Fraud is much more common than most people imagine. It can happen to any business, including yours. That makes managing potential fraud risks an essential part of good business practice.
This guide explains how to make a solid start managing your own fraud risks, with practical steps to help keep your business safe.
If somebody lies to steal money, property or data, then they have probably committed fraud.
Fraudsters aren’t always who you would imagine. They could be a trusted colleague, a relative, a supplier, or a customer. But they could also be someone you don’t know – perhaps pretending to be someone you do.
This can mean complicated technical attacks on computers, networks and mobile devices – such as hacking, phishing, ransomware and DDoS (distributed denial of service) – or using computers and the internet to commit traditional crimes like harassment, bullying and fraud.
Fraud takes many forms.
All these are common examples of fraud.
What happens when the world changes and your financial controls don’t keep up? A bookkeeper was able to steal more than £32,000 from a family-run drinks business when she was required to work from home during the pandemic. Unsupervised and unobserved by colleagues, the fraudster spent months stealing from the company’s PayPal account to shop and gamble online.
If you haven’t been targeted yet, you are in a fortunate minority.1 Actively managing your fraud risk, and not leaving it to chance, is good for business and good for your bottom line. Preventing fraud – or at least spotting it early and putting a stop to it – can head-off financial losses and reputational damage and might even save your business from collapse.
1 PWC (2022). Global Economic Crime Survey 2022: UK Findings
It means implementing procedures that are proportionate and proactive, but which don’t have to be expensive or complicated.
Ideally, aim to progressively build fraud resilience into every part of your business.
Cybercrime
Crime committed online. It might be a hacking; phishing; ransomware or DDoS (distributed denial of service) attack on computers, networks and mobile devices; or using the internet to commit a traditional crime like harassment, bullying or fraud.
Staff fraud
An employee using their job to commit fraud. This can happen at any point, from hiring to leaving. Common examples include lying on a job application, forging documents to inflate expenses, and stealing stock or data to misuse or resell.
Financial statement fraud
The deliberate altering of financial statements to conceal the true business position or performance. Common examples include creating bogus sales, inflating the value of assets or concealing debts.
Procurement fraud
Fraud in the buying of goods, works and services. This can happen at any stage, from initial decision-making to final delivery. Frequently two or more people will cooperate (or conspire). Often they will work for the victim and/or one of its suppliers. Sometimes several suppliers will work together to defraud a customer, which could be you.
Payment fraud
Using stolen or cloned card details to make purchases, often via online transactions, over the phone or by email (so-called ‘card-not-present fraud’).
Fraudsters also impersonate genuine suppliers (or other trusted third parties such as banks, the police or HMRC) so that legitimate payments are diverted into bank accounts that they control.
To find out more about these frauds check out our toolkit at here.
A highly-paid manager was jailed for five years after stealing £5.2m from the religious charitable trust that employed him for eleven years. In spite of previous theft convictions, he had been put in charge of bank accounts and grant-making, then left unsupervised. The fraud only came to light thanks to a change of management.
Once you understand the risks you can respond in one of four ways. Which one you use will depend on how much risk your business is ready and able to accept (this is your so-called ‘risk appetite’).
An indebted finance assistant with a gambling addiction stole more than £23,000 from her employer by creating fake invoices to conceal payments she was making to herself. When the owner first uncovered the fraud he agreed a repayment plan with the now-departed employee. The police eventually became involved when the woman could no longer honour the agreement.
Ask yourself …
This practical guide highlights some of the potential staff fraud risks to your business. But business fraud comes in many other guises. It makes good business sense to find out more. Go to lovebusiness-hatefraud.org.uk or follow the campaign on Twitter and LinkedIn.
Thanks to Lucy Cryan from StoneTurn for kindly writing this guide.
Published March 2023. © Fraud Advisory Panel and Barclays 2023.
Fraud Advisory Panel and Barclays will not be liable for any reliance you place on the information in this material. You should seek independent advice. This work is licenced under a Creative Commons Attribution[1]NonCommercial-NoDerivatives 4.0 International Licence’
This work is licenced under a Creative Commons Attribution[1]NonCommercial-NoDerivatives 4.0 International Licence’