Long read
9 most common acts of business fraud - and how to protect yourself from attacks
As defined by HSBC, an act of fraud is where there is ‘suspicious activity or when a transaction debits your account, which you had no knowledge of or didn’t authorise’.
But fraud can also come in the forms of scams – wherein the victim is tricked into authorising a fraudulent activity.
Fraud can be dated back to 300 B.C., although one imagines it predates even that, when two Greek sea merchants were said to have taken out an ‘insurance policy’ on their ship and its cargo. The deal, known as a ‘bottomry’ would see merchants borrow money which they were required to repay with interest after seeing their wares. If they failed to sell their merchandise, the ship and cargo would be claimed by the lender.
In a money-making scheme, the two men, Hegestratos and Zenosthemis, planned to sink the ship after they had sold their cargo and keep the money. It didn’t quite go to plan though – with the chaps caught red handed.
Today, fraudsters are much savvier and the forms in which it manifests, are more complicated, especially as technology has advanced.
Most common acts of fraud
Insider/Employee fraud: Internal threats of fraud in the F&B sector can take many forms ranging from theft of commercial data, to divulging sensitive pricing and ingredient information to third parties, to misappropriation of money and diverting assets from delivery or supply.
Invoice fraud: This is where fake invoices are generated, or legitimate invoices are altered to overcharge for goods or services, or to divert funds for seemingly genuine goods/services into a fraudster’s account.
This is an area of risk typically associated with cybercrime and prominent in sectors such as food and drink, given the volume of transactions and international supply chains where verification of account details is harder.
Product substitution: This is when there is substitution of products used in the supply chain for inferior or counterfeit materials. These are often of poor quality and can lead to the overall product being defective causing quality control issues, customer dissatisfaction and in severe cases where a product has been adulterated with a chemical or allergen, an adverse reaction or death.
Kickbacks and bribery: This occurs when individuals within the supply chain accept bribes or kickbacks from suppliers in exchange for favouring their products or services, or for easing the passage of goods across borders, often at the expense of the victim company’s best interests.
Companies should also be aware of the Bribery Act 2010 which, among other offences, states that a commercial organisation can be guilty of an offence if they fail to prevent persons associated with it from bribing.
Data manipulation: Fraudsters may manipulate supply chain data, such as inventory levels, production figures or sales data, to mislead stakeholders and create false financial statements. An example of this is the Patisserie Valerie scandal.
Ghost employees and vendors: This is where a fraudster creates fictitious employees or vendors to issue fraudulent payments and divert funds.
Sanctions violations: There are occasions where economic sanctions are put in place that restrict the flow of assets to or from certain countries, individuals or businesses. By importing goods from these countries, businesses may be placed breach of these sanctions which can cause significant reputational damage (as well as monetary).
There are many ways in which sanctions can be violated and this often takes the form of disguising where goods have come from. Examples of this include deliberately disabling a ship’s tracking system or setting up a complex and confusing network of companies to avoid detection.
Contract and misrepresentation fraud: This is where there is a misrepresentation in terms of pricing, ability to deliver a project based on experience or resource, or other aspects of the supply chain contract which can lead to losses for one of the contracting parties.
Cybercrime: Data breaches is one of the most common forms of cyber threat and it occurs when fraudsters gain access to sensitive information (often customer data). It can also include ransomware attacks, phishing and social engineering, malware/viruses and emails being compromised.
How to protect your business
Company culture
For Tenet law, the first step is to protecting your organising is knowing your employees and driving a strong company culture.
“Knowing your employees can aid in identifying individuals who might be facing personal circumstances that leave them in ethical dilemmas which could lead to them committing fraud,” Tenet Law told Food Manufacture.
“Good people can do bad things depending on their circumstances, and that is why your business needs your employees to be your eyes and ears. Your employees will only take up that responsibility if they work in an environment where culture and integrity are strong.”
This means employers need to be in the room with their employees (metaphorically and at times physically), as the law firm explained: “As a business you need to understand the challenges employees face and determine the best ways you can assist them.”
You can do this by encouraging a culture of openness, whereby employees can share not just their personal concerns but also worries they may have about fellow colleagues.
“Empower your team's voice, when employees believe their input is valued and action will be taken, they are more likely to speak up.”
By increasing engagement and motivation and using terminology such as ‘us’ rather than ‘me’ can foster a sense of ownership and commitment to the business’s success.
Whereas a negative culture can contribute to dishonest behaviour and put honest employees off from raising concerns.
Avoid ‘headless chicken’ moments
It’s also important that you know how you will respond to fraud before it happens.
As the Tenet Law team explained to Food Manufacture, you need to consider things such as who should take ownership of an investigation team; who should be in that team and why? What is your approach to each type of fraud? How often do you update a fraud response plan to make sure the right people can be contacted immediately?
“Your investigation team should be led by someone within your organisation – you know your organisation best. This shows that you are taking ownership of the situation. Your insurance policies, such as fidelity policies will have a number of condition precedents which can act as a great tip to your organisation for best practice.
“Take legal advice on both HR and recovery strategies – getting early decisions wrong can be costly. Consider which third parties may have been involved, if any. Decide your priorities – recovery or punishment – this helps set a strategy of whether you make a complaint to the police or seek recovery via the civil court (or a combination of the two). You should also consider how the event coming into the public domain could affect your business.”
Implementing protective practices
If you want your team to speak up, you need to create a platform to do so.
“Compliance should be built form the ground up. Senior managers should learn from those with their ‘ear to the ground’ and embrace this knowledge to build resilience. Brave conversations need to be had, asking colleagues how fraud could happen in their roles.
“If an employee is concerned about wrongdoing or having spotted potential risks, they need an employer who genuinely wants to listen and welcomes the feedback.”
Trust needs to go both ways – as a leader you need to trust your team and in turn, they need to trust you. This will create a culture of openness and it will also demonstrate that you care and want to protect your employees.
“Belief in your employees gives them safety and a by-product of that is the desire of employees to then look out for their employer.”
Tenet also suggests asking yourself, ‘why do you want to prevent fraud?’
For the food and drink sector, health and safety should probably be your top priorities, but if your employees don’t know this and understood how dangerous fraud can be to the sector – how can you expect them to care and protect the business?
“They need to think about what specific damage could fraud do to your business and is this communicated to your employees?
“The key is knowing which assets, if impacted by fraud, would cause the most damage to the business. Build a risk management programme based around the matrix of the largest impact, measured against the risk of that impact happening. Understand the types of fraud risk that may be in play (employee breach of confidence, collusion with a contractor, cybercrime, etc).”
Based on this, your risk management policies and procedures will be fit-for-purpose.
Alongside championing this positive, whistleblowing culture, there are also some other simple, everyday measures you can take.
“Make payments via BACS to known bank accounts for suppliers to avoid the risk of fake invoices to illegitimate accounts and reduce the needs for expenses claims,” Tenet’s team advised.
“Put checks and measures in place, even for trusted and long-standing employees – use peer reviews and audits to check the integrity of transactions and integrity of external relationships.
“Undertake some analysis from time to time to check for an increase in number of suppliers, a rise in expenses claims or any unusual patterns, such as sudden escalation in the use or costs of a particular supplier.”
It’s important that you know your suppliers, the Tenet team added.
“Undertake due diligence before engaging with suppliers to check the business credentials and see if there are any undeclared connections to employees. It is also important to be familiar with their invoices and pricing structure and to double check invoices in support of expenses directly with suppliers to ensure the correct name and payment details appear. Spot check the amount claimed on an invoice directly with the supplier from time to time.”
