By Chris Douglas, Owner of Malkara Consulting
She sat across from the interview table and it could be seen from her poor physical health that this young woman had committed fraud upon the bank due to a drug habit. The long-sleeved top she was wearing hid the injection scars and her withered veins that had been destroyed by the drug she was using. But it was not difficult to identify the new point of entry for her habit. One of her eyes was blood shot and looked off centre. With no more veins to pick in her arms, legs and feet she needed an entry point that would enable a successful and quick hit.
Her personnel file revealed she was in her early 20s but she carried the wear and tear of someone twice her age. According to her manager, she was a great worker. She paid attention to detail, was extremely focussed and never needed to take a break, even lunch, often relieving for other staff to enable them to eat during peak periods. It was the amphetamine she was injecting that gave her the stamina to work harder, longer and with greater concentration than her colleagues.
Over a period of months, as she relieved staff in key areas of the bank and learned the various processes, she was able to put in place her scheme that defeated all internal controls and resulted in the fraud. But no one would believe she did it because she was such a nice person and so productive. Her co-workers were surprised to learn she was a drug addict.
That incident occurred more than 30 years ago and while it is a good example of the threat posed by drug-addicted employees, it highlights two issues: The difficulty in detecting an employee with a substance abuse problem without direct management intervention and how a drug addiction will drive a person to find ways to circumvent internal controls, including the manipulation of the people around them.
The loss in that case was money – an incident that occurred in an era when information was held by an organisation in manual form and in a non-computerised records system, so access to a large amount of sensitive data by any one individual was rare. But today, business is different. The evolution of the digital age has brought significant productivity benefits and outreach for all organisations. For local and global companies, the world is now their market. But it has also created different risks. Information and funds are more centrally controlled and have to be protected by new systems. And, while the barriers preventing unauthorised access to funds and information are significant, the weakest link is still the human factor.
Adding to changes in business environments bought on by digitalisation have been developments in illegal business operations and organised crime. New and more sinister drugs are being marketed today in addition to the traditional hard drugs of heroin and amphetamine, with the latest drug scourge being methamphetamine, also called Crystal Meth or Ice, now a global problem. The threat from drugs, while being discussed at national and international levels of government, does not appear to have reached the boardrooms of many medium to large companies. Few directors understand the threat posed to their business by organised crime and fewer still are asking themselves who is consuming the billions of dollars in drugs sold globally each year and do any of them work for their company? Company directors are holding the mistaken view that drug consumption occurs somewhere else and is undertaken by other people but not by their employees.
Risk to financial data
Drug-addicted employees are a major threat to any organisation but particularly to those that hold financial assets and information. Information is shaping up as being the biggest asset that many organisations possess today. It comes in many forms, from national security data for those involved in defence contracts to valuable information about customers and customer behaviour that organisations are using to gain a competitive edge. All information has a sale price. It is valuable not just for the organisation holding it but also for competitors, organised crime and national and foreign governments.
“If illicit drug testing is implemented, all board members should submit to a regular test and ensure that their participation receives wide publicity throughout the organisation”
Putting aside the threat posed by drug addicts, who need funds to feed their habit, they can and are subject to manipulation by any of those external interest groups, but particularly by criminal groups. Employees who use narcotics easily come to the attention of crime gangs. Organised crime lieutenants prey on unsuspecting victims who buy and or use narcotics in popular distribution centres, such as nightclubs. Once targeted, employees are threatened or blackmailed into covertly working for criminals. Organised crime has a global reach and any large national and international company is a prime strategic target for criminal groups. Infiltration of these companies can be achieved by corrupting current employees or recruiting corrupted graduates to work in targeted organisations. But penetration is made easier if the employee has an illicit drug problem.
Workplace drug testing
So what should an organisation do to protect itself? One measure that it could introduce is mandatory random illicit drug testing of all potential new employees, current employees and all contractors who have access to a company’s premises, assets or information. While a number of companies have adopted compulsory drug testing it has usually being introduced from a health and safety perspective, not from a security perspective. Compulsory drug testing is common in the mining industry but not in other industries. No one would want a drug-addicted surgeon operating on them, nor someone addicted to amphetamine or methamphetamine managing a large investment portfolio, foreign currency trading transaction or a large commercial project. But anecdotal evidence suggests that illicit drug use among high income or highly stressful occupations is common.
It is acknowledged that enhancement of any internal control measure comes at a cost. And if it is not cost effective to drug test all employees and contractors, then all workers who occupy high-risk positions, as deemed by a risk management plan, should be routinely randomly tested for the presence of illicit substances.
If illicit drug testing is implemented, all board members should submit to a regular test and ensure that their participation receives wide publicity throughout the organisation. It demonstrates commitment to the programme and to the core values of the company. And every time an employee undertakes a random drug test, the procedure reinforces in them the same company values.
Drug testing, together with an effective whistleblower programme, employee declarations of past drug use and past and current affiliations with criminals and crime groups, is recognition by senior managers that it understands all the risks facing the business and is taking action to mitigate them.
While some company directors may be more concerned about privacy, a greater area of concern is the risk that illicit drug dependant employees pose to other employees, to customers and to the organisation. Those needs far outweigh individual privacy issues.
Sophisticated investors, shareholders and customers are becoming more concerned about the safety of their investments and the information an organisation holds about them. They would be unforgiving of any company director or manager who failed to properly assess all of the risks and take appropriate action to mitigate them.
About the Author:
Chris Douglas is the owner of Malkara Consulting a consultancy firm that specialises in the provision of training and advice in relation to money laundering, terrorist financing, corruption and bribery and financial investigations. He served with the Australian Federal Police for over 31 years in intelligence and operational units in Sydney and Perth. He has been involved in the conduct of investigations into drug trafficking, people smuggling, human trafficking, organised crime, terrorist financing and significant fraud upon the Australian Government. He has extensive experience in the investigation of money laundering, terrorist financing and in the application of proceeds of crime legislation.