While organizational fraud cases are on the rise, the percentage of those reported to the police has been declining in recent years. We can explain this in part because organizations worry that by reporting internal fraud they will harm their reputation. But when we conducted a 28-month ethnography, speaking directly with fraud specialists working in various types of organizations and a series of 27 formal interviews with Certified Fraud Examiners (CFEs), we found an additional reason: Many organizations believed that the police and legal system could not be trusted to fully investigate.
Those we interviewed had three reasons for not trusting the legal system. First, they said that in their experience, police gave priority to investigating cases where individuals — not institutions — lost money. Second, while law enforcement’s goal was to prosecute the fraudster, the company’s chief goal was more often to recover lost funds. Finally, they said, police forces suffer from a lack of technological resources and expertise as fraud schemes become increasingly complex. Under such circumstances, silent fraud management seems to be the most sensible approach. However, longer-term consequences of such strategic choices should not be taken lightly.
For corporate managers, the benefits of this modus operandi are significant: protection of their reputation and that of their organization, as well as faster business resumption and recovery of lost funds in some cases. However, the executives who make these decisions today need to be aware that their approach is predicated on short-term thinking, whose outcomes may be problematic in the longer term.
By not reporting fraudsters to the police, the former are free to move from one organization to another. It then becomes more difficult for managers to discern the trustworthy employees from the dubious ones during hiring. It also increases the risk that some fraudsters have opportunities to refine their tactics and become “serial fraudsters.”
Feeding a Vicious Cycle from Within
We found that to limit their risks in hiring serial fraudsters, some organizations collaborate with their competitors and exchange information about people who committed fraud internally. Janet, a CFE working for a Canadian bank, explains:
In Canada, the banking community has come together. Through the Canadian Bankers Association, which includes all the major chartered banks and credit unions, there is a list of undesirable employees that circulates. The names on this list are added by the financial institutions on a voluntary basis. Other employment sectors also benefit from such resources to deal better with fraud.
Several of the organizations we interviewed had established anti-fraud units as a seemingly parallel police and legal system within their walls. Composed mainly of accountants, former police officers, IT experts and analysts, these units investigate suspected fraud through police-related means. Once a fraudster is detected, a guilty verdict is made internally before sentencing: dismissal and, if possible, a claim for reimbursement. However, internal fraud management and the development of a parallel justice system within organizations come at a significant cost.
The need for anti-fraud expertise is becoming more acute as fraudsters are not reported to public authorities. Important resources have to be incurred by organizations as they seek to protect themselves of fraud and its financial and reputational consequences. For smaller organizations, the problem is particularly difficult to manage since they do not have sufficient resources to establish anti-fraud units. Smaller organizations must turn to private investigation firms if they want to benefit from specialized expertise in dealing with the fraud problem, but the cost can then be highly significant, as Jack, a CFE and private detective working mainly on fraud detection engagements for smaller organizations, points out:
When organizations are reporting fraud, there is no blood and death. There is no urgency for the police. As a result, businesses, both those with and without financial resources, do not really have the choice to call on our services. Failure to deal with the situation quickly and adequately could easily lead a small organization to bankruptcy.
Overall, we found that a number of organizations are feeding a vicious cycle by dealing with fraud mainly through in-house processes. The fewer reports to law enforcement there are, the more fraudsters will go undetected, motivating organizations and their executives to invest more in anti-fraud expertise. Yet, anti-fraud experts are not keen on favoring reports to police authorities.
Making More Balanced Decisions
The current situation is difficult to sustain for corporate managers who have to juggle decisions with significant consequences in both the shorter and longer term. By limiting the reporting of fraudsters to the police, many executives favor the short-term benefits of protecting the reputation of their organization, but seem unaware of the financial costs that ensue from growing and continuous investment in anti-fraud expertise intended to protect organizations from their own employees. While imperfect, the reporting of fraudsters to law enforcement authorities nevertheless puts fraudsters “under pressure.” Once socially labelled, it is more difficult for them to move freely from one organization to another. One CFE we interviewed mentioned a case in which s/he found that a person previously involved in a fraud case that had been internally managed, was currently working in the accounting department of another organization.
Our findings promote the development of a more thorough approach to fraud management within organizations, one which is more reflexive of the consequences ensuing from non-reporting. The approach encourages executives to strike a compromise between an internal fraud management that limits the organizational consequences of fraud, and the external referral of proven (or suspected) cases to law enforcement authorities, even if this may damage the organization’s short-term reputation. Executives could be more proactive in evaluating the pros and cons of shorter-term protection of their organization’s reputation at the expense of better longer-term protection of all entities against stealth fraud. In short, we believe there is a need for more balanced decisions when organizations deal with fraud problem.
Finally, from a broader viewpoint, this research hopes to raise the awareness of governments, regulators and police authorities on the appropriateness and consequences of a real-life scenario, which is more frequent than one might think, in which each organization takes justice into its own hands. If it becomes acceptable for organizations to be both investigators and judges, why should it not be acceptable for individuals, too, to exercise justice themselves?