Anti-fraud planning and your business – don’t be a victim
Monday 24th November 2014
The cost of fraud, both internationally and domestically, is staggering. In 2013 the estimated world global product was around $73.8 trillion with a projected loss to fraud of $3.7 trillion. Against this backdrop the United Kingdom suffered an estimated loss of £52 billion. The reality is that these figures are the tip of the iceberg.
Apart from direct financial loss to business there are many other losses associated with fraud. These include intangible costs such as reputational damage resulting in loss of market position or share price, loss of contracts, general suspicion regarding an organisation’s corporate governance and low workforce morale leading to a reduction in productivity. Then there are direct costs including legal – criminal/civil investigation costs, prosecution costs, cost of replacing staff, disciplinary costs including investigation, remedial works and, of course, potential external sanction costs and regulatory fines.
Every business must consider anti-fraud planning. The business need is obvious. Such planning typically focuses on identifying the risk to the business and its objectives, reducing the risk of criminal or civil liability for the company and board and ensuring the highest level of corporate governance in order to comply with the legal requirements set out in (amongst others) the Proceeds of Crime Act 2002, Money Laundering Regulations 2007 and the Bribery Act 2010.
Despite the obvious need to have anti-fraud measures, there are still many businesses either operating on the mistaken assumption that their policies and procedures provide adequate anti-fraud protection or totally unaware of the risks. Creating an anti-fraud culture is key to the prevention of fraud. There are a number of elements to this:
- clearly assessing the risks to the organisation, which may vary according to department;
- ensuring that there are clear, sensible, proportionate and accessible policies and procedures to help staff to deal with fraud and unethical behaviour when uncovered;
- ensuring the right people are employed and that appropriate due diligence is conducted on each individual before making offers of employment;
- consistent internal communications and training;
- monitoring and review of procedures and policies.
A company’s anti-fraud message should start with a high level anti-fraud statement setting out a zero tolerance attitude to fraud both internally and externally.
The responsibility for day to day anti-fraud detection and prevention will usually fall to other senior employees, often reviewed by a compliance/internal audit team. Their role will involve creating and sharing standards for anti-fraud behaviour after risk assessment, delivering the anti-fraud message through training, report to the board on fraud or risk and ensuring that policies are implemented and reviewed. These staff will be “visible” and have a role in deterrence.
As a guide, the anti-fraud policy statement should include:
- A high level commitment from the board to the standards of integrity and anti-fraud behaviour expected;
- Identification of policies and compliance procedures, in general terms, and appropriate guidance;
- Reassurance to employees that they can report suspicions of fraud without fear of retribution, along with details of how to do so;
- A commitment from the company to take all appropriate disciplinary or criminal proceedings where appropriate;
There are many reasons to establish a strong anti-fraud strategy. If saving money and protecting the business, employees and shareholders is not enough, then perhaps the increase in UK legislation, particularly the Bribery Act 2010, and the potential consequences of any breach might be. Establishing a strong code of ethics and proper training will go some way to showing the Serious Fraud Office when they investigate potential bribery situations that the business they are dealing with is an ethical one. That said the SFO in their investigations will be looking for more than simple rhetoric from the board when it comes to anti-bribery enforcement.
An organisation cannot prevent fraud and other malpractice through policy alone, so having established a clear anti-fraud policy statement and created unambiguous policies and procedures, employees need to be made aware of their and the organisations obligations through training and regular updates. In the next article we will look at training as part of an organisation’s anti-fraud strategy.