Tacking financial crime
New challenges, same problem
One thing that hasn’t slowed down recently is the ability of fraudsters to exploit a situation and therefore for payroll professionals and the authorities to try to adapt to the emerging challenges. The unprecedented amount of government money on offer through digital channels such as the Coronavirus Job Retention Scheme and the financial hardship of many has seen a huge increase in phishing emails purporting to be from HMRC. Online shopping has presented the opportunity for fraud and for those who are working from home, data breaches are an ever-present risk.
Sharing the intelligence
The Institute of Chartered Accountants in England and Wales set up the Fraud Advisory Panel over 20 years ago. The charity is the voice of the counter-fraud profession and has set up a “COVID-19 fraud watch” group, which meets weekly to share emerging risks across the public, private and voluntary sectors. The preventive action that businesses can take is then cascaded out to the government, the police and business representative bodies. This intelligence is then shared more widely via a mailing list that businesses can sign up to (see Follow up ).
There are specific payroll-related scams that are on the rise such as insider fraud where those working at home are using more relaxed business processes to set up ghost employees and report hours/overtime incorrectly. Payroll teams working at home are also likely to be the target of external fraudsters trying to circumvent the new confirmation of payee process that the banks have introduced. An emerging threat has been a criminal group who are intercepting one-time passwords and then generating a phone call from the bank or government department asking the user if they can confirm that a password has arrived.
Pro advice. Home-based payroll teams should be aware that their activities are very much a target for fraudsters, and they should be alert to any unusual activity or apparent change in business processes. Despite the pressure to get furloughed employees their pay accurately and on time it’s more important than ever that you don’t relax your guard and allow any shortcuts in due diligence.
Data protection and easing lockdown
The Information Commissioner is warning businesses that as lockdown restrictions ease there are some key steps to consider in respect of data protection. It is OK to ask employees whether they are experiencing any coronavirus symptoms and you can introduce appropriate testing if you are transparent, fair and proportionate. As health information is classed as “special category data” under the Data Protection Act 2018 (DPA) this means when collecting additional data about employees’ health you should run through this checklist: how will the extra information help keep the workplace safe? Do we need it? Could we achieve the same result without collecting personal information?
Pro advice. The best way to ensure that you are not in breach of the DPA is to carry out a data protection impact assessment if you’re going to do any testing or process health information (see Follow up).