Why Fraud Prevention Always Matters
Despite the prevalence of organizational fraud and its well-documented costs, businesses both large and small continue to operate without – or fail to review and test – systematic fraud prevention programs, running the risk of avoidable loss and reputational harm.
Being able to identify, avoid, and overcome social engineering, wire fraud, cyber hygiene, and physical security threats provide business owners and their teams real opportunities to scale effectively and pursue new opportunities to grow the business.
Why It Matters
Whether during the holidays, peak summer, or any time in between, the fall-out of reputational, operational, or financial fraud can be a gut punch to the integrity of any business. And while it may not always seem like an immediate catastrophe, the cumulative effects always are.
The truth is, as long as businesses compete fiercely on price in markets where consumers can purchase with the click of a button, tight margin conditions and the cost management of fighting fraud can – and often does – mean the difference between profit and loss.
Objections
The known/unknown paradox says that, just because a business does not know its risks, does not mean the risks do not exist. Because unless the business has designed and implemented a custom fraud prevention program informed by leading best practices, it cannot actually and accurately identify where its vulnerabilities are.
Below are a few of the standard arguments against fraud prevention programs we’ve heard (each are addressed in the subsequent sections of this blog):
- “With the probability of fraud so low, the cost outweighs the benefit of prevention.”
- “Spending time focused on prevention tactics detracts from real growth opportunities.”
- “The business is too small/too big to not notice fraud before it happens.”
- “Trusted employees would never commit fraud against their place of work.”
Key Data Points
Understanding how to manage risk provides a boost to any businesses bottom-line, and controlling fraud risks is a vital component:
- A Government Accountability Office (GAO) report estimated that the amount of fraud in unemployment insurance (UI) programs during the COVID-19 pandemic was likely between $100 billion and $135 billion.
- According to the Association of Certified Fraud Examiners (ACFE), a solitary case of occupational fraud costs the victim organization an average of more than $1.5 million.
- Certified Fraud Examiners (CFEs) estimate that organizations lose 5% of their revenues each year to fraud.
- In an ACFE’s Report to the Nations, a study of 1,921 cases of occupational fraud investigated by CFEs in 138 countries, the typical fraud lasted 12 months before it was detected, with 84% of fraudsters showing at least one behavioral red flag.
- In 2023, digital fraud risks like BEC (business email compromise) skyrocketed, with monthly attacks per 1,000 mailboxes more than doubling to 10.77, a 108% increase compared to 2022.
So, What’s at Stake?
The process of developing a fraud prevention program is beneficial because, in addition to helping prevent future fraud, it also kick-starts discovery. Often, fraud hides in plain sight (for example, interdepartmental dependencies and shared access points can create vulnerabilities).
High Reliability Organizations are not satisfied with convenience, remain inherently curious, and choose willingly to reduce the risk of fraud. This gives them numerous tactical and competitive advantages over those that don’t:
For Cash Handlers, this means:
Understanding and continually validating the Three P’s of fraud prevention – Policy, Process, Procedure – that are designed to reduce and control the likelihood and severity of loss relating to risk.
For Retailers, this means:
Specifically controlling points of access to key assets or functions integral to the business, deploying a system of checks and balances, utilizing employment background screening, and incorporating random audits.
For Brokers, this means:
Making sure clients have the correct infrastructure, training, and understanding of their policies, as well as the proper coverage to match the risk and associated collateral risks.
For Underwriters and Insurers, this means:
Confirming that the insured’s risks are truly covered (with all third-party assessments adequate) and they can engage an incident response team.
Who Benefits?
In our research, we’ve found that most businesses we work with typically only consider the threats external entities pose (the flipside being that these external entities are, in turn, viewing the business as a risk). Clients often don’t consider this, ignoring their own internal threats.
When a business develops and regularly pressure-tests a strong fraud prevention program, it gains the ability to control its own fate. Those are qualities that give board members, investors, vendors, partners, and compliance auditors confidence.
