Regulator downgrades HA hit by criminal fraud worth nearly £1m

News29 Jan 2020Sarah Williams

A housing association that fell victim to criminal fraud has been downgraded for governance by the Regulator of Social Housing (RSH) after suffering a “significant financial loss”.

Picture: Getty

Sharelines

RSH downgrades association hit by criminal fraud worth nearly £1m #ukhousing #socialhousingfinance

A housing association that fell victim to criminal fraud has been downgraded for governance #ukhousing #socialhousingfinance

Red Kite Community Housing has said that the loss, which it attributed to human error, is believed by current assessments to have totalled £932,691.48.

It said “all indications” were that criminals had been able to launch the fraudulent attack in August because of “a breach of an external source’s computer systems”.

In its regulatory judgement, published today, the RSH downgraded the provider to G2, from G1, citing a “basic failure in [Red Kite’s] system of internal controls”.

It added: “Improvements are required to Red Kite’s control framework to ensure that key financial controls are robust, operating in line with established policies and procedures and with appropriate leadership oversight.”

However it said that the provider had met its co-regulatory obligations in self-referring the matter to the regulator.

It added: “The regulator is working with Red Kite to address the weaknesses identified.”

It added: “We must await the conclusion of the police investigation before we can comment fully. However, in typical business email compromise frauds, criminals intercept emails and request a change of bank details. They subsequently replicate genuine invoices with altered bank details resulting in funds being sent to the wrong account.”

Red Kite said that while it has “established and well-trained processes to ensure that any such bank account changes are rigorously checked… in this instance, they were not followed”.

It added that police efforts to recover the funds are ongoing, and emphasised that there would be “no operational impact” as a result of the fraud.

Today’s regulatory judgement also affirmed the provider’s V1 for financial viability, after the RSH concluded that Red Kite has “an adequately funded business plan, sufficient security in place, and is forecast to continue to meet its financial covenants under a wide range of adverse scenarios”.

Mike Gahagan, chair of Red Kite, said: “Red Kite takes no solace from the fact this type of fraud is sadly becoming commonplace. Our staff work hard to look after every penny of our £35m turnover. I join my fellow board and staff team members in being greatly distressed by this theft.

“We do however want to reassure tenants and suppliers that this loss has been more than offset by recent savings and thus has not impacted our operations in any way, as confirmed by our regulator and our continued V1 status.

“We have worked with external consultants to strengthen our systems significantly going forward. I would encourage all organisations urgently to review their processes for a single point of failure. We regularly detect and dismiss fraudulent attempts and our processes worked for seven years.

“However, our lesson is that human error can occur even with clear processes and training, so providing secondary checks are a necessary protection.”