This time of the year is always a good time to take stock of things – a spring cleaning if you will. It’s when we can look beyond immediate targets and even beyond our longer-term strategy to check the whole house is in order.
Fraud is a case in point, and particularly for multinational organizations, and for a number of reasons. For a start, they operate across geographical boundaries, serve more customers and employ more people than others – all of which means there are more routes into the business. Next, they have to be hierarchical and often operate in de facto silos, creating opportunities for fraudsters to masquerade as bona fide with some confidence.
What’s more, large organisations often respect the status quo. For instance, if major orders are regularly received from Company X, anything that superficially looks like another such order and is presented in the normal way may not be given the scrutiny it deserves. Finally, there is of course the digital environment, which not only creates channels of entry but provides potential tools for deception. It’s very simple, for example, to dummy up a company letterhead.
Favourite fraudster tactics…
External fraudsters often create a false, duplicate or altered invoice for goods and services that haven’t been supplied. They may also request that payments of invoices be redirected to a new bank account, perhaps by presenting themselves as genuine representatives of supplier companies. They may hack emails, processing systems and databases, or use email or website addresses with tiny spelling differences.
… and how to guard against them
Here are a few useful safeguards:
- Secure your environment and keep it that way with regular checks. It’s obvious, but sometimes what’s obvious can be downgraded or overlooked
- Check identity. In addition to being alert to subtle differences in spellings and numbers, maintain an authorised list of contacts and cross-check against it. When changes or additions are requested, verify them with known and trusted people on your list using their known and verified contact details, not just replying to the inbound email.
- Maintain comprehensive procedures. This is where breaking down silos is of especial importance: if large organisations adopt and adhere to common practices and share information across functions it’s much harder for fraudsters to thrive
- Make those processes rigorous too. Fraudsters will often present fictitious grounds for urgency to justify bypassing proper procedures. Pay no heed. Even if the need for speed is genuine it always pays to do things by the book
- Create an ‘escape lane’. Staff are sometimes threatened, blackmailed or tempted with offers of bribes to engage in fraud. They may feel intimidated because the pressure is being applied by a superior or a high-ranking customer contact or someone employed in an official capacity. If you create a channel through which staff under such pressure can raise concerns, or staff who are worried that such pressure is being applied to their colleagues can confidentially communicate to their manager then those staff will be protected and the organisation too.
Fraud is big business. According to the FBI, around $750 million was stolen in scams from more than 7,000 companies between October 2013 and August 2015 – and that was in the US alone. That’s why it’s so important to maintain proper controls.
It’s a good idea to ask people outside your standard safety procedures to help you review them. They can bring a fresh and sometimes challenging perspective. This could be people from your own internal audit or risk and compliance team, or you might also consider asking an external service provider. Capgemini’s Compliance Services team has long experience in what constitutes best practice and brings a systematic approach to fraud prevention processes. If you’re interested in a review, please drop me a line and I’ll put you in touch with them.