The No. 1 way to protect yourself from fraud20th October 2017
“I’ve never thought of myself as gullible. I mean, as an accountant you can’t be, can you?”
Unfortunately, everyone can.
An accountant I know made a £20,000 payment because his CEO had sent an email asking him to. Except the email hadn’t come from his CEO. It had come from fraudsters.
We’ve seen emails just like this, and they are utterly believable. They come from exactly the right address and have exactly the right footers. They are easy to fall for – although there was no use trying to tell the accountant that.
He was distraught, and it was heart-breaking to see.
In my last blog I talked about how one person holding too much authority over your finances can leave them in a mess, incomprehensible to anyone else.
But it also leaves you much more open to fraud. Very, very rarely the finance director himself will be stealing your company’s money, but much more commonly it’s the work of outside fraudsters.
They send emails purporting to come from you – the business owner or CEO – asking your finance person to make a transfer to an account the criminals control, for a specific, believable reason.
It’s become so common that banks have become absolutely paranoid about “CEO fraud” or “bogus boss” attacks.
Realistically, there isn’t a huge amount they can do to stamp it out.
However, there are safeguards you can take yourself.
One of the most obvious is to introduce checks and balances for large payments. In other words, you need several people separately involved each time a large payment is processed.
Nothing is authorised by one person.
This makes it harder for anyone in your own team to commit fraud, because it would take collusion by several members of staff. It also makes it more difficult to succeed with scams from the outside, because the more people you have reviewing each payment, the more likely that someone, somewhere will get suspicious and ask the right questions.
We act as the finance department for many, many businesses, and we never process a payment without three people looking at it at different stages. We have a strict procedure every single payment must go through, so it is always handled correctly.
Of course, sometimes a finance person will stop an attempted fraud single-handed. There’s an accountant I know who smelled a rat when he saw a turn of phrase in an email which he knew his CEO would never use. Yes, it was another case of “CEO fraud”.
But it’s putting a lot of pressure on someone to expect them to be individually responsible for guarding against fraud – as that first accountant I talked about will testify.
Next time I’ll go into some other steps you can take to safeguard yourself against scams. But for now, just remember: it’s always easier to dupe one person on their own.
If you’d prefer an experienced team to handle your business finances, with all the correct processes in place and strict checks-and-balances, let’s talk.