New legislation, the Economic Crime and Corporate Transparency Act (ECCTA), creates big changes in how organisations approach fraud prevention, most notably introducing a “failure to prevent fraud” offence.
Yet recent research from KPMG highlights the scale of the UK’s fraud problem and the lack of preparation by UK corporates and other institutions for the upcoming changes.
Here we look at why, now more than ever, it is critical for all organisations to review their fraud risk management frameworks, fraud prevention controls and anti-fraud technology.
The “failure to prevent” fraud offence
The new “failure to prevent fraud” offence is considered one the biggest shake-ups of corporate economic crime law in decades.
Under the legislation, organisations will be liable to pay an unlimited fine if a fraud offence is committed by an employee or agent for the organisation’s benefit and the organisation does not have adequate fraud prevention measures in place.
Lack of awareness or involvement in the fraud by management will not be accepted as an excuse or prevent an organisation from falling foul of the new rules.
The expectation is that the offence will come into force by 2025 once the government has published guidance on what it considers reasonable procedures to prevent fraud.
Though the legislation is targeted at large organisations, it still represents a good opportunity for all organisations to review and update their approach to fraud risk management.
Not least, because many of the large organisations that fall under the new legislation will also require their partners to be compliant.
The UK’s growing fraud problem
A key aim of the failure to prevent fraud offence is to put a brake on rising fraud levels. The UK’s Home Office estimated in September 2022 that fraud accounts for 40% of crime, while the National Fraud Intelligence Bureau puts the value of reported losses due to fraud in 2023 at £2.1bn.
KPMG’s latest Fraud Barometer also highlights the extent of fraud, finding that 226 cases of fraud worth more than £100k reached the courts in 2023, with a total value of £992.2m.
The research also found that after professional criminals, management and employees are the most likely perpetrators of fraud and, together, were involved in nearly half the recorded cases in 2023 to the value of £221.3m.
As a major financial hub, London is unsurprisingly the nation’s fraud hotspot, with KPMG noting £701.4m of fraud across 43 cases in the capital.
However, the North West and the Midlands both recorded significant increases in fraud over the last year, with fraud values in the North West jumping from £24.7m in 2022 to £122.1m in 2023.
This highlights that fraud is a nationwide problem that all businesses should take seriously.
Reviewing and mitigating fraud risk
Despite the growing fraud problem and the impending legislative changes to combat this, KPMG’s research also found that 50% of respondents to its risk and fraud survey did not feel their organisations had properly assessed the fraud risks facing their business and the potential impact.
This is particularly concerning given that fraudsters are becoming more sophisticated and using technology to assist fraudulent activity.
They will also look for loopholes in technology systems and processes and manipulate data so fraud attempts can go under the radar.
Managers and employees are a particular threat in this respect because they can use their knowledge of internal controls and processes to circumvent them, as demonstrated by this fraud conducted by an Apple employee.
In reviewing fraud risk management frameworks, there are several factors that organisations need to consider, starting with who is responsible for fraud at the board level.
This also ties in with other regulatory changes, such as the recently announced 2024 UK Corporate Governance Regime (also known as UK SOx), which not only introduces tighter payment controls but also requires a company’s board to make a public declaration on internal controls.
Want to know more about UK SOx?
Employee training and robust procedures are also key, as is the use of technology to combat fraud.
The fight against Authorised Push Payment (APP) fraud – one of the largest fraud threats facing UK businesses and one that can also be used to facilitate scams by staff members – demonstrates this clearly. Risk mitigation strategies include staff training and awareness building to spot red flags, while technology solutions, such as Confirmation of Payee, help identify potentially fraudulent accounts.
Taking the next steps
APP fraud is just one example the power of a combined defensive approach encompassing people, processes and technology can have.
Yet, the very nature of fraud is that it is ever-changing and fraud perpetrated by employees and managers can be particularly complex and difficult to detect.
A multi-faceted approach is, therefore, essential both to prevent fraud and to ensure compliance with the latest regulatory requirements.
An organisation’s approach to fraud prevention starts at the top, and responsibility for fraud at the board level should be clearly defined.
Further down in the organisation, finance professionals should receive up-to-date training on spotting potentially fraudulent activity, while robust controls and processes, such as dual sign-offs for payments, are key to reducing the potential for fraudulent transactions.
Finally, technology is also intrinsic to the fight against fraud. This includes bank integration solutions that connect ERP systems and bank accounts and reduce the number of people with access to company bank accounts, as well as specific fraud and error prevention tools such as CoP.
By implementing a multi-layered approach, organisations will be much better positioned to detect and prevent fraud and manage compliance with the latest regulations.
Want to learn more about a multi-layered approach to fraud & error prevention?
Watch our webinar with CFO Sean Moriarty and Customer Success Director, Fiona Brown as they discusses what a successful, multi layered approach to fraud prevention looks like.
