Crime is on the rise in the UK, and fraud and computer misuse is growing the most, according to police-reported figures, with annual incidents rising 36% in 2021 to 5.1 million.
What is fraud?
Under the UK Fraud Act, there are three main offences:
- Fraud by false representation: Someone makes a dishonest representation (express or implied) to make a gain or cause a loss to another.
- Fraud by failing to disclose information: Someone dishonestly fails to disclose information that they're legally obliged to in order to make a gain for himself or inflict a loss on another.
- Fraud by abuse of position: Someone holding a position of responsibility (which requires him to safeguard the interests of another) dishonestly abuses the position to make a gain for himself or inflict a loss on another.
Other offences include the possession of articles for fraud, making or supplying articles for use in fraud, participating in a fraudulent business, and obtaining services dishonestly.
Who commits fraud?
Organisations of all sizes are finding themselves victims of fraudulent activity. It's important to remember that there are both external and internal perpetrators of fraud.
- Internal threats: examples include disgruntled employees who may pilfer company assets, overstate expenses or overbill customers. Workers may also collude with suppliers to defraud the firm (misappropriation of funds). There may also be fraudulent reporting of company accounts by senior managers.
- External threats: these come from customers (obtaining goods or services without paying or misrepresenting their finances), suppliers (submitting false or duplicate invoices), or representatives (not passing on all the money they receive to our firm). Fraud may also be committed by people who are unknown to us via identity theft, CEO fraud, and so on.
Conducting a fraud risk assessment
To protect your company, you need to be aware of any vulnerabilities you may be exposed to and strengthen your existing arrangements. This is why you need to conduct a robust fraud risk assessment by following four simple steps.
Step 1: Identify risks
Firstly you need to assess your current operations and processes. To do this, you could refer to historical data as well as emerging trends and patterns.
Step 2: Quantify risks
Estimate the probability and impact of each type of fraud. Use the probability/impact matrix to estimate the level of risk along with your risk exposure.
Step 3: Mitigate risks
Once risks have been identified and quantified, you can use the 4T's model to mitigate them:
- Transfer - in other words, move the financial consequences to a third party. Generally, this involves getting insurance.
- Terminate - the simplest and most often overlooked solution. Stop doing risky things. This can be achieved through changes in practices and processes or by stopping engaging in activities with low reward and high risk.
- Treat - here, you aim to reduce the likelihood and impact of risk. Again, this could involve changes to systems and processes, but importantly, training your team about risk is vital.
- Tolerate - this is the tricky area. You've found a risk know its potential impact, but the cost of doing anything about it isn't worth it. This could include risks with low incidence and medium impact or medium incidence and low impact. However, don't consider doing this with catastrophic losses - like buildings insurance. Failing to transfer that risk before the COVID pandemic has been a stark reminder of why not.
4. Monitor and review risks
It's important to see risk assessment as an ongoing process rather than a one-off task. As part of the identify stage, you will have already gained insights that will help you understand what to monitor and how to review.
But new risks can appear, and the impact and prevalence of threats can change (both up and down). Think of your assessment like you would virus software; there to protect you and regularly needs checking and updating. And that includes keeping both your processes and your people up to date!
Want to learn more about fraud & compliance?
If you'd like to stay up to date with fraud best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library.
Last but not least, we have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about fraud, compliance or e-learning, please get in touch.
We are happy to help!
