As gatekeepers to the financial system, finance professionals play their part in helping to prevent and detect data breaches, a key enabler of fraud. SMEs are also urged to practise vigilance against any suspicious activity and be aware of the signs. John Edwards, left, Chief Executive and Group Executive International of the Institute of Financial Accountants (IFA), takes a closer look at current trends in fraud and what steps organisations can take to protect themselves against it
According to UK Finance, authorised push payment (APP) scams increased in frequency by 60% and rose 71% in value in 2021 compared to 2020. APP fraud is where the customer is tricked into authorising a payment to an account controlled by a criminal.
Common methods include scam phone calls, text messages and emails, used as a means of deceiving people into handing over personal details and passwords. Often fraudsters will use online platforms, including fraudulent advertising through search engines, social media, and fake websites. In 2021, the number of impersonation scams rose significantly, as criminals posed as banks, government bodies, and even health officials, to con people out of their money.
What can SMEs do?
- Strengthening email security should be the first initial priority, including frequent password changes of strong password formats. Duplication across applications should be avoided.
- Introducing two-factor authentication is a must but not one linked to a mobile device as it can be stolen.
- Avoid using a second email address as a recovery account. This should now be a thing of the past as it is not considered adequately secure – criminals can use this as back entry into primary email accounts.
- Never click on suspicious links or use an unknown USB stick.
- Ensure staff avoid using public or non-secure private networks.
According to FTI Consulting, green fraud across public and private sector spending could amount to £3.5bn per annum, and up to £50bn by 2050. As governments and companies commit to net-zero carbon targets this has paved the way for criminal opportunists who seek to use the climate crisis to their advantage. Examples of green fraud include criminals posing as companies performing services such as replacing outdated heating and insulation, or defrauding consumers via state-funded schemes. An example of where such fraud has already been committed is via the now abandoned £2bn Green Homes Grant, launched in 2020, which resulted in scammers abusing its name to proffer their unapproved services to victims. Like APP fraud, this type of fraud is carried out by a mixture of small-time operators and organised crime gangs.
What can SMEs do?
- Do your research and check the company being used before buying anything. This includes asking for references, verifying the company’s details using external sources, checking they are approved for scheme delivery (if appropriate) and reading any terms and conditions.
- Check certified schemes that recommend traders, such as TrustMark, the Government’s endorsed quality scheme. Get written quotes and a contract before giving a contractor the go-ahead, and ask about payment options to avoid paying for costs up-front where possible.
- Be vigilant and cautious about sharing banking details with sources where trust could be an issue.
The three most common types of fraud in the workplace are inventory theft, data theft, and cash theft, costing UK businesses around £190m annually. Internal controls are crucial in tackling employee fraud – it takes an average of 14 months before the majority of employee fraud cases are discovered, and dedicated controls are one way to drastically cut this time. Fraudsters will usually have access to money or stock, depending on the nature of the business.
What can SMEs do?
- Introduce spot checks, regular reviews or audits, and ensure that these are carried out, preferably by somebody different each time. This should apply to every level of employment.
- Where there are anomalies in inventory or revenue, identify the cause of the problem. Software can help with identifying shortfalls.
- Appropriately placed cameras in the premises can act as an effective deterrent.
- Where appropriate, the use of covert surveillance might also be considered. There are strict rules governing when, and for how long, covert monitoring is acceptable, but it is an option in some cases, so seek expert advice.
One of the biggest remaining threats is dirty money, with money laundering on the rise in the UK. The Economic Crime Act was fast-tracked in March, due to Russia’s invasion of Ukraine. Its aim was to prevent wealthy individuals, including Russian oligarchs, from hiding money in the UK that had been obtained through corrupt or illegal means. As new technologies develop, such as virtual currencies, there is also a risk of fraudulent activity.
Further legislation, set to be passed through Parliament, will comprise measures designed to increase transparency and give law enforcement enhanced powers to combat money laundering. It will also encourage businesses to share information on suspected economic crime.
The second Economic Crime Bill will mean anyone setting up, running, owning, or controlling a company in the UK would need to verify their identity with Companies House,` which will be able to challenge dubious information and inform security agencies of potential wrongdoing.
What can SMEs do?
- For any finance professional, being aware of and up to date with anti-money laundering regulations for businesses should be standard practice. You need to be aware of the risks, the regulations and the steps to take to make it less attractive for criminals to target you.
- If cash is handled, enforce a limit on cash payments and have a second person sign off cash payments of a higher amount. Cash intensive businesses could be at a high risk from opportunists looking to process cash.
- Have a money laundering policy in place:
- Get one written, so that all employees are aware of what it is and in what way the business could be vulnerable.
- Implement and carry out ongoing training. Every single employee needs to know if/when they overhear or see something that brings a concern to their attention.