Putting Your Accounting Policies in Place: Fraud Protection
Fraud will always exist, but you can minimize your risk through effective strategies and company policies.
Fraud is constantly evolving, as offenders are regularly adopting new methods and tactics. Implementing effective policies and procedures is therefore critical in preventing and mitigating damages.
Below, we outline the main types and motivators of fraud and suggest some strategies you can use to protect your company and its assets.
Fraud holds different meanings, but it generally refers to the theft of goods, services, or information—whether that’s a simple crime of opportunity or a more targeted, malicious attack directed at a specific company or individual.
As you put your company’s fraud policies in place, first identify what assets your business is at risk of losing. For example, if you’re a SaaS company, you may not have inventory to steal, but you do have cash and virtual assets including sensitive user data. If you’re a manufacturing company, you have physical property and products you need to protect.
Once you identify your at-risk assets, you need to understand who might be motivated to breach them and why. At the most basic level, there are two types of fraud:
Internal fraud is committed by employees or other partners with direct access to your business materials.
External fraud is committed by individuals outside of your organization.
The good news is that there are measures you can take to protect against each.
Internal fraud includes siphoning company resources, self-authorizing payments, making false travel claims, and exploiting inside assets or information. Protecting your business from internal fraud is all about taking preventive measures to reduce the chances of theft within your ranks. For example:
Know who you’re hiring. Before bringing on a new recruit, especially in a role where they’ll have access to sensitive data, run a background check to ensure you’re hiring trustworthy people.
Eliminate opportunity. Hold inclusive discussions with team leaders and other stakeholders, so they can understand how fraud protection is in everyone’s best interest, weigh in as you create and execute internal policies, and identify potential vulnerabilities within their departments. It also helps to build a healthy company culture where employees enjoy autonomy, accountability, and fair pay, so they have less overall incentive to commit fraud.
Divide responsibilities. Create a system of checks and balances by separating payment duties and operations. For example, the team member who is paying your invoices should not also be receiving and managing your inventory.
Approve payments. Implementing thresholds and requiring authorizations allows key stakeholders to weigh in before large sums of money leave your account. For instance, Rho’s smart AP workflows automate approval chains based on dollar amount, prompting the designated people to sign off per invoice. Note: This is also a measure that can protect against external fraud, as it prohibits outside attackers from making large withdrawals all at once.
Set smart limits. Empower employees to spend while retaining control. Maximize visibility into who is spending what and where by issuing individual cards with auto-enforced spending limits. Set limits by amount or by merchant category (such as SaaS or Travel) to automatically restrict out-of-policy spend and ensure corporate cards are only used as intended.
External fraud includes the exposure of critical company data, corporate cards, confidential documents, bank account information, and other sensitive materials. As controller, you have less control over external fraud, but you can take some steps, so you’re ready to adapt, react, and respond quickly to any outside threat.
Avoid public networks. Discourage employees from working through unsecured public wifi networks such as those at airports and coffee shops. You’ll also want to use a VPN and ensure all company devices have up-to-date operating software.
Shop from secure sources. Don’t purchase materials from risky websites or vendors, and (if you’re using physical corporate cards with little oversight or controls) limit the number of employees who have access to reduce the chances of a credit card getting lost or stolen. You can also turn to products like the Rho Card, which offer fine-tuned controls and automatically enforced limits and restrictions, so your team can shop and spend securely.
Limit account access. The only individuals with unrestricted access to your business banking should be internal leaders who need it to do their jobs. Make sure you’re not inadvertently sharing your account information with external partners and third-party vendors as you go about your business and make payments.
Secure sensitive data. Keep all of your business documents in a secure location. If they’re stored electronically, limit employee access, and don’t share sensitive information unless it’s absolutely necessary.
Train employees to recognize scams. You want your employees to be able to identify the red flags of external fraud. For example, teach them what phishing emails look like, what fraudsters are after, and what actions they can take if they suspect a scam.
Diversify your accounts. Don’t keep all of your company’s capital in one place. Set up an operating account that can act as your front-facing platform for paying invoices, and hold the rest of your funds in a separate account that’s not shared outside of your core leadership.
You may be wondering if fraud protection is a necessary step for your business—and the truth is, you may not need to implement policies right away.
If you’re a young company, you have fewer overall assets and transactions, and it may be easiest to spot and act on fraud without formal procedures. However, as you grow, fraud becomes more of a problem. When there are more transactions and more team members involved, inconsistencies can quickly fall through the cracks.
The sweet spot for fraud policies is in the middle market. This is when your business is at its most vulnerable because you have abundant capital but maybe not the checks and balances you need to oversee it properly.
Remember, fraud is a moving target, so once you have formal procedures in place, you’ll want to revisit them as your company scales. The more people you employ and the more volume you handle, the more opportunities for fraud arise.
Best practice is to check in at least once a year to gauge how your policies are performing, but you may want to reassess them more frequently depending on your growth. When it comes to safeguarding your company’s assets against fraud, overprotection is never a bad move.