Robert Brooker is an expert in counter fraud, with skills that in today’s threat landscape are very much in demand. Having spent near on 25 years working in the field, he now advises some of the largest organisations in the world about areas of counter fraud: prevention, detection, investigation and recovery. So when the Open Banking Implementation Entity (OBIE) who were mandated to enable open banking in the UK, came to IASME with the idea of creating a brand new counter fraud certification, who better to get involved?
We chatted with Rob about the world of counter fraud and why it is becoming more and more relevant for every organisation in the post COVID era.
Rob, you are head of fraud and forensics at PKF GM Littlejohn, what does that role involve and what do all the initials mean?
PKF Littlejohn is one of the largest accountancy organisations in the UK which is part of a global network with legally independent branches in over 150 countries. PKF (previously known as Pannell Kerr Forster) has a reputation for working with large, complex and high-profile businesses with challenging issues. PKF GM (Geoffrey Martin) is a subsidiary of the larger company, Littlejohn, and specialises in advisory and re-structuring for those companies experiencing financial stress. I work both in the larger part of the Littlejohn company as well as the GM part, and cover a variety of sectors, both public and private. Most investigations require forensic accounting of some description when something has gone wrong and a company becomes insolvent. We have a team of forensic accountants that come in and help us do that work as well as our own investigators as we try to establish why and if a fraudulent activity has occurred. I also help clients with fraud risk management, prevention advice, detection techniques and some thought leadership in areas such as threat landscape and anticipating emerging risks.
Why do we need a Counter Fraud Fundamentals certification?
Fraud is the crime of choice in the UK today, and there is no other Counter Fraud scheme like it out there at the moment. The new self-assessment tool and certification is a great initiative by IASME and OBIE, I really like the concept of it. What does that provide for customers, staff, and the supply chain? Ultimately, you’re gaining assurance that a firm does have policies and procedures in place to tackle fraud, bribery and corruption, and this knowledge gives you confidence. It takes a long time to build up a good reputation in all kinds of organisations but particularly in banking and it is vital that you and I can trust that we are able to secure our money, we certainly don’t want to use an organisation where we know customers are permanently defrauded.
You are the chairman of The London Fraud Forum, tell us about the Fraud Forums.
The Fraud Forums were introduced back in 2006, which is when the Fraud Act was introduced in UK legislation. The regional Fraud Forums were created by the Metropolitan Police who were the lead force for fraud in the UK at the time. The Met had a prevention arm Operation Sterling, and they were the ones who set up both industry fraud forum and regional fraud forum. The fraud forums are something I’m really passionate about it as I’ve been involved with London Fraud Forum (LFF) since the outset in 2006 and became chair of the London Fraud Forum 6 years ago.
So, what is a fraud forum? We are bringing the private and public sector together, to fight the fight against fraud, bribery and corruption. How do we do that? We lay on events, and although our seminars have all been digitalised this last year, we’ve had webinars, and we have an annual conference. In these events, we share information and intelligence with our members. We also have a website that has a members only forum, and we can keep people up to date about the emerging threats and risks. In the last 10 months, so much information has come out, the changing face of fraud is almost weekly. This might be information from the City of London police who are now the lead force in the UK, or it could be related to Action Fraud or the National Fraud Intelligence Bureau which is also led by the City of London police. It could be from the cabinet office, with regards to Government advice and guidelines around fraud. The reason I mention this is only two weeks ago, we had an alert about the guy who knocked on the door of a 92 year old lady and administered a fake COVID vaccine. We had to get alerts out as quickly as possible across the whole of the fraud landscape for all of the practitioners working in it. It was necessary to alert as many people as possible, and thankfully, the police managed to catch the man very quickly.
All the way through this pandemic there has been the PPE situation, where everybody has been trying to get hold of PPE, with many people buying equipment that wasn’t fit for purpose or not receiving anything at all. This is where the Fraud Forums have come to the forefront of keeping everybody aware of the updates, alert and messages that are being passed out, enabling us to cascade information to as large a community as possible.
At the moment, we have Regional Fraud Forums in the North East, Yorkshire and Humber, The Midlands, Wales, London and the South East, and I’m delighted to say, the North West Fraud Forum launched last week.
I’m hoping (with the help of the City of London Police), to establish an overarching national network of fraud forums that can work alongside the cyber resilience centres. In the next year to 18 months, the aim is to create a synergy between the two organisation and get them all working together, ultimately ensuring we have consistency throughout the UK regarding the cyber and fraud landscape.
What led you into a career in fraud?
Nobody wakes up one day and says, I’m going to work in fraud. It’s not really the glam job that anybody sets out to do. I started out in a local authority, working as a recovery officer and certified bailiff. With the introduction of poll tax and council tax, it was cheaper for local authorities to outsource the recovery, and from there we became fraud officers, so I really did fall into that role. Following the local authority work, I went on to a chartered accountancy firm for five years, and then I went to work at Transport for London.
There are many sides to fraud in transport, everybody thinks of Oyster card fraud and counterfeit tickets which of course there were, but our biggest risk (which is probably the same for most organisations), was from our supply chain. These problems ran all the way through the whole tendering process, from people trying to get onto your tendering lists who don’t necessarily have the capability to do the work but who are prepared to lie to say they’ve done work that they haven’t, through to those who are on a framework or have been awarded a piece of work, and will do whatever it takes to ensure that their work continues. There was also the insider threat to consider, where employees and contractors target organisations and work there to commit fraud. In a sector like banking, for example, you couldn’t afford to have a fraudster join your organisation, and that’s the reason it’s vital to ensure robust due diligence vetting & screening processes exist when onboarding staff.
Besides the financial sector, who else could the Counter Fraud Fundamentals scheme be aimed at?
I’ve got to be honest, I don’t think there is any industry that wouldn’t benefit from having this certification, the fundamentals scheme can go across all areas. There are an awful lot of organisations that are undertaking counter fraud work, I do think that it could fit with everybody and anybody. Most businesses have got customers, or clients and a supply chain. Why would you not want assurance that the supply chain you are dealing with have got the fundamentals in place regarding fraud detection, prevention and investigation.
What are the main components to counter fraud in an organisation?
Initially, you have to identify where your fraud risks are and consider them in terms of likelihood and impact. Once you have identified where they are, you can then try and manage those risks, by using policies, procedures, and controls.
What have been some of the emerging risks in recent years?
Unfortunately, some people still see fraud as a victimless crime because, although organisations still suffer, many people don’t see the true cost of that loss. Ten months ago, nobody had heard of the word furlough, and now we are talking about the volume of fraud that is in that area. Huge amounts of furlough payments as well as bounce back loans were acquired fraudulently, yet people might not think they are doing anything wrong because they imagine the Government can swallow the loss, but the tax payers will be the ones that have to end up repaying it.
The emerging risks are certainly centred around digitalisation. 90% of all fraud is cyber enabled now, that means criminals are no longer going out and getting dirty by holding up the man in the helmet delivering cash, instead they are staying at home and using a device to commit fraud. It has always been the case that fraudsters stay one step ahead and capitalise on change to create new opportunities to commit fraud. In our increasingly digital world, complacency is not a luxury any organisation can afford.