Back to Resources

How to steal £1.3m from your employer: An all weather clothing company gets soaked by leaky compliance measures

Samantha Sheen, EFI's Financial Crime Adviser

24.06.2021

Introduction

I ran across a Financial Crime related article the other day, that for all intents and purposes, did not look all that remarkable. It involved an individual who, sadly, developed a gambling problem, and to fund those activities, defrauded his employer of a considerable sum of money.

The news article focused primarily on the regulated gaming companies. But what I was more interested in was what red flags might have alerted the banks involved in sending or receiving the stolen funds.

The Facts - Mr T

In June 2021, Mr T. admitted to defrauding more than £1.3 million from his employer, an all-weather clothing apparel company. Records showed the vast amount of the money he stole was used to gamble with bets being placed across different regulated gaming companies.

Mr T’s Gaming Activity – You Win Some, You Lose Even More

Mr T placed thousands of bets with the money he stole along with his own funds. Some of his betting activity should have been considered “concerning”. For example, over 2 years, Mr T lost more than £600,000 with one gaming company. He also lost an estimated £437,000 with a second gaming company.

But then Mr T’s luck appeared to turn. In one three-week spree that followed, winning bets took his account balance up to £1.2million! He was winning – but not for long. Over the next 33 days he lost this entire amount. 


Over a three-month period, Mr T placed dozens of bets totalling £500,000 with a third company, including a single £50,000 bet on a South American football match. It was reported that during this period, his gaming account balance soared to more than £240,000, all of which he lost within three days.

Gaming Company Criticism

Mr T’s employer eventually discovered the fraud taking place. Mr T was reported to the police and he agreed to co-operate with the Gaming Commission, who commenced its own investigation into the gaming companies with whom Mr T gambled.

One company sent him a message saying: “Long time no speak. I noticed you are depositing less than previously, is everything OK?”


We don’t know whether the evidence adduced in Mr T’s court hearing has been admitted or denied by the gaming companies, but some of the more concerning Financial Crime and customer care compliance failures included:

  • Substandard online KYC procedures. One company had Mr T registered as a woman but the verification procedure failed to flag that this was incorrect based on the identification information he provided to set up his gaming account.

 

  • Ineffective customer card controls. Mr T received several automated text and email messages intended to encourage him to continue gambling, despite losing large sums. One company sent him a message saying: “Long time no speak. I noticed you are depositing less than previously, is everything OK?” Another company sent him automated offers to place more bets for free and tickets to an England football match.

 

Mr T sent copies of his financial statements to the gaming company as proof of his source of funds. He later told the newspaper that he’d doctored the information he sent using Microsoft Paint.

 

  • Source of Wealth KYC & Fraud Controls. Almost none of the companies sought to obtain information about Mr.T’s source of wealth until he’d gambled and lost significant amounts of money. One gaming company who did ask Mr T for evidence was sent copies of his financial statements. However, the company failed to detect that the information on them had been altered. Mr T later told the newspaper that he’d doctored them using Microsoft Paint. This was also not detected by an external law firm who was engaged by Mr T’s employer to investigate the extent of the fraud committed after Mr T admitted his wrongdoing.

 

  • Slow Escalation Measures. Evidence at one gaming company showed that staff realised Mr T had lost £270,000 over 2 years. The company asked him for evidence of his funds the following year, but did not close his account for a further eight months.

Mr T, his Employer and the Banks

I can’t say whether the criticism levelled at the gaming companies is substantiated in this instance. But I do wonder why Mr T’s own bank did not happen to notice what, for all intents and purposes, would have been a change to the expected use of and activity on his personal bank account:

a. Mr T’s Source of Wealth

Let’s first consider Mr T’s source of wealth profile. Mr T held the role of senior manager. He was reported to earn more than £50,000 a year. Let’s assume Mr T, who was in his 40s, used 2/3 of his salary on living expenses, paid his taxes and so forth. That would have given about £10,000 available to save or spend each year.

 

Question 1: Why didn’t the monitoring system used by Mr T’s bank raise an alert given the huge disparity between his known income and the considerable account activity well in excess of his known salary?


Now, let’s take the amount he stole over a 4.5 year period from his employer. That’s about £289,000 per annum. In fact, Mr T was taking on average £125k each year, but in the year when he lost those large sums mentioned above, he took over £700k!

b. How Mr T Intended to Use his Personal Account

 

Question 2: Why didn’t Mr T’s bank notice that he had begun to receive larger payments from third parties into his personal account? Why were no alerts raised when Mr T started to receive payments like that from a business account?


Mr T’s role as senior manager gave him access to and authorisation of the invoicing system. To defraud his employer, he created false invoices from the company’s existing suppliers. He then arranged for payment of those invoices via bank transfers to be made into his personal account.

These payments were made via transfers between the company’s bank account (held with a well-known global bank) and Mr T’s own personal account (held with a different well known global bank). It’s assumed they would have well-established transaction monitoring for their retail customers.

c. Mr T’s employer

So, what about Mr T’s employer? Let’s call them “Rainy Days”. Rainy Days makes outdoor all-weather waterproof clothing including gloves, shoes, socks. One would assume they must be highly successful not to notice £1.3million disappearing. 

 

Based on its financial statements, Rainy Days had not seen a sunny day of profit over the entire period that Mr T was defrauding them.


I won’t get into the accounting being undertaken by Rainy Days and its parent holding company, or the loans made by the main shareholders, but the company appeared to operate from year to year, dependent on these loans not being called in for repayment. Rainy Days appears to be slowly whittling away at these liabilities year on year. In 2019 alone, prior to discovering Mr T’s fraudulent conduct, Rainy Days liabilities were reported to be over £3.5million.

 

Question 3: Were the accounting methods applied by Rainy Days the reason why Mr T managed to keep his scheme hidden for over 4 years?

 

Concluding Thoughts

While I have no answers for the questions I’ve raised here, one thing is clear: there were a number of missed opportunities from Rainy Days to the gaming companies where Mr T’s conduct could have been discovered earlier.

It also shows why regulators are so keen for Financial Institutions to have monitoring controls in place that can detect, in a timely way, activities that suggest something serious has changed. Why or whether alerts were raised, but later closed, we don’t know. But this case is a great illustration of the importance of ongoing monitoring of not just transactions, but also the factors that make up our understanding of a customer’s risk profile.