£4 million is lost through fraud every single day in the UK. Criminal techniques are fast evolving with new ways to defraud businesses causing financial loss, damage and disruption. John Edwards, Chief Executive and Group Executive International of the Institute of Financial Accountants (IFA), takes a closer look at current trends in fraud and what steps SMEs can take to mitigate their risk.
UK Finance reported a 30% increase in fraud in the first half of 2021, with almost £754m stolen. Data breaches are a key enabler of fraud, with the personal and financial information lost in breaches then being used to commit fraud affecting individuals and the private and public sectors alike. As gatekeepers to the financial system, accountants are committed to playing their part in helping to prevent and detect this ever-present crime, but SMEs also need to be vigilant against any suspicious activity and be aware of the signs.
APP fraud
Authorised push payment (APP) scams are on the increase. According to UK Finance, APP scams increased in frequency by 60% and rose 71% in value in 2021 compared to 2020. APP fraud is where the customer is tricked into authorising a payment to an account controlled by a criminal.
This can come in various guises including scam phone calls, text messages and emails, used as a tactic to deceive people into handing over personal details and passwords. Often fraudsters will use online platforms, including fraudulent advertising through search engines, social media, and fake websites. Last year, there were significant increases in impersonation scams, as criminals posed as banks, government bodies and even health officials to con people out of their money.
For SMEs, the first initial step should be to strengthen email security. Use of strong passwords and changing them frequently is key, as is avoiding duplication across applications. Organisations should also use two-factor authentication where available but not one linked to a mobile device as it can be stolen. Using a second email as a recovery account is now a thing of the past and not considered adequately secure – criminals can use this as back entry into primary email accounts. Malware and hacking are also becoming harder to detect as methods get smarter, so never click on suspicious links or use an unknown USB stick. Businesses must ensure that staff avoid using public or non-secure private networks too.
Green fraud
As governments and companies commit more to net-zero carbon targets, this has paved the way for criminal opportunists as they seek to use the climate crisis to their advantage. According to one source, green fraud across public and private sector spending could amount to £3.5bn per annum, and up to £50bn by 2050. As more houseowners consider making environmentally friendly upgrades on their properties, they are also unknowingly becoming a potential target for eco-fraud activity. Criminals can pose as companies performing services such as replacing outdated heating and insulation, or defrauding consumers via state-funded schemes. An example of where such fraud has already been committed is via the now abandoned £2bn Green Homes Grant, launched in 2020, which resulted in scammers abusing its name to proffer their unapproved services to victims. Like APP fraud, this type of fraud is carried out by a mixture of small-time operators and organised crime gangs.
To minimise the risks of being exposed to green fraud, SMEs are advised to do their research and check the company being used before buying anything. This includes asking for references, verifying the company’s details using external sources, and reading any terms and conditions. It is also best to check certified schemes that recommend traders, such as TrustMark, the Government’s endorsed quality scheme. Get written quotes and a contract before giving a contractor the go-ahead, and ask about payment options to avoid paying for costs up-front where possible.
Scams will often ask a target to share their banking details so that they can access bank accounts, so it is advisable that firms are vigilant and cautious about sharing this type of information with sources where trust could be an issue.
Employee fraud
Costing UK businesses around £190m annually, the three most common types of fraud in the workplace are inventory theft, data theft, and cash theft. Internal controls are crucial in tackling employee fraud – it takes an average of 14 months before the majority of employee fraud cases are discovered and dedicated controls are one way to drastically cut this.
Fraudsters will usually have access to money or stock, depending on the nature of the business. Particularly for those individuals in finance roles or with access to money, firms can introduce spot checks, regular reviews or audits, and ensure that these are carried out, preferably by somebody different each time. This should apply to every level of employment.
Where there are anomalies in inventory or revenue, software can help. As much as a ‘Big Brother’ approach seems drastic, appropriately placed cameras in the premises can act as an effective deterrent. Where appropriate, the use of covert surveillance might also be considered. There are strict rules governing when, and for how long, covert monitoring is acceptable, but it is an option in some cases, so it is recommended to seek expert advice.
Money laundering
Money laundering remains one of the biggest threats and is on the rise in the UK. The Economic Crime Act was fast-tracked in March, due to Russia’s invasion of Ukraine, to prevent wealthy individuals, including Russian oligarchs, from hiding money in the UK that had been obtained through corrupt or illegal means. As new technologies develop, such as virtual currencies, there is also a risk of further fraudulent activity.
A second Economic Crime Bill is expected to be passed through Parliament shortly. This legislation will comprise measures designed to increase transparency and give law enforcement enhanced powers to combat money laundering and to encourage businesses to share information on suspected economic crime.
The bill will mean anyone setting up, running, owning or controlling a company in the UK would need to verify their identity with Companies House, which will be able to challenge dubious information and inform security agencies of potential wrongdoing.
The Joint Fraud Taskforce
As fraud continues to evolve, so must the UK government and regulators to keep up in its efforts to halt it. As part of its ongoing campaign, the government relaunched the Joint Fraud Taskforce at the end of 2020, seeking to counter fraud through public-private partnership. The taskforce launch saw three new signed charters, including the Accountancy Sector Fraud Charter, which aims to strengthen fraud defences. The IFA is one of the signatories of this charter. According to the government issued statement, the ambition is to “commit industry leaders to work with government to deliver new, innovative projects with the ultimate aim of reducing the growing threat and protecting the public”.
The government also announced several measures in its “Beating Crime Plan” in July last year to build up its capability in fighting fraud and cybercrime, including forming a new fraud investigative function in the National Crime Agency (NCA) to target complex and serious fraudsters. SMEs can also play their part in tackling the issue, simply by being more vigilant and understanding the red flags associated with any suspicious activity.