Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

14) Does your organisation have an established, consistent, and documented framework in place covering the detection, prevention, response to and investigation of suspicious or fraudulent activity?

August 19, 2021
Financial Risk
Fraud Framework

Answer yes if your organisation has an established and documented framework for detecting, preventing, responding to, and investigating suspicious or fraudulent activity. Please upload (as a PDF file) a document outlining the framework as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Entities regulated by the FCA have specific statutory and regulatory requirements that they have to implement to reduce the risk of fraud, and to enable it's detection. This covers:

  • credit institutions;
  • financial institutions;
  • auditors, insolvency practitioners, external accountants and tax advisers;
  • independent legal professionals;
  • trust or company service providers;
  • estate agents;
  • high value dealers;
  • casinos.

For non-regulated entities fraud is still a risk, but there is no regulatory need for any anti-fraud controls to be implemented. If your business is still considered at high risk for fraud, you may wish to still implement a framework for detecting, preventing, and investigating fraud.

Fraud can take a variety of forms including phishing, boiler rooms, mortgage fraud, insurance fraud, carousel fraud, identity theft and advance fee fraud. The impact of fraud, internal or external, has been a concern since trading started. People continue to commit fraud when they see an opportunity, and have either an incentive or pressure that drives them, and are able to rationalise their behaviour.

An anti-fraud framework is a collection of policies, processes, and technical controls to help your business identify fraud that may occur during it's trading, and to allow the prevention and investigation of such fraudulent activities.

The nature of the controls varies between businesses depending on each businesses specific risk of fraud.

How to implement the control

If your company is FCA regulated it is best you seek professional external advice on how to comply with anti-fraud requirements. We'd recommend speaking to a lawyer or regulatory consultant.

If your company is not FCA regulated but you are worried about the impact fraud is having on your business, again we recommend that you speak to a financial crime lawyer or regulatory consultant.

If you are not FCA regulated, and fraud is not impacting your business, then you may not need to implement this control.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.