On 3 May 2023, the same day that the UK government’s long-awaited Fraud Strategy was published, the Home Office released a significant piece of research looking at incidents of fraud and corruption experienced by UK businesses between 2017 and 2020. A week later, on 11 May, UK Finance published its latest annual report focusing on payment industry fraud and its CEO labelled UK as “the fraud capital of the world”.
Over the next few weeks, we will be exploring various details of the Fraud Strategy (“the Strategy”) and how the UK government intends to attempt to tackle this vast issue. But in the meantime, we are taking a step back and looking at the landscape in which the Strategy will be worked out, as revealed in these two reports.
The Economic Crime Survey (“ECS”) was conducted by an external organisation on behalf of the Home Office (“HO”) between February and May 2020. The views of 5,000 businesses were canvassed by way of telephone interviews. Representatives of the businesses (which were selected from across seven sectors: construction, real estate, financial and insurance services, legal services, mining and quarrying, wholesale and retail, and information and communication) were asked about their experiences of fraud and corruption over the previous three years.
The ECS findings are both unsurprising and alarming, with the sheer scale of the fraud and corruption epidemic laid bare in stark statistics. It is worth keeping in mind that the period covered by the ECS largely pre-dates the period of Covid-related fraud, and the effects of the post-pandemic return to work and business-as-usual.
The key findings of the ECS are a useful way of measuring the impact of fraud on businesses, as there is generally relatively little data to go on; the ECS notes that fraud is known to be under reported and that “the number incidents revealed by the survey is substantially higher than those reported to, and recorded by, law enforcement agencies.”
The ECS found that, overall, one in five businesses had been the victim of a fraud; and one in 20 had been victim of corruption in the three-years leading up to the interviews. It should be noted that these are only ‘known’ incidents and it is likely that more fraud and corruption took place during this time. Breaking this down per sector, the survey revealed that companies in the financial and insurance services sector were most likely to experience fraud (21% of businesses surveyed), with mining, wholesale and retail, construction and real estate not far behind.
The HO describes these as “relatively low” proportions, but notes that the actual numbers behind the percentages are “substantial”, suggesting high levels of repeat victimisation. The survey showed that 46% of businesses which had experienced fraud (and 78% of businesses which had experienced corruption) had experienced more than one incident.
In monetary terms, fraud has been devasting for companies as well as individuals: some businesses reported cumulative costs resulting from fraud of up to £2 million per year, with an average of approximately £16,000 annually. More than half of the respondents in the ECS had been unable to recover any of the costs associated with the fraud which had been suffered.
Meanwhile, UK Finance’s 2023 annual report, although sector-focused and therefore narrower in scope, revealed that more than £1.2 billion was stolen by criminals through authorised and unauthorised fraud in 2022, with the total number of fraud cases exceeding 3 million. These figures represent a drop of a few percentage points compared to 2021, although this is likely not a cause for celebration; the report later explains that post pandemic criminals have shifted their focus slightly, but continue to use a range of techniques to trick consumers into handing over account details or personal information, in particular social engineering by way of scam phone calls, text messages and emails, fake websites and social media posts.
There are other non-financial costs connected to fraud: 37% of the businesses surveyed said that fraud had negatively affected the wellbeing of staff, and around one-tenth had seen their reputation damaged. Of course, these effects will often result in an indirect monetary impact, too.
Interestingly, size does matter: the results of the ECS show that the likelihood of experiencing fraud seems to increase with business size, although that may relate to other factors such as anti-fraud measures and/or having a compliance or other team responsible for detecting fraud, rather than because less fraud takes place in smaller organisations.
But who is committing frauds against companies? The ECS data revealed that a significant proportion were perpetrated by existing clients or customers (13%) or by competitors or other businesses (6%). Only 4% in total were committed by existing or former employees (with an even split between them).
The largest group of perpetrators (27%) were people impersonating known and trusted customers, employees, suppliers or contractors. And nearly half of the businesses surveyed (43%) simply did not know who is committing fraud against them.
These last two statistics, combined with the fact that almost all of the businesses surveyed suffered from fraud despite having in place at least one anti-fraud measures, highlight one of the biggest challenges to implementing an effective compliance framework: understanding the nature and sources of fraud risk. One solution to this may be to commit more time and resources on conducting a formal fraud risk assessment, something that is likely to be required for larger organisations as part of the measures to protect against the new failure to prevent fraud offence contemplated in the Economic Crime and Corporate Transparency Bill.
In order to avoid or mitigate future liabilities for failing to prevent bribery (under section 7 of the Bribery Act 2010) or the facilitation of tax evasion (under sections 45 and 46 of the Criminal Finances Act 2017), companies should implement proportionate and risk-based prevention procedures.
Although the wording as to what may constitute a defence to a charge under those provisions differs slightly, the official guidance accompanying both of the statutes makes it clear that effective compliance procedures should be founded on a risk assessment. It is very likely that the same type of guidance will apply once the new corporate criminal offence of failure to prevent fraud becomes law.
Given the prevalence and scale of the current fraud threat, revealed again in the findings of the ECS and the UK Finance report, prudent businesses in all sectors will do well to act quickly and make sure they fully understand where their weaknesses and vulnerabilities lie. Conducting a formal fraud risk assessment, perhaps assisted by an external expert, will not only protect a company now but help to establish the ‘reasonable procedures’ which will be vital to mitigate the risk of a prosecution for failing to prevent fraud in the future.