Who’d be a Whistle Blower?
Kroll’s 11th annual edition of its Global Fraud and Risk Report, which was released at the end of 2019, highlights that 32% of businesses in the UK suffered loss as a result of fraudulent actions of persons external to the company or organisation in the year from March/April 2018 to March/April 2019.
Kroll also reports that 38% of businesses in the UK suffered loss as a result of fraudulent actions of persons within the company or organisation in the year from March/April 2018 to March/April 2019.
These high figures demonstrate that it is not enough for an organisation to be passive in relation to fraud prevention, detection and response.
Organisations can put in place a number of mechanisms to prevent and detect fraud, the key areas to consider are:
An organisation’s fraud plan cannot simply be to respond as and when a fraud takes place, the risks to the finances and the existence of the organisation are too high. The risk of fraud must be considered as a matter of course regularly as the business and composition of the organisation are ever changing.
Risk assessments are vital in order for an organisation to identify how fraud might arise and to establish any potential vulnerabilities, so that specific threats relevant to that organisation and gaps in processes can be considered and preparations for appropriate preventative action can be taken.
Employees are at the heart of an organisation and are frequently the ones processing transactions that may be fraudulent. It is important to ensure that employees are aware that their roles may include spotting and reporting a suspected fraud and that they know the reporting lines.
Organisations will need strong internal mechanisms for detecting fraud – the Kroll report indicated that 19% of fraud by external parties and 38% of fraud by internal parties was discovered by internal audit. These figures could be improved if organisations develop and improve their internal audit processes.
Employees should be trained and encouraged to identify and report red flags. Red flags could include missing documentation, bank account details being sent in the body of an email, out of character requests from senior members of the organisation, changes in formatting from previous correspondence. Employee diligence and training is central to detection of fraud.
A regularly reviewed and updated fraud policy which details these red flags and clearly sets out reporting lines and the expectations held by the organisation, together with training sessions, will provide essential support to employees to ensure that they feel confident enough to take on this important role.
Banks are now expected to do more too, from 31 March 2020 the UK’s six largest banking groups will fully implement the “Confirmation of Payee”. This means that these banks will be required to check that the name of the account to which a payer is sending money matches the name on the recipient account the payer has entered. A payer will be alerted if the name on the recipient account does not match, is incorrect or misspelt, and will be able to correct the information before any payment is processed.
Every organisation should have a fraud response plan. This should identify the key individuals involved in responding to a fraud, who has responsibility for the policy, the process (including investigation) that should be followed once a fraud is detected, and any reporting obligations.
Provided a fraud response plan is implemented quickly it is the key to preventing or minimising losses, but this means that everybody in the organisation has to know their role, what they need to do, when and how.
The fraud response plan should be tailored to the organisation and should include key contacts and the make-up of a fraud investigation team (including both internal and external representatives) with clearly defined roles and any reporting obligations.
An organisation impacted by fraud should consider whether to involve the police who may take steps to investigate and refer the matter for prosecution and/or whether to pursue a civil action against the fraudster(s) and/or banks to recover the funds.
To assist organisations to attempt to prevent fraud we prepare risk assessments and fraud response plans. If a fraud is suspected or has been suffered, we have extensive experience of working across teams (for example with our dispute resolution, criminal and employment teams) to conduct fraud investigations and to advise on options for recovering monies through civil legal action against (former) employees, directors, accountants, banks etc., or to assist you in reporting the matter to the police.
Skip to content Home About Us Insights Services Contact Accessibility