Strategies for Fraud Prevention in Business & Corporates

Strategies For Defeating The Cheats Within an Organization or Business

How Companies of All Sizes Can Prevent Fraud

Tips to Prevent Employee Theft and Fraud

Ways to Protect Your Business Against Employee Fraud

Strategies for Fraud Prevention in Your Business

Tips to Prevent Employee Theft and Fraud

How to Prevent Employee Fraud

How to Prevent Corporate Fraud

By Bill Trueman, Fraud & Risk Management Specialist.

With the recent high profile cases of senior fraud and online security managers being caught perpetrating fraudulent activity, there has been a degree of shock across the corporate world, combined with an initial feeling of helplessness. This is the worst thing that can happen in financial and banking organisations where one would expect the very tightest security to prevail. After a ll, if you can’t trust those executives in the most credible organisations who were specifically recruited to identify and counter fraudulent financial behaviour, then what can you do to ensure that your own organisation does not become a victim. The word victim is used advisedly, as internal fraud is not a victimless crime; rather it impacts in varying degrees on management, staff, shareholders and customers.

fraud and risk management specialist

Any crime committed by those in a position of trust is far more serious, so the penalties should surely be far higher than normal. This is particularly true with fraud prevention mangers that cheat. However, it does seem that once an internal fraudster is caught, that any offer to ‘return funds in return for a leverage for legal plea bargaining should be disallowed. The ideal must be for companies to find ways to decipher and identify such practices and to eradicate them at ground level.

Still reeling from the shock of the media coverage of the latest betrayals, UKFraud asked its independent corporate fraud prevention SIG (Special Interest Group) to draw up a new set of benchmarks which will help organisations identify the signs that something is awry from ground level up. The SIG also defined and deciphered the most effective strategies for countering these risks. The Corporate Fraud Prevention SIG consists of leading fraud prevention consultants from across a range of industries, coupled with a wide range of fraud industry skill sets. The aim of the SIG is to analyse approaches taken to fraud in the corporate sector and to make recommendations for change at local, national and global levels.

According to the SIG’s research, the most likely signs of wayward behaviour by fraud and security management are relatively easy to spot and yet often overlooked. They include:

  • Fraud Systems that are below par. The fraud systems chosen by an organisation can be unfit for purpose and may not deliver what is required. There is also often an unwillingness, due to the influence of the internal fraudster, to consider competitive fraud technology products that do deliver or that can deliver more quickly. Often, the SIG says, it is easy enough with hindsight to see that a change to effective systems had been deliberately avoided, and typically, career minded employees are reluctant to blow whistles.
  • Erratic,  incomplete, late or excuse laden management and system reporting is a classic sign that line managers are covering something up and says the SIG, this is just as likely to be the case with those fraudulently managing the security and anti-fraud systems of a company. Normally, further investigation will reveal that ‘lip service’ and increasingly tenuous explanations are given assertively to thwart follow up activity. When though one is dealing with an errant fraud manager, these explanations are more difficult to see through and more than likely to pass the plausibility test. Often the blame for the cause of any suspicion will be thrown onto inadequate IT systems or on the political gaps between corporate silos.
  • Frequent excuses are often based around IT related issues, such as technology compatibility problems between different company systems or even between international systems.
  • Unexplained wealth of managers outside of work. There will be plenty of evidence of the rewards of wrong-doing with fraudsters purchasing luxury housing, wardrobes, holidays, cars and home computing equipment together with other rewards for family and friends which can even extend to private school fees for children.
  • Work place rumours, jokes and tip-offs. These are often dismissed as political jibes but often this is a tell tale sign that something is wrong and that staff are too afraid to ‘blow the whistle’ formally.
  • Frequent use of the ‘privileged rank’ of Security or Anti-Fraud Manager to divert questions or to avoid enquiries from those who might raise suspicion, such as the internal or financial auditors. This also includes the robust use of the ‘we don’t want to compromise security by answering your questions’ excuse.
  • Where fraud specialists know the latest trick, for example how on-line fraud works, the unique symptoms of that particular scam will show up in the company where the internal fraudster is using it themselves.

UKFraud’s Corporate Fraud Prevention SIG believes that ‘maintaining an independent review perspective managed by those with the greatest experience’ is the most effective solution for combating inside jobs by fraud and security management. Amongst the strategies the SIG would recommend are:

  1. A greater emphasis on the use of Non-Executive Directors. This is crucial, says the SIG, as usually Non-Execs are appointed for their experience of skills and operations in other organisations and sectors. They have that ‘other worldly’ eye that is able to cast a different perspective. They should have the ability to review all aspects of a company’s anti-fraud strategy and to ask awkward questions ‘from the top’ as this carries more weight.
  2. Up-to-date reporting must be a core mantra of good company management, with the details of repeated exceptions thoroughly investigated. Organizations should also ensure that reports are not only timely but that they are also complete, real and updated as required. These processes should also then be built into the internal audit schedule for checking. This in turn should feed into the main GRC (Governance Risk and Compliance) systems. In addition, wherever appropriate, organisations should adopt an enterprise-wide approach to technology as this will help with systems issues. Thus, if the technology works well in all other parts of an enterprise, it is highly noticeable if it fails in the management of the fraud department or the control of online and financial systems.
  3. From the ground up, organizations need to establish records both electronically and on paper. This should include specifying where documents are and when they should and should not be stored. One should identify who is in control of these systems, processes and procedures and who has ownership of specific records. Organizations also need to decide who is responsible for checking that these measures are followed. The scanning, and indexing of work needs to be carried out to professional standards and there must be rules to ensure that no-one can intercept/edit documents at an inappropriate stage or in a fraudulent way. It is also important, the SIG believes, to ensure that your storage capacity is controlled properly.
  4. Where acquisitions and mergers are concerned, organizations need to ensure that all documents are available and stored appropriately and securely, especially those that relate to IP protection, IP development records, audit trails and staff contracts. In particular, when acquiring a business, companies must make sure that they have indemnities and penalty clauses built into the acquisition agreements which relate to the availability of data, logs, audit trails and so forth.
  5. An extra fraud prevention ‘task-set’ should be drawn up for auditors and IT auditors whether they are internal or external. This can have a real impact, although sadly most auditors are simply there to either report on financial results or check asset lists and software licence compliance. There are though many specialists that can undertake ‘special’ tailored checks to find frauds within all manner of business systems including: payroll, invoicing or payments. By turning them towards checking the efficacy of the security and fraud systems in place, says the SIG, it is not only a greater deterrent but also a far more certain way of catching wrong doing whilst in flight.
  6. Getting HR more involved. This allows organisations to define responsibilities and handle warnings for non-compliance and to do so at all ranks from the ground level upwards.
  7. Organisations should actively consider the use of external risk consultants who can offer solutions which benefit from an independent viewpoint that resides outside of a company or   its politics.
  8. Where doubts exist, organisations should contemplate the use of private investigators to look deeper into the processes used by those who are deemed to be high risk people. These need to be the breed of computer literate investigators with corporate fraud experience.

A leading member of the SIF is Malcolm Gardner. He believes that the situation may be worse than many fear. In his view, “Typically, when fraud or security managers are caught, it is either because they went too far, having become complacent, or where there has been a tip off. This tends to suggest that those who are caught might simply be the tip of the iceberg. With sectors such as the online market, now so very tempting to fraudster, it can also be tempting for internal cheats too. Corporations need to be sure of their staff and need to put the right systems in place to help the loyal staff who are the ones still working for the good of the company.”

So to conclude it is especially negative situation whenever any fraudster is identified within a business as they are the person who has the responsibility for fraud prevention themselves. IT is a complete betrayal.  The first step in planning the fight back is finding these people and then managing the problem. The trouble is that many of them are exceptionally well hidden. Whether one can ever be 100% certain that there is no problem internally is probably too much to expect. However my belief,  is that if you start to introduce the kind of checks and measures the Corporate Fraud Prevention SIG has outlined, there is every chance that the risk will be minimised or driven away.

Bill Trueman (an independent fraud and risk specialist) is director of RiskSkill and UKFraud.

This article originally published here.

Other Useful Posts You Would also Like:

What is Risk Management? Definition & Importance

11 FAQs on EMV Chip & Pin Credit Card Technology

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Top Technology Trends in Payments, Risk and Fraud in 2014

25 FAQs on Risk Review and Risk Management

Advertisements

Who Polices The Fraud And Security Managers?

UKFraud SIG Identifies The Measures That Need To Be In Place

Following the recent high profile cases of senior fraud and online security managers being caught up with fraudulent activity, UKFraud’s Special Interest Group (SIG) for Corporate Fraud Prevention has drawn up a new set of benchmarks which will help organisations identify the signs that something is awry. The SIG also outlines the most effective strategies for countering these risks.

Recently established by UKFraud, the Corporate Fraud Prevention SIG consists of leading fraud prevention consultants coupled with representative input from a wide range of fraud industry skill sets. The SIG was established in response to sector frustration at recent claims by the UK’s National Fraud Authority that fraud levels have risen significantly from £38bn in 2011 to £68bn in 2012. The aim of the SIG is to analyse the approach taken to fraud in the corporate sector and to make recommendations for change at local, national and global levels.

According to the SIG’s research, the most likely signs of wayward behaviour by fraud and security management are relatively easy to spot and yet often overlooked. They include:

Fraud Systems that are below par. The fraud systems chosen by an organisation can be unfit for purpose and may not deliver what is required. There is also often an unwillingness, due to the influence of the internal fraudster, to consider competitive fraud technology products that do deliver or that can deliver more quickly. Often, the SIG says, it is easy enough with hindsight to see that a change to effective systems had been deliberately avoided, but typically, career minded employees are reluctant to blow whistles.

Erratic, incomplete, late or excuse laden management and system reporting is a classic sign that line managers are covering something up and says the SIG, this is just as likely to be the case with those fraudulently managing the security and anti-fraud systems of a company. Normally, further investigation will reveal that ‘lip service’ and increasingly tenuous explanations are given assertively to thwart follow up activity. When though one is dealing with an errant fraud manager, these explanations are more difficult to see through and more than likely to pass the plausibility test. Often the blame for the cause of any suspicion will be thrown onto inadequate IT systems or on the political gaps between corporate silos.

Frequent excuses are often based around IT related issues, such as technology compatibility problems between different company systems or even between international systems.

Unexplained wealth of managers outside of work. There will be plenty of evidence of the rewards of wrong doing with fraudsters purchasing luxury housing, wardrobe, holidays, cars and home computing equipment together with other rewards for family and friends which can even extend to private school fees for children.

Work place rumours, jokes and tip offs. These are often dismissed as political jibes but often this is a tell tale sign that something is wrong and that staff are too afraid to ‘blow the whistle’ formally.

Frequent use of the ‘privileged rank’ of Security or Anti-Fraud Manager to divert questions or to avoid enquiries from those who might raise suspicion, such as the internal or financial auditors. This also includes the robust use of the ‘we don’t want to compromise security by answering your questions’ excuse.

Where fraud specialists know the latest trick, for example how on-line fraud works, the unique symptoms of that particular scam will show up in the company where the internal fraudster is using it themselves.

UKFraud’s Corporate Fraud Prevention SIG believes that ‘maintaining an independent review perspective managed by those with the greatest experience’ is the most effective solution for combating inside jobs by fraud and security management. Amongst the strategies the SIG would recommend are:

A greater emphasis on the use of Non-Executive Directors. This is crucial, says the SIG, as usually Non-Execs are appointed for their experience of skills and operations in other organisations and sectors. They have that ‘other worldly’ eye that is able to cast a different perspective. They should have the ability to review all aspects of a company’s anti-fraud strategy and to ask awkward questions ‘from the top’ as this carries more weight.

Up-to-date reporting must be a core mantra of good company management, with the details of repeated exceptions thoroughly investigated. Organizations should also ensure that reports are not only timely but that they are also complete, real and updated as required. These processes should also then be built into the internal audit schedule for checking. This in turn should feed into the main GRC (Governance Risk and Compliance) systems. In addition, wherever appropriate, organisations should adopt an enterprise-wide approach to technology as this will help with systems issues. Thus, if the technology works well in all other parts of an enterprise, it is highly noticeable if it fails in the management of the fraud department or the control of online and financial systems.

Organizations need to establish records both electronically and on paper. This should include specifying where documents are and when they should and should not be stored. One should identify who is in control of these systems, processes and procedures and who has ownership of specific records. Organizations also need to decide who is responsible for checking that these measures are followed. The scanning, and indexing of work needs to be carried out to professional standards and there must be rules to ensure that no-one can intercept/edit documents at an inappropriate stage or in a fraudulent way. It is also important, the SIG believes, to ensure that your storage capacity is controlled properly.

Where acquisitions and mergers are concerned, organizations need to ensure that all documents are available and stored appropriately and securely, especially those that relate to IP protection, IP development records, audit trails and staff contracts. In particular, when acquiring a business, companies must make sure that they have indemnities and penalty clauses built into the acquisition agreements which relate to the availability of data, logs, audit trails and so forth.

An extra fraud prevention ‘task-set’ should be drawn up for auditors and IT auditors whether they are internal or external. This can have a real impact, although sadly most auditors are simply there to either report on financial results or check asset lists and software licence compliance. There are though many specialists that can undertake ‘special’ tailored checks to find frauds within all manner of business systems including: payroll, invoicing or payments. By turning them towards checking the efficacy of the security and fraud systems in place, says the SIG, it is not only a greater deterrent but also a far more certain way of catching wrong doing whilst in flight.

Getting HR more involved. This allows you to define responsibilities and handle warnings for non-compliance.

Organisations should actively consider the use of external risk consultants who can offer solutions which benefit from an independent viewpoint that resides outside of a company or its politics.

Where doubts exist, organisations should contemplate the use of private investigators to look deeper into the processes used by those who are deemed to be high risk people. These need to be the breed of computer literate investigators with corporate fraud experience.

SIG member Malcolm Gardner, the CEO of fraud prevention consultancy Freevision Ltd., believes that the situation may be worse than many fear. In his view, “Typically, when fraud or security managers are caught, it is either because they went too far, having become complacent, or where there has been a tip off. This tends to suggest that those who are caught might simply be the tip of the iceberg. With sectors such as the online market, now so very tempting to fraudster, it can also be tempting for internal cheats too. Corporations need to be sure of their staff and need to put the right systems in place to help the loyal staff who are the ones still working for the good of the company.”

Bill Trueman the CEO of RiskSkill and UKFraud, echoed Gardner’s comments adding, “It is awful whenever any fraudster is identified within a business, but if it is the person who has the responsibility for fraud prevention themselves, then this is even more abhorrent. Within the fraud SIG, we all universally believe that these fraudsters who were identified as fraud specialists themselves should have significantly more severe punishments, for abusing these particular positions of trust. The first step is finding them and then managing the problem. Hence, our SIG was keen to put these guidelines in place for all to benefit. We would welcome any feedback on other pointers and precautions that people feel might be also of benefit in future SIG reports.”

News Source

Mega Fraudsters Are Often NOT Held Responsible For Most of the Frauds.

The vast amount of fraud in most developed countries takes place from lots of people stealing more modest amounts from government and from large corporations. So whilst we may occasionally read about the $ multi-million losses perpetrated by individuals, this is comparatively rare.

There are many tens of thousands of people who steal $10 – $10,000 every day through false benefit applications, bogus grants, insurance claims, local authority claims, injury claims, stolen card usage and walking away from utility bills or internet orders. Oddly, the widespread deployment of IT systems to manage corporate fraud and corporate processes often makes business fraud easier, as fraudsters prefer such faceless processes to dealing with real people, thus making corporate fraud losses prevention difficult.

UKFraud is an independent fraud prevention organisation (under the leadership of Bill Trueman) which helps banks, corporates, insurance companies, telecommunication sector, and other organisations investigate, detect and prevent fraud to save millions.

When serious Corruption, Fraud or Illegal activities are exposed in Corporate or an organisation, should the Top Dog resign, even if they allege they were unaware of the offences?

Should Top Dogs Resign When any Scam or Fraud takes place in an Organization?

“Yes but not always…. life is never that simple! Even if the ‘top dog’ doesn’t set the fraud agenda, and has no prior knowledge of the corrupt or fraudulent practices, they still have to go as there is always an assumption of responsibility at the top. However, a good leader will make sure that their business team has fraud prevention tools, such as payment, audit and stock controls et. al. in place. Thus, the good leader should rarely see and experience such corruption or fraud. However. If the leader does not drive such disciplines into the business, then their leadership is poor AND he or she MUST go if that leadership comes under scrutiny when any business fraud or company fraud is discovered.

The biggest exception to this rule include; new leaders, who are trying to implement the right infrastructure, which will always take time to put in place. The judges in these cases must be independent non-executive directors, chairmen or shareholders; who should always also be in place in a supervisory oversight role.

Sometimes culpability stretches much further than ‘the one at the top’, and could include a broader base of stakeholders – shareholders etc  The Ministry of Defence might well see one of the causes for losing over £6bn as potentially the result of a very large company fraud, but we’d never hold the Queen liable…would we?”

UKFraud is an independent fraud prevention agency (under the leadership of Bill Trueman) working globally, which helps businesses, banks, corporates, insurance companies, telecom sector, ngo, and other organisations investigate, detect and prevent fraud(and corruption) in order to prevent losses and save millions.

How To Protect Your Company From Big Fraud Attacks?

1. Ensure that your IT people understand the technical risks and they know how to protect your business from attacks, theft of customer information and infiltration. Customer details and payment details are the most ‘at risk’ data; and that access security is the most important to the police.

2. Remember though that with the best systems in the world, one of the weakest points of vulnerability is always the people using the systems, as they can easily be mis-led or conned. Ensure that customers have strong advice and warnings of the dangers. Also make sure that staff cannot access sensitive areas of your systems without proper controls and whatever they do is stored and available for audit. Make sure, when recruiting, that the bad-eggs that can get into the fabric of organisations are properly screened out before you are at risk by employing them.

3. Look at your processes for weaknesses. These include: paper that need not be used, access to unnecessary customer data, who can access what and why people may need to access such details. Ensure that people have what they need to do their jobs, but no more.

4. Make sure that your anti-fraud efforts are not just ‘after the event’ investigation-led. Ensure that you set proper fraud deterrents and fraud prevention strategies, mechanism and system. You should consider deploying early fraud detection processes, systems, solutions and technology and that when you see a problem you take action to fix it properly and permanently.

5. And finally, if you employ a fraud management specialist, make sure that they have the ability to take action and change the business for the better.

Bill Trueman, CEO & Director of UKFraud and RiskSkill who helps businesses, banks, corporates, insurance firms, telecom sector, ngo, and other organisations investigate, detect and prevent fraud to prevent losses and save millions.

Other Posts Which You Would Also Find Useful:

What is Corporate Risk Management? Definition & Importance

25 FAQs on Risk Review

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

11 FAQs on EMV Chip & Pin Card Technology

Top Technology Trends in Payments, Risk and Fraud

How to Prevent Scams and Frauds in a Business / Organization?

Often, most of the business becomes a victim of one or other type of internal frauds & scams because they ignore the necessity of putting a proper fraud deterrent and fraud prevention system in their business or organization thus they become the victim of the fraud done by one of their employees or any outsider.

Thus it is very necessary for a business to follow a proper fraud prevention strategy, especially for the small businesses because such frauds prove to be fatal to small business and it becomes very difficult for them to recover from such big losses.

Today many cases of cheating, forgery, identity fraud, internet fraud have been taking place thus it has become necessary to put a proper and effective fraud deterrence system for preventing fraud in commercial organization. Most of the times the employees, managers, loyal persons, whom we trust upon, turns out to be cheater taking advantage of the garb of the loyalty.

Thus it is necessary to formulate such fraud prevention strategy so that such losses can be avoided, if you do not know about the fraud prevention strategies and fraud deterrence mechanisms then it is better to hire a fraud investigation and fraud prevention specialist.

For more information on preventing fraud in banks, business, insurance company, corporates and other organizations visit website of UKFraud or contact Bill Trueman who is an independent payments, fraud and risk specialist working globally.

Why Fraud Management System is Necessary for a Business & Company?

fraud detection techniques

Detect fraud before it is too late for your company. Putting fraud prevention system in a company or organization is very necessary for its sustainable growth.

As part of a continuing drive to inform the commercial world about fraud prevention policy, tactics and risks, UK Fraud has published a list of common fraud misnomers. These include:

1. Every Country Possesses A ‘Fraud Fighting Champion’

Who controls, monitors and regulates fraud in your country? If you are resident in the UK, for example, then please write and tell us. We are really not sure what the answer is. We know that in the UK, it is believed that fraud costs the country £38 Billion each year – that’s £38,000,000,000 – or more than £600 per man, woman and child! There are some politicians and a whole assemblage of senior civil servants in the Cabinet Office who might claim the throne as theirs. Then there is National Fraud Authority tasked to ‘do something’ and the Cyber Crimes Unit tasked to ‘do something else’ but we have yet to see any joined-up integrated fraud strategy to support this. The situation is even vaguer when it comes to the UK’s approach to fighting fraud originating outside the UK.

2. Be You Own Fraud Fighter – Contrary To Opinion You Can Now Strike Back!

We are all aware of all those spoof emails, telling us that we can have a share of US$6,000,000 if we help transfer money. Usually this is at the behest of an uncle or widow of a major banana politician who needs help in a foreign state. As you might by now expect, they all ask us for our bank details. Instead of letting them ‘reel you in’, you and I can now have a go at ‘scammer-baiting’ i.e. conning the conmen themselves. There are a number of sites that can help you understand how to do this; search google for ‘Scam the scammers’. Even if you don’t feel like doing this, there are some entertaining stories to be read on numerous sites.

Commenting on the list of common misnomers, Bill Trueman CEO of UKFraud and RiskSkill noted, “Before we can make a real impact in driving down levels of fraud, one has to create awareness of where the real issues are and by contrast where the old wives tales have crept in. By highlighting common misnomers we aim to help in this process.”

About UKFraud (www.ukfraud.co.uk)

UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is a widely accepted as one of Europe’s leading fraud prevention specialist and a frequent commentator and writer on the issues involved. Trueman has extensive experience of handling or preventing bank fraud, insurance fraud, internet fraud and fraud in other financial service sectors and is a thought leader at the forefront of many industry wide and international debates.