When Steve Wright, the owner of Kent Brushes, learned that he had just been victim of a fraud his heart dropped. When he found out it was £1.6m lost, he was in disbelief. According to this recent article in the BBC, he took immediate action and reported it to his bank and Action Fraud who, to date, have done little to help him recover the money.

Your business’s money is so hard to come by and so easy to lose to fraud through sophisticated scams that are now circulating.

In this case, the victim was tricked into thinking the firm’s money was at risk before the criminals manipulated him to gain access to the company’s bank account. The fraudsters then proceeded to steal £1.6m, via dozens of fraudulent transactions, in less than 20 minutes!

To date this money has not been recovered and it seems the case is closed. Fortunately for Kent Brushes, they are in a position where they feel they can trade out of their situation, but other businesses may not be so lucky.

Official advice from the Take Five to Stop Fraud campaign is urging people to:

  • Stop: Taking a moment to stop and think before parting with your money or information could keep you safe
  • Challenge: Could it be fake? It is OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you
  • Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud

This is all well and good but not the best practical advice. So, we have written a 16-point plan of practical things you can do to minimise the potential of fraud in your business. Fraud can come from internal sources as well as external sources, so it’s important to protect your business from both.

  1. Employee Training: Conduct comprehensive training sessions to educate employees about the importance of fraud prevention. Teach them how to recognise signs of fraud, including red flags, unusual behaviours, or discrepancies in financial transactions. Encourage a culture of vigilance and reporting within the organisation.
  2. Strong Internal & Access Controls: Establish and enforce robust internal controls. This includes clearly defining roles and responsibilities within the financial process and avoid a single individual from having too much control. Grant access to financial systems and sensitive information only to individuals who require it for their job roles and do not allow any one individual to be able to set up and make payments. (See point 7). Regularly review and update these controls and access permissions as needed.
  3. Regular Reconciliation: Implement a systematic process for regularly reconciling financial statements and accounts. This involves comparing records, documents and bank statements to identify any discrepancies, irregularities or unauthorised transactions promptly.
  4. Security Measures: Employ stringent security measures to safeguard sensitive financial information. This includes using strong passwords, encryption for data in transit and at rest, and access controls that restrict access to authorised personnel only.
  5. Vendor Verification & Contracts: Before entering into business relationships with vendors and suppliers, conduct due diligence to verify their legitimacy. Check their credentials, references, and reputation to reduce the risk of fraudulent transactions. Include clauses related to fraud prevention in contracts, specify penalties for fraudulent activities, and clearly outline the responsibilities of both parties in the contract.
  6. Ethical Culture: Promote an ethical culture within the organisation. Encourage employees to adhere to a code of ethics that emphasises honesty, integrity, and ethical decision-making in all business dealings.
  7. Review and Approval Processes: Establish detailed review and approval processes for financial transactions, such as invoices and payments. Ensure multiple layers of authorisation and verification are in place. Review internal expense reports to detect unusual or unauthorised expenses. Scrutinise receipts and invoices for accuracy and legitimacy, and ensure expenses adhere to company policies.
  8. Cybersecurity Measures: Invest in comprehensive cybersecurity measures to protect against online fraud. This includes training employees to recognise phishing attacks, keeping software up to date, and using firewall and antivirus solutions.
  9. Regular Updates: Stay proactive by keeping all software, including accounting and financial software, up to date with the latest security patches and updates. Outdated software can be vulnerable to security breaches.
  10. Insurance: Consider obtaining fraud insurance to provide financial protection in case of fraud-related losses. Review the policy terms and coverage to ensure it aligns with your business’s needs.
  11. Document Retention Policy: To help prevent unauthorised access to old records and fraud through document alteration, develop a clear document retention policy that outlines how long financial records should be retained and how they should be securely disposed of.
  12. Regular Financial Reviews: Schedule regular financial reviews with a qualified accountant or financial expert. They can provide an independent assessment of the company’s financial health, identify potential fraud indicators, and offer guidance on fraud prevention strategies.
  13. Whistleblower Policy: Establish a whistleblower policy that guarantees employees can report fraud anonymously and without fear of retaliation. Clearly communicate this policy to all staff members.
  14. External Audits: If applicable to your business, periodically engage independent auditors to perform external audits. These audits should assess the effectiveness of internal controls, identify potential fraud risks, and provide recommendations for improvement.
  15. Regular Financial Reporting: Share transparent and regular financial reports with stakeholders, including shareholders, investors, and management. Transparency can deter fraudulent activities and foster trust.
  16. Data Monitoring: Utilise data monitoring systems that employ data analytics to detect anomalies or unusual patterns in financial data. These systems can automatically flag potentially fraudulent activities for further investigation.

Conclusion

Don’t be complacent with your hard-earned cash – be vigilant to internal and external fraud – take it seriously and you should be ok. If you are unsure if you are open to potential fraud, then drop us a line we will be happy to talk you through this. Your money is best left under your control, not the fraudsters.