In Rehab: Restoring a team after an insider fraud

When I arrived at my last employer’s headquarters on my first day as their new head of counter-fraud, I did not know that the vacancy had arisen because my predecessor had committed… fraud.

The last person to hold that office had stolen nearly £65,000 using false invoices from fake companies. He had been arrested, would plead guilty at court and receive a custodial sentence. Despite the lurid headlines, the organisation was open about what had happened.

1If a humanitarian or global development organisation gets serious about tackling fraud and corruption, then it will detect cases – possibly in significant numbers. As my organisation invested in counter-fraud efforts, for example, we saw recorded suspicions in its global operations nearly treble in three years (this, of course, reflected a rise in vigilance and engagement rather than incidents).

But what happens after an incident of insider fraud or corruption, when the dust settles?

rippleThe job does not finish with the dismissal or conviction of the suspect(s). These incidents have long tails – there is work still to be done to rehabilitate the project or business unit in which the incident took place. An incident represents a severe breach of trust; workers may feel abused and betrayed. The ripples can spread wide.

How we go about rebuilding a team and restoring a business function depends hugely on the circumstances of the case, and there is no ‘one-size-fits-all approach. Although we only have space here for a few pointers, I have learned some lessons from helping teams like mine to overcome setbacks like this – these considerations may be helpful for you too.

First things first

The aftermath of an incident is the time to ask some basic questions: Could this happen again, and are there any other vulnerabilities we can spot?

Startup Stock PhotosHopefully, the organisational response included a lessons-learned exercise, generating changes to implement. This should look beyond the internal controls, also into enabling factors such as culture, communication and awareness.

That said, a fresh and full fraud and corruption risk assessment of the department can be helpful. Are there other vulnerabilities beyond the affected processes? An unexpected further case – just as things settle  – can create more uncertainty for the team if more changes to processes are necessary. Instead, let’s make all the adjustments we need to now (and capture the benefit of a sense of ‘moving on’) rather than risk constant change for the team.

planningNow is also a good time to do some contingency planning. Is the incident serious enough that it could result in regulatory interest, onerous remedial controls applied by institutional donors, or put future funding at risk, for example? We can prepare for these.

Startup Stock Photos

Remember to seek advice. Overcoming an incident of fraud or corruption is a risk-rich activity. Consider engaging with HR, internal communications, legal, any dedicated counter-fraud or ethics or integrity office, staff health and/or other relevant specialists.

Treat people as individuals…

colored-pencils-179167_1920Team members will respond to the matter differently. While some may be relatively unaffected, others may not. It is important to note that where staff have made a commitment to an organisation on the basis of their values – perhaps more common for charities, nonprofits and NGOs than for private sector organisations – a breach of trust could be more impactive. Perhaps there could even be a grief reaction for some team members.

sadLook out for, and respond to, the traditional symptoms of stress, low morale and anxiety. These might include absenteeism, disciplinary issues, a rise in complaints, and disillusionment. An incident can impact upon personal and professional confidence, and colleagues may feel fear, shame or embarrassment. Will the incident create a funding crisis, putting their jobs at risk? Will staff have to justify themselves to an angry public? Consider access to staff support systems, and formal interventions such as counselling and facilitated debriefing.

16404-a-woman-in-a-business-meeting-pvBe a compassionate and responsive manager. Avoid assuming you understand how people feel or why they behave the way they do. Instead, in your one-to-one meetings with team members, explore how they are experiencing the crisis and responding to it. Remember, of course, to make it clear that this is pastoral and not investigative. Similarly, it is important to restore individuals’ sense of control. In a way, employees in whose midst an act of fraud or corruption occurred are victims of abuse. Solicit and listen to their concerns and visibly respond to them.

Accept that restoration may take time. Do not assume that the passage of time, themes in office chatter or improved productivity are signals that everybody has moved on. While these might be positive indicators, look out for those left behind.

…But re-build the team

Teams can be fragile creatures, and discovering that someone was out for themselves can undermine the workplace trust that allows them to function.

gambia-239849_1920Clear communication. Rebuilding trust requires the open communication of reliable content. Low information creates anxiety, more information helps manage our ‘fight or flight’ crisis response. Concealing the matter from the team is, therefore, more likely to sow suspicion and fear than peace and confidence. Be as open as you can about what has happened, and what will now happen, within the boundaries of policy, employment law and data protection legislation. As you describe the future, avoid over-promising – employees need clear and consistent messaging from management. If you cannot make promises, don’t; recognise uncertainty and explain what is being done to reduce it.

Similarly, set the right key messages for staff and stakeholders. Absolutes (‘this will never happen again,’ ‘rogue employee,’ ‘isolated incident…’) and over-reassuring can be risky for expectation management.  More sustainable messaging might include that fraud and corruption are normal business risks which we can reduce but not eliminate, and that the best way to respond to incidents is to use them to make us stronger.

Allow the opportunity to debrief. Ask staff what the incident has meant for them, and for the team. Consider soliciting suggestions on how to move forward, which can demonstrate management’s ongoing belief in the wider team (despite the actions of one). It also helps to empower the team to claim their status back, and move forward.

Team_Building_LanzaroteFoster trusting relationships. Ensure that teams meet as regularly as possible, in person or via teleconferencing. Consider holding team-building events, reflective away days and/or ‘how are we doing’ agenda items in meetings. These measures can improve understanding, interaction and trust between team members.

Arrange a good-quality fraud and corruption awareness workshop. This will not only help reduce the risk of incidents, but will also help staff to feel empowered; the best workshops help to generate a sense of solidarity and support amongst the honest majority. Be cautious not to let it feel remedial.

beautiful-day-1374424_1920Lead by example. We know that employees look to the behaviour of their managers to determine their own. So be present; you cannot role-model behaviours and attitudes if you cannot be seen by anyone. Be positive and show how you treat what has happened constructively, managing risk, avoiding blame, taking care of your colleagues (and yourself), and using the incident to make the business unit stronger in the future. As one casualty of a fraud or corruption incident is honesty, ensure that you are (and are seen to be) authentic. So, for example, if you feel hurt, vulnerable or confused, consider sharing those feelings with the team. This helps to normalise these emotions.

Avoid blame. This includes the narrative that we create around the perpetrator. It is tempting to turn them into the catch-all receptacle for all that has gone wrong, but this risks helping to foster a blame culture that can trip us up later. Furthermore, it can help us to move on from a crisis if we are able to see that there are things we could have done differently.

Get back to business-as-usual as quickly as possible

roadReaching project milestones or completing tasks puts clear blue water between the incident and the present, assisting both staff and stakeholders to move on. It also, of course, ensures the progress of the project or business unit. Embed, as rapidly and effectively as possible, any changes to processes to reduce the risk of a recurrence.

Remember the big picture – the goals and values of your organisation. Trust may have been betrayed on this occasion, but a refocus on why we all come to work in the first place can assist everyone to work hard towards recovery.

Thanks to Liz Crowe, Wellbeing at Work Specialist, for her contributions to the content. Liz tweets @lizcrowe2, or visit her website at LizCrowe.org.

FFCHGDSTo read more about how to deter, prevent, detect and respond to fraud and corruption in humanitarian and global development work, make sure you pick up a copy of my book, Fighting Fraud and Corruption in the Humanitarian and Global Development Sector (Routledge, 2016). It’s out now and packed with relevant material!

Advertisements

When NGOs break the law: Consequences for fraud risk

The 1986 movie Top Gun, starring Tom Cruise, opens with a fantastic scene of aerial derring-do.

In this fictional scenario, American planes are engaged by a rival power’s ‘Mig’ aircraft, one of whom activates its missile lock on an American aircraft. The pilot calls out to Tom Cruise’s character to ‘get the [guy] off’ him. As I understand it, what Maverick apparently should have done was to fly behind the Mig and engage his own missile lock, deterring the Mig from firing at his comrade. Maverick doesn’t do that. He’s got his own plan.

4It’s a great scene, and we celebrate Maverick’s daring heroics. But let’s be clear, this wasn’t what he was supposed to do. It was dangerous. We only celebrate because Maverick pulled it off. If something had gone wrong, Top Gun wouldn’t be a heartwarming movie about a young pilot’s quest for meaning, love and success. It would be a dark political thriller about a world on the brink of nuclear war following a mid-air collision caused by a reckless American pilot.

From time to time in my work with NGOs, I’ve caught glimpses of internal cultures where compliance is not as valued as one might expect. When the organisation’s overall aims are moral, getting away with non-compliance might even attract honour. But just as would be the case with Maverick’s airborne antics, there are consequences if risk catches up with reality.

PASSPORT 5Some international NGOs are tempted to break the laws and regulations of their countries of operation, registration, or both. Here we don’t so much mean situations where legal authority is unclear, or regulations and obligations are ill-defined or differently interpreted, or laws which violate human rights. Here we’re focussing on a situation where an NGO wilfully or negligently breaks legitimate, clearly-defined and communicated local laws and regulations. Temptations might include, particularly:

  • Breaching immigration, tax or employment law;
  • Procuring on the black market;
  • Conducting projects outside the authorised parameters;
  • Breaching NGO regulations or directives (e.g. reporting).

INGOs do complex work in complex places. Common reasons why staff or managers may take this action (or indeed, inaction) might include:

  • A tension between the time it takes to negotiate labyrinthine or contradictory local bureaucracies versus their urgent humanitarian objectives or donor expectations;
  • A disconnect between headquarters expectations versus local realities;
  • Failing to invest in the preparation and planning necessary to properly identify relevant regulatory factors and formulate organisational responses to them;
  • Failing to maintain proper oversight to ensure that staff are delivering objectives lawfully – sometimes potentially deliberately (‘don’t ask, don’t tell’);
  • Internal cultures where ‘getting the job done’ is valued more highly than compliance.

This exposes an international NGO to a wide array of risks. Now, this is not a legal blog and I am not a lawyer, but I do note that some possible consequences of non-compliance might affect an NGO’s ability to reduce its risk of fraud and corruption. In this article we’ll suggest three such areas.

The impact upon responding to fraud incidents

file2831269190184When an incident of fraud takes places in a project where the NGO was working unlawfully,  managers may then be incentivised against taking civil or criminal justice action for fear of drawing attention to the project’s own misdemeanours. This may significantly hamper the prospect of redress (getting our money back), and impact upon the available sanctions for a perpetrator. This, in turn, could damage the NGO’s ability to deter fraud and corruption if a potential perpetrator knows that such an outcome is unlikely.

The impact upon counter-fraud culture

My book suggests four characteristics of such a culture, one of which is that ‘all commit to, and participate in, reducing fraud and corruption to an absolute minimum.’ It is not hard to see how the toleration of unlawful activity can contradict this. As a previous blog post has mentioned, how can we ask our employees to role-model accountability and transparency if the managers of our organisations are not doing it?

file4081251141923The risk goes even further, however. While international staff may be able to hop on the next plane home if things get too hot with local authorities, local staff can’t press that escape button. They may therefore bear the greatest risk of consequences like prosecution. This outrageous burden is hardly helpful to the positive workplace relationships necessary to help deter corruption and promote whistleblowing.

Similarly, we need to consider how expecting or allowing workers to break the law, or breaching their employment rights, might disenfranchise them. A breakdown in the relationship between employee and employer – particularly where an employee feels wronged – might, in some cases, contribute to the rationalisation of occupational fraud.

The impact upon preventing fraud and corruption

Operating unlawfully could contribute to a country’s wider crime problem and undermine the legitimate state. In this sense, we help to sustain the environments of complexity and injustice that make transparent and accountable work so difficult – not alleviate them. In turn, this helps to maintain the risk of fraud and corruption in our operations there.

DSC06922An area where this ‘do-no-harm’ themed risk is particularly evident is where NGOs procure from the black market, an option that can arise during scenarios such as the recent fuel crises in Yemen and Nepal. Doing so makes an NGO part of an opaque supply chain and financial flow – where did the product really come from, and where is your money really going? The transparency of your contacts is in no way incentivised, and they are unlikely to volunteer to whom or what they are linked (think Six Degrees of Separation).

Subsequently, an NGO could easily appear in a network that features terrorist groups or those subject to financial sanctions, or in which the financial flow benefits those involved (or ultimately supports investment) in other forms of state-destabilising serious organised crime. Being a black marketplace buyer can make an NGO part of a network in which its donors and supporters might be surprised to see it.

How can these organisations claim to help the nation’s development when, through corruption, they weaken the rule of law? How can we deal with this hypocrisy?

Ingrid Nanne, What happens when NGOs break the law?

Conclusion

Humanitarian and global development work is complex, and programmes are often under pressure from multiple sources. However, operating unlawfully carries a range of risks, and the crystallisation of some of those might damage a programme’s resilience to fraud and corruption.

Managers need to take these risks seriously. This means avoiding the blanket application of a ‘humanitarian need’ trump card to all their operations, and instead ensuring that a nuanced and considered approach to business planning and risk management identifies and caters for foreseeable tensions with legitimate local laws and regulations. The days of ‘don’t ask, don’t tell’ need to be a feature of history textbooks, not modern programme doctrine.

FFCHGDSFind out more about the risk that fraud and corruption pose to humanitarian and global development organisations, and how they can better deter, prevent, detect and respond to it, in my book! Click here to get your copy of Fighting Fraud and Corruption in the Humanitarian and Global Development Sector from the Routledge website or Amazon!

Trust issues: Does a ‘culture of trust’ make your NGO effective, or vulnerable to fraud and corruption?

Photo 10-02-2016 10 23 37 (1)

Years ago, as a teenager, I walked past a bakery in my home town which had a ‘part-time Saturday work – inquire within’ sign on the window. In I went, and asked the lady at the till whether I could apply. She summoned a flour-dusted gentlemen from the back, and asked him: ‘What do you think – a young man?’

He gave me a cursory glance up and down, shook his head, and said: ‘No.’

The baker vanished again, and the lady shrugged. I left, dejected and wondering whether they thought a female candidate might be more trustworthy.

friends-1027840_1920Trust is very important in the workplace. We know that ’empowerment’ is probably a key factor in employee satisfaction, and that there might be a link between the quality of staff performance and their sense of that. We also know that there is a level of trust inherent in all controls, and that humanitarian and global development organisations need to devolve substantial responsibility in (for example) emergency operations, distant field offices, and when working with volunteers. Trust is an important lubricant for our operations. Untrusting workplaces feel austere: morale-deserts that suck the moisture of life out of us.

There is, however, a tension between the need to trust, and the risk of abuse – such as fraud and corruption. Some have argued that the scale of trust in charities, NGOs and non-profits elevates their vulnerability to fraud, a perception with which a 2009 survey of UK charities seemed to agree.

When you unpack it, it is hard to find justifications for the idea that charity, NGO and non-profit workers are more trustworthy than those in other sectors. Such an idea would seem to imply that people are either honest or dishonest, and one can determine which is which from their career choices. This is patently untrue – people are complicated, and are the products of factors acting upon and through them.

Instead, there are good reasons to look again at the extent of our cultures of trust.

chameleon-384957_1920Firstly, fraud and corruption are designed to hide and masquerade, like chameleons, stonefish or those alarming wobbegong sharks. Instances can look (for example) like the product of poor training or non-compliance through operational stretch – there’s always an excuse for anomalies. Arguably, if we are too trusting, we never dig deep enough to find out when something dishonest is afoot.

Secondly, the Association of Certified Fraud Examiners (ACFE) found in 2012 that 87% of the occupational fraudsters they studied had never been charged or convicted of a fraud-related offence, while 84% hadn’t been punished or dismissed by a previous employer for fraud-related conduct. They were ‘clean (and trusted) skins.’ Noting that this is the second Pesh Framjee reference on this blog (sorry, Pesh), no wonder he said at a recent conference in the UK: ‘In God we trust, everybody else we audit.’

Thirdly, when NGO managers cite a ‘culture of trust’ in their organisation, they need to ask themselves – is this really a conscious, intentional, planned and managed organisational culture – or a phrase being used to cover mismanagement such as conflict-aversion or complacency?

So, how do we reconcile this tension? For many NGOs, non-profits and charities, the first step is the recognition than an alternative is needed – a culture of trust that isn’t at the expense of vigilance. While trust is important, fraud and corruption can be enabled when:

  • The organisational culture is not intentional, monitored and reviewed;
  • Trust is used an excuse for failing to maintain proportionate visibility of work, ask questions, and challenge managers and staff – or for failing to build the capacity of staff, volunteers or local partners to manage resources effectively;
  • Trust is allowed to extend into complacency, such as permitting the absence of, or non-compliance with, meaningful internal controls and risk management.

Here are six suggested ways we can foster trust, at the same time as reducing the risk of fraud and corruption.

1. Ensure that sufficient checks are conducted before a person is let into a culture or position of trust

nose-156596_1280Don’t just seek two employment references – after all, what self-respecting fraudster volunteers damaging referees? Consider:

  • Conducting dip-sample checks on the contents of CVs (some research suggests a significant proportion of applicants lie about qualifications);
  • Joining an information-exchange service such as CIFAS;
  • Ensuring that criminal record checks are conducted in a timely fashion (and consider using a commercial checking agency);
  • Obtaining local legal advice on checking the internet footprint of applicants – contrary to popular belief, it is often not unlawful to Google applicants as part of the background check process.

2. Develop a good understanding of the signs that your trust is being abused

OLYMPUS DIGITAL CAMERA

Know what ‘red flags’ – signs that something might be wrong – look like. Organisations like the ACFE and the World Bank publish lists of them online. Being trusting does not mean failing to ask questions or probe anomalies – prompt action is needed where red flags are identified.

3. Have proportionate internal controls…

scales-36417_1280Having a culture of trust does not mean having no, or inadequate, controls. Neither, of course, does it mean an onerous filing cabinet’s worth of policies, procedures and systems (in fact evidence suggests that too many, or too demanding, controls reduces compliance). It means having just enough to manage the risks – an ongoing cycle of design, implementation and review of proportionate internal controls. It also, of course, means having an effective organisational counter-fraud and corruption framework.

4. …and actually follow them

Counter-intuitively, it is the failure to follow policies, procedures and systems that can often be so corrosive to trust in the workplace. Following some but not others makes staff feel untrusted, wondering ‘why am I being checked on this but he isn’t on that,’ and allows suspicions to develop when others are routinely non-compliant without challenge (‘is she committing fraud or taking kickbacks? Did she bribe the manager to turn a blind eye to it?’). Not only does routine non-compliance make it much harder to identify dishonest non-compliance, but it also leaves staff uneasy and confused – the norms of their workplaces unclear.

file0001490820453Instead, to feel safe, secure and successful, we all need to know where the boundaries are, and we all need feedback on our performance. After all, if we are mission-oriented, then ‘oversight’ is about colleagues working together to maximise our effectiveness and efficiency in delivering that mission, right?

5. Articulate the value of policies, procedures and systems

SDRandCo (54)One of the things we can do to reduce the perception that having and following rules represents a failure to trust, is to re-frame activities like due diligence and monitoring. We need to be clear with managers and staff about our expectations, and explain that following policies, procedures and systems is about:

  • Transparency. It means we are all accountable to each other, and it’s easier to spot what is wrong when right is the norm;
  • Teamwork. NGOs can be big organisations, and when we follow procedures, it enables colleagues and teams in other departments to do their job – knowing what to expect from us and when;
  • Totality. Nobody likes going through airport security and being zapped, prodded and rummaged. But we all accept it, because we know it’s needed to deter and prevent a very small number of people who could create a catastrophic event. In the same way, we all need to adhere to policies, procedures and systems, because of the small number of people we need to catch misbehaving.

6. Develop internal culture with intentionality

A defence against the use of a ‘culture of trust’ as an excuse for poor management might be to define the organisational culture we do want, and what the indicators of it might be. That way, poor management behaviours are easily compared against this standard.

Internal culture is something that happens whether it is intended or not – and it only needs a few people in an organisation for one to develop. Taking hold of it and shaping it to be an effective force-multiplier for our missions can be very powerful.

Trust can be a great asset – as long as it is sited within a culture that also actively reduces the risk of fraud and corruption.

 

FFCHGDSFind out more about the risk that fraud and corruption pose to humanitarian and global development organisations, and how they can better deter, prevent, detect and respond to it, in my book! Click here to get your copy of Fighting Fraud and Corruption in the Humanitarian and Global Development Sector from the Routledge website or Amazon!

Welcome!

file00099997224.jpg

Welcome to the blog devoted to helping humanitarian and global development organisations to reduce fraud and corruption.

Posts are filed according to the different components of the holistic approach and some of the key issues in tackling fraud and corruption in development today.

Click on the category of your choice to get started!