International Fraud Awareness Week (November 15 to 21) – is of particular relevance to South African small and medium enterprises (SMEs) considering the extent of economic crime in the country and the significant threat it poses to local businesses.
According to a recent report by PricewaterhouseCoopers (PwC) Global Economic Crime and Fraud Survey, about 7% of South African companies who were defrauded in some way over the past 24 months lost in excess of R740 million, with 4% reporting direct losses of more than R1.5 billion.
Most recently, South Africa has faced its own pandemic above and beyond Covid-19 – a cybercrime pandemic with a dramatic spike in internet-based offences and bank detail fraud. One of the most common forms of this kind of fraud is invoice fraud, where cybercriminals imitate suppliers to an SME and create a fake change of bank details letter which is emailed to the SME’s accounts department or financial manager to get bank details “updated”. This trend in cybercrime has increased substantially since the advent of remote working.
What is of particular concern is that a recent survey conducted by Suzette Viviers of Stellenbosch University and Danie Venter of Nelson Mandela University showed that although respondents were cognisant of the seriousness of fraud and its impact on their bottom line, only 10 percent of respondents had made provision in their budgets for combating it.
It would seem, for the most part, that rather than put preventative measures in place, the majority of SMEs either believe they cannot afford to put fraud prevention measures in place or they take the ostrich approach, and put their head in the sand, hoping their business won’t be targeted.
These are some of the basic fraud prevention strategies that SMEs can implement:
Conduct anti-fraud training
As an SME owner, your staff need to understand that no business is exempt from potentially being targeted by fraudsters. Employees who don’t know which signs to look out for make for easy targets. Likewise, a team that is aware and vigilant is your best defence against a possible intrusion.
Set up a system where staff members are made aware of the most recent methods and mechanisms that fraudsters are using to target individuals and businesses.
Also, unfortunately, as much as some don’t really want to admit it, there is also a very real internal threat of fraud by employees. Luckily, fraud awareness works in both ways – promoting vigilance among employees and deterring the chance of employees committing fraud themselves.
Diversify your financial controls
You may appoint a single individual as a financial manager, with all approvals, sign-offs and access control duties being assigned to that one individual. While this may aid in speeding up processes, it may not always be the safest way to prevent fraud.
Depending on the size of your business, and whether you have the time and resources to do so, you may have to take dual responsibility as a business owner for the signing off of some aspects of your company’s payment process such as petty cash, approval of overtime pay, and expense claims.
Some amounts may seem small but over time they can add up and have a seriously detrimental effect on your bottom line.
Implement a fraud prevention process
There is much that can be solved with the implementation of an effective mandatory process which employees should agree to when they are onboarded.
You could, for example, make it compulsory for employees to change their passwords on a regular basis; restrict the use of the internet on their company-owned devices to avoid external threats from untrusted websites; or implement multi-factor authentication.
At a minimum, every SME should have a process document that stipulates how technology can be used (particularly with remote working) and which security measures need to be taken, with each employee being responsible.
Ben Bierman is a managing director at Business Partners Limited.