Incidents of Fraud against RSLs in Scotland
Dear colleague
I am writing to you to alert you to a matter that has recently come to our attention.
A small number of RSLs have told us they have been the subject of fraud and/or attempted fraud. Fraud remains a problem for RSLs and as the operational environment changes, many traditional types of fraud still exist but others are becoming more sophisticated. The annex to this letter provides examples of some of the different types of fraud that have been notified to us.
Regulatory Standard 3 requires each RSL to ensure security of assets.
Regulatory Standard 4 requires each RSL to ensure they identify risks that might prevent it from achieving the RSL’s purpose and have effective strategies and systems for risk management and mitigation, internal control and audit.
Many RSLs have effective risk management arrangements, however given the targeting of the sector, it is appropriate for RSLs to review the adequacy of the procedures in place to minimise the risks of any attempts at fraud from being successful.
Ensuring that there is senior-level focus on managing these risks, and devoting appropriate time and resource to doing so, will help to safeguard the interests of tenants and service users and maintain effective internal controls in this area.
If you uncover any activities that you believe to be fraudulent, you should continue to advise us through our notifiable events process.
I should be grateful if you would draw this advice to the attention of the appropriate staff within your organisation.
If you have any questions on this matter please get in touch with the lead regulator for your organisation or contact us.
Yours Sincerely
Ian Brennan
Director of Regulation
Annex
Impersonation
In this type of fraud, the fraudster will impersonate a member of staff from within the organisation, generally the senior officer. The fraudster will send an email requesting a payment be made that will appear to be a genuine request from that member of staff. The email or a subsequent email will provide the bank details that would see a transfer of funds being made to the fraudster’s account.
Mandate Fraud
For this type of fraud, the fraudster will make contact and request that payment details for one of your supplier or contractor organisations be updated. A failure to have sufficient checks in place to ensure that the request is genuine will see the payment being forwarded to the fraudster’s bank account.
Fraudulent Cheques
This will see a false cheque drawn on the RSL’s bank account being presented at a high street clearing bank. The false cheque could either have been created by the fraudster, be as a result of a cheque book that was issued by the bank to the RSL being intercepted, or it could be a genuine cheque but with a signatory who lacks the authority to sign cheques.
Overcharging or Double Billing by a Contractor
These frauds occur when a contractor issues an invoice for work that has not yet been completed or where a customer is charged twice for the same product or service. There is a greater risk of this occurring where milestone agreements are in place that determine when payments should be made.
Fraudulent Claiming of Expenses
This is a fraud perpetuated by a member of staff, which will see the fraudulent claiming of expenses not permitted by the organisation’s policy. The risk of this is increased where there is insufficient segregation of duties.
Online Banking
Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. Internet Banking Fraud is a form of identity theft and is usually made possible through techniques such as phishing
