It often feels like a personal assault when fraud hits the company from the inside. Your colleague or employee deceives you. Your suppliers cheat you - or your customers abuse your trust and goodwill. These are people we trusted and we just didn't see it coming. The money is gone, but we can't afford to lose faith in our colleagues. That's why you need a defense against insider crime. That's why internal investigations are more important and sensitive than you think - and why you may need help to restore your company's safety and security after a fraud incident.

In this article, Christian Pejtersen, CEO of security company yourCompany, shares lessons learned in these three critical areas based on a current case. If you've been affected by insider crime, you know why you should read on. If you've been lucky enough to have avoided it so far, now is your chance to come out a little more prepared.

Stop insider crime: Before it happens

A current and typical case from yourCompany's archives is about shady connections between own employees and external suppliers. Despite ethical rules and Danish criminal law, employees and suppliers enrich each other across the board, naturally without the employer knowing about it.

”More than 60 % of our internal investigation cases are about just this type of issue. The people involved are not always aware of how serious it really is. Corruption often starts small and trivial, but grows bigger and more serious over time,” explains Christian Pejtersen.

Business losses can be hard to quantify. How much more does it cost when a supplier is chosen for the wrong reasons? It's rarely less than DKK 100,000 and often runs into millions. It can be easier to appreciate what the employee gets out of it. Home repairs, IT equipment and mobile phones, TVs, furniture, curtains, vet bills, white goods are some of the typical quid pro quos from a supplier.

”In this case, our customer was particularly exposed because both supplier and employee controlled important key areas of the company. This left a high risk of business-critical breakdowns and acute production stoppages if management reported the matter to the police. A nightmare scenario, because few companies can sustain prolonged downtime and disruption. So, in fact, the biggest financial risk only materialized when the crime was uncovered.”

Could the company have avoided the risk altogether? We live in a trust-based society whose strength is that we don't distrust each other. So the short answer is no, says Christian Pejtersen.

”There is always a risk, but by staying ahead you can minimize it. At yourCompany, we offer general security checks of business processes and routines. Thorough background checks when hiring employees or managers in vital functions are also a good precaution, just as it can be a good idea to establish specific controls around IT systems, for example. Finally, different types of spot checks can be a preventative measure because it demonstrates that management is vigilant and continuously monitoring.”

Internal investigations: Who was behind it and where did it go wrong?

One day the suspicion arises - or a coincidence reveals that the company has been defrauded. Typically, the first step is an internal investigation. The common questions are of course; Who, what and how much? Depending on the situation, the investigation should either be done discreetly so that those involved do not discover the suspicion - or in the open if the consequences are already known. This places demands on the execution of the internal investigation. But there are also other considerations to take into account.

”Internal investigations are about the company's operations, internal relationships and level of security. In some cases, that process can portray the company in a negative way because security may not have been top-notch, or management may appear as if they haven't had their act together and were a bit naive. This is rarely fair. It's usually a case of management delegating tasks in good faith to employees who didn't solve them, but abused the trust to enrich themselves," says Christian Pejtersen.

”Nevertheless, the financial loss can weigh much less than the uncertainty created around the company and its products or services. Were controls in place and did management exercise due diligence? Whether deserved or not, uncertainty for customers, investors, bankers and business partners can be costly.”

This places demands on the handling of internal investigations. The more discretion and diplomacy, the less risk of unnecessary noise and concern from customers and the outside world.

”Over the years, yourCompany has handled around 150-200 of these types of cases. This has taught us to tread carefully. We use a structured process that is adapted to the specific situation and the company's DNA. We always start by uncovering the answers that are readily available in the company. Often we get answers to most things by looking through emails, correspondence and bookkeeping,” says Christian Pejtersen.

If there are still loose ends, yourCompany's specialists analyze the need and put together a ”package” that matches the situation. Internal investigations can include everything from Open Source investigations, Digital Forensic review of IT equipment, analysis of communication from company platforms to whistleblower management, invoice analysis, internal and external interviews and much more, he explains.

”We usually find the answers to the company's questions and uncover the actions that have caused concern. We focus on the scope, period, number of people involved and whether there were other irregularities. All supported by documentation that enables the customer to decide on next steps.”

Has something happened that should lead to personnel law action? Can you continue with the supplier or business partner in this situation? Should a claim for damages be raised in dialog with the parties involved - or in a civil lawsuit? Is there a clear allocation of responsibility? Or does the investigation lead so far into the Criminal Code's provisions on fraud, embezzlement or forgery that the case must be written up for police, courts and insurance clarification.

”Our investigators typically have experience from the police or intelligence services. Together with our experts in IT and forensics, they represent a level of professionalism that can meet the requirements of the subsequent process. Of course, they typically work closely with the company's legal experts.”

But it doesn't always end here. Sometimes the biggest challenge is still waiting.

Move forward with confidence: A trusted partner

The fraud is solved. The consequences have been mapped and those involved identified. However, as mentioned, both the supplier and employee in question were key figures in the day-to-day operations. Early on in the investigation, it became clear that a number of business-critical IT functions in the company could be left without the necessary professionalism and leadership.

In agreement with the customer, yourCompany began gathering detailed knowledge about their IT solutions, software systems, passwords and hardware solutions. They also identified possible third-party suppliers that could be included in a future solution. On the day the decision to part ways with both employee and supplier was made, it was based on a concrete plan for how operations and daily life could continue with minimal disruption.

”The first few days were chaotic,” recalls Christian Pejtersen. ”Employees were shocked when they heard about what had happened - and the consequences. But the plan meant that it was controlled chaos. The morning after the terminations, we had the systems up and running again. In the following days, we helped solve day-to-day, low-level challenges and fail-safe the systems. At the same time, we helped find new suppliers with the necessary skills and reasonable prices as quickly as possible.”

This included preparing documentation for new suppliers, describing workflows and compiling lists of new and existing partners. At the same time, yourCompany created overviews with corrected passwords, IP addresses and much more, making it easy for the customer and the new suppliers to get started with the collaboration.

”Effective protection against internal crime starts with being well prepared. Internal investigations take care of the problem when things have gone wrong - or when impropriety is suspected. That's what we've always worked towards at yourCompany. It's classic security thinking. But helping the company move on after the chaos phase is something we've built on. Along the way, we've seen how difficult it can be to make the right decisions when a company is suddenly without trusted employees or suppliers. Of course, our help in these cases is just an ambulance service. We solve the crisis and then others take over. But as long as it's about safety, it's also our table,” concludes Christian Pejtersen.

Contact us

Email: info@yourcompany.dk

Tel: +45 53 53 53 46 04 04