Authored by RSA
When it comes to fraud affecting a business it’s a matter of ‘when’, rather than ‘if’. Fraudsters are increasingly inventive: your team could be targeted, your relationships could be used … even your online profile could be a risk. Here’s why the right cover is so essential.
The truth is this – fraud will rear its head in one out of every two companies. Over the past 10 years, the methods used by fraudsters have become smarter and more sophisticated, with social engineering and increasingly inventive fund diversion tactics becoming the everyday norm.
Along with an accompanying rise in employee fraud, businesses need to take an open-minded approach to the risks and start to believe that they will be susceptible to fraud in one form or another – whether that’s a shifty expenses claim or a £2 million credit loss. With even the most security-conscious companies falling prey to fraud, it’s vital to have cover in place for when the inevitable happens.
“One of the main types of fraud we’re seeing these days is the emergence of social engineering”
Craig Watson – Head of Financial Risks at RSA – specialises in helping businesses prepare for the risk of business fraud, as well as assisting them when it comes to recovering their losses. But these can be complex tasks. Unlike single event catastrophes such as fire or flooding, fraud can slip through the cracks of a typical business and be exceedingly difficult to detect.
“One of the main types of fraud we’re seeing these days is the emergence of social engineering, where we see the misuse or the manipulation of individuals within a business, usually within a finance team,” Watson explains. “Fraudsters will use email or telephone to build a relationship with those individuals who will then divulge personal information or information that the fraudsters can use for their own benefit.”
With this information the fraudsters can understand how a business operates from within, making it easy for them to carry out their nefarious activities effectively and, most importantly, quietly.
They’ll often have people watching the company to see when critical team members – like the finance director – go for their lunch break, so they can quickly target another member of the team.
“Fraudsters won’t go to a £10 million turnover contracting firm and try and steal £2 million because they know that would stand out like a Belisha beacon to that business,” says Watson. “So, what they will try and do is create a mechanic that is a typical payment.
A couple of years ago email cloaking was prevalent. An email would be created to make it look like it came from a senior individual in the business asking for a transfer of money – and there would tend to be an urgency about that – and it could, for example, be in a contracting firm requesting a transfer of between £15,000 and £50,000 for upfront costs to another subcontractor. And that would be passed to somebody in the finance team, and it would look and feel like it came from the managing director or the business owner.”
Watson cites an example of this precise type of fraud only being discovered when an affected finance team member checked such a transfer with the company MD, who was – fortunately – seated directly opposite.
“That kind of scenario has often proved to be the catalyst for a client thinking about commercial crime,” says Watson. “Maybe they have a near miss, or they lose an amount of money that hasn’t been life threatening to the business. But it’s been enough to remind them that this form of insurance should really be considered.”
Employee fraud: the risk from within
Even more worrying for companies is the recent growth in employee fraud. If fraudsters from outside a business can manipulate its finance team, then imagine how much easier this can be for someone working within a company.
“History tells us that when there is an economic downturn, a recession or a rise in inflation, then employee fraud increases,” Watson explains. “Unfortunately, it tends to follow the economy and some employees will be on the look-out for an opportunity to steal.”
Watson gives the example of a disgruntled employee making a total of 134 fraudulent disguised expense payments over a period of years which eventually totalled in excess of £420,000. But employee fraud doesn’t just take place at the lower levels of a company’s hierarchy.
“We’ve seen a situation recently where three senior individuals in a company took advantage of Covid working practices, which had been less rigorous than they had been in the past due to the agile working-from-home environment, and stole £750,000 from the business,” says Watson.
“We were able to make a full recovery on that because of the timeliness of the claim, and also because the individuals were high-net-worth individuals. And they also didn’t really find the prospect of going to jail very appealing,” he smiles, “which seemed to focus the mind.”
Mitigating the risk of fraud
While it’s almost impossible to eradicate fraud, steps can be introduced to mitigate the damage that it can cause.
Beefing up the systems of check and control and training a company’s procurement, finance and HR teams to be more vigilant to fraud are a start – making sure that employees are aware of the dangers of putting too much personal and professional information online will make it harder for them to be targeted by fraudsters. But ultimately, the only sure-fire way to prevent a company going under due to fraud is to ensure that the appropriate cover is in place.
“I have met many clients who have excellent risk management and fraud prevention baked into their corporate DNA,” says Watson. “And yet keeping up with the fraudsters can become an industry in itself.
“Often, businesses are more vulnerable when they’ve just updated their anti-fraud protections or trainings,” explains Watson, “because that’s when they let their guard down.”
So, fraud – whether perpetrated by outside actors or employees within the business – is probably going to happen. And when it does, having RSA as an insurance partner will more than likely take the sting out of the tail.
“RSA understands the various dynamics that are available to try and get that lost money back. In some cases, we’ve worked with the police to try and put pressure on an individual and consider a criminal charge against them,” Watson explains.
“In the case of those 134 fraudulent expense payments, we were able to apply for a court order to freeze the fraudster’s assets and a charging order over the property that they lived in.”
In this instance, while RSA’s experience in handling these claims was able to navigate the best route to a recovery, the insured also had the benefit of knowing they had protected their balance sheet by having the commercial crime contract in place.
“These days losses through fraud are regarded, quite simply, as a risk of doing business,” he adds. “And that’s why we need to get these insurance covers more into the subconscious of businesses both big and small.”
Three ways to protect your business
1. Have a robust finance function with a regular audit review.
2. Communicate regularly with your bank and funding partners as they will often witness the fraudulent activity firsthand.
3. Continual training and education for your staff.