Although occupational fraud, i.e. internal fraud committed by abusing the position held within a company, is a major concern for all companies, it does not seem to receive the attention it deserves.
The underlying motive might be that business professionals still think of fraud as an inherent business risk and focus only on their reaction to fraud – usually meaning endeavours to assert either the civil liability of the employee for the damage caused to the company or the (potential) criminal liability of those involved. However, as we will demonstrate below, companies that manage to achieve a more in-depth understanding of occupational fraud often succeed in finding innovative ways to prevent and/or deal with this troublesome issue.
Traditionally defined as the use of the position held within an organisation for the purpose of gaining personal benefits by misusing the resources or assets of this organisation, occupational fraud is one of the most costly forms of fraud, responsible for the loss of about 5% of an average company’s income according to recent statistics.
There are several elements that have transformed this type of internal fraud into a worrying phenomenon for companies. In most cases, the workplace proves to be the breeding ground for those looking to obtain illegal profits because employees (and, in particular, those involved in a company’s procurement process) often enjoy an inherent and necessary trust. However, this trust can be easily abused, for example in the case of employees who have seniority in the company, but also in the case of unusual economic conditions (not excluding the economic situation caused by the new Coronavirus pandemic).
In the special case of managers and directors, occupational fraud may indeed acquire criminal relevance. One example is Article 272 of the Romanian Companies Law, which criminalizes such acts as the misuse of the assets or credit enjoyed by the company for a purpose contrary to the company’s interests or for their own benefit or to favour another company in which they have direct or indirect interests.
However, in the case of a company’s other employees or workers, occupational fraud may acquire criminal relevance only in terms of the provisions of the Romanian Criminal Code (especially those related to embezzlement, abuse or negligence in office), which, however, has not yet been amended to address this alarming reality.
If we also take into account the facts that (i) in most cases recovery of the damage suffered by the company proves to be almost impossible (either due to the existing statute of limitations or to the difficulties in establishing the exact damage, or as a result of the insolvency of the perpetrator of the fraud) and (ii) filing a criminal complaint may sometimes result in more disadvantages than advantages, we fully understand why companies often feel helpless in the face of this phenomenon that causes great damage to their businesses.
However, in order to help companies that are faced with this phenomenon, we suggest a slightly different approach, one which leaves behind the classic distinction between civil liability and criminal liability of the persons who abuse the trust given to them and divert the position held within a company from its purpose. This approach should take into consideration at least the following aspects:
- Internal fraud represents an indisputable reality for any company, regardless of its line of business. The well-known myth “this cannot happen in my company” must be left behind;
- Companies must undergo an honest risk assessment in order to become aware of their vulnerabilities;
- It is advisable to establish an effective system for the prevention of internal fraud (whistleblowing mechanisms, compliance policies, annual declarations of conflicting interests, etc.) and to periodically check the functionality of this system;
- The action taken on suspicion of fraud is just as important: the speed with which the company reacts and the professionalism shown by the specialists involved in conducting a fraud investigation can make the difference between massive financial and reputational damage and a properly managed incident that is not likely to recur in the future.
Properly implemented, these measures usually result in saving considerable amounts of money, but also in eliminating the risk that the company itself will be subject to a criminal investigation. Last but not least, these measures may be the only viable defence mechanism for a company facing internal fraud when the two traditional reactions (asserting the civil or criminal liability of the persons involved) cannot be implemented or are not desired.