Strengthening defences against fraud risks
Date: 22 June 2020
Author: Nigel Footitt, BDO
As the lockdown is relaxed, sport is gradually beginning to return, both at amateur and professional levels. This is a highly welcome development, but the return of sport will also bring challenges. Sports organisations will need to rethink the way they approach their activities and their ways of operating.
This is also the perfect opportunity to review and rethink the way in which you strategically manage your exposure to the risk of fraud.
A dedicated microsite on the BDO website has been created to provide guidance on countering fraud in the sports sector.
The state of play
From Olympic-funded sports to local village teams, all sporting organisations are facing difficult times due to reduced income. This places additional focus on costs and cost control, and creates the need for additional support from governing bodies in the form of grants and loans. Organisations on both sides become exposed to fraud risks, with fraudulent applications prevalent.
Personal protective equipment has also gone from being a necessity for some to a necessity for most, and many sports cannot return without it. Again fraudsters have seen the opportunity to exploit the situation, with orders not turning up or being well below the required standard paid for.
Another major challenge, which is not restricted to sports bodies, is the move to more remote ways of working and increased reliance on emails, phone calls and video conferencing software. This brings with it an increased fraud risk, especially as scammers change their tactics in response.
What should you be doing now?
All organisations have had to adapt the way they work to accommodate this new normal. This includes adjusting controls to mitigate the new fraud risks that can arise, whether in IT and cyber capabilities, supply chains and procurement, or any other area. Guidance is available in the form of BDO’s Rethink model, which outlines an effective approach to adapting your control environment.
It’s important to note that a strong control environment involves much more than infrastructure. Most organisations tend to be quite good at redesigning controls, but most do not fully consider the human element in the controls environment. Fraudsters, generally, do not bypass controls or hack systems; they hack humans. This is made all the easier at the current time as fraudsters thrive on urgency, confusion and change – now is the perfect storm. It’s therefore particularly important to ensure extra vigilance, take your time and double check payment requests.
Be extra vigilant
Numerous requests for payments (be they regular expenditure or new grants or loans) may be arriving. Some of these will inevitably be from new suppliers or claimants, but it is important to scrutinise each one carefully before making any payments.
Basic checks should be performed such as:
- Is the organisation you are paying entitled to funds?
- Is the email address or phone number related to the organisation?
- If an existing payee, has the bank account changed?
And remember, never click on a link in an email unless it is from a 100% trusted source.
The same consideration should be applied to methods of communication – you don’t want to expose your networks to fraudsters sneaking in through the back door by using unsecured video conferencing software.
Take your time
Can things wait a few days? Often they can. Most people are very understanding of the current situation and will probably accept a delay.
The more eyes the better
Where possible, have requests for payment checked and actioned by more than one person. The fraud is often hidden (albeit sometimes in plain sight), so may not be spotted on first viewing.
What can you do going forward?
Fraudsters are like chameleons, adapting to different situations and often staying ahead of law enforcement and risk management protocols. They will be looking out for changes and testing new ways of working. This is their job, not just an add-on to other vital work. So whatever defences you already have in place, do not leave it there.
One of the most important defence mechanisms is to speak to other organisations in your networks to see what fraudulent attempts they have either fallen for or thwarted. They may be keener to talk about the latter, but both prove excellent opportunities to gain valuable insights. Also speak to your business advisers to see the types of fraud proving most problematic.
Control what you can control
Although the current situation has created uncertainty across the board, and you cannot control what fraudsters are attempting to do, you can control your response to fraud.
- Make the time now to identify where fraud attacks will likely come from, and how you can protect your organisation
- Ensure fraud prevention, deterrence and detection form a major part of any planning activities
- Involve someone with fraud expertise in policy and process changes to ensure fraud-proofing is an inherent part of the process
- Update business continuity plans in the light of new developments, including evolving emergency and support measures introduced by the Government.
Failure to take fraud risks seriously can have grave consequences. A control weakness only needs to be exploited once to cause significant damage – both financial and reputational.
Nigel Footitt is a Director at BDO. If you would like to speak to a member of the BDO team about the help available or review other Covid-19 guidance please visit our dedicated microsite here.