Phoney orders: Purchasing authority and the repercussions of employee fraud

 What you need to know

• A company was found liable for fraudulent orders of mobile phones generated by a senior IT employee because the course of business dealings between it and its supplier were sufficient to represent that the employee had ostensible purchasing authority.
• The supplier's reliance on the purchaser was inferred from these business dealings and considered reasonable, even where there was a six-fold  increase in purchasing over a four week period.  The Court considered the informal nature and content of emails between the parties.
• Financial and reputational risks from employee fraud are significant, and warrant continual vigilance.

What you need to do

• Assess (and re-assess) your corporate governance framework to ensure proper supervision and auditing of purchases and other expenses.
• Ensure that employees are regularly and properly trained in your processes, in particular, where there is a high degree of staff turnover.  Training should include a clear acknowledgement that employee fraud and/or human error is a significant risk.
• Where appropriate, consider sharing monetary limits of individual employees with suppliers and review your purchasing procedures and arrangements with suppliers.

Employee fraud is a significant issue and comes at a substantial cost to Australian businesses.  A report by KPMG found that in Australia in the year to September 2017,  reported fraud costs were $482 million and that business 'insiders' still pose the biggest threat.  Recent examples from financial institutions and the Commonwealth and State public sectors demonstrate that no organisations are immune. 

The NSW Court of Appeal (Beazley ACJ and White JA; Emmett AJA dissenting) has recently upheld a decision that an employer was responsible for an employee's fraudulent orders of nearly $190,000 of mobile phones over a four week period because the employer "clothed" the fraudulent employee with ostensible authority.  Reliance on this authority was reasonable because it was inferred from the course of business dealings.   

Beazley ACJ examined the informal and familiar nature and content of emails that constituted the "modern day business communications" between the parties (at paragraphs 106 to 124).

Ostensible authority and reliance - Course of business dealings

The employer had purchased mobile phones and other products from the same supplier  since 2011. 

The Sales Manager for the supplier often received orders from the employer by email, which were not accompanied by purchase orders.  The orders came from three employees of the employer over the relevant period. 

In March 2016, the third employee who placed orders with the supplier  was appointed Group Technology Officer of the employer.  On 23 August 2016, this employee placed a genuine order with the supplier, which was confirmed and paid by his employer.

Between 29 August and 23 September 2016, this same employee sent 14 orders of 197 mobiles to another employee of the supplier.  The employer's original contact at the supplier was also sent approximately half of these orders.  In the previous five years, the employer had only ordered 29 phones.  However, the Group Technology Officer explained that his employer's business was expanding and required additional and replacement phones.  The Group Technology Officer also wrote that he had "50 techs arriving today".  The Court found that these explanations would not be unexpected or raise suspicion.

On two occasions, the Group Technology Officer was asked by the second contact at the supplier to provide a purchase order, to which he responded that he would do so shortly and that payment was arranged on a particular date.  However, no purchase orders were sent prior to the phones being dispatched. 

The Group Technology Officer  also:

• impersonated his colleagues and fraudulently generated documents evidencing payments; and
• manipulated his employer's email so that any invoices issued by the supplier were redirected to an email address that only he could access.

The trial judge,  Mahony SC DCJ, described the fraud as "not an unsophisticated one" at paragraph 67 of [2018] NSWDC 77.  The trial judge was also critical of the employer's lack of corporate governance, which facilitated the fraud, and did not result from any failure on the part of the supplier.  The fraud was only identified with the benefit of hindsight.

On appeal, the employer argued that it was the state of mind of the second contact at the supplier (ie the person who filled the orders) that was relevant to reliance, and as such, an earlier email conveying authority on the Group Technology Officer to the first contact at the supplier was not relevant.  However, the Court of Appeal found that the supplier's reliance on the Group Technology Officer's authority was not only confined to this email.  The employer's status as an existing customer, and the title of Group Technology Officer , were considered by Beazley ACJ and White JA respectively.

Warning for suppliers

Cases regarding employee fraud are highly circumstantial.  Suppliers should not assume that they will always be protected by the ostensible authority of employees within a purchaser's organisation.  

In his dissenting judgment, Emmett AJA highlighted that:

• the employee who filled the order for the supplier was not called to give evidence; and 
• there was no evidence from the supplier's original contact with the employer that there was any causal connection between his belief and his colleague's actions in filling the order.  

Emmett AJA found in favour of the employer that the Group Technology Officer had no actual or ostensible authority, and that it had no responsibility for his conduct.  

If anything about an order or collection of orders appears unusual, employees should feel comfortable raising this as an issue to check with the purchaser.  A supplier may also be required to have taken steps to mitigate against potential losses, where employee fraud is involved.

Authors: Vince Rogers, Partner; Geoff Giudice, Consultant; Ed Carroll, Lawyer