A Special Interest Group (SIG) set up by fraud prevention consultancy UKFraud (www.ukfraud.co.uk) is warning that fraudsters could benefit from the increasingly silo like segregation of functions in key business disciplines including: compliance, risk management, IT security, fraud prevention and more. In their opinion, this compartmentalisation of corporate skills is the result of each of these areas growing their own specific ‘sector standards’, rules and practitioner associations, to the exclusion of other fields. ‘Effective fraud prevention’ says the SIG, depends heavily on ‘the integration of an eclectic mix of these skill sets’.
Recently established by UKFraud, the Corporate Fraud Prevention SIG consists of leading fraud prevention consultants coupled with representative input from a wide range of industry skill sets. The SIG was established in response to sector frustration at recent claims by the National Fraud Authority, that in the UK, fraud levels have risen significantly from £38bn in 2011 to £68bn in 2012. The aim of the SIG is to analyse the approach taken to fraud both at governmental and private sector levels and to make recommendations for change at local, national and global levels.
The first study by the group has been to analyse the structure, conduct and performance of the corporate fraud prevention market at both a micro and macro- economic level. Amongst their findings were a number of key conclusions. These include:
- The nature of corporate fraud has changed and is changing. It is no longer just the corrupt office manager or small weights and measures issues with suppliers. Rather, it is now more often a highly sophisticated skill, usually involving cutting-edge information technology and managed by highly intelligent fraudsters, often international teams of professional criminals and IT hackers. Fraud techniques used against corporates now range from scams targeting customers to frauds impacting on company credit cards and prepaid cards.
- Consequently, fraud is getting far more complicated to manage and requires an eclectic mix of skills that need to be integrated to deliver an effective deterrent. These include: compliance, IT, risk management, legal, compliance, fraud and audit.
- As fraud may be perpetrated through customer processes, e-commerce, card payments, IT systems, bogus internal controls or the supply chain, the complexity of large organisational processes have started to grow faster as such disciplines move further apart.
- That the solution is to merge some of these skills into fraud prevention committees with expertise drawn from across the organisation as needed. This multi-skill approach means that it is crucial to have the CIO involved as much as it is the head of accounts, compliance manager or the company lawyer.
- That companies increasingly rigidly impose ‘first/second/third lines of defence’ disciplines that are (ironically) imposed by consultants from regulators or auditors. These are simply too theoretical, impractical or/and ‘removed’ from the management of the business, that their effectiveness becomes limiting.
So whilst the field of fraud is becoming ever wider the appropriate team of defenders from the differing corporate functions are making things too complicated and too bureaucratic. There are too many players, too much duplicated procedure and policy, not enough focus on simple effective prevention and clear targeted detection. The large number of people with responsibility to defend the organisation from fraud are tripping over each other and allowing the fraudsters to slip in through the gaps. We need to encourage corporates to form new cross-fertilising enterprise-wide committees or units that can integrate these functional skill into a joined up response.”
Bill Trueman UKFraud’s CEO welcomed Gardner’s comments adding, “Whether it’s a financial scam or a pure IT security issue, fraud within large organisations starts to grow when business departments start to move into silos. Now the problem is growing ever more demanding because even the anti-risk / anti-fraud functions are growing-out into the same types of silos too. This is because the risks are now so big that it is impossible for them to be managed in one place. Once the silos are in place though, the whole thing slows down to a crawl whilst each silo works out how to talk to the next one. This process can then be even further aggravated as inter-company politics take over, and things start to drift.
“Unfortunately fraudsters and other criminals operate much more lithely, quickly and adeptly in changing their modus operandi. Corporates need therefore to maintain an 'act quickly' approach to defeat them. This simply can’t be done when such diversification of departmental responsibilities exist. By establishing the SIG we aim to redress the balance; by advocating that organisations take a holistic view to addressing the threat of fraud.”