help identify fraud. Many organisations develop their own profiling criteria to be used in data matching. The criteria can involve a combination of factors including job role and geography. For example, some organisations use risk profiling as part of their pre-employment screening. Through profiling the job role, home address and workplace address, a potential employer may raise questions as to why an individual would want to apply for a low paid role 30 miles away from his home address, when there is a similar role in an office near his home. Profiling does not identify a fraudster, of course, but it raises questions that could be asked at a job interview. Many organisations use complex modelling to help identify fraudsters within their workplace.
Is ‘profiling’ a worthy exercise?
Professional services firms who consult on staff fraud have often stated that there is no point in profiling fraudsters, as they come ‘in different shapes and sizes.’ However, many organisations I have consulted with use profiling to highlight potential danger zones, help detect fraud at an earlier stage and to increase general awareness. However, when personal data is used for profiling, an organisation needs to remain mindful of privacy and civil liberties. One Government Department has been criticised because they developed a risk profiling criteria based on a basic assumption that a fraud is being committed by certain individuals or groups.
It is understandable that there should be criticism of this approach because the criteria were too widely defined. There must be justification for increased employee monitoring or screening. For example, it is well known that business areas where there is access to customer data are a high fraud risk and there is evidence of increased organised criminal infiltration. These types of areas are suitable to be ‘profiled’ to mitigate the internal fraud risk. Although it is worth keeping an open mind, there is scope for organisations to develop an internal fraud risk profile.
Why is there a lack of employees reporting on employee fraud through either reporting to the chain of command or through whistleblowing?
There is a lack of employees reporting on employee fraud through these means mainly due to the fear of repercussions. Employees not only fear for themselves but for their colleagues. Furthermore, some employees don’t believe that reporting in this way is their responsibility – they don’t regard whistleblowing as necessary or are maybe unaware of what even constitutes a fraud. Moreover, some organisations may not even have formal whistleblowing procedures in place.
It is worth noting that internal controls may have picked up a fraud before staff are even aware that a colleague was involved. This is an interesting point. In one UK Government Department it was identified that they benefited £16 per £1 spent on the operations of a whistleblowing hotline. However, it was proven
better value that for every £1 spent on data matching, they received a return of approximately £25.
Why is there a low reporting of employee fraud to the Police?
At CIFAS, our Member organisations have stated that UK Police forces are generally not sufficiently resourced to take up their cases of employee fraud. However, it is also worth noting that many organisations know that it could damage their organisation’s reputation and have an impact on staff morale by reporting to the Police. Furthermore, other avenues used for reporting, such as the CIFAS Staff Fraud Database, Civil Proceedings or reporting to the appropriate regulatory body are deemed as sufficient. Some organisations I work with find that there is no clear policy on reporting fraud to the Police.