Fraud is all too common these days, and small businesses can be vulnerable. This section doesn't attempt to cover every type of fraud that might affect firms, but concentrates on a few of the most prevalent and offers some advice about what you can do to avoid them.
Newspaper stories reveal all too often that it only takes one dishonest employee to bring a company to its knees. How can you ensure that this doesn't happen to yours?
At application stage
- Screen all staff properly before you employ them. The extent to which you do so may depend on the role they are applying for, but as a general rule, proper screening at this stage can prevent repercussions.
- Verify qualifications thoroughly. Take up references. Sometimes previous employers will be more candid on the telephone than they are willing to be in writing but, if you do telephone for a reference, check the telephone number against a directory first to make sure that it really is the previous employer.
- Verify the applicant's identity (using passport, driving licence, etc) and check their right to work in the UK.
- Some organisations check internet and social networking sites to make sure that there is nothing negative recorded about the applicant.
- Depending on the responsibilities of the role, you may wish to pay for a thorough pre-employment check by a commercial organisation.
- If it is important to you that your employees have no history of fraud, you may be interested in being able to screen for that. See www.cifas.org.uk/staff_fraud_membership
- Ensure that your organisation has a fraud policy, and explain this during each employee's induction. The message should clearly come "from the top" so that employees understand that the policy is part of the organisation's culture. If employees know from the outset that you have careful controls in place to prevent fraud, understand them (and the consequences of fraud) then this will help set the tone for the future.
- Don't make the mistake of assuming that only new/temporary staff will be the possible fraudsters. Research has shown that the length of service for fraudsters has risen dramatically in recent years. In addition do not restrict your checking to low and mid level staff as this could also expose your company to risk.
- Segregate duties so that no member of staff is responsible for recording a transaction and processing it. This provides an anti-fraud control. In addition, regular rotation of duties where possible will ensure that no single member of staff will be the only one responsible for key areas. This will remove opportunity, as well as serving as a method of detection.
- Remove temptation. Ensure that as few people as possible have access to financial information and any other company asset that they might be tempted to steal.
- Review all of your procedures to make sure that they are not open to fraud. (An obvious example is expenses – make sure that these are properly verified and scrutinised, and authorised separately).
- Regular audits will help to ensure that processes are not vulnerable to fraud. Random audits can be useful, but care is needed to ensure that these are seen to be part of the company's regular procedures, and not as victimisation or as evidence of particular suspicions.
- Have a clear, confidential whistleblowing procedure that is communicated to all staff. If employees know that they can report any suspicion or evidence of internal fraud confidentially, without fear of reprisal, they will be more likely to do so rather than turn a blind eye.
- Treat your employees well. Employees who work in a friendly, ethical organisation with fair treatment of staff are far less likely to turn to fraud.
COMPANY IDENTITY THEFT
We've all read horror stories about company hi-jackings. This happens when fraudsters (without the genuine company's knowledge) change the details of directors and the registered address with Companies House in order to hi-jack the company's identity. This is generally done so that the fraudsters can go on a spending spree, or have high-value goods delivered to the "new" address, leaving the company with a massive debt and a ruined credit rating on top of leaving the genuine directors to try to reclaim the company's identity.
To stop this happening to your company, be aware of the risks and follow this advice:
- The ability of fraudsters to get full information from Companies House about directors in order to perpetrate fraud became well-known. Companies House therefore introduced counter-measures. One of these means that, when your directors and Company Secretary file their details at Companies House, they can opt to use a "service address" for the public register rather than a home address. Please be aware, however, that historic documents filed previously with a residential address will still be on the public register. A separate register (which is not made available to the public) of residential addresses is also kept by Companies House but this is only accessible to certain organisations such as HMRC and the police.
- Use the Companies House PROtected Online Filing (PROOF) system. This free service is a secure way to file documents changing company or directors' details electronically, and means that any paper forms submitted by fraudsters will automatically be rejected. The system uses an authentication code that is unique to the company. Needless to say, fraudsters are now contacting companies by telephone in all sorts of ingenious ways to try to obtain their codes. So remember, when you sign up for the PROOF system, do not give your authentication code to anyone. For further information, see the Companies House website http://www.companieshouse.gov.uk/infoAndGuide/proof.shtml
- Be as careful with the details of your company and its directors and Company Secretary as you would be with your own personal details. Do not give information away lightly, especially to anyone you do not know and trust. Documents that could be of use to a fraudster should be shredded before disposal. Educate your staff about phishing scams, so that they do not inadvertently give your company information away to a scammer. Introduce rules restricting who can give out company information and to whom.
- Reconcile your bank statement carefully. Check and follow up any transactions that you did not authorise.
- If you receive any invoices for goods you did not order, or any financial information such as statements for accounts you are unaware of, or even credit cards you haven't applied for, act immediately, as this could be a sign that company identity fraudsters are at work.
For more information about how to avoid fraud:
DON'T SELL TO FRAUDSTERS
- Life is tough enough in business without selling to those who have no intention of paying. Here are some ideas for reducing the risk of dealing with fraudsters:
- Sad though it is, don't take anything on trust. Double check everything.
- Make sure you know who you are dealing with. Verify the company details, check who their directors are. Get their Company Registration Number (if they have one) and check it against the Companies House register on the website.
- Confirm the telephone numbers (comparing them with directories, the internet, websites, etc), fax numbers, website, etc. Be particularly cautious if the only telephone number they can give you is a mobile number. Ask them to supply a landline number as well, if possible.
- Verify the trading address.
- Ensure that the telephone area code corresponds with the trading address.
- Obtain trade references but still be cautious. Try to ensure that the company giving the trade reference is genuinely independent (and not a relative, for example!).
- Obtain consent to making credit checks and do so.
- Where appropriate, ask them to provide banker's reference.
About CIFAS – The UK's Fraud Prevention Service
CIFAS is a not-for-profit membership association representing the private and public sectors. CIFAS is dedicated to the prevention of fraud, including staff fraud, and the identification of financial crime.
CIFAS has over 250 Members spread across banking, credit cards, asset finance, retail credit, mail order, insurance, savings, telecommunications, factoring, share dealing and the public sector. Although at present CIFAS Members are predominantly private sector organisations, public sector bodies may also share fraud data reciprocally through CIFAS to prevent fraud.
Members share information about identified frauds in the fight to prevent further fraud. Since CIFAS was founded, CIFAS Members have prevented fraud losses to their organisations worth billions of pounds by sharing fraud data in this way.