Fraud Risk Assessment in 4 Steps | Skillcast

The risk of fraud is inherent in everyday life, particularly in business. Whilst risk cannot be entirely avoided, it can be mitigated.

Fraud figures in the UK indicate that there were 3.2 million offences in 2023, which is a 13% decrease from the previous year. Despite the decrease, police recorded fraud is up 6%. A rise in offences reported by UK Finance has influenced this rise with a 22% increase in offences reported by UK Finance.

What is fraud?

Under the UK Fraud Act, there are three main offences:

• Fraud by false representation: Someone makes a dishonest representation (express or implied) to make a gain or cause a loss to another.
• Fraud by failing to disclose information: Someone dishonestly fails to disclose information that they're legally obliged to in order to make a gain for himself or inflict a loss on another.
• Fraud by abuse of position: Someone holding a position of responsibility (which requires him to safeguard the interests of another) dishonestly abuses the position to make a gain for himself or inflict a loss on another.

Other offences include the possession of articles for fraud, making or supplying articles for use in fraud, participating in a fraudulent business, and obtaining services dishonestly.

Who commits fraud?

Organisations of all sizes are finding themselves victims of fraudulent activity. It's important to remember that there are both external and internal perpetrators of fraud.

• Internal threats: examples include disgruntled employees who may pilfer company assets, overstate expenses or overbill customers. Workers may also collude with suppliers to defraud the firm (misappropriation of funds). Senior managers may also fraudulently report company accounts.
• External threats: these come from customers (obtaining goods or services without paying or misrepresenting their finances), suppliers (submitting false or duplicate invoices), or representatives (not passing on all the money they receive to our firm). Fraud may also be committed by people who are unknown to us via identity theft, CEO fraud, and so on.

Conducting a fraud risk assessment

To protect your company, you need to be aware of any vulnerabilities you may be exposed to and strengthen your existing arrangements. This is why you need to conduct a robust fraud risk assessment by following four simple steps.

Step 1: Identify risks

Firstly, you need to assess your current operations and processes. To do this, you could refer to historical data as well as emerging trends and patterns.

Step 2: Quantify risks

Estimate the probability and impact of each type of fraud. Use the probability/impact matrix to estimate the level of risk along with your risk exposure.

Step 3: Mitigate risks

Once risks have been identified and quantified, you can use the 4T's model to mitigate them:

1. Transfer - in other words, move the financial consequences to a third party. Generally, this involves getting insurance.
2. Terminate - the simplest and most often overlooked solution. Stop doing risky things. This can be achieved through changes in practices and processes or by stopping engaging in activities with low rewards and high risk.
3. Treat - here, you aim to reduce the likelihood and impact of risk. Again, this could involve changes to systems and processes, but importantly, training your team about risk is vital.
4. Tolerate - this is a tricky area. You've found a risk and know its potential impact, but the cost of doing anything about it isn't worth it. This could include risks with low incidence and medium impact or medium incidence and low impact. However, don't consider doing this with catastrophic losses - like building insurance. Failing to transfer that risk before the COVID pandemic has been a stark reminder of why not.

Step 4: Monitor & review risks

It's important to see risk assessment as an ongoing process rather than a one-off task. As part of the identify stage, you will have already gained insights that will help you understand what to monitor and how to review.

However, new risks can appear, and the impact and prevalence of threats can change (both up and down). Think of your assessment as you would a virus software; it is there to protect you and regularly needs checking and updating. And that includes keeping both your processes and your people up to date!

Want to learn more about Fraud?

We've created a comprehensive AML & CTF roadmap to help you navigate the compliance landscape, supported by several financial crime prevention courses in our Essentials Library.

We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.