If there’s one thing the daily business pages will tell you, it’s this: fraud is a risk for any business. No matter how dedicated your finance team or how tight your systems, you’ll still be exposed to the possibility of being defrauded, either by an employee or an external party.
Unfortunately, as financial tools and systems have evolved, so too have the methods by which businesses are defrauded. In 2017, fraudulent activity cost companies around the world an estimated £3.24 trillion. That’s the equivalent of the UK and Italy’s combined GDP, straight down the drain. Or rather, straight into the wrong pockets.
More than just costing companies financially, business fraud also contributes to a loss of public trust, as well as damaging relationships with service providers such as accountants and insurers. It’s also a major headache for management.
In this post, we’ll take a look at the four biggest fraud risks finance teams face, as well as some of the tools and techniques you can use to protect your business.
It’s not always a faceless network of goons
Watch enough movies and you’ll get a certain picture of the modern-day fraudster: an unshaven villain crouched over a computer screen in a darkened room, surrounded by criminal spoils and cackling as the zeroes roll in.
While dramatic, this is a long way from the truth: you’re more likely to end up taken to the cleaners by Brenda from accounts than by some shadowy network of miscreants. Statistically speaking, inside jobs are more common than any other form of fraud.
Research has shown how little it takes for otherwise moral people to be tempted to commit fraud at work. Given the right incentives - personal troubles, workplace grievances, a belief that nobody will find out - all kinds of people will take the opportunity.
Why do people commit fraud at work?
A range of factors can play a part in leading someone to commit fraud in the workplace:
Tunnel vision: Single-minded focus on goals can blind people to ethical concerns, leading them to do anything to hit a certain sales or earnings target. Think Enron.
Dispersed responsibility: In large organisations, employees can often feel like cogs in a machine than responsible individuals. When people feel separated from workplace leadership, they’re more likely to steal or commit fraud.
Workload or time pressure: When employees are under the gun, they’re more susceptible to the temptation to commit fraud or malpractice. If it helps them get on and get their work done, they might just roll the dice.
Acceptance of small theft: There isn’t an employee alive who hasn’t snuck a pencil from the stationary drawer. Ignoring small thefts like this can lead to larger ones, like over-claiming work expenses.
Availability of workplace credit cards: This is a big one. No matter how much of a stickler someone might be, holding that company plastic can be a major temptation.
Mostly, internal business fraud occurs as the result of the convergence of three factors:
Motivation: Is there a motivating factor for an employee to commit fraud? For example, an employee may have a family member with a health condition, and may see fraud as the only way to support him or her.
Rationalisation: Is there a way for an employee to convince themselves that the fraud is justifiable? For example, an employee may tell themselves that if they’d only received that promotion last year, then they wouldn’t have had to commit fraud.
Opportunity: Is there a viable opportunity to commit the fraud? For example, is an employee going to spot a gap in the system that could potentially be exploited, such as a lag in the validation of supplier invoices?
It’s useful to keep these factors in mind, and remember that given the right conditions, almost anyone can be tempted to commit business fraud.
What’s more, fraud isn’t always intentional. Poor documentation practices or outdated systems can give rise to unintended fraudulent behavior. This includes mismanaging invoices or incorrectly coding payments. While these may not be intended, they can be just as costly and disruptive as deliberate fraud.
Let’s now take a look at some of the more recent trends in business fraud.
Modern trends in business fraud
It’s a sad fact that for every time-saving innovation in modern technology, there is someone willing to exploit it for criminal gain. As online banking and integrated accounting software have evolved, so too have techniques to commit fraud.
While digital banking systems have closed the loop on certain types of fraud such as physical invoice fabrication, they have also given rise to new forms of fraud such as identity theft and phishing.
In fact, identity theft is now so common, fraud prevention service Cifas reported 89,000 cases in the UK in the first half of 2017 alone. This makes it crucial for employees to be aware of the risks, and to keep their sensitive information safe and secure.
With that in mind, we’ll now examine the four biggest fraud risks facing finance teams today.
The four biggest fraud risks finance teams face
In addition to good old classics like invoice fabrication and unauthorized cash transfers, the four biggest fraud risks faced by finance teams in the modern work environment are:
Identity theft and account takeover
Mobile banking fraud
Expense fraud
Social engineering fraud
These risks include a mix of threats internal to the business, as well as those from outside. Let’s look at them one by one.
Identity theft and account takeover
Identity theft is no longer just something that affects people in their private lives: fraudsters are targeting businesses, too. For example, in 2010 a fraudster managed to rack up more than $200,000 in long-distance calls to Africa by accessing the phone system of a small law firm in Ontario, Canada.
Attempts at business identity theft often involve phishing, whereby a fraudster impersonates someone within a business in order to extract sensitive information from a target. The fraudster can then access a range of sensitive records, using these to incur serious damage, even applying for overdrafts and lines of credit.
For example, a fraudster may email an employee posing as their manager or CEO and asking for sensitive information such as a database password. If provided, this would allow access to even more sensitive information, providing ample fodder for fraudulent activity.
Mobile banking fraud
With more banking being done via smartphones, including business banking, smartphone applications are increasingly subject to targeting by fraudsters. This includes sophisticated attempts to exploit integrated mobile technology, such as links between bank accounts and mobile payment plans.
If you or your team are using mobile banking facilities for your business, you should be aware of best security practices. In particular, you should inform your bank promptly if you notice any signs of unusual or unexplained account activity.
Expense fraud
Expense fraud consists of employees submitting inflated or fabricated expense claims for reimbursement. As a lot of employee expenses are incurred in situations of limited oversight (for example, when employees are travelling or working weekends), it can be challenging to verify the validity of expenses.
As the amounts involved in expense fraud are often on the low side, it doesn’t always make sense for finance members and management to spent too much time reviewing them. However, small fraudulent claims can add up over time, especially across a large staff.
Expense fraud also includes misuse of company credit cards. Even with clear expense policies in place, company credit cards are particularly open to misuse.
Social engineering fraud
Fraudsters around the world have taken to calling businesses to impersonate customer support, tax agency representatives, or even security specialists claiming to have detected fraud in the business’s IT system. This can lead to sensitive or private information being disclosed.
Unfortunately, global efforts to commit fraud via social engineering have grown increasingly cunning and inventive. Fraudsters are now able to target businesses using “spoofed” phone numbers, meaning that when calling, their true number is masked with a legitimate one, for example, that of a government tax department. (A good call tracking system may help.)
With these four financial risks in mind, let’s examine some of the signs that fraud may be occurring in your business.
Red flags to watch out for
Often, the opportunity to commit fraud arises due to over-reliance on key staff and stretched staffing arrangements. If you rely too heavily on a few key people, it's hard to keep track of all your company's payments.
There are a range of events and anomalies that could suggest business fraud is occurring. These include:
Abnormal selection of accounting policies by management
Omissions or inaccuracies in financial data
Significant and subjective judgment in financial estimates
Earnings pressures tied to banking covenants, bonuses or profit levels
Unexpected areas of business profitability
Recurring and unexplained negative cash flows during periods of revenue growth
Revenue reported after period cutoffs
Given most of these anomalies will be most visible to a business’s finance department, they're usually the first people to raise the alarm. Ideally, this will quickly be escalated to management to investigate and address.
Alternatively, if the fraud is being carried out by someone in the finance team, it can be a lot more difficult to detect.
Now we’ve well and truly freaked you out, let’s examine some of the ways you and your team can prevent the possibility of fraud - both internal and external - against your business.
How can you prevent the possibility of fraud?
There are a number of steps you can take to better protect your business:
Have clear policies in place. This sounds obvious, but many workplaces don’t bother to implement policies outlining the various forms of workplace fraud (including expense fraud) and the company’s stance on these. These policies should outline clearly and firmly the steps that will be taken in response.
And of course, your whole company should know and understand the policy.Update security and systems. Having outdated systems can give rise to fraud. Businesses should invest in modern technology, and should update their security and software on a regular basis. This can include accounting software designed to detect anomalous payments, as well as multi-step invoice payment processes.
Automate manual processes. Manual processes such as expense claims are not only widely hated, but can give rise to fraud. Automating processes with tools like an integrated expense management system reduces this possibility.
Regular audits and risk assessments: Routine and regular audits performed by a third-party are an excellent way to spot potential fraud. While these should be regular, they should also be informal - there should be no opportunity for anyone to prepare.
Provide information on the risks of external fraud: Staff should know about the risks of fraud from outside the business, such as social engineering scams or identity theft. Most importantly, staff should know never to provide any sensitive information via email or phone under any circumstances.
Consider these steps, and decide if there is anything more you could be doing to prevent fraud.
Conclusion: It can happen to you
No matter how great your staff are, they’re only human. This means your business will still be exposed to the possibility of fraud, both from internal and external sources.
Take a look at your business’s financial systems and procedures, and decide whether there are any further steps you could take to prevent the possibility of fraud occurring.
If any of the red flags described above sound familiar to you, be sure to take a closer look at what’s going on.