IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
October 25, 2008

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

Too close to home

The now-infamous credit crunch has restricted consumers’ and businesses’ access to funds, in turn creating cash flow problems and stifling growth opportunities. Price rises in ‘essentials’ such as energy and food steal a greater share of our wallets (and the headlines), while share price surges and dips happen in an instant, often with disastrous consequences for their owners, company employees and, indeed, the entire supply chain.

Most people are at least beginning to feel the effects. According to ONS, job vacancies are down 53,000 across the year, with redundancy totals reaching 138,000 in the last quarter alone. Those managing to keep hold of their employment have to squeeze every drop out of harder-earned incomes just to cover rising costs and limited supplies of credit.

Is this a long-term trend? On seeing these numbers, John Philpott – chief economist at the Chartered Institute of Personnel and Development (CIPD) – comments: “These bad jobs figures will not be the last. Even in the public sector, the employment outlook is, at best, flat.” That’s mighty encouraging, then.

As a security practitioner, you’ll be wondering what all of this means in terms of trends in employee-perpetrated financial crime. Of course, it’s easy to find evidence of increased financial crime during strife and uncertainty. Statistics from BDO suggest that employee fraud more than quadrupled in the first half of 2008 as a proportion of reported UK business fraud.

One obvious effect of economics – partly suggested by KPMG’s ‘Fraud Triangle’ – is that whereas in good times dishonest employees were motivated to fund excessive lifestyles, those same (perhaps now struggling) individuals are more motivated towards meeting financial shortfalls. Sure as eggs are eggs, the ebbs and flows of the wider economy will create waves in dishonest activities.

Rising employee-perpetrated financial crime will not just keep pace with a continuing economic downturn and financial uncertainty. Rather, it will accelerate. An insurmountable debt is a far more compelling reason to commit crime than any desire for an enhanced lifestyle.

Resolving financial challenges is also far more urgent. Aspirational gains are sought ‘as soon as possible’ but there’s no penalty for missing that rather loose deadline. The timeframe for paying the bailiff, though, is fixed and usually comes with stiffer, more clearly defined penalties.

Looking for justification

Economic downturns also tend to accelerate employee fraud growth by introducing a new self-justification to fraudsters – their bad tidings were brought about by the Government and the banks, you know. Rationalising the crime by blaming others makes it easier for perpetrators to convince themselves they’re owed this ‘remuneration’ by the employer.

Significantly, in the above examples, an employee’s initial attempt to commit workplace financial crime might arise well into their tenure. Monitoring employees’ changing circumstances with their consent helps breed confidence among the honest workforce, offers a deterrent by demonstrating rigour and encourages employees to disclose potential conflicts or issues at an earlier juncture.

Yet another factor – and this time one easier to combat – is included in the ‘opportunity’ dimension of the Fraud Triangle. Two causes – cost cutting and the urgency for revenues – inevitably put pressure on security measures. Of late, there have been calls to ease regulatory constraints in order to free-up trading and transacting business.

Similarly, many organisations will try to trim what they see as non-profit making and administrative activities. The recruitment process – including employee screening – will be subject to the same scrutiny as other support functions. It’s vital that security managers maintain a particularly watchful eye on any proposed changes that make employee selection less stringent. It’s always worth remembering that the cost of background screening rarely exceeds 5% of the average overall cost of recruitment.

Less control over the workforce

Equally, forecasted growth in the flexible workforce will also take effect. Employers only just facing up to the gaping hole in employee screening caused by lax control over outside contractors will need to source preferred suppliers and temporary workers from trusted, reputable firms with screening capabilities.

For their part, security professionals need to be anticipating these changes to organisational make-up by checking that selection, supervision and access granted to outside contractors begins to match that applied to their permanent counterparts.

Organised criminals and, increasingly, opportunists have come to realise that two hands are better than one, particularly when their insider occupies a role in a Human Resources, Accounts or IT Department offering unrivalled access to data, processes and controls. Security managers must look for connected parties – does the spouse of that payroll clerk have a connection with one of your suppliers? Are there employees with connecting elements such as common referees, addresses or telephone numbers?

Four-dimensional collusion attacks can target any one or all of the parties including the employer, employee, recruitment agency and customer. Usually a ‘sleeper’ will commit an initial crime, then leave their employment but continue to repeat a successful crime against other employers in the same sector. Screening databases such as NSDR and public awareness of your screening capabilities will deter inappropriate individuals. The simple requirement for screening to be undertaken consensually acts as a major deterrent.

Hostile reconnaissance

As if this wasn’t enough, organised criminals (including would-be terrorists) will continue to seek employment as this is the most effective way to research and plan future attacks, be they financial or physical.

NaCTSO – the National Counter-Terrorism Security Office – publishes guides to help a range of vulnerable ‘settings’ such as shopping centres and sporting venues better protect themselves. It’s no longer sufficient to leave the spotting of suspicious behaviour to security officers or vigilant citizens, although their efforts are vital. Employers must start to build-in greater resilience by creating and executing screening strategies. It’s really the only way they’re going to avoid becoming vehicles for determined, organised and unchallenged infiltrators.

Over the past year, the nuisance of ID theft seems to have dawned on many of us as consumers who’ve suffered credit card cloning, phishing attacks, mail and personal data theft. From our own research, we estimate that up to 5% of ID documents in circulation are classed as ‘compromised’ to some degree.

Employers are responsible for checking their employees’ eligibility to work, of course, but with around 3,000 forms of identification from 180 countries now in circulation it’s highly likely that many organisations will continue to lack the know-how and capability to routinely, quickly and reliably check ID.

Worse still, my own recent study suggests that even experienced and skilled practitioners concede: “The onus is really on the candidate to provide true documents.” The same study exposed widespread uncertainty and doubt, with one recruiter relying on candidates to self-certify their own IDs. Another believed that issuing a Passport would reveal that candidate’s criminal record.

It’s a little unfair to criticise these misconceptions too strongly as, without the appropriate but expensive equipment (and access to document experts), it’s hard to imagine how compliance with the UK Border Agency’s list of ‘reasonable steps’ for checking documents will deter ID thieves from attempting to gain work.

Spread of ID checks

Increasing awareness of the myriad issues arising from unidentified workers will spur on the much anticipated arrival of cost-effective, easy-to-use, geographically spread ID checking services particularly geared towards sectors such as health and social care, education, the utilities, hospitality and finance. While leading to sometimes shocking detection rates, the launch of such services will herald a fightback against ID thieves and help protect employers from the risk of civil and criminal penalties for employing ineligible workers.

In turn, a further development of ID checking services will lead to another long-awaited facility aimed at tackling the problem of proxy interviews (whereby one person applies for many vacancies and dispatches, typically, illegal workers to take their place in the job). ID checking technology used in screening could enable employers to see photos of new members of staff in advance so they know who’ll be turning up for work.

The Corporate Manslaughter and Corporate Homicide Act 2007 has now placed a significant responsibility on directors and managers to ensure that corporate manslaughter liability is recognised and managed. What happens over the failure of employees to admit to losing their driving licence? An employer who doesn’t check the status of their employees’ validity to drive at source (ie at the DVLA) could be liable should a fatal accident occur involving an employee driving on company business without a valid licence. This also applies to other named drivers (spouses and the like).

More worryingly, perhaps, the corporate insurance policy may well be invalidated under such circumstances, exposing the employer to significant financial penalties in the event of an accident or fatality. This situation is easily avoided – an outsourced screener would provide this as an ongoing service. Naturally, a service like that would require consent from an employee, but it does inherently act as a deterrent for irresponsible driving practices.

Planning the counter-measures

Such a seemingly bleak picture might encourage crude tightening of security procedures but many of us are all-too-familiar with complaints that security measures can often impede an organisations’ agility, cost containment, competitiveness and customer service – all of which are more vital than ever.

Employment screening needs to focus on the real, albeit changing threats. Too often, recruitment procedures rely on work references from previous but unsubstantiated employers, and the appetite for uncovering even minor previous criminal convictions often surpasses any conceivable risk.

In any case, with the number of vacancies still topping 600,000, many employers simply cannot afford to ignore the potential employee pool that comprises the one-in-six of the workforce with a criminal record. Indeed, progressive employers and security managers no doubt already know that regular work greatly reduces the likelihood of re-offending.

How, then, might employers establish an appropriate screening regime? The first step is to identify the threats, both malicious and benign. Staff, buildings, customers, suppliers and reputations are all targets. It’s first crucial to build a comprehensive picture of the organisation and its vulnerabilities as the most damaging threats are often the least anticipated (and the worst protected against).

Weighting the consequences of these threats will help security professionals focus resources, define screening regimes, gain buy-in from the organisation and execute the screening regime through Human Resources and recruitment functions. We may even start to see greater use of Return on Investment models pinpointing absolute cost savings rather than just absorbed returns.

Conflict of interests

However, the conflict of interests that exists between the Human Resources Department’s recruitment and protection responsibilities remains. You cannot expect the same people who earn a bonus from hiring people at the right price and in the right timescales to be reliably and adequately focused on disqualifying inappropriate applicants.

The traditional view of employee screening as the final step – not to say ‘bottle-neck’ – in the recruitment process needs to be replaced by a more objective assessment of the risks.

Our recent analysis of attitudes towards dishonesty reveals another alarming discrepancy. Security professionals and managers in the wider organisation tend to agree that lies on application forms indicate a propensity for further dishonesty. That said, recruitment and Human Resources professionals who might view a CV as a selling tool – and who are perhaps jaded by the sheer volume of dishonesty they encounter – are far more likely to excuse such dishonesty.

As dishonesty in the workplace rises, we expect a gradual realisation of these conflicts to hasten the trend of ring-fencing employee screening from activities designed to attract candidates and assess their skills. Human Resources managers attempting to elevate their standing in the organisation will need to embrace the high priority given to internal threats by their senior leadership. Security and HR Departments that find themselves wrestling over resources and ownership risk wasting time and exposing vulnerabilities.

Instead, both departments need to share their respective disciplines’ Best Practice techniques, with security defining screening policies that measure up to the risk matrix and Human Resources contributing the all-important ‘candidate experience’ that prevents otherwise over-zealous, even belligerent screeners from alienating worthy applicants.

If we are not to exacerbate an already competitive war for talent – and with more applicants poring over job advertisements – it’s more important than ever to treat successful applicants as well as you treat your customers.

Shared know-how and intelligence

As professional background screeners, we’re constantly planning and honing a pipeline of devices to counter employee crime. In June, the UK’s leading players in the background screening industry agreed to form the European Group of the National Association of Professional Background Screeners (NAPBS). The NAPBS will nurture a better understanding of the importance of conducting proper checks among employers.

Alongside this development, we expect greater data and knowledge sharing between organisations, supported by the emergence of sector-specific groups comprising members that work together to counter crime, yet continue to compete in every other way. Facilitated by various crime prevention agencies, these groups will be able to offer stronger and quicker responses to new threats while encouraging widescale adoption of Best Practice throughout each industry.

Consistency in screening regimes

Particularly in regulated sectors like financial services, industry groups will increasingly seek consistency between their members in areas such as screening regimes to speed up recruitment. With staff turnover in banking call centres rising as high as 80% and the natural inclination of employees to stay within the industry they know, it’ll not be long before a pre-screened pool of people requiring minor updates (to include new work experiences or qualifications) satisfies most needs.

Financial services businesses already routinely pool data about consumers’ credit worthiness. With similar consent from employees, they and businesses in other sectors – security included – are likely to explore controlled and secure sharing of employee data to deter dishonesty.

Security and HR managers who stand still and don’t continuously review and update screening regimes live in a world of false security, topped only by those who believe that they’ve protected themselves by including the words “subject to satisfactory checks” on job offers. The excuses for not executing well-meaning screening policies will dwindle further this year with the arrival of new, secure systems that are easy-to-use and freely available.

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted