Philippine lawyer explains why centralized control and weak oversight create perfect conditions for payroll fraud, and how to build cultures where misconduct can't hide
The Bangko Sentral ng Pilipinas (BSP), the central bank of the Philippines, recently dismissed two supervisors over a ghost employee scandal, imposing maximum penalties that include forfeiture of benefits and lifetime bans from public service.
The case involved falsified attendance records for staff members who continued to collect salaries without reporting for work—a scenario that raises urgent questions about internal controls across all sectors.
What systemic blind spots allow payroll fraud to flourish undetected? How can organizations catch abuse before reputational and financial damage compounds? And what legal exposure do officers face when oversight fails?
To understand these vulnerabilities and what HR must do differently, HRD Asia spoke with Atty. Gabrielle Fuentes, a Philippine-based lawyer handling commercial, employment, and civil cases.
The danger of centralized control
Fuentes explains that the most significant vulnerability in systems that enable ghost employees isn't inadequate policy. It's how organizations distribute power over payroll functions.
"The real danger in systems that produce ghost employees is centralization," Fuentes says.
"When the same person or small group controls the creation of employee records, payroll approval, and fund release, there is no natural check or counterweight."
Consider a typical scenario: an HR manager creates employee profiles, a finance officer who reports to her approves payments, and the same finance officer releases the funds.
If these individuals coordinate, or if one person wears multiple hats in a smaller organization, fabricating records becomes straightforward. The system has no mechanism to surface discrepancies.
"Decentralization prevents this by spreading key functions across different hands and departments," Fuentes explains.
"For example, HR can manage hiring records, Finance can handle payments, and Internal Audit can review reconciliations. When responsibility is shared, it becomes much harder for one person to fabricate a record or conceal a pattern of abuse."
This reveals why well-documented policies often fail in practice. "Strong structures fail not because of lack of policy, but because of overconcentration of access and power," she adds.
Building visibility and accountability
Early detection depends on making every step of the payroll process visible to multiple parties, Fuentes says.
Fraud schemes rely on opacity—when no one else examines employee lists against actual work output, false entries can persist for months or years.
"The best safeguard against payroll fraud is visibility and accountability at every step of the process," she explains.
"HR should ensure that every name on the payroll corresponds to a real, verifiable employee with a clear employment record, supervisor, and deliverable output."
This requires routine validation, not just annual audits. "Regular spot checks that match employee lists, attendance logs, and actual work assignments can uncover inconsistencies before they escalate," Fuentes notes.
"Salary disbursements must pass through at least two levels of approval so that no one individual can create, authorize, and release payments alone."
Technology can reinforce these checks. Employee records, timekeeping entries, and payment details should be kept in secure, timestamped systems where any edit leaves a traceable record.
Simple tools, such as monthly reconciliation reports between HR and Finance, can help catch duplicate or inactive accounts.
Yet technical controls alone won't prevent fraud if employees see irregularities but stay silent out of fear or indifference. "Most importantly, culture matters as much as control," Fuentes emphasizes.
"HR should educate staff about what payroll integrity means and assure them that reporting anomalies is a duty, not a risk. When employees know that transparency is valued and protected, they become active guardians of compliance rather than passive bystanders."
This combination of clear process, strong data control, and shared ethical responsibility makes fraud difficult to commit and impossible to hide, she concludes.
Legal liability for officers and managers
In smaller organizations where HR wears multiple hats, consolidating control may seem efficient. But when payroll abuse occurs, whether through negligence or participation, officers face personal legal consequences that extend beyond employment termination.
"Company officers and managers who ignore or take part in payroll abuse can face both criminal and civil consequences," Fuentes warns.
The criminal exposure is layered. A single scheme to create ghost employees and divert their salaries can trigger multiple charges depending on how the fraud was executed.
"When ghost employees or falsified payroll entries are used to divert funds, the conduct can amount to theft if money is taken without authority, or estafa if the company is deceived into releasing funds through false records or abuse of trust," Fuentes explains.
"These are separate crimes that can be charged independently, since one involves taking while the other involves deceit."
For public sector organizations, additional criminal liability applies. "If public funds are involved, the act may also qualify as malversation," she notes.
"Falsifying time sheets, signatures, or employment documents can further give rise to separate charges for document falsification."
Officers who claim they didn't know about the fraud may still face consequences.
"[They] may also be held civilly liable for negligence or breach of duty if the company suffers financial loss," Fuentes says.
This means personal financial liability, separate from the organization's losses, if an officer failed to implement reasonable controls or overlooked warning signs.
Designing safe whistleblower mechanisms
Many organizations install whistleblower hotlines to meet compliance requirements, then wonder why employees never use them.
The answer is often trust: employees doubt their reports will be taken seriously, worry about confidentiality, or fear career consequences.
Design must address these concerns directly, not symbolically.
"Whistleblower systems only work when employees believe they will be heard and protected," Fuentes says.
"It is not enough to have a policy on paper; the process must feel safe and fair."
Accessibility matters first. Employees may hesitate to email their own HR department about HR misconduct or call a hotline during work hours when colleagues might overhear.
"A good system provides several simple ways to report wrongdoing, such as a confidential email, a phone hotline, or a trusted third-party channel, so that employees can choose the method they are most comfortable with," Fuentes notes.
Structure determines credibility. "Reports should go directly to a neutral office or ethics committee, not through the same chain of command where the misconduct may have occurred," she says.
When reports route through the people potentially involved in the abuse, employees reasonably conclude the system exists to protect management, not to uncover wrongdoing.
Protection from retaliation must be enforceable, not aspirational. "HR must guarantee that retaliation, whether through demotion, isolation, or subtle career penalties, will not be tolerated, and must demonstrate this in practice when cases arise," Fuentes emphasizes.
Trust accumulates through visible follow-through. "Above all, communication is key," she says.
"Employees need to see that when someone speaks up, the company investigates fairly and acts decisively. This builds a culture where integrity feels safe and silence is no longer the default."
From compliance to integrity
Compliance frameworks tell employees what boundaries not to cross. They're necessary but insufficient.
Fuentes argues that ethical organizations require a fundamentally different approach—one that inspires people to act with integrity even when misconduct would go undetected.
"Preventing ethical lapses begins with a change in mindset," she explains. "Compliance tells people what they cannot do, but integrity inspires them to do what is right even when no one is watching."
The distinction matters because compliance-focused cultures often breed cynicism. Employees follow rules to avoid punishment, not because they believe in the values behind them.
When misconduct does occur, it reveals that the culture never actually aligned behavior with principle. It just enforced consequences.
"HR leaders who want to build high-trust organizations must focus less on punishment and more on modeling values from the top," Fuentes says.
"This means making fairness, honesty, and transparency part of everyday performance conversations, not just topics for seminars."
Organizations should also reconsider what behaviors they elevate and reward. "It also means recognizing ethical behavior as a form of excellence, worthy of the same praise as hitting targets or closing deals," she notes.
When promotions consistently go to those who deliver results regardless of how they achieved them, employees learn that ethics matter less than outcomes, no matter what policies claim.
"When employees see that ethics is lived, not just written, the organization becomes naturally resistant to misconduct," Fuentes concludes.
Payroll fraud flourishes where power concentrates and oversight weakens. Fuentes underscores that prevention requires deliberate separation of duties, data systems that create audit trails, and cultures where employees feel protected, not penalized, for raising concerns.
For HR leaders, the implications are clear: compliance structures provide necessary guardrails, but lasting protection comes from building organizations where ethical conduct earns the same recognition and reward as financial performance.
