Click Questions to see example responses, some of which include embedded links to reference sources.
Various sources indicate fraud is a serious issue, such as:
The House of Commons report ‘Progress combatting fraud’ (March 2023) identifies:
Fraud against businesses and individuals is a significant and growing problem. Since we last looked at this issue in 2017, fraud appears to have been everyone’s problem but no-one’s priority. Combatting fraud is ultimately the responsibility of the Home Office. Fraud now accounts for 41% of all crimes committed in England and Wales, with 3.8 million incidents of actual or attempted fraud in the year to June 2022. We are deeply disappointed in the slow progress made by government in the last five years. Many of the same issues remain and there is still no sign that government has a grip on fraud or an adequate strategy to address it. Meanwhile, victims of fraud are left to pay the price. The Home Office’s most recent estimate of the cost of fraud to individuals is £4.7 billion, and it still cannot quantify the potential cost of fraud to businesses. Becoming a victim of fraud can be deeply distressing for many people and in some cases can cause lasting psychological damage. We are concerned that victims feel lost in the system, with poor communication leading to missed opportunities to prevent further harm and potentially undermining public trust in law enforcement.
Law enforcement is not set up to tackle the challenges presented by fraud. The volume and complexity of fraud currently overwhelms the capacity of both Action Fraud and local police forces, who lack the training and resources they need to pursue the hundreds of thousands of cases reported every year. We are also concerned that police morale is being undermined by the time it takes to investigate and prosecute fraud and the relatively short sentences handed out when prosecutions are successful.
The Home Office is not doing enough to influence those who are instrumental in combatting fraud. The Department is dependent on the banking, technology, telecoms and retail sectors to fight fraud, but its approach will continue to be sluggish and outmanoeuvred if it relies on purely voluntary charters with these sectors. The majority of frauds are also suspected to have an international element, but relationships with overseas criminal justice agencies are immature and threatened by the UK’s lack of domestic capacity.
We are disappointed given the pervasive and damaging effects of fraud on business, individuals, and society that the Government is still not able to fully grasp its extent let alone reduce its prevalence or harms. We will therefore continue to monitor both good and poor practice across government in this area.
A 2019 report produced by Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (‘HMICFRS’), on effectiveness and efficiency of the police response to fraud, does not provide encouraging reading for victims of fraud. A key finding is ”The law enforcement response to fraud is disjointed and ineffective”. The report ’Fraud: Time to Choose’ includes:
In August 2021, HMICFRS issued an update having revisited its previous inspection to see how the police service had responded to recommendations and AFIs made in the 2019 report. Under the heading ‘Changes since our 2019 report’, the August 2021 report noted:
In March 2022, HMICFRS published ‘State of Policing: The Annual Assessment of Policing in England and Wales 2021’. The report draws on findings from inspections of police forces in England and Wales, to provide an overall view of the state of policing. The report includes:
In May 2023, UK Government published a Fraud Strategy which describes - "Fraud poses a significant threat to the people, prosperity, and security of the UK. It is by far the most common crime and now accounts for over 40% of all offences in England and Wales. This strategy will tackle fraudsters head on and cut fraud by 10%, protecting the British people’s hard-earned cash from criminals and putting more fraudsters behind bars."
To deliver a 10% cut in fraud on 2019 levels by December 2024, the government intends to:
In April 2023 UK government announced its intention to create a new failure to prevent fraud offence, to hold organisations to account if they profit from fraud committed by their employees.
Large organisations will be able to avoid prosecution if they have reasonable procedures in place to prevent fraud. There may also be circumstances where it is reasonable to have no fraud prevention procedures in place (for example, organisations where the risk is extremely low).
The government has not introduced a personal liability in the ECCTA for the failure to prevent fraud offence.
The government is expected to publish guidance in 2024, providing organisations with more information about reasonable procedures before the new failure to prevent offence comes into force.
Examples of where a director might be deemed personally liable (i.e. if he or she):
Please note: SYSC326 does not provide legal advice. Nothing on this web site should be considered a legal opinion on interpretation of law or regulation.
For firms supervised by the Financial Conduct Authority (‘FCA’), fraud is:
Whilst the FCA prioritises consumer protection (as potential victims of fraud) more than to the protection of firms (as potential victims), the regulator does expect firms to be responsive to fraud risk in their systems and controls framework. The FCA Handbook (SUP 15.3.17) includes: A firm must notify the FCA immediately if one of the following events arises and the event is significant:
FCA guidance includes examples of good and poor practice on firms preventing losses from fraud, including:
|Examples of good practice
|Examples of poor practice
|The firm takes a view on what areas of the firm are most vulnerable to fraudsters, and tailors defences accordingly.
|Senior management appear unaware of fraud incidents and trends. No management information is produced.
|Controls adapt to new fraud threats.
|Fraud losses are buried in bad debts or other losses.
|The firm engages with relevant cross-industry efforts to combat fraud (e.g. data-sharing initiatives like CIFAS and the Insurance Fraud Bureau, collaboration to strengthen payment systems, etc.) in relation to both internal and external fraud.
|There is no clear and consistent definition of fraud across the business, so reporting is haphazard.
|Fraud response plans and investigation procedures set out how the firm will respond to incidents of fraud.
|Fraud risks are not explored when new products and delivery channels are developed.
|Lessons are learnt from incidents of fraud.
|Staff lack awareness of what constitutes fraudulent behaviour (e.g. for a salesman to misreport a customer’s salary to secure a loan would be fraud).
|Anti-fraud good practice is shared widely within the firm.
|Sales incentives act to encourage staff or management to turn a blind eye to potential fraud.
|To guard against insider fraud, staff in high risk positions (e.g. finance department, trading floor) are subject to enhanced vetting and closer scrutiny. ‘Four eyes’ procedures are in place.
|Banks fail to implement the requirements of the Payment Services Regulations and Banking Conduct of Business rules, leaving customers out of pocket after fraudulent transactions are made.
|Enhanced due diligence is performed on higher risk customers (e.g. commercial customers with limited financial history. See ‘long firm fraud’ in FCG Annex 1).
|Remuneration structures may incentivise behaviour that increases the risk of mortgage fraud.
Additional regulatory guidance can be found in Financial Crime Thematic Reviews (‘FCTRs’):
FCTR 10 summarises findings of the Small Firms Financial Crime Review, with guidance for small firms on:
FSA thematic review of Banks’ defences against investment fraud. Contains guidance for deposit-takers with retail customers on:
This may be fraud:
Some companies or their employees seek to avoid paying tax due to HM Revenue & Customs (‘HMRC’), by deploying dishonest evasion measures designed to falsely inflate expenses and/or reduce profitability (and hence Corporation Tax liability).
If you have a Fraud Response Plan this should outline the procedure to follow for suspected (or alleged) fraud, to ensure the response is consistent with senior management expectation and risk-appetite.
In companies’ which do not have a Fraud Response Plan, fraud is sometimes considered a cost of doing business. Whilst this should not be the case, some companies also recognise the police response to fraud is generally weak. Also, when balanced against the combined factors of value lost or at risk, the time it takes to compile a case in support of a civil or criminal fraud allegation, along with the potential impact on business-as-usual activity and the diversion of senior management time, it is not surprising that cost-benefit is a consideration for many corporates.
However, cost-benefit should not be the sole consideration. Other drivers may take precedence, such as:
The Fraud Response Plan (‘FRP’) should clearly set out the minimum steps to be taken in response to the discovery of alleged or suspected fraud, including: overall responsibility for initiating and supervising investigations, as well as key requirements for loss mitigation and evidence preservation
FRP benefits include:
FRP covers tactical and strategic considerations (relevant to the nature, size and operations of the business). Example areas for FRP coverage include:
Management and employees are often the first to identify possible cases of fraud or other impropriety. The FRP should therefore be clear on action to take when a case of suspected fraud is encountered. If staff do not know what is expected of them, any action or inaction on their behalf could inadvertently lead to further loss, or loss of evidence to identify person(s) involved.
No. Not in all cases. But, shareholders, regulators, investment partners, etc., might expect reasonable steps to be taken in response, to identify persons responsible and how to mitigate any on-going fraud risk. Where an investigation is initiated this will be influenced by a range of factors, including (amongst other):
Regulators, industry bodies and fraud specialists recognise the importance of completing a fraud risk assessment (‘FRA’), to inform development (or maintenance) of an effective fraud risk management framework. Completed on a stand-alone basis or as part of a broader enterprise risk assessment programme using scenarios relevant to the organisation, FRA typically considers:
Inputs to scenario assessment could include:
As noted above, FRA scenarios should be relevant to the organisation, to:
Anti-fraud framework arrangements should include: