Fraud Strategy is Key
We recently finished working on a fraud strategy project for a client. While working through the complexities associated with strategy evaluation, development, change recommendation and implementation, it became readily apparent that to be competitive there’s a big need for companies to consistently evaluate and update their corporate fraud strategy.
Yet, interestingly enough, despite the need to do so in association with the rapidly changing fraud landscape, many businesses are lax in updating their fraud strategy. This failure puts companies in significant business, financial and legal peril not to mention the negative publicity which accompanies getting hammered by bad actors.
A key to this discussion, as we’re often writing about, is that fraud strategy must be holistic and fluid in nature, as there are many “moving parts” which are constantly in motion.
Evaluation and change to one part, absent, evaluation and change to other parts, may have significant unintended consequences. This has roots in functionalist theory which basically states that “when one part of the system is not working, or dysfunctional, it affects all other parts and creates problems” which definitely holds true in the fraud realm.
While having a predefined fraud review schedule is necessary as part of your fraud strategy, evaluation, change and implementation may be required on an “out of normal schedule” basis as dictated by the frauds being committed against your company.
Suffice it to say, “regular, may not be regular enough!”
There’s More to Fraud Strategy Than Technology
Another common fraud strategy misperception is the “technology solves all” mindset which is an inherently dangerous concept. Certainly, technology is a required component of an effective anti-fraud effort and while your fraud strategy must include technology, technology cannot be the programs’ sole component.
There are three major areas we look at critically when assessing the effectiveness of an entities fraud strategy: people, processes and technology.
If you’re going “all in” with technology but fail to recognize the importance of the other two components you are likely to walk away from the table a big loser as these three concepts are intertwined and all are equally as important as the other to the overall fraud strategy.
No matter how slick a piece of technology is, the technology in and of itself does not solve your problems – it’s the people, policies, processes and procedures that you wrap around the technology that make it effective. Even the best anti-fraud technology may be rendered completely useless without the proper foundation.
I can’t tell you how many times we’ve heard client’s say “we just spent several million dollars on anti-fraud technology and we’re still getting clobbered by fraud.” While it’s easy to point the finger at the technology, and certainly the anti-fraud technology you picked could be suspect, the bottom line is that it may not be the technology at all that’s problematic.
In fact, it’s entirely possible that the root of the problem is the lack of attention paid to the other components which are required to make the whole program work together.
Let’s be real here, technological anti-fraud tools are just enablers…they’re not the “end all” to your fraud problems and behind all technology deployments are the people on your staff using them.
Strategic Anti-Fraud Tools
There are a couple of important concepts which are worth mentioning. First, while it’s important to invest in anti-fraud technology, knowing what technology you need is paramount.
Since anti-fraud technology is a major budget item which companies have to plan for, the knowledge of the technology needed is first driven by an anti-fraud risk assessment to identify the risks you’re trying to prevent, detect or investigate.
Secondly, and perhaps of equal importance, is the realization that one tool may not be enough to get the job done. If that’s the case, you need to ensure that your staff isn’t ineffective post deployment because you essentially have three systems all serving the same function.
While there may be multiple technology products needed in your complex, global environment, a key realization here is that not every technology tool works with every other tool.
So, companies cannot just buy off the shelf anti-fraud technology products without first evaluating how the tools work individually, in the company’s computing environment and perhaps most importantly, with each other. Tools must work together and complement each other to ensure the anti-fraud foundation is solid.
From a fraud strategy standpoint, the time to figure out whether technology tools will peacefully co-exist is before implementation if possible because discovering it after the fact can be a costly mistake.
Aside from having technology tools which complement each other, flexibility is a core concept. Tools must also be flexible enough to adapt to changing fraud trends and patterns in conjunction with your complicated fraud strategy.
Anti-Fraud Technology can be Complex
Anti-fraud technology by its very nature is often complex, however you need to ensure that your staff understands the technology, how it’s supposed to work and what’s required to interact with it successfully.
It’s critical that the tools you invest in aren’t so complex that they’re causing people and process workarounds because if they do, the non productive time spent negates the cost savings you would have realized from the improved process flow associated with your new technology.
A key to using technology effectively in your anti-fraud efforts is to have a long term vision and strategic plan. This dictates that you incorporate a forward looking growth strategy with your anti-fraud technology.
Ask yourself the following question: how will the technology we invest in now grow with our company as the business expands around the globe? If you cannot answer this question to your satisfaction, then either you have the wrong technology, or the wrong fraud strategy.
The Bottom Line
Fraud is a growth industry. Externally, we know that there are complex organized crime rings operating in Eastern Europe, Asia and other locals who’d like nothing better than to separate your company from its data, information or revenue. When you adapt to the fraud, the bad guys adapt as well bringing newer and more complex technological techniques directly back at you.
Internally, despite what you may think of people who work for you, you’re not off the hook as the country is still in a depressed economic environment. Despite the internal controls implemented, your employees understand them and look for ways to circumvent corporate policies, processes and procedures which often result in large, and embarrassing financial losses.
So, the writings on the fraud wall, you either review your fraud strategy regularly, and make the necessary changes in a timely manner, or your business is in for a “good ‘ol behind the woodshed financial whoopin” of epic proportions. So, what’s it going to be?!