Arun Chauhan, founder of Tenet Compliance & Litigation and a trustee director of the Fraud Advisory Panel, reveals the current fraud threat facing small UK businesses and identifies the ways owners can protect their firm.
Recent figures from YouGov suggest that a staggering 44 per cent of small UK companies have been targeted by fraudsters. However, many organisations still do not have protection in place to mitigate the internal and external threats to their business – dangers which are ever-evolving and sophisticated in nature; particularly given the ease in which fraud can be perpetrated with online tools.
Often shackled by the constraints of surplus financial resources to invest in non-profit making areas of their business, availability of time and occasionally misplaced belief of “it won’t happen to me”, it is essential that business owners take steps to prevent, detect and report fraud.
Put simply, implementing education and processes that eliminate or, at least, diminish risk and ensure the entire workforce remains vigilant is as important as focusing on profit-making processes and procedures.
Where are the risks in the business?
First and foremost, businesses should conduct a thorough risk assessment to identify vital assets, that if impacted by fraud, would cause the most damage to the business. Considering how best to protect these assets and the operational and financial havoc that their corruption could lead to, should be at the forefront of the minds of senior management.
Business Advice unpicks one of the growing threats to small companies, asking what is CEO fraud, before consulting two experts on the typical tactics employed by scammers and how owners can protect their firm.
For example, organisations with an abundance of confidential client data may find themselves most vulnerable to data hack, whereas businesses with a wealth of intellectual property could be significantly damaged by a leak of company secrets by internal or external perpetrators.
Conversely, those who identify a weakness in financial or payment procedures are likely to be susceptible to invoice fraud. Deploying a bespoke approach based on the individual characteristics of a business allows for funds to be allocated in the most effective way possible.
By their nature, small businesses have smaller teams and chains of command which mean fewer employees are responsible for a wider variety of tasks than in larger organisations which often have the luxury of segregating duties as well as detailed governance policies and procedures that actually have worth on “the shop floor”.
This, coupled with the fact that smaller firms are less likely to implement the same depth of financial crime compliance checks as a larger organisation, means that small and medium sized businesses are particularly susceptible to employee fraud.
Internal threats such as these can take many forms but often involve the misuse of funds or the manipulation of profit and loss figures where individuals overstate expenses or understate income.
Often discrepancies are small and difficult to spot but, when allowed to occur undetected over a long period, have the potential to lead to huge losses. Other internal threats can be more purposeful, for example, by fellow shareholders or directors taking action in their own way to address a perceived financial imbalance.
To address this threat, business owners must be aware of the indicators which suggest fraud such as changes in cash flow patterns, stock shrinkage, customer complaints and variations in accounting ratios.
If foul play is suspected, it can be helpful to enlist the opinion of a third-party adviser tasked with identifying the cause of any discrepancies. This objectivity can prove invaluable, especially where working closely with a partner, friend or family member can impair objective decision making.
As businesses grow, new members join the team. Even for family businesses this means widening the circle of trust to new employees. That could and should call for checks and balances to be put in place for the benefit of all. Those measures may seem ludicrous in a firm that has functioned smoothly without, but that is its Achilles heel.
The silent shareholder – who has doubtless worked the “hard yards” in the past – who is increasingly absent from the business as it becomes more established and independent of their input – can act as a prompt for employed members to take advantage.
Although business owners are inherently time-poor, ensuring proper background checks and references are collected for any new starters is essential. Monitoring users’ access to sensitive documents and restricting remote access to confidential files may also prove a sensible preventative move.
As well as evaluating risks from within, businesses must also remain vigilant to external threats such as supplier fraud, data breaches and cyber attacks – each of which in isolation could render the firm’s trading position untenable.
Again, due diligence is crucial here – completing credit and background checks on potential suppliers (and their owners) can prove invaluable. Providing training on the use and access of protected data will reduce the risk of business-critical files falling into the wrong hands or being accessed via vulnerable, unsecured networks.
The highly-publicised cyber attacks of businesses such as TSB, Superdrug, Yahoo and TalkTalk, tell us that even large organisations with considerable IT teams and security budgets are susceptible to breaches.
Although it is important for businesses to implement the best online security measures possible, organisations may find that insuring against such incidences provides a greater degree of assurance.
While the structure and working practices of SMEs can make firms particularly vulnerable to fraud, every business can take steps to reduce risk. Crucially, leaders must take the threat seriously and focus on the improvement of systems and processes that reduce the scope for fraudulent behaviour – both internally and externally.
Businesses and their owners must allocate resources based upon their individual characteristics and, where possible, enlist the entire workforce in remaining vigilant to the signs of fraud -as after all, those that best know the business can protect the business.
Arun Chauhan is the director of Tenet Compliance & Litigation and a Trustee Director of the Fraud Advisory Panel
Sign up to our newsletter to get the latest from Business Advice.