Click Questions to see example responses, some of which include embedded links to reference sources.
Various sources indicate fraud is a serious issue, such as:
A 2019 report produced by Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (‘HMICFRS’), on effectiveness and efficiency of the police response to fraud, does not provide encouraging reading for victims of fraud. A key finding is ”The law enforcement response to fraud is disjointed and ineffective”. The report ’Fraud: Time to Choose’ includes:
In August 2021, HMICFRS issued an update having revisited its previous inspection to see how the police service had responded to recommendations and AFIs made in the 2019 report. Under the heading ‘Changes since our 2019 report’, the August 2021 report noted:
In March 2022, HMICFRS published ‘State of Policing: The Annual Assessment of Policing in England and Wales 2021’. The report draws on findings from inspections of police forces in England and Wales, to provide an overall view of the state of policing. The report includes:
Examples of where a director might be deemed personally liable (i.e. if he or she):
Please note: SYSC326 does not provide legal advice. Nothing on this web site should be considered a legal opinion on interpretation of law or regulation.
For firms supervised by the Financial Conduct Authority (‘FCA’), fraud is:
Whilst the FCA prioritises consumer protection (as potential victims of fraud) more than to the protection of firms (as potential victims), the regulator does expect firms to be responsive to fraud risk in their systems and controls framework. The FCA Handbook (SUP 15.3.17) includes: A firm must notify the FCA immediately if one of the following events arises and the event is significant:
FCA guidance includes examples of good and poor practice on firms preventing losses from fraud, including:
|Examples of good practice||Examples of poor practice|
|The firm takes a view on what areas of the firm are most vulnerable to fraudsters, and tailors defences accordingly.||Senior management appear unaware of fraud incidents and trends. No management information is produced.|
|Controls adapt to new fraud threats.||Fraud losses are buried in bad debts or other losses.|
|The firm engages with relevant cross-industry efforts to combat fraud (e.g. data-sharing initiatives like CIFAS and the Insurance Fraud Bureau, collaboration to strengthen payment systems, etc.) in relation to both internal and external fraud.||There is no clear and consistent definition of fraud across the business, so reporting is haphazard.|
|Fraud response plans and investigation procedures set out how the firm will respond to incidents of fraud.||Fraud risks are not explored when new products and delivery channels are developed.|
|Lessons are learnt from incidents of fraud.||Staff lack awareness of what constitutes fraudulent behaviour (e.g. for a salesman to misreport a customer’s salary to secure a loan would be fraud).|
|Anti-fraud good practice is shared widely within the firm.||Sales incentives act to encourage staff or management to turn a blind eye to potential fraud.|
|To guard against insider fraud, staff in high risk positions (e.g. finance department, trading floor) are subject to enhanced vetting and closer scrutiny. ‘Four eyes’ procedures are in place.||Banks fail to implement the requirements of the Payment Services Regulations and Banking Conduct of Business rules, leaving customers out of pocket after fraudulent transactions are made.|
|Enhanced due diligence is performed on higher risk customers (e.g. commercial customers with limited financial history. See ‘long firm fraud’ in FCG Annex 1).||Remuneration structures may incentivise behaviour that increases the risk of mortgage fraud.|
Additional regulatory guidance can be found in Financial Crime Thematic Reviews (‘FCTRs’):
FCTR 10 summarises findings of the Small Firms Financial Crime Review, with guidance for small firms on:
FSA thematic review of Banks’ defences against investment fraud. Contains guidance for deposit-takers with retail customers on:
This may be fraud:
Some companies or their employees seek to avoid paying tax due to HM Revenue & Customs (‘HMRC’), by deploying dishonest evasion measures designed to falsely inflate expenses and/or reduce profitability (and hence Corporation Tax liability).
If you have a Fraud Response Plan this should outline the procedure to follow for suspected (or alleged) fraud, to ensure the response is consistent with senior management expectation and risk-appetite.
In companies’ which do not have a Fraud Response Plan, fraud is sometimes considered a cost of doing business. Whilst this should not be the case, some companies also recognise the police response to fraud is generally weak. Also, when balanced against the combined factors of value lost or at risk, the time it takes to compile a case in support of a civil or criminal fraud allegation, along with the potential impact on business-as-usual activity and the diversion of senior management time, it is not surprising that cost-benefit is a consideration for many corporates.
However, cost-benefit should not be the sole consideration. Other drivers may take precedence, such as:
The Fraud Response Plan (‘FRP’) should clearly set out the minimum steps to be taken in response to the discovery of alleged or suspected fraud, including: overall responsibility for initiating and supervising investigations, as well as key requirements for loss mitigation and evidence preservation
FRP benefits include:
FRP covers tactical and strategic considerations (relevant to the nature, size and operations of the business). Example areas for FRP coverage include:
Management and employees are often the first to identify possible cases of fraud or other impropriety. The FRP should therefore be clear on action to take when a case of suspected fraud is encountered. If staff do not know what is expected of them, any action or inaction on their behalf could inadvertently lead to further loss, or loss of evidence to identify person(s) involved.
No. Not in all cases. But, shareholders, regulators, investment partners, etc., might expect reasonable steps to be taken in response, to identify persons responsible and how to mitigate any on-going fraud risk. Where an investigation is initiated this will be influenced by a range of factors, including (amongst other):
Regulators, industry bodies and fraud specialists recognise the importance of completing a fraud risk assessment (‘FRA’), to inform development (or maintenance) of an effective fraud risk management framework. Completed on a stand-alone basis or as part of a broader enterprise risk assessment programme using scenarios relevant to the organisation, FRA typically considers:
Inputs to scenario assessment could include:
As noted above, FRA scenarios should be relevant to the organisation, to:
Anti-fraud framework arrangements should include:
For more on our fraud services - See Fraud Services