Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

15) Does your organisation have a documented fraud response plan?

August 19, 2021
Financial Risk
Fraud Response Plan

Answer yes if your organisation has a documented fraud response plan. The plan should cover your organisation's internal processes and reporting lines for the reporting and investigation of any instances of fraud Please upload the plan (as a PDF file) as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Entities regulated by the FCA have specific statutory and regulatory requirements that they have to implement to reduce the risk of fraud, and to enable it's detection. This covers:

  • credit institutions;
  • financial institutions;
  • auditors, insolvency practitioners, external accountants and tax advisers;
  • independent legal professionals;
  • trust or company service providers;
  • estate agents;
  • high value dealers;
  • casinos.

For non-regulated entities fraud is still a risk, but there is no regulatory need for any anti-fraud controls to be implemented. If your business is still considered at high risk for fraud, you may wish to still implement a framework for detecting, preventing, and investigating fraud.

A fraud may be uncovered in a variety of ways, from one of your employees own observations, from someone inside or outside of your organisation 'blowing the whistle', ongoing controls throwing up a discrepancy, an internal or external audit discovering a problem, or external regulators and inspectors finding something. It is important that your organisation knows what to do when evidence of fraud is identified, and how any suspicion of fraud should be reported.

A fraud response plan outlines the responsibilities of all staff in deterring losses due to fraud. The document covers the ways in which employees can report fraud, and the internal response and actions that are triggered once this occurs.

How to implement the control

If your company is FCA regulated it is best you seek professional external advice on how to comply with anti-fraud requirements. We'd recommend speaking to a lawyer or regulatory consultant.

If your company is not FCA regulated but you are worried about the impact fraud is having on your business, again we recommend that you speak to a financial crime lawyer or regulatory consultant.

If you are not FCA regulated, and fraud is not impacting your business, then you may not need to implement this control.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.