Tag: Risk Management

Managing risk when choosing to invest overseas

Posted on by Admin Admin

When investing in overseas markets, it’s important to understand the context of any potential investment opportunity in order to manage risk.Overseas investments bring with them potential differences in customs, currency, language and accounting techniques. For the best chances of success – i.e. protected, profitable investments – prior research and due diligence are key, especially into the regulations of any foreign country you wish to trade in.

There are 3 main risk areas that investors should take heed of when investing internationally:

  1. Higher transaction costs
  2. Currency volatility
  3. Liquidity risks.

There tend to be higher expenses on foreign transactions, alongside differing exchange rates or additional charges specific to the market, such as clearing fees, taxes or stamp duties. Added transaction costs vary depending on which international market you are investing in.

Exchanging your money could also impact your return, depending on the time of exchange and the currency you exchange to. Using an exchange-traded fund (EFT) could be a way around this, due to better liquidity and accessibility.

However, liquidity risk poses the potential of losses, if investments aren’t sold at a certain time. There is higher risk of this in foreign markets, especially as it’s harder for investors to protect their capital against losses that occur in a different country with different rules. Arguably, foreign investments are worth the risk, as they contribute to a well-balanced portfolio that utilises the global economy.

Avoiding risk in overseas investments

There are products and techniques that can be used to ensure your international investments are better protected. These include:

  • Global depository receipts (GDRs) can be traded, cleared and settled like domestic stocks are, by institutional or private investors. They can be found on the London Stock Exchange.
  • Foreign direct investing via a domestic-based broker, or a broker based in the target country, that can buy foreign stocks directly on your behalf.
  • Global Mutual Funds – Mutual funds use international equities that can be regional or country-specific. They can be sourced in a passive index fund or a managed fund, which means there are higher fees involved.
  • Exchange-traded funds (ETFs) offer investors access into foreign markets, rather than having to compile a portfolio yourself. ETFs provide insight into multiple international markets.
  • Multinational corporations (MNCs) – Investing in MNCs gives investors international exposure without having to directly invest in foreign stocks.

How do I manage the risk of investing overseas?

It is vitally important for anyone considering investing in overseas investments to either do extensive research on the country and the type of investment before committing, or, as an extra type of safety net, invest through reputable investment vehicles such as Global Mutual Funds, exchange-traded funds or global depository receipts.

As the global economy is still navigating it’s way through it’s most volatile period, it’s important to take the time to do your investment homework.

The first step for an investor is to conduct a country analysis, deciding where exactly to invest. Investing in a broad international portfolio is best, or within a specific region or set of countries, rather than in a single foreign country. Diversification is important when investing internationally, as maximising diversification minimises risk.

Once the country or countries of investment are decided, the investor must decide which investment vehicles to invest in, for instance in stocks or bonds of companies within the country, mutual funds, internationally focused ETFs, etc. Ongoing monitoring of the investment portfolio needs to be done, as the economic conditions overseas will be continuously changing.

The political and economic landscape of the investment country must also be observed, as any abrupt changes can result in unexpected losses to investments. This is part of the country risk analysis, as countries with stable finances and a strong economy offer safer investments than those without. Countries that are unfriendly towards foreign investors or that are in political unrest also offer a less stable investment opportunity.

The Economist Intelligence Unit (EIU) offers comprehensive and objective information on different countries, including an overview of the political, social, economic and demographic climate. Other country risk analysis resources which can help investors include the CIA World Factbook and the UK government’s Overseas Business Risk service.

At ESA Risk, we offer enhanced due diligence services, which can help you see the whole picture before committing to an investment. Contact us for an initial chat with our experienced consultants. You can contact Ali Twidale, Banking & Financial Fraud Consultant at ali.twidale@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

Employment fraud: be diligent

Posted on by Admin Admin

Online job scams and employment fraud are when jobseekers are under the pretence that they are in an application process but are instead being scammed into giving up their personal data, including bank account or credit card information.

In this way, criminals can conduct identity theft – gathering people’s personal information and then applying for loans or credit cards in their victims’ names. The Federal Trade Commission says employment fraud also occurs via phishing, whereby scammers use malicious links or websites to obtain the personal information of their victims.

The Disclosure and Barring Service (DBS) has revealed that “85% of identity fraud is committed via online channels, and Cifas members recorded almost 158,000 cases of identity fraud in the first nine months of 2021. Not only is this an increase of 17% compared to 2020, but this is equivalent to one person every 2.5 minutes.”

As well as using online methods, perpetrators might conduct ‘interviews’ by phone and ask upfront for payment for certification or training materials before considering the applicant for a ‘job’, which often does not exist.

In a widescale study of 12,000 jobseekers by JobsAware (previously SAFERjobs), 71.3% of workers said they assumed that any job found online was a legitimate posting from a real business. A staggering 98% admitted they would still apply for a job even if they thought it was suspicious.

It is important that jobseekers remain vigilant when applying for jobs online.

Signs of potential employment fraud

  • Companies asking for any sort of payment during the application process.
  • Interviews taking place over messaging services such as Facebook Messenger or Google Hangouts.
  • Unclear job descriptions or being offered a job that isn’t the one you applied for.
  • Unprofessional-looking emails with misspellings or grammatical errors.
  • Emails coming from personal accounts such as Yahoo or Gmail, rather than a business email address. (However, email spoofing may be used, so be wary even if the email address appears genuine, and conduct further research on the company).
  • Fake job boards and recruiter websites that might ask for card details for ‘pre-screening’ or personal bank account number to start depositing payslips.

Until you are sure of the credibility of a company that has contacted you about a potential job, do not give out personal information or financial information. Research the company – for example, look at their website, social media accounts, Companies House listing, any online reviews, etc. – to make sure that the job posting is real. Call the company’s phone number (if you find a number for them through your own research, rather than a number in the email or job posting) to verify that they sent an email or posted the job online.

Use caution when deciding on the information you include in your CV, as these details could be used in identity fraud. As a rule, do not include any of the following:

  • Date of birth
  • Full address
  • Passport number
  • National Insurance number
  • Driving licence number.

Protect yourself against employment fraud

  • Conduct an online search for the name of the employer alongside the word ‘scam’ to check for reports of job scams.
  • Be wary of vague job descriptions.
  • Don’t believe anything that sounds too good to be true; for example, if the pay on offer is very high but for little work.
  • Be cautious about online forms that are part of the interview process and never include personal or financial information on these.
  • Be wary of mystery shopper or secret shopper positions.
  • Jobs that involve receiving and reshipping packages are likely scams.
  • Do not respond to calls, text messages or emails from unknown numbers or suspicious addresses.
  • Do not click any links in a text message from a number you do not recognise. If a friend sends you a message containing a suspicious link, and it seems out of character, call them to make sure they weren’t hacked.

If you think you’re a victim of employment fraud, the first step is to cut all communication with the fraudulent party. Take note of their details and file a report with Action Fraud. If you have given any bank details, get in touch with your bank immediately.

For futher help and advice on preventing and avoiding fraud or dealing with an ongoing fraud, please contact us at advice@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

Joint Fraud Taskforce: Accountants to play key role in tackling fraud

Posted on by Admin Admin

The Home Secretary Priti Patel has announced the relaunch of the Joint Fraud Taskforce against the backdrop of a 24% rise in fraud during the Covid-19 pandemic.

The relaunch recognises the key role accountants can play in identifying fraud and educating themselves and their clients on how to do the same. It also highlights accountants as being potential targets for fraudsters, while admitting that the number of fraud cases that involve an accountant is currently low.

For the same reasons that accountants have been recognised as potentially important in the fight against fraud – i.e. their control of / closeness to companies’ finances and their role as trusted advisors, the taskforce highlights accountants as potential fraudsters, with opportunities to commit fraud that few others have.

New fraud charter for the accountancy profession

As a result, the taskforce’s ‘Accountancy Sector Fraud Charter’ includes actions to “drive greater transparency…across the accountancy sector”, as well as to better equip accountants to spot, deal with and educate others on fraud risks. The charter has, so far, been supported by 12 accountancy sector professional bodies, including the ICAEW.

Developed by the Home Office and the profession in partnership, the charter has 4 main actions intended to be delivered in collaboration with the profession, government, and law enforcement agencies.

  1. The first is to identify areas of vulnerability within the accountancy sector with a view to providing the sector with a clearer understanding of the risk of fraud in the UK.
  2. The second action centres on the training and education to be led by the ICAEW, beginning with reminders to the profession on how to spot red flags for fraud within their clients and to avoid them becoming victims themselves.
  3. The third forms part of the government commitment to reform companies house by improving the accuracy of information held and prevent the misuse of corporate entities by fraudsters. The sector will work to address the misuse of accountancy firms details whereby they falsely use an accountants address as their registered office to gain legitimacy or claim to have had accounts prepared or audited by a firm.
  4. The fourth is to increase fraud awareness among businesses and the public through the National Economic Crime Centre, which the accountancy sector will support.

Other areas covered by the Joint Fraud Taskforce

The other sectors in the relaunch are telecommunications and retail banking, with signatories of the respective charters including all major high street banks and the leading telecommunications companies, such as BT EE, Vodafone and Virgin Media O2.

The taskforce will be chaired by Minister for Security Damian Hinds, who described fraud as “a devastating crime that impacts around 1 in 13 of us each year”.

The claim that “fraud now represents over a third of all UK crime.”

October’s relaunch of the taskforce was part of the Fraud Action Plan Framework agreed at the government’s Economic Crime Strategic Board earlier in 2021. First established in 2016, the Joint Fraud Taskforce spent more than a year in the wilderness after a 2019 restructure before being brought back under Home Office control at the end of 2020.

It remains to be seen how effective the latest iteration of the taskforce will be, although the Home Secretary has conceded that “government alone cannot fix this which is why the Joint Fraud Taskforce will bring together key business leaders to work in partnership to protect the public”.

The Home Office’s press release on the relaunch includes a note “encouraging the public to forward suspicious text messages to 7726 (which is free of charge) and…report fraud to the police through Action Fraud”.

How ESA Risk can help

Fraud prevention and fraud investigations are areas where we possess the expertise and experience to help you and your business. These are topics we’ve written extensively on, with guides including ‘Fraud prevention in 5 steps’ and ‘Charities: What to do if you suspect fraud’ (equally useful for non-charity sector organisations).

For advice on fraud prevention, or for support investigating a suspected fraud, please contact us at advice@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

Risk management strategy: Utilising your workforce

Posted on by Admin Admin

A positive risk management culture

All businesses should aspire to foster a positive risk management culture within their organisation, as part of risk management strategy. The issue is how do you go about creating a positive culture? There is no single solution, but there are a number of key factors that contribute towards achieving the right outcome.

Organisations with a positive culture are characterised by a process of open communication and sharing information within an environment of mutual trust that enables issues to be discussed thoroughly in order to serve the best interests of the company.

Put simply, risk management works best when employees are empowered to speak up and take action when they believe there is something they need to raise.

Employees – an asset or a liability?

Your own employees can put your organisation at risk in many ways, as security threats are not always external. The greatest risks often come from within an organisation. Even wellmeaning employees can unintentionally open an unsolicited email and with the click of a link jeopardise the security of the company’s IT system.

In an era of increasing technological complexity, the threats of hacking and cyber crime, the cost of adverse incidents and ever-greater regulatory scrutiny, the effective management of employee risk can reduce the overall risk faced by an organisation. If well managed, it can provide the business with a competitive edge.

Practical steps

There is no perfect solution, but you can follow some practical steps to instilling the right culture and strategy for risk management within your enterprise:

  • Explain the risks faced by the business to your employees and the benefits of sound risk management so that it is understood by all staff.
  • Take time to explain the idea behind any risk management initiative in straightforward terms-tell them why a companywide commitment is important.
  • Allow employees to feel safe to voice any concerns about anything that could go wrong and encourage them to come forward when they see something could be done better.
  • Develop training programmes for each part of the business – consult employees on the particular risks each set of employees is likely to face and the control measures they are expected to follow to mitigate such risk.
  • Recognise good behaviours and reward them. Spell out that bad behaviours will have consequences.
  • Encourage feedback from employees and allow sufficient time for any changes in practice to be implemented.
  • Lead from the front and by example by being seen to act when risks are reported.

Utilising your workforce as part of your risk management strategy

Your employees are at the core of your business; daily operations, customer interactions, online interactions, decision making – the list of where your workforce can make the difference is almost endless. They play an integral part in the running, reputation and, fundamentally, the success of a company. It is therefore vital that the unique knowledge that employees have of their work is effectively harnessed and exploited as part of your risk management strategy and framework.

Taking the time to engage your workforce to help create a positive risk management culture will challenge them to develop new and better ways of working and deliver measurable rewards in terms of greater productivity and profitability.

If you require advice on risk management strategy or would like to know more about creating a positive workplace culture, contact Mike Wright, Risk Management and Investigations Consultant at mike.wright@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

Charity Fraud Awareness Week 2021

Posted on by Admin Admin

Charity Fraud Awareness Week 2021 is a joint-initiative from the Fraud Advisory Panel (“the voice of the counter-fraud profession”) and the Charity Commission for England and Wales (“an independent, non-ministerial government department” that “registers and regulates charities”), who launched a related website – Preventing Charity Fraud – which provides resources “on how to prevent, detect and respond to fraud committed against charities and not-for-profits.”

We’ll be publishing content in support of the cause all week on our website and our social media accounts using the campaign’s hashtag: #StopCharityFraud. In tomorrow’s article, ESA Risk’s Cyber Risk & Security Consultant, Graeme McGowan, will be covering cyber fraud and other cyber risks in the charity sector. Later in the week, Ali Twidale, Banking & Financial Fraud Consultant will look at money laundering and financial crime in charities. And Serious Fraud and Economic Crime Consultant, Lloydette Bai-Marrow, will round off the week by discussing what charities should do if they suspect a fraud has been committed.

Fraud prevention and fraud investigations is a topic we publish on regularly. We expect that much of this existing content (while created for a wider audience) will be of use to those in the charity sector looking to fight fraud:

Preventing Charity Fraud

As the Preventing Charity Fraud website states, “charities can be susceptible to fraud.” And it’s easy to see why. In a 2019 survey of more than 3,000 registered charities, the Charity Commission and the Fraud Advisory Panel found that only 9% of charities “have a fraud awareness training programme”, “almost half don’t actually have any good-practice protections in place” and “26% of charities believe they’re vulnerable to fraud because of an over-reliance on goodwill and trust”.

There’s been an increase in the number of cases of fraud in all sectors since the start of the Covid-19 pandemic. It’s likely that the situation in the charity sector is no better than it was 2 years ago, which is why initiatives such as this one are needed.

Charity Fraud Awareness Week comprises a number of online and in-person events aimed at those working in the charity sector.

Outside of Charity Fraud Awareness Week, the Preventing Charity Fraud website contains a host of practical information for those working in or with not-for-profits and charities, including downloadable helpsheets on topics such as whistleblowing, financial crime risks, volunteer fundraising fraud and charity retail fraud.

The Charity Commission and Fraud Advisory Panel’s 8 principles of good counter-fraud practice

Also on the website is the “8 principles of good counter-fraud practice” which was published in response to the findings of the 2019 survey of the sector.

The principles in full are:

“1. Fraud will always happen – being a charity is no defence. Even the best-prepared organisations cannot prevent all fraud. Charities are no less likely to be targeted than organisations in the private or public sector. Fraudsters don’t give a free pass to charitable activities.

“2. Fraud threats change constantly. Fraud evolves continually, and faster, thanks to digital technology. Charities need to be alert, agile and able to adapt their defences quickly and appropriately.

“3. Prevention is (far) better than cure. Financial loss and reputational damage can be reduced by effective prevention. It’s far more cost-effective to prevent fraud than to investigate it and remedy the damage done.

“4. Trust is exploited by fraudsters. Charities rely on trust and goodwill, which fraudsters try to exploit. A strong counter-fraud culture should be developed to encourage the robust use of fraud prevention controls and a willingness to challenge unusual activities and behaviour.

“5. Discovering fraud is a good thing. The first step in fighting fraud is to find it. This requires charities to talk openly and honestly about fraud. When charities don’t do this the only people who benefit are the fraudsters themselves.

“6. Report every individual fraud. The timely reporting of fraud to police, regulators and other agencies is fundamental to strengthening the resilience of individual charities and the sector as a whole.

“7. Anti-fraud responses should be proportionate to the charity’s size, activities and fraud risks. The vital first step in fighting fraud is to implement robust financial controls and get everyone in the charity to sign up to them.

“8. Fighting fraud is a job for everyone. Everybody involved – trustees, managers, employees, volunteers, beneficiaries – has a part to play in fighting fraud. Trustees in particular should manage fraud risks actively to satisfy themselves that the necessary counter-fraud arrangements are in place and working properly.”

Fraud-related advice and support from ESA Risk

Whatever sector you’re in, if you need advice or support on fraud prevention, we’re here to help. We’ll work with you to put in place preventative measures as part of your wider risk management strategy, covering areas including cyber security and due diligence.

If you suspect a fraud has been committed against your organisation, our experienced Investigations team – including a former principal investigative lawyer with the UK government’s Serious Fraud Office (SFO) – can help you discover the truth.

Contact Mike Wright, Risk Management & Investigations Consultant at mike.wright@esarisk.com, +44 (0)343 515 8686 or via our contact form, to find out more.

Government proposal to reform data protection regulation

Posted on by Admin Admin

The UK Government has invited responses from stakeholders within an evidence-based approach to developing a risk-based data protection framework fit for the future.

As data is considered to be the driving force of the modern economy and one of the most important resources in the world, the aim of the process is to seize the opportunity from new regulatory freedoms following Brexit to build a framework of laws based on common sense, not a box-ticking exercise. The aim is to build on key elements of GDPR, not to water down the current legislation. The clear message is that protection of personal data must remain at the core of any new regime to maintain public trust.

The plan has been described as bold, well thought out and much needed in the context of criticism from businesses who have found the existing regulations to be complex and unclear creating uncertainty and a barrier to data access. The reforms will introduce a more flexible regime and encourage organisations to use data responsibly.

The key changes proposed include removing the need to:

  • Appoint a DPO, either in all cases or just in public bodies
  • Conduct a data protection impact assessment (DPIA)
  • Consult the Information Commissioner’s Office (ICO) regarding high-risk processing
  • Keep records of processing activities.

The wider reforms include the creation of an ‘exhaustive’ list of situations where the legitimate interest test will apply without having to conduct a balancing exercise, aimed at creating greater certainty for business when complying with the legitimate interest test without a detailed analysis.

The regime will also allow the use of data for AI projects and other innovations. There are specific provisions for AI, such as allowing the use of data to monitor bias in AI systems and allowing the use of personal data for research by widening the situations where data can be used for new purposes.

There will be no change to the central principles of GDPR; the data protection principles and the lawful bases for processing remain intact. The division between controller and processor will also stay.

The strict requirements within GDPR will be replaced by a more flexible obligation to implement a ‘privacy management programme’. The changes will not amount to a bonfire of the GDPR regulations as there will remain obligations to create defined roles and responsibilities for data protection including a designated individual to take responsibility for the programme and be a contact point for the ICO. The move is intended to encourage organisations to invest effectively in the process of governance, policies, people and skills that protect personal data with an outcomes-based focus.

The proposal also aims to reform the ICO and its powers, including measures to move the ICO away from handling high-volume, low-level complaints to dealing with the most serious cases.

Within its impact assessment, the government anticipates the changes will create cost benefits of £1.04 billion over 10 years by removing the barriers to responsible data use. That figure could rise to £1.45bn if adequacy status with the EU is retained. The changes are expected to benefit small and medium sized businesses proportionately more.

It remains to be seen whether the responses from stakeholders encourage the government to go further in reducing the burden on business of the existing GDPR regime towards a more radical reform without jeopardising its adequacy status with the EU, which is vital to the free transfer of data between the EU and the UK.

If you need further advice and support on compliance issues, look no further than ESA Risk. Our risk management and business consulting teams are here to help your business manage risk, excel and grow. Contact Mike Wright, Risk Management and Investigations Consultant at mike.wright@esarisk.com, on +44 (0)343 515 8686 or via our contact form.

How ESG can help your business

Posted on by Admin Admin

Every business has an impact on the environment, responsibility for social issues and a need to promote good governance. Awareness of ESG and sustainability issues has become heightened as a result of the Covid pandemic as the resilience of every business has been tested by such an extreme and unforeseen event. It is more important than ever for a company to promote a strong ESG strategy and consider the ways in which it can be followed in practice.

For investors evaluating where to put their money, companies adhering to ESG criteria are likely to be perceived in a better light than those not doing so. From a regulatory and reputational point of view, ESG can help investors avoid companies that might be problematic in the future.

E – Environmental

Environmental aspects of a business include any impact the company is having on the environment, for instance:

  • Energy wastage or contributing to pollution
  • Animal cruelty
  • Land-related contamination
  • Hazardous waste products or toxic emissions.

Consider the energy usage of the company, its carbon footprint and the waste it creates that has to be processed. During a year in which the world will gather to address the urgent need for action on climate change at the UN COP 26 conference never has this issue had greater prominence. Every company has to take its environmental impact seriously by considering its energy use and its effect on the environment.

S – Social

Social refers to the way a business manages relationships with:

  • Their employees (including working conditions; health and safety; equality, diversity and inclusion; and so on)
  • Their customers
  • The companies they work with (suppliers, partners, etc.) and the ethics of those companies
  • The communities they impact.

How a company fosters its people and culture is how the company will be perceived and determine its reputation. A strong social policy enables a sustainable and resilient business, attractive both to prospective employees and investors alike.

G – Governance

Governance is the way a business manages internal and external affairs, including systems of policies and procedures followed by the company the such as:

  • The credibility and responsibility of its directors, including in managing shareholder interests
  • Board of directors to be diverse and inclusive
  • Political affiliations and donations
  • Audits and accounting methods
  • Legal and regulatory compliance.

A company meets governance requirements by meeting regulatory obligations and following best practices, procedures and control measures to govern itself and meet the needs of investors and stakeholders.

Why ESG matters for any business

Companies faced with increased costs or falling revenue as a result of the pandemic are bound to ask why they should be concerned with this issue when they have more pressing priorities. The answer is that by paying attention to ESG issues does not impact on returns, in fact it makes good financial sense.

What are the benefits of a strong ESG strategy?

There can be multiple benefits of implementing a robust strategy:

  1. It can create top line growth by attracting customers looking for sustainable products and producers.
  2. Protects human and social capital through measures such as addressing health and safety issues and the interests of employees. In the long-term this leads to an increase in employee engagement and productivity.
  3. Building supply-chain resilience and sustainability and thereby creating downside risk protection.
  4. Increases the likelihood of attracting investment and government support. Investors are looking for businesses with a strong ESG offering to protect their interests and those of their stakeholders.
  5. Attracts more customers that are concerned about a businesses’ environmental and ethical stance.
  6. Operating cost reductions can be achieved through optimising the use of resources such as energy and water.
  7. Sustainable practices can reduce the risk of regulatory intervention and in turn better investor relations.

Similarly, the costs incurred by a company can be reduced as an effect of ESG. For instance, by taking environmental responsibility seriously – improving operations and manufacturing processes, recycling waste and reusing it in production – companies can reduce their running costs.

Ensuring social compliance also has a positive effect, as it encourages new customers and suppliers to interact with and fund the business. Having a system in place that protects and rewards employees will result in a content and motivated workforce, which in turn enhances the performance of a business.

What should companies focus on?

Any company understands the risk of failing to act on sustainable practices. More countries are enacting regulations aimed at compliance such as carbon taxes and many investors have built ESG into their investment portfolio strategies. In fact the data suggests that companies that incorporate sustainability and ESG into their business model are likely to outperform their non-compliant competitors.

The focus should be on the issues that are at the core of the business and identifying measurable criteria for an ESG program that can be followed in practice. By reporting on progress towards the goals set for itself the company can demonstrate to stakeholders its commitment to integrating ESG into its risk framework of sound governance.

ESG can be measured by metrics or reporting frameworks that help assess the compliance of a business. The Sustainability Accounting Standards Board (SASB) is an example of a body that provides insight into ESG data for prospective investors, helping them to determine the ethics and sustainability of a corporation.

An ESG and sustainability strategy is no longer just a matter of business ethics, it forms a significant part of any company’s long-term enterprise risk management strategy closely allied to its vision and direction. The creation and implementation of a solid ESG framework therefore goes hand in hand with building business resilience and long-term value for stakeholders.

Risk management: 5 areas you should be focusing on

Posted on by Admin Admin

As risk cannot be eliminated in its entirety, the question is how to deal with the issue effectively without putting the business and its managers in a straitjacket. Risks must be identified, evaluated and controlled to allow the business to function and grow.

The purpose of effective risk management is to enable the company to prepare for foreseen risks that may materialise and take steps to prepare for such events by putting in place the best systems to reduce or minimise the risk to manageable levels.

A sound strategy should not compromise the company’s appetite to take risks or engage in a risky venture. On the contrary, it will enable better decision making within a company that is alive to the risks involved in its operation and armed with a strategy of mitigation.

There are 5 principal areas to consider:

1. Avoidable risk

These include risks that can be controlled from within the organisation, such as employee unauthorised acts or failures to abide by company procedures. Such risk ought to be avoided by a compliance-based approach, such as background checks during the recruitment process and double-signature requirements when dealing with invoices or cheques.

Also, injury in the workplace can cause losses to productivity, so health and safety procedures and training must be in place.

2. Strategic risk

Any company must assume certain risks to be able to generate returns from its business strategy. Such risk is not inherently undesirable but cannot be managed through a rules-based process. Instead, you need a risk management programme to reduce the likelihood of risk materialising and mitigate its effects should it occur.

In order to maintain financial processes within a company, consistent accounting procedures should be put into place to monitor accounts and track cash flow.

3. External risk

There are many risks outside the company’s control or sphere of influence, such as natural disasters or a pandemic. These require another approach to identify them and devise a mitigation strategy.

For instance, environmental risks such as fires, floods or power outages can be prepared for by carrying out maintenance check-ups and safety inspections, putting fire escape procedures into place, and training staff.

As the world evolves, the workplace must adapt along with it, so regularly monitoring risk management strategies is imperative in keeping systems relevant and ready to face external risks.

4. Technological risks

Areas to focus on must now include the company’s IT systems, as all companies rely heavily on digitised systems to enable them to do business. Threats include data breaches, cyber risks and outages that threaten the very existence of the company. Any risk management plan must therefore include the IT systems to spot and control the risks to digital assets, including digital and non-digital backups and keeping company computers up-to-date.

With a well thought-out programme of analysing the threats and risks to the business IT infrastructure, the company will be able to prevent IT disasters before they happen. Although an insurance policy can act to transfer risk, it treats the symptom not the cause; money cannot recover lost data or repair the damage to a company’s reputation.

No company – however small – should operate without a disaster recovery plan and cost-effective means of protecting data from potentially catastrophic loss as part of its overall risk strategy.

5. Third-party risks

When outsourcing IT to third-party providers, there is the risk of those providers not being compliant or having appropriate security standards. Giving outsiders access to your systems introduces the risk of intellectual property theft, network intrusion and more.

Third-party risks can be combatted by conducting risk assessments and audits to screen third-party distributors and suppliers. Monitoring is an important part of due diligence, alongside in-depth inspections into the companies you are working with.

The benefits of a robust risk management programme

The creation of a safe and secure working environment has multiple benefits. A dependable health and safety policy followed in practice creates an engaged workforce that is less likely to be absent and with lower turnover of staff. Fewer avoidable accidents also mean reductions in costs of claims, legal action and insurance premiums. Healthier and happier employees are better motivated which in turn improves productivity.

The advantages of having a solid risk management strategy serve to improve the stability of the business and protect its operations from events detrimental to its interests. Guarding against the risks identified by the implementation of the policy will provide the company with a competitive edge. A company with a robust risk policy is a more resilient, better-run company.

A solid risk management framework forms an essential part of meeting a company’s wider environmental, social and governance responsibilities, thereby enhancing the business’ reputation for corporate responsibility among investors, customers and the community in which it operates.

Fraud prevention in 5 steps

Posted on by Admin Admin

With financial criminals working in a fast-paced, digital environment, the number of commercial fraud cases soared in 2020, totalling to over £220 million in London and South East England alone, as shown in KPMG reports. The Crime Survey for England and Wales estimated a 15% increase to £3,863,000 lost by offences in the same year.

Alongside the financial dent of fraud on businesses, is the risk it poses to the reputation and confidentiality of your organisation. But this can be avoided by following these 5 straightforward steps that will help you take control of the risk of fraud.

Fraud prevention steps

1. Know your staff

Be vigilant when hiring employees – conduct background checks, consider social media accounts, run credit reports and enforce employee policies. Employees may abuse their access to sensitive information or bank details, but safeguards as simple as a DBS check and review of prior job references can help you avoid potentially damaging hires. Other preventative techniques include mandatory holiday time off, job rotation and creating a hotline for whistleblowers. Furthermore, hold fraud training sessions for both online and offline security threats, as well as training for the proper use of handling confidential data.

2. Keep records

Keep a record of transactions, financial details and arrangements with external suppliers. Ensure there is data stored on the company finances, and that payment amounts match invoices. Make sure you are aware of all paper documents to avoid information getting into the wrong hands. Mail, credit card information and cheques need to be securely stored and printed financial statements or sensitive papers should either be shredded or safely recorded. Ensure you have a record of all transactions; in case you have paid for fraudulent services or have received incorrect details.

3. Monitor analytics

Conduct random audits to ensure your balances, income statements and cash flow are all in order. Monitor accounts using advanced analytics for a full view of any vulnerabilities within your organisation- these ensure detection of preliminary signs of fraud. By making use of the right technology and IT systems, you are more likely to pick up fraudulent activity in its early stages, rather than waiting for human detection which allows the rate of fraud to exponentially increase over time. Monitoring systems enable your organisation to stop the multiplication effect of fraud before it grows into a larger financial loss. They detect and flag up the anomalies and inconsistencies that point towards fraudulent activity early enough to save you from losing more money.

4. IT Protection

Your digital information is most at risk from hackers and online fraudsters, so ensure company computers are secured with firewalls, anti-virus and malware detection software. Internet controls are also vital, and you should avoid entering personal passwords or payment methods into public computers.

Documents are at a high risk of being accessed through data breaches, or by malware and ransomware. To avoid this, install cyber security services or sign up to Anti-Money Laundering schemes. SARS (Suspicious Activity Reports) are also highly efficient in recognising fraud. Make sure you are updated on regulatory developments in places you operate, whether that be the UK or globally, so that your SARS remain relevant to the current jurisdictions.

5. Get help from partners

Risk management organisations can help you assess and mitigate fraud risks, and work towards fraud prevention. ESA Risk’s consultants include specialist fraud examiners, such as Lloydette Bai-Marrow, a former principal investigative lawyer with the UK Government’s Serious Fraud Office (SFO). Lloydette recommends companies remain diligent and aware of the risks of fraud, especially in light of the Covid-19 pandemic: “Business owners must be militant in evaluating risk assessment and profiling their employees; those that are vulnerable and may feel justified to commit fraud, and those that are working from home without any enforced security.”

While investing in technology is important, so is making best use of your workforce. ESA Risk can work alongside your compliance and intelligence teams and help strengthen the resilience and experience of your employees through training and consultancy. Mitigation works by combining and investing in IT and human resources to maximise security and awareness of fraud.

Cases of fraud in the pandemic

Posted on by Admin Admin

Cases of fraud reached a concerning high during the Covid-19 pandemic. Various types of fraud have been committed by false phone calls, email, text message or in-person visits. Healthcare fraud, in particular, has risen in light of the development of coronavirus vaccines, as individuals have attempted selling a false vaccine by impersonating NHS officials and going in-person to administrate it. Not only is this fraudulent but potentially endangers people’s health also, alongside the selling of fake Covid-19 tests, defective surgical masks and medical supplies.

Social media is another medium used to commit fraud, especially through clickbait and the sale of misbranded products. The national lockdown has meant more people are online shopping, which has opened the door to higher cases of retail fraud and false selling on Instagram and other websites. Action Fraud has reported that over 16,352 online shoppers have fallen victim to fraud since the pandemic started, alongside the vast amount of people that have been lured by fake online auctions and false online advertising of trading and investing schemes that are unwittingly promoted by celebrities on social media.

The changing restrictions on travel have also given way to instances of fraud that involve bogus refund offers and travel deals. Individuals have been stealing personal information and banking details through these scams, leaving many people seeking bank refunds and filing online reports to get their money back.

One example of a Covid-related scam was a text message claiming to offer government refunds as a response to the pandemic, reading ‘UKGOV: You are eligible for a Tax Refund as a result of the Covid-19 pandemic. Please fill out the following form so that we can process your refund.’

Further example cases of fraud in the pandemic include:

  1. Criminals sending fake emails designed to look like they are from government departments offering grants of up to £7,500. The emails contain links which steal personal and financial information from victims.
  2. Fraudsters sending scam emails which offer access to ‘Covid-19 relief funds’ encouraging victims to fill in a form with their personal information.
  3. Criminals targeting people with official-looking emails offering a ‘council tax reduction’. These emails, which use government branding, contain links which lead to a fake government website which is used to access personal and financial information.
  4. Fraudsters preying on benefit recipients, offering to help apply for Universal Credit, while taking some of the payment as an advance for their “services”.
  5. Criminals sending phishing emails and links that impersonate the NHS Track and Trace system, claiming that the recipient has been in contact with someone diagnosed with Covid-19. These lead to fake websites that are used to steal personal and financial information or infect devices with malware.

How to avoid being targeted

Be mindful of the vendors you trust and buy from. Scammers are selling unapproved products that claim to treat or prevent Covid-19. Offers to purchase Covid-19 vaccination cards are scams, as these can only be obtained through legitimate providers. If a company or individual is asking for an image of your vaccination card for ‘proof’ of something, do not share it, as this is how they achieve identity fraud.

Be diligent on the phone. Official suppliers will not be calling around offering Covid tests or medical supplies. Furthermore, the government will not be offering payment schemes to move you to the front of the queue for a vaccine, or require personal information in order for you to receive the Covid-19 vaccine, so beware fraudulent phone calls in relation to this. Any caller that is asking for your personal information, medical history or banking details should not be trusted without due diligence checks.

Be wary of email hyperlinks or text messages from unknown senders related to Covid-19. Fraudsters may send false offers advertising Covid-19 testing but make sure that any appointments made are at an official testing site. Scammers might also pretend to be contact tracers; remember that legit tracers won’t ask for personal information.

Further steps to take to avoid Covid-19 related fraud

  • Only share personal health information with known medical professionals.
  • Be wary about work from home scams and ‘opportunities’ circulating on social media.
  • Don’t respond to robocalls that are selling medical supplies, or companies that are demanding advance payments.
  • Be mindful of fraudulent emails asking for donations to healthcare, or any unexpected communications that require you to enter your bank details and contribute money.
  • Be mindful that some ‘free’ healthcare offers will ask for your personal information and then use it for fraudulent purposes. Don’t give out personal details unless it is to a trusted source.
  • Hyperlinks related to healthcare services might be infected with malware or viruses that can infect or hack your computer. You can check links by using ‘Scan URL’ or using a secure browser such as Norton Safe Web.
  • Be aware of government imposter schemes and campaigns that are offering pandemic relief money or refunds.

Covid-19 vaccines are free, so any requirements to pay for one are a scam and should be avoided at all costs. There are fraudulent ‘vaccines’ going around via a text message that reads ‘we have identified that you are eligible to apply for your vaccine’ with a link to a fake NHS page which asks for bank details.

If you think you have been contacted by an unreliable party, run the ‘scam’ test:

‘S’- seems too good to be true

‘C’- contacted out of the blue

‘A’- asked for personal details

‘M’- money is requested

Deep dive for the answers you need
TAKE A DEEP DIVE
Or contact us on +44 (0)343 515 8686 or at advice@esarisk.com.

Deep dive for the
answers you need

Lawyers, accountants, advisors, investors, senior
management. You name them, we help them find the answers
they need. Ready to discover how we can help you?

Take a deep dive
Continue browsing