20 years ago it used to be thought that all you could do in respect of fraud was to hope it wouldn’t happen and, if (when) it did, you investigated and then litigated or prosecuted the fraudster. It was also thought that:
- most fraud was low volume, high value;
- most fraud was undertaken by serial fraudsters;
- that it was enough to put in place controls in respect of known fraud risks; and that
- effective detection was the best way to counter it.
Twenty years of research into fraud later, we now know that all of these once held beliefs are either wholly or partially untrue. PKF Littlejohn together with the Centre for Counter Fraud Studies (CCFS) at University of Portsmouth in the UK (Europe’s premier research institute concerning fraud), manage the largest databases in the world concerning the measured, total cost of fraud (not just what is detected) and fraud resilience (a measure of how well an organisation protects itself against fraud). The CCFS has a wealth of data, articles, reports and studies into both the problem of fraud in different countries and the solutions that have been found to work (or not).
As a result, we now know that:
- most of the cost of fraud (its most pernicious impact) is high volume, low value (not vice versa)
meaning that it is very difficult to detect;
- something which is shown by the research data – even the most effective organisations only detect around 1/30 of the fraud against them;
- fraud is best seen as akin to a clinical virus, something which continually mutates and changes as fraudsters seek the greatest benefits for the least risk – meaning that static controls which only address the known risk, are more and more ineffective as it rapidly evolves;
- most fraudsters are opportunists, not long term or professional criminals and changing the balance of risks and benefits can lead to rapid changes in the organisations which they choose to defraud.
The total cost of fraud is also measureable to high levels of accuracy and statistical validity, just like any other business cost. Indeed, in the United States, all public sector organisations have had to measure fraud (and error) every year, and to publish their results, since 2002. In the UK this has taken place in some sectors since 1997 and now takes place across all of Government. Other countries and sectors have also done this, so PKF Littlejohn and the CCFS’s database now covers 17 years of data, across 40 sectors (in healthcare concerning 15 types of expenditure) with a total value of £9.76 trillion sterling (over £2 trillion in healthcare).
Current loss rates are running (across all sectors) at 5.6% of expenditure and at 6.2% in respect of healthcare expenditure (up 11% since 2007), however the better news is that there are examples of where this cost has been reduced by 40% or more within 12 months.
The beneficial effects of such a reduction in the healthcare sector are obvious – more resources become available for patient care and the financial health of the organisation concerned is boosted.
So how is this reduction achieved? Let’s get back to what the research shows:
- Two thirds of the financial benefits, where the cost of fraud has been reduced, are shown to arise from pre-empting it with stronger anti fraud cultures (mobilising and growing the size of the honest majority), more effective deterrence (deterring and shrinking the dishonest minority) and preventing fraud by designing out the process and system weaknesses which provide opportunities;
- One third of the financial benefits come from detecting and stopping fraud before it would otherwise have finished (although, as stated above, this is hard to do); and
- A mere one fifteenth of the financial benefits come from cash recoveries.
So changing human behaviour is key – something which makes absolute sense when you think of other problems like health and safety or smoking.
However, the continuously evolving nature of the threat – something which is happening faster and faster, as it is cyber enabled, and collective adherence to moral and ethical norms weakens (something else which the research shows) – means that we need more than just static controls.
Of course, if there is a known type of fraud then it would be irresponsible not to have something in place to stop it but do not think that this is enough or that future types of fraud will necessarily resemble what has gone before.
And this is where fraud resilience comes in – a widely accepted, holistic measure (29 factors and a scale of 0 – 50) of how well organisations protect themselves against fraud.
To use a healthcare analogy, if you have already suffered from a particular virus then there will already be antibodies in your system and these will enable you to quickly counter it if you catch it again. Where you catch a new virus, there are no such antibodies in place and you have to rely on the intrinsic resilience of your body’s capacity to create new antibodies. This underlying resilience is vital.
The position is similar in respect of fraud. Fraud resilience is a measure of the extent to which organisations put in place arrangements to ensure they can minimise the impact of fraud however it manifests itself.
Where organisations improve their level of fraud resilience, the cost of fraud is seen to be reduced. PKF Littlejohn and the CCFS have calibrated the two massive datasets against one another. Where a fraud resilience rating is 20 or less out of 50 it can be seen that losses can be 10% of expenditure or more; where the rating is 40 or more losses can be seen to be 1.5% or less. That is the difference that all round protection makes, rather than just trying to respond quickly after the event.
Armed with this knowledge, healthcare organisations now have the ability to make a real difference to the resources available for patient care and to their own financial stability. By understanding the nature and scale of the problem it is possible put in place the right solution; if you don’t you can’t.
In this context knowledge really is power – the power for good.
Partner and Head of Forensic and Counter Fraud Services, PKF Littlejohn
And Visiting Professor and Chair of the Centre for Counter Fraud Studies, University of Portsmouth, UK
 ‘The Financial Cost of Healthcare Fraud 2015’ – Jim Gee and Professor Mark Button – published by PKF Littlejohn and the University of Portsmouth (go to http://www.pkf-littlejohn.com/healthcare-fraud-report-2015)