Fraud’s in the news daily. Why? Monster sized fraud and data theft events, astronomical financial losses, reputation damage, lawsuits and mind-boggling corporate exposure. Suffice it to say, organized crime rings are full of forward thinkers, perhaps even more so than most businesses. Yup, that’s exactly what I just said.
Data breaches, which were once an exception, are unfortunately now the rule. It’s not a matter of “if” your business is going to be victimized but a matter of “when.” That’s an important distinction in how companies go about protecting their assets.
Organized Crime Rings Are Forward Thinkers
I said it above and I’ll say it again. Organized rings are full of forward thinkers. The bad actors and global organized crime rings have found it necessary to constantly redefine how they commit the crime. They don’t rest on yesterday’s laurels and crime feats as that’s already old news by the time it hits the press.
Motivated by incredible profits, they’re forward thinkers – criminals of opportunity that quickly size up the next target (Insert Your Business Name Here!).
Part of what makes organized crime groups successful is that they’re forward thinkers. Besides their level of organization and sophistication, are the corresponding lack of corporate organization and sophistication necessary to meet the growing threats.
What businesses fail to do effectively, from a fraud prevention standpoint, organized crime groups excel at discovering and exploiting vulnerabilities. That’s what forward thinkers do.
Clearly, the good guys in this equation need to be better. Being better doesn’t just mean how we react but the ability to think holistically, change our mindset, think like criminals (be forward thinkers) and defend data, revenues and systems in a more regular and proactive manner.
Part of this equation involves the recognition that there’s an important correlation between corporate fraud strategy, technology tools, forward thinkers and fraud rules used in the fraud prevention, detection, investigation, analysis and risk mitigation efforts.
Fraud strategy is the overarching umbrella under which all other components of the fraud program operate. It’s the necessary foundational component to an effective anti-fraud effort, yet widely ignored by many businesses.
Like a garden, which must be watered and tended to “regularly” for plants to grow, fraud strategy requires the same attention.
Fraud strategy must be holistic in nature, as there are many parts to consider. Fraud strategies that aren’t holistic are stagnant. Fraud isn’t stagnant so why should the fraud strategy be?
Fraud strategy must include technology but it’s important to note that technology cannot be the programs’ sole component. Show me a fraud effort where technology is the sole component and I’ll show you a fraud program that’s ineffective.
The fraud strategy should be reviewed on a regularly scheduled basis. However, don’t make the mistake of thinking that your schedule is the “right schedule” as timing may be dictated by fraud events, bad actors and not your company.
You may find that necessary modifications are dictated by the nature of the fraud schemes committed against the company and the current fraud landscape.
Lastly, management endorsement is critical. Fraud strategy must be an enterprise wide effort and endorsed by senior management as part of the corporate culture.
Communication Is Imperative
There’s probably no better phrase about the necessity for communication than that spoken by actor Strother Martin. Martin uttered the memorable phrase “What we have here is a failure to communicate” in the 1967 film classic Cool Hand Luke starring Paul Newman.
“Life imitates art” and there’s definitely a correlation between the famous movie quote and the need for effective corporate communication surrounding your fraud strategy.
Fraud strategy should be communicated to all employees to ensure that they not only understand the strategy but their role in it. Getting everyone on the same page is critical.
When there’s “a failure to communicate,” there’s a failure to effectively prevent and mitigate fraud.
One technology tool may not be enough to get the job done. However, you also need to ensure that the tools are not so complex that employee’s don’t understand how to use them and they’re causing workarounds.
Contrary to what you might be told, not every technology tool works with every other technology tool. Oftentimes, technology causes conflict. This is where testing and intensive product research are paramount prior to purchase. Know before you buy.
Technology tools must work together and complement each other to ensure your anti-fraud foundation is solid. Otherwise, you’re just throwing good money after bad
Technology tools must be forward-looking just like the criminals. So, tools must be flexible enough to be changed over time. The fraud changes and the tools must adapt with the times.
The bottom line to fraud tools is that they’re just enablers and not the end all to your fraud problems.
As part of an effective fraud strategy, fraud rules must be viewed in the same vein. Rules, like strategy, must be fluid to reflect the changing nature of the fraud.
Suffice it to say, what the fraud looked like last month may not be what it looks like this month or next month. Fraud rules have to be constantly evaluated. A regularly scheduled evaluation process ensures that your fraud detection efforts and technology tools are “firing on all cylinders” and yielding maximum results.
Many companies think to add fraud rules – but seldom do they think to reevaluate, or remove, ineffective or poorly performing rules. The reality is that a rule which is believed to detect and prevent fraud, actually may not. If a rule isn’t working, remove it to ensure a dynamic and effective rule set which generates significant results.
If rules aren’t evaluated on a regular basis, as part of your fraud strategy, they may not generate the kind of return you’re seeking. A decreased ROI in this area generally leads to an increased amount of fraud losses.
The Bottom Line
Make no mistake about it, technology tools are a needed part of your anti-fraud program. However, like pie, technology only represents a slice. The technology tools, in and of themselves, do not solve your problems. It’s the people, policies, processes, procedures and rules that you wrap around the technology tools that make them effective.
Even the best technology tools may be rendered useless without the proper foundation (fraud strategy) which maps out your fraud program and the methods you use. If you think that creating a fraud strategy, and then ignoring it over time is effective, it isn’t.
Like the criminal organizations targeting your business on a daily basis, fraud strategy, tools and rules, must be dynamic and employee’s must be forward thinkers.
“Fire and forget” doesn’t work and knowing your enemy (Sun Tzu) means “create and change.” A fluid fraud strategy ensures you have an effective fraud prevention program which mitigates liabilities.
It’s time to change our mindset. Business “as usual” clearly isn’t working and the bad guys know it.
Those are our insights. What are yours?