Fraud affects businesses of all types and sizes, and can adversely impact the financial health of any organisation, its image and reputation, as Joanna Goodman reports
Data has been referred to as the new oil, meaning that it will fuel the future. This may be true, provided it is refined sufficiently to add value. But like oil, data has accelerated globalisation and transformed wealth-creation. The information economy has generated new business opportunities and working practices, which have also created physical and online opportunities for fraudsters.
Fraud is becoming commonplace. According to the Fraud Advisory Panel, cybercrime represents the second largest threat to the UK after terrorism and business is the biggest victim. A recent PricewaterhouseCoopers (PwC) report found that the industries suffering the highest average losses were communications and insurance.
Globalisation has produced a vast fraud economy that has become specialised and internationalised. Large-scale fraud commonly involves numerous players, often in different locations. This organised approach makes investigation and prosecution more challenging.
Estimates put this year’s loss to the UK economy from fraud at £73 billion
Fraud can be physical and online, and emanates from external and internal sources. Wherever it emanates from, fraud follows the money. The common denominator is money moving to the wrong account. PwC’s 2011 Global Economic Crime Survey bears this out, identifying the top three types of economic crime as asset misappropriation, accounting fraud, and bribery and corruption.
This year’s Annual Fraud Indicator estimates the loss to the UK economy from fraud at £73 billion and year-on-year figures show a significant increase. These and other figures reflect reported fraud – but much goes unreported.
Louise Hodges, business and criminal defence partner at law firm Kingsley Napley, says that for businesses, it is often a strategic decision whether or when to report fraud, particularly when the perpetrator is within the organisation, due to reputational and commercial considerations.
Kingsley Napley employment partner Richard Fox explains that businesses in regulated industries, such as banking and law, have a duty to report fraud to their regulatory bodies, but are not obliged to involve the police. Ms Hodges adds that this may well depend on whether the company is planning to pursue a civil action to recover its losses, as this can be delayed by protracted police and other investigations.
How can businesses protect themselves? Cybercrime is becoming increasingly sophisticated and businesses recognise that they need to protect their data and monitor where it goes.
Some businesses use sophisticated software to identify and track unusual patterns of activity. However, the human factors that prompt fraud in the first place are commonly the fraudster’s undoing.
Notwithstanding investment in automated monitoring tools, the vast majority of insider fraud is identified through tips from other employees, says Ben Knieff, director of product marketing at NICE Actimize, who explains that, although software analytics highlight potential fraud by identifying suspicious interactions in real time, it is important to combine technology with processes and people, and this includes end users.
“The customer should be the focal point,” he says. “Understanding the customer relationship is key to fraud prevention in any industry.”
Tony Wicks, director of anti-money laundering solutions at NICE Actimize, agrees that a holistic approach is critical. “Rather than employing point solutions, it makes sense to introduce a single integrated financial crime platform to manage risks appropriately across the entire business,” says Dr Wicks.
Businesses need to understand the main threats they are facing, and the best practices and initiatives that have proved most successful in minimising the risk of fraud and mitigating the damage should the worst happen. They need to be prepared in terms of the state of their financial and other data, and in terms of a fraud contingency plan. They need something akin to a fire drill – having a procedure in place to deal with something you hope will never happen.
Five ways to protect against corporate fraud
- Know your staff, suppliers, partners and agents
- Align IT, internal audit and the board of directors
- Conduct regular fraud risk assessments
- Ensure leadership by a cyber-savvy chief executive
- Implement a cyber-crisis response plan
Source: PwC 2011 Global Economic Crime Survey