• BDO Forensic Insights

    Volume 3

Topic: Workplace Crime and detection

Workplace fraud is an ever-evolving threat for organisations, with new types of fraud requiring a continuous assessment of vulnerabilities within the workplace. It is also much more common than you may realise. The types of fraud organisations may experience look a lot different from those a decade ago, with fraudsters finding sophisticated ways to bypass weak internal controls. Fraud and misconduct have also been impacted by a changing landscape, such as COVID-19, and of course the uptake of technology.

So, what does modern workplace fraud look like? There are eight types of incidents we have seen an increase in amongst our clients:

  • Timesheet and leave fraud
  • Financial fraud
  • Unauthorised access/disclosure of confidential information
  • Cash theft (via fraudulent creditor and payroll schemes)
  • Fraudulent application for loans and debtor financing
  • Cyber breaches
  • Code of conduct breaches
  • Bullying and harassment claims.

With COVID-19 impacting workplaces, some organisations are also experiencing a limited capability to manage and conduct investigations internally. These types of matters need to be actioned immediately or in a timely manner, as they will likely have a further detrimental effect on your organisation if left idle.

The key to preventing workplace fraud is awareness, alongside training and controls such as a whistleblowing reporting platform.

Whistleblowing, a key to detection

In 2019, law reform occurred to protect whistleblowers and to expand whistleblower protections to cover a larger group of staff from the corporate sector. Employees and other groups associated with companies were also given more protection. Whistleblowing isn't always easy and the need to make a disclosure can be a heavy burden on the shoulders of the whistleblower.

The reforms included changes to guard whistle-blowers’ confidentiality to prevent them from being threatened for their actions.

For whistleblowing to work in organisations it takes more than top management wanting to listen to concerns. You need to have communication that shows people that individuals can come forward with a concern.

There should be encouragement to raise issues at an early stage and a very clear process of how those concerns will be dealt with by the organisation.

ASIC regulates whistleblowing in companies and has recently undertaken a review of whistleblowing obligations (in place since 2019), by examining whistleblower policies. The ASIC Commissioner said the review of company whistleblower policies had identified some ‘areas for improvement.’ ASIC’s findings showed:

  • Close to half of the policies examined by ASIC did not fully explain how staff could report misconduct or how the whistleblower qualifies for legal protection
  • 21 per cent of the policies reviewed incorrectly said staff who blew the whistle anonymously would not qualify for protection indicating the policy had not been updated correctly.

In response to ASIC’s review, Public Policy experts are calling for follow-up and enforcement to ensure all organisations understand their obligations to protect whistleblowers.

The Governance Institute of Australia said, “The very reason we have the new provisions is that a sound policy that provides whistleblowers with all rights and protections without the threat of negative personal consequences, is an underpinning for good governance. This covers not just breaches of law but also, as we have seen in recent months, enables the reporting of misconduct and other improper circumstances.”

Improving organisational practice

Improving organisational practice within an organisation is key. If seen as part of routine practice, organisations have a better chance of making quality improvements for staff and the customers, clients, patients who use their services.

There is strong evidence that an open culture where concerns can be raised, helps to build a safe working environment and improves organisational processes. There have been some great examples of this occurring through the use of information sourced from whistleblower concerns.

The proviso to this is that the whistleblowing platform also needs to be supported by other policies and procedures in the organisation.

Given people behave to what is being measured, this is often best achieved with a supporting complaints management process that plugs into performance management - a process making managers accountable.

For more insights into what modern workplace fraud looks like, and how, when and by whom workplace fraud may be committed, read our latest article, or listen to our recent podcast, “What does modern workplace fraud look like in 2021?”.

For more insights into the support we can offer you for your whistleblowing concerns please visit our website.

Regulatory news

Latest updates and advice from Australia’s regulatory bodies

In an environment of increased fraud and misconduct:

  • Australian Securities Investment Commission (ASIC) continues to advise that responding to reports of misconduct and whistleblower reports remains a priority, and any business involved in such conduct will have its governance arrangements scrutinised. If you are caught by the Corporations Act please review your governance arrangements in relation to whistleblowing. As mentioned in our article above, you can find the news report on ASIC’s latest review here.
  • The Fair Work Ombudsman (FWO) secured a total of $112,420 in penalties in court against the operators of four ‘The Ironing Shop’ outlets in Brisbane after they paid Chinese nationals a wage as low as $8 an hour and made use of false or misleading records.
  • The Australian Taxation Office (ATO) has begun a compliance focus - starting with a crypto crack-down - warning advisers and taxpayers to ensure cryptocurrency guidance is followed. This will be part of a broadening of focus across the regulatory realm in Australia. There is a continued focus on the previously reported areas:
    • Cybercrime (technology-enabled crime) affecting the tax and superannuation systems
    • Offshore tax evasion
    • Illegal phoenix activity
    • Strong ATO audit activity will continue into Q3 and Q4 2021 and 2021.
  • AUSTRAC - The proposed changes in the AML/CTF legislation is to support reforms to the AML/CTF Act made by the Anti-Money Laundering and Counter-Terrorism Financing and Other Legislation Amendment Act 2020 (Phase 1.5 reforms) is due to commence as of 18 June 2021. Below is the summary of changes for reporting entities:
    • Customer due diligence
      These reforms make it clear that customers must be identified before providing a designated service, except for very limited circumstances. They also expand the circumstances where you can rely on customer identification by another reporting entity providing a safe harbour from liability for isolated failures by the third party to meet applicable customer identification procedures.
    • Tipping off
      There will be expanded exceptions to tipping-off provisions that allow information from suspicious matter reports (SMRs) to be shared with an external auditor or offshore members of the same corporate or designated business group that are regulated by laws that give effect to some or all of the FATF recommendations.
    • Correspondent banking
      These changes affect financial institutions. The reforms include clearer prohibitions against entering into a relationship with a bank that allows its accounts to be used by a shell bank, in addition to clearer and strengthened due diligence and risk assessment requirements during a correspondent banking relationship.
    • Additional measures
      In addition to these changes, the Phase 1.5 reforms support cooperation and collaboration to detect, deter and disrupt money laundering, terrorism financing, and other serious crimes, and increase the AUSTRAC CEO’s ability to provide access to AUSTRAC information to law enforcement partners.
    • AUSTRAC also developed five new regulatory guides to help reporting entities review and strengthen their AML/CTF program, systems and controls.
      • Governance: board and senior management oversight
      • Money laundering/terrorism financing risk assessments
      • Ongoing customer due diligence
      • International Funds Transfer Instructions (IFTIs) reporting
      • Correspondent banking relationships
    • Digital currency exchange (DCE) providers are required to renew registration every three years. April 2021 marks three years since the first digital currency exchanges started to register. Relevant businesses can renew the registration through AUSTRAC Online.

In the news

Six people allegedly involved in a Western Sydney crime syndicate have been arrested by the Australian Federal Police over a multi-million dollar fraud against the National Disability Insurance Scheme (NDIS).

Two more Australians have been arrested and charged in connection to a major joint international MDMA drug investigation originating in the Netherlands in 2019. Since 2019, the Queensland Joint Organised Crime Taskforce (JOCTF), working with the National Police of the Netherlands (NPN) Criminal Investigations Division, has arrested 13 people, including the two Sydney men, as part of this operation.

APRA closed an investigation into Westpac after 2019 allegations they breached anti-money laundering and counter-terrorism laws. It is expected remediation will now take place.

Banks are cracking down on transfers to cryptocurrency exchanges by suspending payments to the sector, amid rising fears that it has become a hotbed for financial crime.

The Financial Reporting Council (FRC) has published tougher rules around assessing fraud risks when auditing financial accounts. It is the first time the rules have been substantively revised in more than 16 years. They state that auditors must obtain a ‘reasonable assurance’ about whether the financial statements are free of a material misstatement because of fraud. It defines reasonable assurance as a ‘high, but not absolute, level of assurance.’


If you have any queries or need any support please do not hesitate to reach out to our specialists.