 A Three Step Approach to Fraud Risk Management for Hotels
 |
 | In this article Jon Dee, Director of Hotel Asset Management at PKF, tackles the threat of fraud within the hotels industry and highlights the necessary counter measures to reduce this risk. |
The annual value of reported fraud in the UK alone is now running close to £1 billion and the hotel sector with its high volumes of transaction through multiple channels is highly exposed to fraud.
The good news is that most hotels have an established financial control framework to protect them against such frauds and many have already introduced specific counter-fraud arrangements including fraud or whistle-blowing policies and tightened up IT security and segregation controls. The external audit regime is also designed to have a reasonable expectation of detecting fraud. Nevertheless, reported fraud continues to be on the increase.
The growing menace of identity fraud has received substantial attention by the media and unfortunately the hotel sector appears to have become a prime target for fraud of this nature. In a recent highly publicised case a fraudster took the identities of millionaire businessmen from magazine rich-lists to run up around £500,000 of spending at luxury hotels and stores throughout the world.
The ever increasing use of the internet and email by hotels to conduct their business has provided identity fraudsters with new opportunities. Many bookings are now made on-line by credit card and are processed in an instant if the card appears to be genuine. If staff do not ask for further proof of identity when the fraudster checks in, they can stay at the hotel largely untroubled, enjoying a champagne lifestyle and extensive room service until they check out.
The recent conviction of six former employees of the Hilton Group and a booking agent in August 2006 for a £200,000 fraud suggests that insider fraud also remains a serious threat within the hotel sector. In this case, the fraudsters took advantage of a weakness in the hotel's conference booking system to divert bogus sales commissions to themselves over a six year period.
How do you know that you have taken appropriate steps to limit your hotel's exposure to fraud?
There are many good sources of advice available to business together with a wide range of model policies, procedures and technological solutions to draw upon. However, hotels come in all shapes and sizes and the challenge for hoteliers is to put in place effective measures for reducing exposure to fraud that are proportionate to the threats facing the business. No hotel will wish to be perceived as tolerating any type of fraudulent activity. Nevertheless, the benefits of counter-fraud measures also need to be considered carefully to make sure that the cost of their implementation is justified.
A three step process that begins by assessing the vulnerability of the individual hotel to fraud and the potential threats that it may face can help management to ensure that they put in place the most appropriate counter-fraud measures and demonstrate more clearly to the business owners that they are managing the fraud risk effectively.
Step 1 - Vulnerability assessment
The first step of the process is to assess the vulnerability to fraud of each area of the hotel's operation. Key areas to include in the assessment are the points where sales and purchasing take place, especially areas where cash/ cheques/ credit cards are handled.
It is important to undertake this exercise methodically and to consider all areas of financial activity, including those that may not appear particularly vulnerable at first glance. Only then can you be satisfied that you have identified all potential areas of weaknesses.
Step 2 - Threat evaluation
For each area of activity that is vulnerable to fraud, you then need to consider how that weakness could be exploited. This should include internal fraud by employees and management as well as external fraud by contractors or organised fraudsters.
In PKF's experience, the main internal fraud threats for hotels are theft and the over-claiming of bonuses, expenses or overtime. Theft could encompass stealing the company's money by processing falsified cheques or BACS transactions, theft of stock, creation of false employees, and bogus commissions, overtime and expense claims.
Areas to focus upon for external fraud are those which provide the greatest opportunity for fraudsters to obtain goods and services from the company either without payment or by using a false identity.
Hotels have a greater vulnerability to external fraud than many other organisations. The high volume of sales transactions through many points of sale increases their exposure to credit card and cheque fraud or the use of stolen cards.
Internet-based transactions where the card and the card owner are not physically present when the transaction is processed (and cannot therefore be easily verified) are increasingly being targeted by fraudsters, particularly as new technology such as chip and PIN and tighter controls are displacing some fraudulent activity away from the hotel lobby towards more vulnerable areas.
Other common examples of external fraud in the hotel sector include the submission of bogus invoices for goods and services that have not been delivered; inducements to fax booking confirmations to premium rate numbers; and variations of "cash-back" frauds whereby forged cheques or bankers' drafts are used to book accommodation which is subsequently cancelled and a refund claimed back from the hotel.
In evaluating the threats that your hotel faces, you should also seek to draw upon any data that can be obtained from your own management information systems such as unusual financial transactions and trends and any knowledge that you have of recent attempts to defraud your hotel or other local businesses.
This data will help you to refine your assessment and to ensure that it reflects your most immediate fraud threats.
Step 3 - Control enhancement
Once you have identified the potential fraud threats to the hotel, the next step is to reassess your financial control framework and to confirm that it provides the hotel with adequate protection against these threats. Where gaps are identified by this exercise, these need to be plugged before a fraudster can exploit them.
Priority areas for management action will be those that the hotel has identified as having the greatest vulnerability and where the threat of fraud is highest. This will also enable you to ensure that any investment that the hotel makes in terms of staff time and technology will be directed at those areas which will have the maximum impact.
Unfortunately, fraudsters are likely to continue to target hotels. However, by undertaking an assessment of your fraud risks, keeping this up to date and strengthening your controls accordingly, you can ensure that you have taken the right steps to reduce your hotel's exposure.
Your knowledge checklist
Finally, some food for thought; how good is your knowledge and understanding of your hotel's systems and processes for tackling fraud?
How many of the following questions can YOU answer?
| 1. | Do you know where you may be most vulnerable to internal and external fraud? |
| 2. | Have you identified your hotel's most likely potential fraud threats? |
| 3. | Are you aware of the most recent attempt to defraud the hotel? |
| 4. | Has the number of attempts to defraud the hotel increased recently? |
| 5. | Do you review and investigate all unusual financial transactions or trends? |
| 6. | Do you know what specific arrangements you have in place to address the key fraud threats that your hotel faces? |
| 7. | Have these been reviewed recently? |
For further information please contact Jon Dee on 020 7065 0469 or jon.dee@uk.pkf.com
|