I hope you’ve had a great week.
We’re seeing a further increase in the incidence of targeted fraud against business and the unexpected move to remote working has inevitably relaxed many of the authorisations and controls that used to be in place when we saw each other every day. And don’t imagine for one minute that the professional fraudsters aren’t taking full advantage of it.
So this week I’ve got a guest blog for you from our newest F Word Partner, Ian.
Not another fraud warning – by Ian Atkinson
Delete.
Another email on fraud prevention sent to the trash can.
You think those warnings are for other less well-run, less capable businesses than yours.
Not here. We know what we’re doing. My team are good at their jobs.
That just wouldn’t happen to US!
All that might be true. But you’re wise to stay vigilant and think of your weaknesses as the fraudsters do.
Fraud is getting ever more sophisticated so we need to up our game.
I’d like to share two of my own experiences.
A well-run UK company recently won a large order from an overseas multi-national. The invoice with payment details was emailed to the customer for the first payment.
En-route the bank details were changed, and the fraudster posing as a UK employee phoned the customer to confirm the details.
Fortunately, the staff member taking the call knew the UK person the fraudster claimed to be. Suspicious they contacted the UK Company.
Disaster averted.
Nearly.
By there was another twist.
They agreed the UK Company would re-send their documents and call the customer straight after doing so.
They found yet again that the bank details had been changed to those of the fraudster’s!
It’s pretty scary to think that fraudsters can get that close to your business that they’re monitoring and intercepting your emails, and we all need to get a lot more aware of how sophisticated these attacks are getting.
On this occasion no cash was lost. If there had, an insurance company may have covered any losses.
It’s easy to say it was the customer’s responsibility to confirm the correct bank details were being used. But this misses the point. Trying to resolve who stands a major financial hit is not a good way to develop any relationship.
The second tale has the uncomfortable truth that more is lost to fraud by employees than to external parties.
One morning when I was working in a large group, the MD of a sister company took a phone call from the police.
His long-serving, well-regarded purchasing manager had been arrested.
It turned out that for years he’d been taking back handers from a transport company. Our subsequent investigation revealed many of the commonly quoted warning signs, such as his lifestyle being beyond his salary and him having too much autonomy.
While fraud attracts a lot of attention, the huge amount lost because of avoidable run of the mill mistakes is criminal. Occurring either through carelessness or genuine mishaps.
The opportunity for these to occur is increased with people working remotely.
Staff more easily supervised in the office now have greater flexibility. Even diligent staff have been known to let internal checks lapse on occasions, usually well-meaning at the time.
Processes need to evolve with the business. The recent sudden change to remote working is an accelerated example. Exchanges that were previously between two desks are now between two houses. This affects financial processes but other important business activities too.
- How has this affected the management of employee files, edits of control documents or changes in raw material specifications?
- How are purchase invoices and expenses being checked?
- Is the payroll still being authorised by a director?
- How are suppliers’ price increases being checked?
The list goes on. Internal control just got a whole lot more complicated!
Spending some time thinking through your internal and external business risks is time well spent. A much better use of your energy than the time needed to clear up after a fraud. Especially as you will probably implement most of the changes you could identify today.
If you have concerns about the resilience of your business processes and are wondering what to do. Feel free to call me on 07881 204 604 or contact one of the other F Word folks through fwordtraining.co.uk.
We’ll be very happy to give you some pointers.
And we’d love to hear your experiences of fraud so we can share them with other companies too.
Ian Atkinson
F Word partner