The enemies within

Every year companies invest millions of euros in guarding themselves against outside criminal threats. But what about the threat that exists within their own organisations? Diana Milne meets ex-police officer, now CIO of the UK’s serious Fraud Office, Jarrod Haggerty, to find out why the enemy may be closer than you think.

“In this climate employees are losing their jobs and there's less cash around so the appetite to commit fraud from a personal point of view may increase”
-Jarrod Haggerty, Serious Fraud Office UK

When Jarrod Haggerty joined the Australian police force, he never imagined that his experience of catching street criminals would enable him to land a job as one of the world's top corporate forensic experts.

But six years on the beat on the streets of Victoria proved perfect preparation for a career in rooting out fraud from some of the world's top blue chip companies. In fact so highly valued is his experience that he has been seconded from PricewaterhouseCoopers’ Forensic Technology practice which he runs, to take up on a six-month contract as the Chief Information Officer of the Serious Fraud Office.

Describing how he made the transition from cop to CIO, he says: “I did six years with the Victoria Police in various roles – mainly general duty policing and detective roles. Then I left there and put myself through university for three years where I did a finance degree. I joined PwC in Australia on the graduate programme as an auditor in 1999. I lasted three months within the audit division until the company found out I was an ex-policeman with a finance degree who had worked in forensics. I then started off in the forensics department doing general investigations for about a year and a half.”

The role took Haggerty to PWC's Birmingham office where he developed a forensic technology practice before moving to PwC’s London office. While he did have to retrain to join the corporate world, his policing experience meant he was well prepared for both investigating fraud and taking part in legal cases or acting as an expert witness in court cases: “Some of what I do now is being involved in the courts as an expert witness. So the police force was great preparation for that.”

In his role as CIO of the Serious Fraud Office he is charged with ensuring that the organisation makes the best use of technology in its investigations and in tackling its caseloads.  This is more important than ever before, he says, given current economic conditions and the fact that companies are under increased pressure to detect and eliminate fraudulent behaviour that is draining their finances: “In this sort of climate, companies are taking a good look at their spending and their financial systems,” says Haggerty. “The appetite to tackle fraud will increase because of cost cutting efforts on the part of those companies.” He goes on to say that disgruntled or cash strapped employees pose a significant threat to companies in today's climate as many will commit fraud as retaliation against redundancies or to support themselves in times of financial hardship: “People may take the opportunity to commit fraud for various reasons, from a personal point of view. In this climate employees are losing their jobs and there's less cash around so the appetite to commit fraud from a point of view may increases.”

The key to detecting fraud – like any crime – is to know the suspicious signs to look out for. Haggerty says there are some obvious signs such as an employee who suddenly seems to have more cash to spend than usual: “Obviously there are typical things, like if someone rocks up in a very nice car or starts spending more money than usual. If somebody seems to be spending well beyond their means then that's an obvious sign.” However Haggerty's training has taught him to also watch out for the more subtle signals that an employee may be committing fraud – such as an employee who never takes leave, preferring to be in the office as much as possible: “Often when people commit fraud of opportunity, the fraudulent activity starts to grow and grow and they keep having to move cash from one area to stop up another area. We start to see that they don't take leave because they need to be in the office to keep moving the money around.” Often, he says, it is only when that employee leaves the post that the fraud they have committed is uncovered. This means that as European companies are forced to cut jobs, more fraud is expected to be uncovered in the coming months.

Haggerty's policing experience has proven invaluable in terms of his ability to detect corporate fraud, as he testifies, “The police gave me the right background from an investigations point of view and to have an investigative frame of mind. It teaches you to look at the things and realise that they are not always as they first appear.”

To foster that same investigative frame of mind within corporations can be challenging he admits, but with the right systems in place, companies can sniff out fraud before it starts to impact their bottom line, he says. This involves having a robust fraud risk management plan in place, and, from a technology perspective, having good controls procedures over IT systems. One of the biggest mistakes companies make, says Haggerty, is having disparate IT systems that do not communicate with each other, hence failing to detect fraud being committed concurrently on two systems. Haggerty says this will fail to flag up one of the most common forms of fraud committed with large corporations; creating a ghost employee with a salary that is paid into a genuine employee's account: “Often companies will have a very disparate IT infrastructure. There will be one system running for HR and a separate system running finance and payroll. Those systems won't talk to each other and there's no ability to run tests to detect the ghosting of an employee. In the HR system a record could be created for a new employee with a fictitious name and address. The bank details however will be the same as those of a genuine employee that are held on the payroll system. Because the two systems don't link up, the company will never be able to see that it is paying both employees into the same bank account.”

As technology plays such a crucial role in the way fraud can be detected, one of Haggerty's main tasks as CIO of the Serious Fraud Office will be to look at the way it uses electronic information to investigate fraud and to develop technology that will allow it to drill down through data at a faster and more efficient rate. This is particularly important given the fact that technology has enabled fraudsters to vastly increase the impact of their actions, and speed at which they achieve their ends. While the motivation for fraud has not changed the methods for committing it have changed dramatically, with emails replacing postal mail as the primary delivery method for fraudulent material: “What I've seen from a PwC perspective is that the nature of fraud hasn't really changed but the reach of it has changed,” says Haggerty. “Years ago when people were committing fraud they would send out say, 200 envelopes. Technology today allows people committing the same sort of fraud to send out two million emails instead.” For this reason he hopes to equip the SFO with technology with the intelligence to automatically detect fraud when scanning through thousands of emails: “There's a big programme running at the SFO where the organisation is looking at software that is being developed in the market which would allow them to drill down into information and be able to investigate it at a fairly timely level. They are looking for technology that would mean they wouldn't have to trawl through lots of emails but would alert them to fraud far quicker and would streamline the process.

Haggerty is the first CIO to be employed at the SFO, and with just six months to plan the organisation's IT strategy for the next three to four years, he has not got an easy task on his hands: “The SFO has not had a CIO before and from that point of view it's a change for the people there and for the systems they are using,” he says. “One of the biggest challenges is implementing these changes and making people aware of the changes we are going through. I must sit down and understand the changes they are facing and what the market is facing. I need to write a strategy for them for the next four to six years from a technology point of view and within a six month time frame that is definitely tough.” But having experienced life on the beat, Haggerty says he is more than prepared to deal tackle the challenge   no matter how tough times get.

About the Serious Fraud Office
The Serious Fraud Office is an independent government department that investigates and prosecutes serious or complex fraud. It is part of the UK criminal justice system. The Office is headed by the Director who is appointed by and accountable to the Attorney General. The Attorney General is appointed by the Prime Minister and is responsible to Parliament for:

• the Serious Fraud Office
• the Crown Prosecution Service
• the Treasury Solicitor's Department
• the Department of the Director of Public Prosecutions for Northern Ireland
• the CPS Inspectorate
• the Revenue and Customs Prosecution Office

Jurisdiction
England, Wales and Northern Ireland fall within the SFO's jurisdiction. The SFO does not have jurisdiction over Scotland, the Isle of Man or the Channel Islands.