The Trusted Insider: How Administrator Fraud Exploits the Workplaces That Trust Most
When the person who pays the bills becomes the person stealing them, the damage runs far deeper than the numbers on a balance sheet
Rachel Lamberth was, by all accounts, a reliable employee.
As payroll manager at Isaac Construction, the Christchurch-based building firm gave her full access to payroll and debtor systems — the kind of trust that takes time to earn and seconds to betray. Between April 2021 and July 2024, she used that access to steal NZ$188,000.
She did not do it all at once. She started small — a NZ$718 refund redirected to her own bank account in April 2021. Then NZ$3,510 the following year. Then NZ$11,842. Then NZ$9,479. Each transaction was carefully constructed: fake emails purporting to be from clients, fabricated invoices, altered bank account details. When she ran out of company funds to steal, she turned to the government — lodging false Covid-19 wage subsidy applications on behalf of Isaac Construction and directing NZ$131,000 of public money into her personal accounts.
In May 2026, she was sentenced to 12 months' home detention. Judge Tony Couch noted that the offending "would normally have resulted in imprisonment" and described a systematic pattern of forged documents and deliberate deception. Lamberth's defence? She was addicted to gambling, completely lost control, and could no longer get loans (NZ Herald, 2026).
Her case is not an outlier. It is a pattern.
A Christchurch Epidemic — and a National Problem
Lamberth's sentencing arrived in the context of what Canterbury police's fraud squad head, Detective Sergeant Mike Freeman, has described as a sustained wave of workplace fraud prosecutions.
In 2024, office administrator Victoria Duff admitted siphoning nearly NZ$80,000 from a steel frame manufacturing business over six months — funds spent at the casino (Stuff, 2024). Finance controller Tracy Jane Littlewood, 54, pleaded guilty to defrauding her employer BG Contracting of hundreds of thousands of dollars over a 12-year period, with the scheme discovered by a colleague doing routine accounting work (HRD New Zealand, 2024).
Then there is Sasha-Maree Phillips — arguably the most instructive case of all.
Phillips was the financial controller at Burnside Contractors, a family-owned business in Christchurch. She joined in 2015, quickly gained the trust of the directors, and became the sole point of contact for the company's accounts. The computer she used was hers alone. Over seven years, she stole NZ$853,622 using eight distinct methods: redirecting payroll payments for former employees into her own accounts, duplicating legitimate invoices under slightly altered company names, adding herself as a new payee on the firm's BNZ account, even inflating her own KiwiSaver contributions to 10% over several years (The Press, 2024).
She spent every cent at the casino and on alcohol. There were no luxury assets for police to recover.
The fraud came to light only when the company noticed payments going to a staff member who had long since left. By then, the directors had spent years battling divorce and cancer — circumstances Phillips appears to have exploited knowingly. As director Sandra Taylor said in her victim impact statement: "She didn't just prey on my professional trust... she took advantage of my breaking marriage and preyed on me while I was battling cancer, enduring surgery" (The Press, 2025).
Phillips was sentenced to four years' imprisonment.
The Serious Fraud Office (SFO) has documented a comparable case in the public sector: a school finance administrator who created, approved and paid 77 false invoices to himself over seven years, stealing NZ$375,000 from a school building project. He rationalised the theft by telling himself he was underpaid. He was detected only when a contractor grew suspicious during his period of leave — one of the rare occasions his work was reviewed by someone else (Serious Fraud Office, n.d.).
The Fraud Triangle: Pressure, Opportunity, Rationalisation
Criminologist Donald Cressey's fraud triangle, developed in the 1950s, remains the most useful framework for understanding how otherwise ordinary employees come to steal from those who trust them most.
The three corners of the triangle are pressure, opportunity, and rationalisation (Serious Fraud Office, n.d.).
Pressure is the internal driver — financial hardship, addiction, debt, or the need to maintain a lifestyle the legitimate salary cannot support. In the cases above, gambling addiction appears repeatedly as the catalyst. Lamberth, Phillips, and Duff all cited losing control of gambling habits as the motivation. This is not coincidence. Problem gambling creates a specific and escalating financial urgency — one that cannot be resolved through loans once credit is exhausted, that cannot be disclosed to family without shame, and that demands a solution that feels invisible.
Opportunity is the structural gap that makes theft possible. In every case examined here, the perpetrator had either sole or near-sole access to financial systems, minimal oversight, and no meaningful check on their own work. Phillips operated from a computer used only by her. Lamberth had full access to both payroll and debtor systems. The school finance administrator both created and approved his own invoices. The opportunity was not a flaw in hiring — it was a flaw in governance.
Rationalisation is the internal story that makes the theft feel bearable. The school administrator told himself he was underpaid. Others frame initial thefts as temporary borrowing they intend to repay. Some blame their employers for creating the conditions — overwork, under-appreciation, insufficient pay. Rationalisation is what allows a person to return to work each morning and look colleagues in the eye.
When all three are present simultaneously — and in many small and medium-sized New Zealand businesses, they frequently are — fraud becomes not merely possible but likely.
The Typology: What Administrator Fraud Actually Looks Like
For AML practitioners and compliance professionals, it is worth understanding precisely how these schemes operate, because the financial footprints they leave are detectable — if you know what to look for.
False invoicing is the most common method. The perpetrator creates an invoice from a real or fictitious supplier, substitutes their own bank account details, and approves the payment themselves. In more sophisticated cases, they use a company name that closely resembles a genuine supplier — different by one letter or word — to pass casual inspection.
Payroll manipulation targets the existing payment infrastructure. The perpetrator changes the bank account number for a current or former employee to their own, processes the payment as normal, and receives wages that were never theirs. Phillips did this 44 separate times.
Refund and credit note fraud redirects legitimate customer refunds to the perpetrator's account, supported by fabricated emails purporting to come from the client. Lamberth used this method eight times over three years before her scheme was discovered.
Benefit and subsidy fraud extends the scheme beyond the employer. Lamberth's abuse of the Covid-19 wage subsidy — lodging applications in Isaac Construction's name and directing NZ$131,000 to her own account — illustrates how trusted administrators can exploit their access to government-facing systems. This is particularly relevant for AML practitioners: public subsidy fraud of this kind involves the placement of criminal proceeds into the banking system, often through accounts that appear entirely legitimate.
KiwiSaver manipulation is subtler still. Phillips inflated her own contribution rate to 10%, overpaying herself NZ$27,000 over several years — a method that might have gone undetected indefinitely given how infrequently KiwiSaver settings are audited by small business owners.
In each of these typologies, the common thread is access without accountability. The perpetrator controls both the instruction and the execution of a payment.
The Warning Signs That Go Unseen
Detective Sergeant Freeman has noted that these frauds are, in retrospect, detectable — and the SFO's published case studies support this (Serious Fraud Office, n.d.).
The school finance administrator almost never took leave and refused to delegate work. Phillips became the sole point of contact for accounts and operated on a computer used by no one else. Lamberth was working from home during portions of her offending — creating additional distance between her activities and any informal peer oversight.
The red flags that recur across these cases include:
- An administrator who resists sharing work, cross-training colleagues, or taking leave
- A single person who both raises and approves financial transactions
- Payments to suppliers with account details that change without documented authorisation from the supplier
- Refunds or credits issued without a corresponding client request on file
- Payroll entries for departed employees that continue receiving payments
- Expense patterns inconsistent with the business relationship (e.g. regular payments to a supplier that no one in operations can identify)
The Grant Thornton New Zealand guidance on SME fraud risk notes that the "she'll be right" attitude common in New Zealand workplaces further discourages the checks and accountability that would detect these patterns early (Grant Thornton New Zealand, 2025).
What Businesses Can Do: Controls That Actually Work
The good news — if there is good news in this pattern — is that these frauds are preventable. Not through cynicism or surveillance, but through process design that removes the opportunity for any one person to complete a financial transaction without a second set of eyes.
Dual authorisation for payments. No payment above a defined threshold — NZ$500 is a reasonable starting point for small businesses — should be processed without sign-off from a second authorised person. This is sometimes called a "two-to-sign" rule. It does not require distrust of the administrator; it is simply good governance. Both Phillips and Lamberth exploited the absence of this control comprehensively.
Shared invoice inbox. When a single inbox receives and processes supplier invoices, there is no natural check on whether a new or altered bank account number is legitimate. A shared inbox — visible to a director or financial controller as well as the administrator — creates passive oversight without requiring active intervention. Supplier bank account changes should require written confirmation from the supplier, to a separately verified contact, before being updated in the system.
Supplier account change verification. Every change to a supplier's bank account details should trigger an outbound call to the supplier — not to the number provided in the email requesting the change, but to the number already held on file. This single control would defeat the majority of false invoicing schemes currently operating in New Zealand businesses.
Regular supplier confirmation. A quarterly or biannual process of contacting key suppliers to confirm the details held on file — account numbers, contact persons, outstanding invoices — closes the gap between what the accounting system holds and what the supplier relationship actually reflects. This also catches fictitious suppliers who have no real counterpart to confirm their existence.
Rotation and leave requirements. The SFO explicitly notes that employees who do not take leave may be concealing their activities (Serious Fraud Office, n.d.). Requiring administrators with financial access to take a minimum period of continuous leave each year — during which another person reviews and processes transactions — is one of the most effective detection mechanisms available to small businesses.
Segregation of duties. No single person should be able to raise a purchase order, approve it, and process the payment. In small teams this is challenging, but even partial segregation — such as requiring a director to approve any new payee — materially reduces risk.
Payroll reconciliation. Monthly reconciliation of payroll against an authorised headcount list, with a specific check on bank account numbers for recently departed employees, directly addresses the manipulation method used by Phillips. This takes minutes if the payroll system is well-maintained.
Periodic external review. The NZBusiness Magazine guidance on fraud prevention recommends that businesses use external reviews or audit processes as a complement to internal controls (NZBusiness, 2016). An annual review by an external accountant or forensic specialist — even a light-touch one — creates the kind of external scrutiny that catches what internal familiarity misses.
The Human Cost Nobody Counts
Behind the dollar figures in these cases are relationships that do not recover.
Sandra Taylor described the fraud Phillips committed not merely as financial theft but as a personal violation — conducted while Taylor was divorcing and receiving cancer treatment, and using the names of sick friends and relatives of the directors as fictitious payees (The Press, 2025). The cruelty was not incidental. It was part of the architecture.
For AML practitioners working within financial institutions, these cases are a reminder that administrator fraud is not confined to internal employment relationships. The laundering element — the placement of criminal proceeds through bank accounts that appear entirely legitimate, the use of business structures to obscure the source of funds — means that the financial system is implicated even when the primary crime is theft from an employer.
Lamberth's accounts at seven different banks, her use of ANZ, BNZ, and Kiwibank accounts to receive stolen funds, and her exploitation of the Covid wage subsidy scheme to introduce government money into her personal banking — these are placement-stage activities. The accounts receiving the funds looked, to any external observer, like ordinary personal or business banking.
Your transaction monitoring systems will not recognise the fraud unless they are calibrated to look for it.
Why This Work Matters
Detective Sergeant Freeman put it simply after Phillips was sentenced: this is "a timely reminder for small and medium-sized businesses to have auditing processes in place" (The Press, 2025).
He is right. But for AML and compliance professionals, the lesson runs wider than internal controls.
Administrator fraud produces financial crime proceeds that enter the banking system through legitimate-looking channels — payroll accounts, supplier payment flows, government subsidy receipts. The accounts are real. The transactions are documented. The people are known to their banks. The fraud is hidden in the gap between what the paperwork says and what actually happened.
Your professional capability — in transaction monitoring, in customer due diligence, in suspicious activity reporting — is part of the detection infrastructure that catches these schemes when internal controls fail. Understanding how they operate makes you better equipped to identify the anomalies.
In New Zealand, fraud is estimated to cost businesses and government agencies close to NZ$6 billion annually (Omega Investigations, n.d.). The human cost — businesses that cannot recover, families that lose their savings, directors who trusted and were betrayed — is not measured in any statistic.
Every control you advocate for, every anomaly you investigate, and every report you file is a contribution to a system that the Lamberths and Phillips of this world depend on failing. It does not have to.
References
Grant Thornton New Zealand. (2025, November 18). SMEs and not-for-profits: How can you reduce your risk of fraud? https://www.grantthornton.co.nz/insights/smes-and-not-for-profits-how-can-you-reduce-your-risk-of-fraud/
HRD New Zealand. (2024, June 19). Former finance controller pleads guilty to defrauding employer: reports. https://www.hcamag.com/nz/specialisation/employment-law/former-finance-controller-pleads-guilty-to-defrauding-employer-reports/493958
NZBusiness Magazine. (2016, October 1). Fraud, and how to avoid it. https://nzbusiness.co.nz/article/fraud-and-how-avoid-it
NZ Herald. (2026, May 21). Office worker Rachel Marie Lamberth sentenced for $188k fraud. https://www.nzherald.co.nz/nz/office-worker-rachel-marie-lamberth-sentenced-for-188k-fraud/XZICG3EZQRCZ7EKU3DNFJIYKCQ/
Omega Investigations. (n.d.). Expert fraud investigation, detection & prevention NZ. https://omegainvestigations.co.nz/fraud/
Serious Fraud Office. (n.d.). $375,000 fraud detected while school employee on leave. https://www.sfo.govt.nz/counter-fraud/case-studies/375000-fraud-detected-while-school-employee-on-leave
Serious Fraud Office. (n.d.). Fraud 101. https://www.sfo.govt.nz/counter-fraud/guidance/fraud-101
Stuff. (2024, December 3). Woman's 'sophisticated' fraud leaves employer $850,000 out of pocket. https://www.thepress.co.nz/nz-news/360503793/womans-sophisticated-fraud-leaves-employer-850000-out-pocket
The Press. (2025, March 11). Employee stole $850k while directors battled divorce, cancer. https://www.thepress.co.nz/nz-news/360610929/employee-stole-850k-while-directors-battled-divorce-cancer