Half of UK businesses have no fraud risk policy – R3
Over half of UK businesses have no agreed written fraud risk policy in place to prevent and detect fraud, according to new research by R3, the insolvency trade body.
The survey of 500 senior financial decision-makers found that 54% of businesses had no such policy in place, while 11% weren’t sure.
France Coulson, Chair of R3’s Fraud Group: “Fraud is a staggeringly expensive problem for the UK economy, yet half of the country’s companies don’t have precautions in place to protect themselves against fraudsters. Businesses in every sector and of all sizes are at risk. An agreed written risk policy should outline a company’s strategy for preventing, detecting and dealing with fraud.
“Fraudsters are becoming more professional and innovative in how they target businesses. For example, our members have seen cases of fraudsters replicating company email addresses pretending to be senior staff, and writing to employees ordering the quick transfer of funds to a specific account. By the time the staff realise it’s a con, the money is long gone.”
Small businesses are most unprepared for fraud. 70% of sole traders and 56% of companies with 2-5 employees have no agreed policy, compared to 11% of large companies (250+ employees).
Frances Coulson continues: “Smaller companies are just as much at risk of fraud as their larger counterparts, but losses as a result of fraud could be much harder for them to absorb and recover from.
“While smaller companies understandably have greater constraints on their resources, agreeing a written fraud policy doesn’t have to be an onerous or expensive task. It’s an opportunity to identify fraud risk factors, evaluate whether sufficient controls are in place and set out the steps to be taken if you are targeted.
“When it comes to managing fraud risk, larger companies have a duty to shareholders and compliance regulations they have to meet. The three-in-ten big companies that don’t have or aren’t certain about their policy should take action.”
53% of companies that have a website don’t have an agreed fraud policy and neither do 48% of businesses that accept online payments.
Frances Coulson adds: “It’s worrying to see nearly half of businesses that accept payment online, which will involve customers sharing their personal financial information, aren’t taking preventative steps to protect themselves against fraud. This leaves not only the business, but their clients, exposed.
“It’s no surprise that the internet has proved a popular portal for fraudsters to target individuals and businesses. Companies with an online presence, whether they are a small local firm or a multinational corporation, are more vulnerable.
“Aside from having a fraud risk policy, there are a number of preventative measures businesses can take. Companies can find tips and advice online from organisations such as the Fraud Advisory Panel.”
Businesses with an agreed written fraud risk policy in place, by company size
- Research undertaken by BDRC Continental, an award-winning insight agency. Questions were put to 500 UK businesses via BDRC Continental’s monthly Business Opinion Omnibus. Telephone-based interviews with a nationally representative sample of senior financial decision makers across the UK, weighted by size, region and sector. Fieldwork dates 6th-16th June 2016.