Fraud training means defining fraud
The title may sound like a statement of the staggeringly obvious, but I’m wondering if it might explain why fraud awareness training remains the exception, not the norm. This week is International Fraud Awareness Week, and the helpful folks at the Association of Certified Fraud Examiners compiled the graphic below (among many others). According to the ACFE’s data, not having fraud training leads to nearly double the fraud losses.
In our Fraud Prevention Survey (mainly completed by European mid-caps), we asked how people felt about their fraud prevention training. 56% of respondents scored themselves ‘low‘ and 44% ‘medium.’ There were no high scores. Training scored lower than any other element of compliance (policies, assessments, monitoring, etc.).
The questions we asked included:
💡 Are employees regularly trained and made aware of economic crime and fraud prevention measures?
💡 Is there role- or function-specific fraud prevention training for employees in high-risk positions?
💡 Is there a process to assess employees’ understanding and retention of fraud prevention training? The answers here were terrifying (83% have no process).
💡 Rate the quality and comprehensiveness of fraud training programs. (5-point scale: Poor to Excellent).
So, what’s happening? Why are Europeans lagging behind the US (where much of the ACFE’s data comes from)
I don’t know, but I wonder if defining fraud would help.
During pre-investment risk assessment work, I see a lot of codes and policies. Fraud might be mentioned here or there, while bribery, corruption, money laundering, and conflicts of interest are discussed in detail. Some purists might argue all those other economic crimes are technically fraud. A dictionary definition of fraud might go: “wrongful or criminal deception intended to result in financial or personal gain.” By that reasoning, bribes, conflicts of interest, and the rest are fraud.
Others will define fraud more expansively. The ACFE’s ‘Fraud Tree‘ maps out all the areas in detail. Others, myself included, might (initially) take a middle road when trying to get someone (or an organisation) to consider their potential fraud exposure. Maybe something like this:
👉 Misappropriation
👉 Misuse
👉 Misrepresentation
I’d keep bribery and corruption (and AML) separate. Why? Because they’re concepts a kid understands and are widely discussed and legislated. Using the three Ms above is not perfect, but it’s as close to MECE (mutually exclusive, collectively exhaustive) as I can get fraud. Here, we might deal with theft (in all forms), including disbursements, under misappropriation. Misuse may seem a small category, but it’s a biggy in most organisations – especially misuse of company property and assets as many embark on side hustles and other WFH risky activities (opening up cyber exposure). Finally, misrepresentation will cover the headline horror stories (financial reporting fudges) and the more vanilla issues like conflicts of interest in hiring decisions.
It’s not perfect, but starting a conversation with some parameters is more helpful (I feel) than presenting this abstract concept of “fraud”, which, in most of our heads, just means “fake.” It’s much more than that. So, if you’re wondering how to get some fraud training together, see if those bucket categories help. If you’re stuck, schedule a call (we’ve just finished developing training spanning 50+ countries on this topic for a financial services organisation, and it’s been eye-opening!).