How to create an anti-fraud training program
Anti-fraud training can help your employees defend your business from financial fraud.
Financial fraud is an ongoing problem for businesses, and criminals are using increasingly sophisticated methods to perpetrate these crimes. Data shows that in 2023 companies lost over $2.9 billion to business email compromise alone. While criminals are targeting organizations of all sizes, small businesses are particularly vulnerable.
Awareness and employee training are key to protecting your business against fraud, says Don White, Head of Corporate Security at Regions Bank. While smaller organizations may not have the budget to invest in external training, they can still effectively train their employees to spot and prevent fraud.
Creating a fraud training program
These tips and resources can help guide you through the process of developing your company’s fraud training program.
1. Convey the importance of fraud prevention
In order to improve the effectiveness of your fraud training program, it’s important to help employees understand the potential impact of fraud and what it could cost. “In addition to the dollar loss, your brand or company reputation may be damaged, and morale can be down throughout the company. Vulnerability makes for a poor work environment,” explains White.
“Creating a company culture where payment fraud can’t thrive is so critical,” says Jeff Taylor, Senior Vice President and Head of Commercial Fraud Forensics and Payment Strategy. “Building an environment where everyone owns fraud will foster this culture.”
2. Train employees to spot red flags
Your employees are the gatekeepers of your organization and training them to spot the signs of business email compromise and phishing attempts can enable you to more effectively protect your business.
“There are many red flags that a well-trained employee should be able to spot,” says White. For example, both phishing attempts and business email compromise typically rely upon spoofed or lookalike email addresses. At first glance, the email may appear to be coming from a person or organization you trust, such as your company’s CEO, a client, or your financial institution.
“Train employees to always check the sender’s email address, particularly if an email pertains to a payment request or other financial matters,” says White. “They can change one or two characters — for example, a criminal could send an email from region.com instead of regions.com. While this is very simple, it can open someone up to a fraud scheme.”
To help supplement your fraud training program, we’ve created a video outlining some of the most common red flags your employees should be on the lookout for.
To open this video on YouTube and share it with your team, click here.
3. Encourage employees to verify details
One of the most effective ways to safeguard your business against fraud is to implement the “Stop, Call, Confirm” technique. This approach requires employees to stop, question, and use known contact information to verify a change or payment before completing a transaction, explains Taylor.
Scammers commonly create lookalike email addresses and impersonate someone the recipient knows, such as a CEO, accountant, or an approved vendor. They may ask for payment or request a change in payment terms, and these requests can be quite believable. They’ll often use information gleaned from public records, social media posts, or even phishing attempts in order to perpetrate their crime.
“In general, employees should verify anything that stands out, doesn't belong, or perhaps doesn’t make sense,” says White.
If an employee receives an email asking for a payment or requesting a change in vendor payment terms, they should call the requestor to confirm the details of the request before taking any action. When doing so, employees should be mindful that any contact information listed in the email could be controlled by an impersonator. As such, it’s important to only make contact using an email address or phone number known to you.
4. Establish checks and balances
One of the most impactful ways to prevent suspicious transactions is by modifying your process to include multiple checks and balances.
White advises institutions to establish dual approval for all transactions that exceed a certain dollar amount. Some online banking platforms, such as Regions’ iTreasury platform, allow you to establish specific permissions based on each user’s role, streamlining the dual-approval process. This platform also allows users to enroll to receive alerts on items such as payments pending approval, user maintenance, and account balance notifications.
Taylor suggests that in addition to the “Stop, Call, Confirm,” approach, companies add ‘pause points’ in their process for verification. Consider establishing a dual approval process for other types of requests, like when a vendor or client asks you to wire money to a different location.
Ultimately, requiring two sets of eyes on large transactions or unusual requests decreases the chance of a fraudulent payment going through. Likewise, dual controls can also make it much more difficult for internal team members to commit fraud.
5. Create a clear reporting process
When fraud does occur, time is of the essence — particularly when fraud is committed by individuals located outside of the United States. “Once a wire transfer is made, particularly out of the country, it becomes much more difficult to recover the funds,” White explains.
As such, it’s important that your employees not only know how to report fraud, but also that they feel comfortable doing so, particularly in cases where they themselves might have made an error. If possible, try and reassure employees that any reports will be handled both confidently and with care.
Some companies find it helpful to establish tip lines or mailboxes where employees can report fraud without exposing their identity. According to White, this can reduce some of the pressure associated with reporting suspicious activities, particularly in cases where an individual is reporting a colleague.
6. Make fraud awareness an ongoing initiative
While annual training might be sufficient, companies should consider holding trainings every six months or even more often, in order to include any new scams or tactics as they arise, White explains. “Many companies simply conduct fraud training during employee onboarding, but that isn’t enough. Consistency with training is very important.”
Also, remember that fraud training can take many forms. For example, you may consider testing your employees on anti-fraud measures they’ve learned in training courses. Further, sharing resources like articles and videos with your team on an ongoing basis can help keep fraud a focus. If you’re in an industry that’s particularly vulnerable to fraud, you may also wish to post a visual checklist in your workplace.
To help supplement fraud training, we’ve created an infographic for companies to share with employees. We welcome you to print the graphic and hang it in your workplace in order to help ensure that fraud is always front-of-mind for your employees or forward it to your team via email.
To download this infographic, simply right click on the image and click “Save Image As.”
Finally, White points out that one of the best ways to improve the effectiveness of your fraud training program is to ensure that senior leadership is setting a good example. “Fraud training needs to be done from the top down,” he explains. “It’s hard to expect lower-level associates to be actively engaged if they don’t see supervisors actively engaged in the training.”
For more fraud prevention resources and insights, visit regions.com/fraudprevention.
Related Insights
-
Podcast
-
Calculator
