Dual Asia Pacific CEO Damien Coates issued delegates at the NIBA Convention with a string of lessons to be learnt from the “trauma” the underwriter sustained at the hands of a fraudulent employee and her husband.
Josie and Alvaro Gonzalez defrauded the company of $17m over more than two years through fake law firm, JAAG. She was only caught out when her system access was blocked because she was on maternity leave and the claims administrator uncovered her deception. Gonzalez joined Dual on 17 March, 2011, and JAAG was set up the day after.
At first, the couple submitted invoices that were 10% of the claim but closer to the end of their fraudulent operation, the invoices were larger than the claims. For example, they would invoice Dual for $50,000 on a $5,000 claim.
Coates stressed that the issue was not the vendor approval process but rather that the process did not apply to all vendors, whether known or unknown.
“The trauma that Dual has been through in the last three months is something I never want any business to go through,” Coates said.
Coates and Ernst & Young partner Rob Locke, who worked closely with Coates during the incident, highlighted a series of lessons that companies could learn from the scandal.
- Vendor approval process should encompass all vendors.
“The vendor approval needs to captured in vendor management because it is end- to-end,” Locke said. “It starts with sourcing, screen, and approving your vendors, and putting them on your system.
“It also goes to vendor maintenance,” he continued. “A lot of the fraud I have been involved with have been more established and mature vendor relationships where either collusion has come into the frame or someone has manipulated vendor master file records and started making extra payments without the vendor’s knowledge.”
- Dormant vendors
“Have a process in place to ensure dormant vendors are removed from your master fold,” Coates said. “They are the ones that don’t have the scrutiny.”
- Regular check-ups
Conduct regular checks on matching your vendor account details held in the master fold run periodically against your pay roll to see if there are new employee bank accounts turning up, Locke advised.
- ABN and ASIC searches
“Frauds often involve false invoicing,” Locke said. “An ASIC search in the first instance could have quickly identified there was a problem […]. If the ABN comes back as an invalid number that should be a red flag.”
- Routine conversations with suppliers
Ring to validate any changes and to run checks on payments, Locke said. “If the supplier cannot confirm those changes, here is an issue.”
- Tiered payment approval process
Fraudsters tend to approach management for signoff on a stack of invoices when they do not have time to conduct a thorough check.
“Make sure it is spread your payment approval process is spread,” Coates said.
- Annual leave is not a control
Block employee access to the system when that staff member is on annual leave, Coates said. “I would [also] encourage everyone to check if you have maternity leave polices because you have a statutory obligation.”
Locke urged scrutiny where an employee on leave comes into the office. “They have panicked and need to get a handle on it.”
- Check your whistleblowing policy.
Coates said there are cases where the whistleblower was too intimidated to come forward.