Someone who dishonestly gains a personal benefit by using something for a wrongful purpose.
This might involve misusing their position or privileges, or dishonestly exploiting a vulnerability for personal gain.
Recent case studies
- An insurance broker engaged in dishonest conduct by diverting 51 client refunds to personal accounts held in his name, totaling $199,391. The broker was found guilty of seven counts of fraud under the Corporations Act 2001.
- A financial planner lied to his clients by falsely stating he had invested their funds and that their investments were performing well. However, rather than investing $5.1 million of his client's funds, the financial planner used them as he pleased. He was found guilty of eight counts of fraud under the Corporations Act 2001 (Cth) and an additional four counts of fraud under the Crimes Act 1914 (Cth).
- An Australian Bureau of Statistics (ABS) employee disclosed sensitive and unpublished ABS data which he obtained in his capacity as a Commonwealth official. This inside information was then used by an associate to conduct trades on the foreign exchange derivatives market. The pair knew that such information could both make large amounts of money. The Commonwealth official was found guilty of four counts of abuse of public office and one count of dealing in identification information using a carriage service under the Criminal Code 1995 (Cth). He was also found guilty of one count of insider trading under the Corporations Act 2001 (Cth).
The methods of the exploiter are countered by measures that support people, process and system integrity, oversight and deterrence.
Key countermeasures include:
- Positive workplace culture
- Managerial, independent or expert oversight
- Decision-making powers are clearly defined
- Staff and contractor rotation
- System or physical access controls
- User permissions
- Sensitive information controls
- Segregation of duties are applied
- Privileged access restrictions and monitoring
- Data protected from manipulation or misuse
- System testing
- Data loss protections
- Staff are trained and supported to identify and report fraud and corruption
- Internal or external audits or reviews
- Fraud detection programs.
Other effective countermeasures may include:
- Governance, accountability and oversight
- Integrity checks and suitability reviews
- Collaboration with strategic partners
- Staff are trained to apply correct processes and decisions
- Declarations or acknowledgements
- A specific form, process or system must be used
- Requests or claims must meet specific eligibility requirements
- Mandatory information is required to complete the request or claim
- Internal escalation procedures
- Requests, claims or processes are limited by parameters
- Prompts and alerts
- Requests or claims are randomly allocated for processing
- Requests or claims are processed by a limited number of staff
- Data matching
- Duplicates are prevented, identified and corrected
- Requests, claims or activities are approved by the appropriate decision-maker
- Ongoing compliance, performance and contract reviews
- Change management processes
- Data analytics
- End of life processes
- Quality assurance checks
- Automatic notification of high-risk activities and transactions
- Complaints about poor or anomalous outcomes
- Tip-offs and Public Interest Disclosures
- Reconciliation (accounting)
- Activity reporting
- Exception reporting
- Incident reporting
- Documentation and evidence storage
- Audit logging
- Video or electronic surveillance
- Trained fraud analysts and investigators
- Fraud investigations
- Penalties for fraud and non-compliance with rules, processes and expectations are enforced
- Separation and termination processes.
Download an A3 printable summary of the fraudster personas. If you require these documents in a different accessible format please contact firstname.lastname@example.org.