Enhancing Fraud Awareness in Schools
Fraud Matters is a comprehensive program focused on increasing fraud awareness in schools. The initiative aims to educate staff, students, and stakeholders about the risks of fraud, preventive measures, and the detrimental impacts of fraudulent activities. By understanding what constitutes fraud and implementing proactive measures, schools can safeguard against potential financial losses and reputational damage. Take steps to combat fraud and protect your school community today.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
FRAUD MATTERS FRAUD MATTERS FRAUD AWARENESS FRAUD AWARENESS FOR FOR SCHOOLS SCHOOLS Counter Fraud Team - 020 8379 3166 Fraud.team@enfield.gov.uk Striving for excellence www.enfield.gov.uk
FRAUD MATTERS Fraud awareness for schools Fraud awareness for schools FRAUD MATTERS Who are the Counter Fraud Team? We are: Part of Audit & Risk Management Service (includes Counter Fraud, Audit, Risk Management & Insurance Teams) Based at the Civic Centre but most officers are currently working from home. Counter Fraud Manager Investigators x6 Counter Fraud Apprentice Senior Investigator Fraud Prevention Officer Our key objectives include: We achieve this by: Taking action against fraudsters investigating referrals prosecution/ disciplinary action where appropriate recovering losses Preventing fraud proactive work (data matching) fraud awareness 2
FRAUD MATTERS Fraud awareness for schools Contents Slide no Why worry about fraud? 4 - 5 Fraud definition and main offences (Fraud Act 2006) 6 - 9 Key fraud risks schools face and key controls to mitigate them 10 - 17 Current cyber threats in more detail 18 - 29 Bribery and corruption 30 - 31 Money laundering 32 why fraud might be committed 33 - 34 What to do if you suspect fraud 35 - 38 3
FRAUD MATTERS Fraud awareness for schools Fraud awareness for schools FRAUD MATTERS Why worry about Fraud? Fraud is the most commonly experienced offence in the UK, accounting for one third of all reported crime. Fraud can easily be committed via the use of ICT, which is the most common method. The cost of fraud and error in local government is estimated to be 7.8bn per year. That s money that could be better spent on services. Although fraud is a crime concerned with property and finance there are other consequences . mental well being of victims (embarrassment) impact on the level and quality of services provided by victim organisation reputational damage for victim organisation added costs to other organisations/charities where victims may require support following losses to fraud e.g. accommodation/ benefits. 4
FRAUD MATTERS Fraud awareness for schools Why worry about Fraud? The good news is that the City of London Police, the national lead on fraud and economic crime, suggest that 80% of fraud and cyber crime is preventable. As most cyber fraud is enabled due to weak passwords or phishing emails there are steps we can all take to protect ourselves. We will cover these in greater detail later. School s constantly face the risk of an employee, governor, contractor, supplier, client or any other third party committing an act of fraud. However, many people are not aware of what constitutes fraud and either miss it or think it is acceptable behaviour. Being aware of the types of fraud and putting preventative measures in place can help to prevent many types of fraud. Let s start by looking at what we mean by fraud . 5
FRAUD MATTERS! Fraud Awareness for Schools FRAUD MATTERS Fraud awareness for schools Fraud is described within the Fraud Act 2006 (England and Wales) as any dishonest false representation failure to declare information or abuse of position which is intended to makegain (personally or for another) cause loss or expose another to the risk of loss The gain and loss mentioned here relate to finance and property. The Fraud Act 2006 established three main ways to commit fraud. Let s look at this in some more detail 6
FRAUD MATTERS Fraud awareness for schools S2. Fraud by false representation This is perpetrated when false or misleading information is deliberately provided, either in writing and/or verbally. This can also include failing to correct a false impression. e.g. deliberately lying on an application form such as putting the address of a family member on an application for a schools placement to secure a place, when the child does not live at the address. e.g. a job applicant declaring qualifications they do not have. e.g. falsifying overtime claims S3. Fraud by failure to disclose information Deliberately not providing information one is duty bound to disclose. e.g. a job applicant failing to declare a criminal record. 7
FRAUD MATTERS Fraud awareness for schools S4. Fraud by abuse of position Exploiting a position in which you are expected to protect, or not to act against, the financial interests of another person. It can also be failing to take action rather than being the perpetrator of an act. e.g. a finance officer diverting school funds to a personal account. e.g. processing invoices for work not undertaken by a contractor you have a personal relationship with. e.g. buying items for personal use with the school s money. Other fraud offences set out within the Fraud Act 2006 include: S6. Possessing articles for use or in connection with any fraud. e.g. possessing computer software intended to be used in a fraud S7. Making, adapting, suppling, or offering to supply articles for use or in connection with any fraud. e.g. counterfeit goods presented as genuine. 8
FRAUD MATTERS Fraud awareness for schools Fraud offences are not exclusive and a fraudulent action can fall within more than one offence. For example, an officer submitting false claims for overtime is both a false representation and an abuse of position. It is also false accounting (S.17 Theft Act 1968). The first three offences within the Fraud Act 2006 are offender focussed. This means, the actual fraud (i.e. the gain/ loss) does not have to have taken place for a prosecution to be brought, if the intention to defraud can be proved. On conviction of fraud the maximum sentence can be up to ten years in prison and/or a fine. Weak controls or the lack of controls are one factor that can allow fraud to happen. The next slides will cover the main fraud risk areas for schools, but are not exhaustive. We will also look at some of the controls that will help to mitigate these risks. 9
FRAUD MATTERS Fraud awareness for schools PROCUREMENT FRAUD examples... Suppliers collude with each other in fixing prices to secure business or maximise their profit margins. This could result in the school paying too much for works/ services or goods. Suppliers collude to rig bids by submitting false bids so that one particular supplier is more likely to win the contract. This could result in the school paying too much for works/ services or goods. Suppliers bribe school personnel in order to influence the tendering process. This could be money, gifts or offering to carry out personal work (i.e. building work) at the officer s own residence. School personnel deliberately pay for works they know to be substandard or not completed so the contractor benefits (could involve collusion/ bribery). This will result in additional costs to the school through overpayment and possible remedial works. School personnel and suppliers or contractors collude with each other to produce false invoices. This results in a loss to the school. Contractors and suppliers submit false invoices for works not completed or services not provided. Or they submit overinflated invoices. If schools personnel do not identify this, the school could suffer financial losses. Schools personnel separate purchases to avoid tender thresholds, benefitting a particular supplier or contractor (could involve collusion/ bribery). Schools personnel purchase equipment with school funds for personal use. 10
FRAUD MATTERS Fraud awareness for schools Controls to mitigate procurement fraud include false /same Procurement regulations and procedures are available to all relevant staff. Those staff are familiar with these procedures and adhere to them. The procedures are updated regularly. Advice is sought if necessary. Supporting documentation is complete, accurate and decisions are evidenced. Financial documents are retained in line with the School s retention policy. Explanations are obtained where there are concerns, such as where evidence for payments or invoices is contradictory or incomplete. There are regular reconciliations and audit trails of decision making and spend. Spot checks are carried out to ensure procedures are being followed. Duties are segregated to ensure one person does not carry out the whole process e.g. requesting and approving spend. Staff are required to complete regular Declarations of Conflicts of Interest. The school has a Gifts & Hospitality register. 11
FRAUD MATTERS Fraud awareness for schools CREDITOR FRAUD examples false /same Staff divert funds due to a creditor to a fraudulent account (could involve collusion/ bribery). Fraudsters may pretend to be a genuine creditor and contact the School to inform of a change in bank details. The new bank details will belong to the fraudster. The request may take the form of an email (phishing), letter or phone call. Creditors submit false invoices. Schools personnel may be colluding in this and deliberately pay them. This type of fraud is known as payment diversion fraud. The victim is tricked into making a genuine payment to a fraudsters account. This money is extremely hard to recover as it is usually moved between accounts very quickly. This type of fraud is covered in more detail on slides 23 to 29 . Staff create fake creditor accounts and false invoices. 12
FRAUD MATTERS Fraud awareness for schools Controls to mitigate creditor fraud include false /same Procedures that are regularly reviewed, have been communicated to staff and are easily accessible by all. All invoices are checked prior to payment to ensure the goods, works or services have been provided and the amount is correct. Staff are made familiar with the Code of Conduct of expected behaviour and of the consequences of not complying with this. Accounts are regularly reconciled. Financial transactions are scrutinised by relevant staff and Governors. Staff are challenged on discrepancies. If notification is received from a creditor to inform of a change in their bank account details, this must be independently verified with the creditor. Communication with the creditor must be via existing contact details. Do not respond to this type of request by return of an email. 13
FRAUD MATTERS Fraud awareness for schools EMPLOYEE/ CONTRACTOR FRAUD examples Theft by staff, contractors or suppliers. Includes theft of cash, equipment, data. Submission of false claims for travel expenses that have not been incurred or overtime not worked. Over inflation of genuine claims. Submission of fraudulent petty cash claims. Using a School credit card/ purchase card for personal use. Assisting family and/or friends or oneself to obtain contracts. Working elsewhere whilst claiming to be off sick and receiving sick pay. 14
FRAUD MATTERS Fraud awareness for schools EMPLOYEE/ CONTRACTOR FRAUD examples cont d Using school assets for personal use (without permission), such as laptops, iPads, tools and vehicles. Processing fake invoices for goods/services not received and keeping the proceeds. (Could be in collusion with contractor/ supplier). Creating fictitious employees on the payroll system and diverting funds to a personal account. Failing to charge properly for goods/services, especially for friends and family or in return for reward. Examples may include hire of rooms. Creation of invoices for non-existent suppliers. Running a personal business during work time. 15
FRAUD MATTERS Fraud awareness for schools EMPLOYEE/ CONTRACTOR FRAUD examples cont d Paying inappropriate bonuses or honorarium. Employing family and/or friends without following proper processes.. Making purchases or entering contracts with suppliers/contractors known personally or to another member of staff without following proper process or declaring business interest. Paying suppliers/ contractors who fail to deliver goods/services or do not deliver to the expected standard. Improperly disposing of assets. Pocketing the proceeds. Colluding with criminals to defraud the school, Council and/or service user of funds. 16
FRAUD MATTERS Fraud awareness for schools Controls to mitigate employee/ contractor fraud include Robust recruitment processes. A Code of Conduct for staff and contractors. Gifts and Hospitality Register. Comprehensive procedures for all processes that are regularly updated and communicated to all. Security of cash, assets and data, including access controls and authorisation limits. Having a Declaration of Interest Register that staff are required to sign annually or when there is a significant change. Retention of documentation policy to ensure receipts for financial transactions are kept for the relevant period. Cash transactions are kept to a minimum but where they occur, at least two people are involved in preparing and checking payment runs and counting cash received. Asset register and regular stock checks. Regular reconciliations of accounts. Staff and Governor scrutiny of payments. Whistleblowing Policy and knowledge of how to report suspected fraud. Fraud awareness training. 17
FRAUD MATTERS Fraud awareness for schools The ways to commit fraud continually evolve and the ever increasing reliance on technology means that around 70% of fraud is enabled via the use or manipulation of technology, IT equipment and the Internet/ email. Cyber criminals aim to obtain your money and/or your property by: hacking into your systems (to steal your personal data or to cause a denial of service and demand a ransom for it to be released) unleashing malicious software (to steal data or to cause a denial of service) misleading you into paying the fraudster directly, through payment diversion tactics such as phishing emails or fake websites tricking you into giving them your personal information/ passwords so they can access your computer/ bank accounts to steal your money The main enablers of these type of frauds are weak passwords and phishing emails. We will cover these in more detail on the next slides. 18
FRAUD MATTERS Fraud awareness for schools Cyber enabled fraud: Hacking Malicious software (malware) Distributed Denial- of-Service attacks (DDOS) Fake websites. The unauthorised use of, or access into computers or networks or the bypassing of security to gain access to steal money, information, or disrupt businesses. Unleashed into a computer or network to steal data, cause system crashes or delete files e.g. viruses, worms, Trojans, spyware and ransomware (demand ransom to return data or not publish it). The server is overloaded with the goal of disrupting the availability of websites and web- based services. May demand a ransom to return systems to normal. Fake websites to obtain your money or information. The following websites may look the same but are not. Hover over them to see the real site... www.enfield.gov.uk www.enfield.gov.uk www.enfield.gov.uk 19
FRAUD MATTERS Fraud awareness for schools Cyber crime can affect us as much in our private lives as at work, so it is important to be aware of the dangers and protect yourself as much as you can. Controls to mitigate cyber enabled frauds Install or enable anti-virus software on PCs, laptops, phones etc. Ensure sure it is regularly updated. Secure devices such as tablets and mobile phones with screen locks. If using passwords make sure they are strong (see slide 22 for further advice). Be mindful that public Wi-Fi may not be secure, so never use it for online banking, accessing emails, or anything with sensitive information. Instead used 3G, 4G or 5G connections which are secure. Back up important data regularly. 20
FRAUD MATTERS Fraud awareness for schools Controls to mitigate cyber enabled fraud cont d Be mindful of website authenticity when inputting personal information. Check the site is the one you expect. Hover over the URL and check the site security information next to it. Be aware that some addresses may appear genuine but may not be, for instance is there an extra number in the address? (check the websites on page 19 if you haven t already done so). Check for a padlock when inputting personal, sensitive information. Be mindful of phishing emails (refer slides 23 to 29). Don t open attachments or click on links in unexpected emails. This may lead to malicious software being downloaded or your information harvested from a fraudulent website you are directed to. 21
FRAUD MATTERS Fraud awareness for schools Controls to mitigate cyber enabled fraud cont d As weak passwords are a key enabler of cyber fraud make sure you.... Change default passwords as soon as is possible. Try and avoid using names of family members, pets, sports teams etc (especially if you use social media). If possible include: Numb3rs CAPITAL letters Lower case letters Specia! char@cters Use different passwords for different accounts but especially for your email accounts. You can check how strong your password is at https://howsecureismypassword.net/ This will give you an idea of how long a home computer would take to crack your password. Remember, malicious attackers will take less time. 22
FRAUD MATTERS Fraud awareness for schools Cyber enabled frauds cont d One of the current biggest cyber fraud threats is PHISHING ATTACKS In this type of attack the criminals email you pretending to be someone else such as: your bank a government department (i.e. HMRC) a senior officer within your organisation (i.e. headteacher) - CEO FRAUD a regular supplier MANDATE FRAUD The aim is to: Either obtain your sensitive information such as passwords and bank details so these can be used to defraud you. They may do this by including links or attachments which you are encouraged to open. When you do, these may take you to a fraudulent website, or install malicious software onto your device, or steal your passwords. Or trick you into making a payment directly to a fraudsters account (payment diversion fraud). 23
FRAUD MATTERS Fraud awareness for schools One type of payment diversion fraud enabled through phishing emails (or Smishing texts) is MANDATE FRAUD Criminals will email you (they may also call you, or send a letter) pretending to be one of your suppliers or contractors with the aim of getting you to change the bank account details you have on file for them and inadvertently pay the fraudster. The letters will be on letterheads that appear real, calls will appear to be from the legitimate number and emails from email addresses that look the same as those you normally receive from them. This type of fraud can be extremely difficult to spot. 24
FRAUD MATTERS Fraud awareness for schools Another type of payment diversion fraud enabled through phishing emails (or Smishing texts) is CEO FRAUD This is where the fraudsters pretend to be a senior member within an organisation and contact a staff member to get an urgent payment made to themselves or a third party. The emails / text messages will come from email accounts or phone numbers that appear legitimate. These type of frauds can be aimed at specific individuals within an organisation. When a particular person is targeted (i.e. a finance officer) this is known as spear phishing. Be mindful that fraudsters can get all sorts of information about you from social media sites. 25
FRAUD MATTERS Fraud awareness for schools PHISHING EMAILS SPOT THE SIGNS These could be indicators the email is a phishing attack: The sender is claiming to be from someone official (like a supplier, your bank, doctor, a solicitor, government department). Criminals often pretend to be important people or organisations to trick you into doing what they want. The email contains speling and/or grammatics errors. The sender s name does not tally with the email address. Hover over the email address to check. Be especially mindful of free web mail addresses. The email uses a greeting like dear customer rather than your proper name. This may suggest they do not know you. The email include links to websites. Be mindful links can be forged or seem very similar to the proper address, but even a single character s difference means a different website. For example two n s can look like an m. There an embedded hyperlink. Be mindful this could be a link to a bogus site. 26
FRAUD MATTERS Fraud awareness for schools PHISHING EMAILS SPOT THE SIGNS Take a moment to think.... Are you expecting this type of email? Criminals often exploit current news stories (Covid-19), big events or specific times of year (like tax reporting) to make their scam seem more relevant to you. Is there a sense of urgency to the request? For example, does it include threats that unless you act immediately your account may be closed, you will be fined or you may face other negative consequences? Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more. Is the message offering something in short supply (like PPE or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly without appropriate checks. 27
FRAUD MATTERS Fraud awareness for schools If you receive a request to change bank account details either by email, text, letter or telephone be mindful it could be a fraudulent request: Never rely solely on any email, text, letter or telephone requests you receive. Verify all requests using independent contact information that you already have not those provided in the request. Do not click on any links/ attachments in any emails or text requests if you are concerned it could be fraudulent. Don t assume the request is genuine just because it looks legitimate - it doesn t mean it is. Criminals can and do spoof emails, texts, documents and phone numbers. Never feel embarrassed to challenge or question a request being made. 28
FRAUD MATTERS Fraud awareness for schools What to do if you've already clicked on the link (or entered your details into a website): If you've provided your password, change the passwords on all your accounts that use the same one. them know. If you ve been tricked into providing your banking details, contact your bank and let Open your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds. Contact your IT support, especially if you think your account has already been hacked (you may have received messages sent from an account that you don't recognise, or you may have been locked out of your account). Contact the supplier/partner if relevant and notify them of the incident. Report the incident to Action Fraud on 0300 123 2040 or online at www.actionfraud.police.uk 29
FRAUD MATTERS Fraud awareness for schools BRIBERY and CORRUPTION are very real threats for Schools and Local Authorities due to the amount of sensitive data and services they have access to. The Bribery Act 2010, defines bribery as the giving or taking of a reward in return for acting dishonestly and/or in breach of the law. It is an individual offence to: offer, promise and/ or give request , agree to receive and/or accept a financial or other advantage with intention of seeking favourable behaviour or outcomes Individuals convicted of a bribery offence can receive up to 10 years imprisonment and/or an unlimited fine. CORRUPTION is a form of dishonest or unethical conduct by a person entrusted with a position of authority and/or trust, often to acquire personal benefit. Corruption may include many activities including bribery. 30
FRAUD MATTERS Fraud awareness for schools Bribery and Corruption can be difficult to detect as they usually involve two or more people entering into a secret agreement. There are, however, some signs to alert you that they might be taking place Abnormal cash payments or pressure exerted for payments to be made urgently or ahead of schedule. Private meetings with public contractors or companies hoping to tender for contracts. Lavish gifts being received. Controls that help to reduce the risk of Bribery and corruption include An anti-bribery policy (in Enfield Council this is incorporated into the Council's Counter Fraud Strategy). Procedures for staff to declare any interests they may have in other commercial or non-commercial organisations, which should be completed regularly. A register of offers of gifts, hospitality and sponsorship. Training for staff in bribery awareness and prevention. 31
FRAUD MATTERS Fraud awareness for schools Money Laundering Money laundering is the method by which illegally obtained money or assets (such as from theft, fraud, drugs, people trafficking, terrorism) are laundered i.e. passed through financial systems to disguise their criminal origin so they appear clean with no obvious link to any criminal activity. Traditionally, areas of concern for Local Authorities have been Housing (Right To Buy s) and cash overpayments for bills i.e. Council Tax, Business Rates and rents. Some people are vulnerable of being duped into becoming money mules , which is a form of money laundering. In such cases, fraudsters target mainly younger people and students, online, offering them money for allowing funds to be transferred into and out of their bank account. Money Laundering Regulations 2017 Suspicious activity should be reported to the Council s Anti Money Laundering Officer ((Head of Audit & Risk Management) who can report suspicious activity to the National Crime Agency. It is an offence: if you do not report suspicious activity. to conceal, destroy or falsify documents to impede an investigation of money laundering. to tip someone off who is being investigated for money laundering. 32
FRAUD MATTERS Fraud awareness for schools Who is likely to commit fraud and why? Anyone can commit fraud. The reasons why are more complex. The main model used to explain the elements needed for fraud to happen is the fraud triangle. In this model three factors need to be present for someone to commit an act of fraud, opportunity, pressure and rationalisation. 33
FRAUD MATTERS Fraud awareness for schools PRESSURE (motivating factors) RATIONALISATION (justification for actions) OPPORTUNITY (lack of or weak controls) Financial and lifestyle pressures including economic situation, debt, addictions and greed Revenge for not getting a bonus/ overtime worked, but not paid There is no perceived deterrent Poor controls and poor security A challenge no harm done Downward pressure from management to meet targets etc Disruption such as restructuring and reorganisation creating lapses in control It s not really a fraud I ll pay it back later, everyone s doing it Pressure from organised crime and collusion with criminals 34
FRAUD MATTERS Fraud awareness for schools Look out for warning signs, where people: Do not follow procedures, complain about controls, take unnecessary risks Bypass normal tendering or contracting procedures Have an unexplained preference for certain contractors during tendering Insist on dealing with specific contractors themselves Agree invoices in excess of the contract without reasonable cause Do not retain documents or records regarding meetings or decisions Never take time off, even if they are ill Are under stress, have financial concerns Have a sudden change in lifestyle, unexplained wealth Seem to have a cosy relationship with contractors and suppliers. !Be mindful: These may help to identify warning signs but alone do not suggest someone is behaving fraudulently. 35
FRAUD MATTERS Fraud awareness for schools The most productive steps which you can take to reduce fraud are to ensure that robust controls are in place to minimise the chance of fraud. Removing opportunities to commit fraud or abuse of the system will generally deter all except the most determined criminals, and should eliminate significant risk of internal fraud. DO: Familiarise yourself with the current and emerging fraud risks that could affect schools (consider completing a Fraud Risk Register). Check the legitimacy of documentation/ information. Don t be afraid to question information you are given. Trust is not a control. Refer any suspicions you have or are brought to your attention promptly and accurately. DON T: Delay, ignore or do nothing. Try to investigate the matter yourself (you may inadvertently jeopardise criminal action being taken at a future date) Confirm or deny that somebody suspected of fraud is under investigation. 36
FRAUD MATTERS Fraud awareness for schools Schools are required to report financial losses through fraud to the Council, as these figures are reported to the DfE. It is also helpful to make the Counter Fraud Team aware of fraud attempts (even where there has been no financial loss to the School), as information such as this can help raise awareness amongst other schools and the wider community, particularly as fraudsters usually make multiple attempts at the same type of fraud. An example of this is phishing emails. Phishing reports can also be made direct to the Action Fraud website. It is good practice to do this as the Police may already have the fraudster under investigation and this will provide them with valuable additional intelligence. https://www.actionfraud.police.uk/report-phishing There is also plenty of information and advice on the Action Fraud website regarding fraud. 37
FRAUD MATTERS Fraud awareness for schools Reporting concerns/ suspected fraud If you suspect fraud and/or abuse of school funds or assets, please raise the matter promptly with your Headteacher in the first instance. You can also contact the Council s Counter Fraud Team, who are trained and experienced in investigating fraud on: 020 8379 3166 fraud.team@enfield.gov.uk Additionally, you can raise concerns through your Whistle-blowing Policy. 38