Fraud is big business, and, according to the National Fraud Authority's 2013 Annual Fraud Indicator Report, the cost of this crime to the UK economy was £52 billion in 2013. As many as 27 per cent of businesses incurred a fraud in that period, and common threats include internal fraud, identity fraud and cybercrime. Despite these dangers, many companies have inadequate systems in place to protect themselves. However, those that do take proactive steps can prevent losses and lessen the impact of fraud where it does occur. So what can your business do to protect itself and minimise the risks? What policies should you consider? And what are the competitive advantages that such diligence brings to a forward-thinking company? Identifying Fraud: The first step is being able to identify that fraud is taking place - and this may be harder than it sounds.Kaley Crossthwaite, Partner and Head of Forensic Accounting at BDO LLP, says: "from a company perspective, common features where fraud occurs are: poor systems and controls, a lack of due diligence, and where there is no whistleblowing programme." She says that businesses that provide regular fraud training and awareness for all staff can often profit from the investment of time and resources. Crossthwaite also says it is critical to have procedures in place for the point when fraud is discovered. "Think about the effectiveness of your fraud response," she says. "For instance, immediately confronting the suspect might lead to evidence being destroyed. If and when you discover a fraud, you will be distressed, so you need to have a comprehensive plan in place." It is also important for large businesses to have a fraud department with a clearly defined prevention strategy detailing controls and procedures to prevent fraud before it happens. Internal fraud: According to the Annual Fraud Indicator Report, internal fraud made up 49 per cent of all business fraud in 2013, compared with cybercrime, at 37 per cent. Fraudsters often require people within the company to make scams work, and dishonest employees can exploit their insider knowledge to siphon off money. One of the most critical ways to prevent fraud, therefore, is to make sure fraudsters don't enter your business in the first place. A recent study, published in the Daily Telegraph found that up to a third of employers take CVs at face value, failing to ask to see proof of degrees, A-levels or GCSEs. Research by Higher Education Degree Datacheck – a government-backed service – found that many companies fail to pick up CV fraud simply because they do not run the appropriate checks. To ensure that your business has the right people, it is imperative that each candidate is subjected to proper scrutiny before being hired. In their guide to fighting fraud, the Metropolitan Police recommend conducting background checks – which could include police checks – before taking on new members of staff. Risks to UK Businesses: A big part of fraud prevention is knowing where the risks lie, as well as understanding the potential threats and knowing how to deal with them when they arise. The simple truth is that common sense and due diligence can go a long way towards protecting your business. Fraud can occur in the most obvious of places. For example, unauthorised changes of supplier details and interception of cheques are widespread problems. A simple way to prevent this fraud is to call your supplier and check that they have requested a change in details, and to ensure that your post is kept as secure as possible; for example, by not leaving it unattended in post rooms or common areas of your building(s). Preventing Fraud: The best way to avoid such threats is to communicate the risks to staff and know where to look for vulnerabilities, according to Simon Carnell, Vice President, Fraud Risk, Personal and Corporate Banking at Barclays. "With internal fraud you need to know where the weaknesses are," he says. "Employees will know the weaknesses of your controls and how to get around them. Businesses need to know where those are and protect against them. Ask yourself where the biggest risk is and always ensure you are spending the right amount of time on the right fraud controls." According to the Annual Fraud Indicator Report, most fraud - about 60 per cent - is detected by internal controls. There are some simple automated systems that can be used, depending on the business, such as running a report to detect unusual payments to a single bank account number. Identify where your Achilles heel may be and talk to your staff. "They undertake the operational activity on a daily basis and know where the weaknesses are," says Carnell. "We've seen a number of frauds recently that have resulted from accounts teams making payments on the strength of a phone call - it's a social engineering scam. People need to be able to challenge things that they feel may not be right and be supported when they do. For example if the policy is not to make payments on the strength of a telephone call no matter who asks, then staff should be able to enforce this." Cybercrime: The ever-growing dominance of the internet and digital technologies represent a huge opportunity for businesses. According to figures released by the consultancy Capgemini, UK consumers spent £91 billion online in 2013 and are on course to spend £107 billion this year. However, this growth of internet usage also creates opportunities for cybercrime that businesses need to consider. Protecting yourself from fraud and keeping customers' data safe is therefore critical. Risks are present from malware and hacking, and increased connectivity from mobile devices to cloud computing has further opened the door for cybercriminals. Ensuring your employees are vigilant by providing training on the main dangers and by not assuming that employees are aware of the threats will help guard against these dangers. Widespread fraud trends: Carnell says that in recent years cybercrime has become increasingly widespread. Online threats are growing both in number and sophistication. In the last decade, phishing – a scam in which criminals attempt to acquire private information such as usernames, passwords and credit card details – has been on the rise. Malware and ransomware – different types of malicious programs that infect a user's computer to gather information or help a hacker to extort money – have also increased in both prevalence and complexity. "What we're seeing right now is that in a world where fraud is becoming more automated, the cyber influence - the use of electronic communications and malware to defraud customers - is everywhere," Carnell says. "The scale and geographic nature of the fraud is making it difficult for companies and police forces to get a grip on it. You can now have the victim and the beneficiary in different geographies which makes it harder for the authorities. The main message we would send to businesses is ensuring that everybody knows what's expected of them and what the risks are." Benefits of good fraud control: "It's essential that you and your employees understand the risks of fraud. You will have a more secure business and everybody will know where they are in terms of what they can and cannot do," Carnell says. As responsive businesses are aware, prevention is far better than cure when it comes to fraud. Verify the degree qualification of UK graduates for free (degree certificate needed): hedd.ac.uk/index.htm, Try the free Fraud Resilience Self-Assessment Tool: safr.bdo.co.uk/fraud, Test network security against cyber-attacks at Get Safe Online: getsafeonline.org. For further concise, balanced comment and analysis on the week's news, try The Week magazine. Subscribe today and get 6 issues completely free. Source: The Week UK
|