The fraud risk you might not be looking for – culture

Wells Fargo’s John Stumpf oversaw a corporate culture that enabled fraud and rule-breaking. (Fortune Global Forum 2015” by Fortune Global Forum, CC BY-NC-ND 2.0)

---

At a glance

• Fraud is a significant and costly risk for UK SMEs.
• A strong organisational culture is a key defence against fraud.
• Accountants can identify cultural red flags and advise clients on improvements.

---

Two in every five of the UK’s small and medium enterprises (SMEs) have fallen victim to fraud, according to a 2024 study by Visa. And on average, a single instance of fraud sets a business back by nearly £4,000.

The characteristics of fraud – the breadth and weight of its impact – make it one of the most significant risks facing SMEs.

Accountants can play an important advisory role in helping to protect clients, by supporting them to:

1. maintain robust internal controls
2. monitor accounts closely
3. conduct regular audits, and
4. train employees.

But accountants can also advise clients of another, oft-overlooked way to protect themselves from fraud. And it’s essential, according to a new report from the American Institute of Public Accountants (AICPA).

This anti-fraud measure? A robust organisational culture.

Culture and fraud: What’s the connection?

Organisational culture manifests in two ways, states the AICPA report.

The first is formalities, such as rules, policies, operations, performance management, and training. The second is informalities, such as behaviour, use of language, rituals and routines, and physical spaces. Both reflect the organisation’s belief systems, values, and norms.

Most managers know that culture influences the drawing and keeping of talent. But this is just one piece of the puzzle. Culture also determines how everyone – from employees to external stakeholders to clients – thinks about, and interacts with, the organisation.

And this is where culture directly influences the likelihood of fraud, the report says.

So how can accountants best assess the nature of a client’s organisational culture, and determine whether it raises a fraud risk? If they identify a high level of risk, what can they do about it?

Financial Accountant spoke with two executives at one of the organisations involved with the report’s preparation, J.S. Held. Natalie Lewis is J.S. Held’s senior vice-president for economic damages & valuations; Pamela Hefner is its vice-president for economic damages & valuations.

“An organisation’s culture plays a crucial role in its ability to identify and manage its risk of fraud or to enable fraudulent activities,” says Lewis.

“In strong cultures, management emphasises integrity, fairness, and responsibility [for reducing] any rationalisation for fraud, and employees feel safe raising concerns without fear of retaliation.

“When an organisation’s culture tolerates or encourages unethical behaviour, the risk of fraud significantly increases by creating opportunities for fraud, encouraging rationalisation, and intimidating whistleblowers.”

Case study: The Wells Fargo scandal

The report gives a powerful example. By the early 2010s, after years of strong growth, US bank Wells Fargo came to be seen as a global business innovation success story. But then a series of articles in the Wall Street Journal and the Los Angeles Times began to detail a Wells Fargo sales culture that pressured employees to produce near-impossible results.

In late 2016, Wells Fargo announced it had settled a lawsuit for $US185 million. The American Bankruptcy Institute Journal reported that Wells Fargo employees had “opened as many as 1.5 million checking and savings accounts, and more than 500,000 credit cards, without customers’ authorization”.

The result was a sudden erosion of Wells Fargo’s ability to attract customers. As more high-level legal action descended, CEO John Stumpf first tried to tough it out, blaming lower-level employees. But eventually, Stumpf resigned, as did other executives. Government customers withdrew business. The scandal even claimed Stumpf’s CEO successor. To date, formal penalties have probably cost the bank more than $US6 billion; the reputational cost may be higher.

A 2017 investigation found that Wells Fargo’s organisational culture was a significant contributor to the affair. The Wells Fargo culture put high levels of pressure on employees to meet sales goals, without protections against unethical behaviour. At the same time it decentralised controls and risk mitigation processes. Further, leadership failed to respond to reports of misconduct.

How a strong culture minimises fraud risk

A strong organisational culture decreases the likelihood that employees, external stakeholders, or clients will engage in fraud – be it misappropriating assets, corruption, or creating false financial statements.

“Additionally, leadership [that is] actively involved in day-to-day operations and demonstrates ethical behaviour deters employees from committing fraud because it signals an intolerance for unethical behaviour and a higher [chance] of getting caught.”

At the same time, a strong organisational culture increases the likelihood that if fraud does happen, then someone – employees, external stakeholders, or clients – will identify it and blow the whistle early.

“Employees who feel connected to their peers, have trust in their leadership, and believe in the mission of the organisation are more likely to feel empowered to speak up,” says Hefner.

Four ways to build a fraud-resistant culture

To begin, it’s vital that managers recognise their influence on culture.

“Organisations need to be cognisant of their ‘tone at the top’, as leadership sets the cultural foundation,” says Lewis. “If leaders demonstrate ethical behaviour, transparency, and accountability, then employees will likely follow suit.”

That said, setting the tone is just the first step.

“The ‘visual must match the audio’,” adds Hefner. “Management must demonstrate their commitment.”

Managers can do that by following the report’s four recommendations for improving culture:

• Foster open communication, by providing visible, accessible channels through which employees can report unethical behaviour easily. These may include internal hotlines, digital platforms, and avenues for direct reporting.
• Safeguard against retaliation, by ensuring employees can report without fear. Policies should include protections for whistleblowers, and investigations should be conducted by independent, qualified people. 
• Deliver regular training in ethics and fraud awareness, customised for the organisation and its employees. “Investing in professional development isn’t just good business practice,” says Hefner. “[It] also contributes to employees’ sense of wellbeing, which helps to build a positive culture.”
• Align incentives with ethical behaviour, by rewarding ethical conduct and discouraging unethical behaviour. Strategies may include incorporating ethical conduct into performance reviews, rewarding highly ethical employees through spot awards and points systems, and adding ethics requirements to promotion considerations.

“When an organisation’s culture tolerates or encourages unethical behavior, the risk of fraud significantly increases …”

Natalie Lewis

Five cultural red flags for accountants

Accountants can play a crucial role in looking out for cultural elements that suggest a high fraud risk. 

The report identifies five red flags:

• Top-down decision-making that excludes employees’ input. This may cause employees to become disengaged, and therefore, more likely to rationalise fraudulent behaviour.
• A lack of diverse thinking. Homogenous teams may be less likely to ask questions, spot issues, or confront suspicious activity.
• A willingness to rationalise unethical behaviour. This may arise in cultures that tolerate seemingly minor instances of unethical behaviour or incentivise outcomes without regard for integrity. “Organisations that put more weight on hitting financial results than complying with rules and regulations send a message to employees that fraud is allowed as long as results are delivered,” says Lewis.
• High employee turnover, which may suggest discontent among employees, poor leadership, or failures to deal with misconduct.
• Weak, poorly supervised internal controls. Employees may become careless, and fraudsters can exploit gaps easily.

A lack of transparency is also telling, says Lewis. “When an organisation’s culture does not promote transparency and openness, employees do not feel comfortable speaking up when concerns arise. Lewis says that in the US, according to that country’s Association of Certified Fraud Examiners, 43% of frauds were detected via tip-offs – and more than half of those came from employees.

Accountants can’t prevent all fraud. But, in their advisory role, they can help clients to understand the link between culture and fraud risk.

And accountants can actively reduce fraud risk by sharing red flags, and supporting clients to take steps to improve their organisations. 

---

Enhance your understanding of anti-money laundering with IFA’s AML Matters webinar series.