How to Create an Anti-Fraud Training Program
Previous

Anti-fraud training can help your employees defend your business from financial fraud.

Financial fraud is an ongoing problem for businesses, and criminals are using increasingly sophisticated methods to perpetrate these crimes. Data shows that 8 in 10 organizations were targeted by con artists in 2019, and companies lost over $1.7 billion to business email compromise alone. Criminals are targeting organizations of all sizes, and small businesses are particularly vulnerable.

Awareness and employee training are key to protecting your business against fraud, says Jeff Anderson, SVP of Corporate Security at Regions Bank. While smaller organizations may not have the budget to invest in external training, they can still effectively train their employees to spot and prevent fraud.

Creating a Fraud Training Program

These tips and resources can help guide you through the process of developing your company’s fraud training program.

1. Convey the importance of fraud prevention

In order to improve the effectiveness of your fraud training program, it’s important to help employees understand the potential impact of fraud and what it could cost them. “In addition to the dollar loss, your brand or company reputation may be damaged, and morale can be down throughout the company. Vulnerability makes for a poor work environment,” explains Anderson.

“Creating a company culture where payment fraud can’t thrive is so critical,” explained Jon Kucharski, Head of Fraud Transaction Strategy in the Winter 2020 issue of Commercial Insights Magazine. “Building an environment where everyone owns fraud will foster this culture.”

2. Train employees to spot red flags

Your employees are the gatekeepers of your organization and training them to spot the signs of business email compromise and phishing attempts can enable you to more effectively protect your business.

“There are many red flags that a well-trained employee should be able to spot,” says Anderson. For example, both phishing attempts and business email compromise typically rely upon spoofed or lookalike email addresses. At first glance, the email may appear to be coming from a person or organization you trust, such as your company’s CEO, a client, or your financial institution.

“Train employees to always check the sender’s email address, particularly if an email pertains to a payment request or other financial matters,” says Anderson. “They can change one or two characters — for example, a criminal could send an email from region.[4] com instead of regions.com. While this is very simple, it can open someone up to a fraud scheme.”

To help supplement your fraud training program, we’ve created a video outlining some of the most common red flags your employees should be on the lookout for.

3. Encourage employees to verify details

One of the most effective ways to safeguard your business against fraud is to create a process that encourages your employees to stop and verify details, even if it creates minor delays. It’s important to train employees to pause, question and verify new information before completing transactions, explains Kucharski.

Scammers commonly create lookalike email addresses and impersonate someone the recipient knows, such as a CEO, accountant, or an approved vendor. They may ask for payment or request a change in payment terms, and these requests can be quite believable. They’ll often use information gleaned from public records, social media posts, or even phishing attempts in order to perpetrate their crime.

“In general, employees should verify anything that stands out, doesn't belong, or perhaps doesn’t make sense,” says Anderson.

If an employee receives an email asking for a payment or requesting a change in vendor payment terms, they should call the vendor to confirm the details of the request before taking any action. When doing so, employees should be mindful that any contact information listed in the email could be controlled by an impersonator. As such, it’s important to only make contact using an email address or phone number known to you.

4. Establish checks and balances

One of the most impactful ways to prevent suspicious transactions is by modifying your process to include multiple checks and balances.

Anderson advises institutions to establish dual approval for all transactions that exceed a certain dollar amount. Some online banking platforms, such as Regions’ iTreasury platform, allow you to establish specific permissions based on each user’s role, streamlining the dual-approval process.

Kucharski suggests that companies consider adding some ‘pause points’ in their process for verification. Consider establishing a dual approval process for other types of requests, like when a vendor or client asks you to wire money to a different location.

Ultimately, requiring two sets of eyes on large transactions or unusual requests decreases the chance of a fraudulent payment going through. Likewise, dual controls can also make it much more difficult for internal team members to commit fraud.

5. Create a clear reporting process

When fraud does occur, time is of the essence — particularly when fraud is committed by individuals located outside of the United States. “Once a wire goes across the country or overseas, it becomes much more difficult to recover the funds,” Anderson explains.

As such, it’s important that your employees not only know how to report fraud, but also that they feel comfortable doing so, particularly in cases where the employee themselves might have made an error. Reassure employees that any reports will be handled both confidently and with care.

Some companies find it helpful to establish tip lines or mailboxes where employees can report fraud without exposing their identity. According to Anderson, this can reduce some of the pressure associated with reporting suspicious activities, particularly in cases where an individual is reporting a colleague.

6. Make fraud awareness an ongoing initiative

While annual training might be sufficient, companies should consider holding trainings every six months in order to include any new scams or tactics as they arise, Anderson explains. “Many companies simply conduct fraud training during employee onboarding, but that isn’t enough. Consistency with training is very important.”

Also, remember that fraud training can take many forms. For example, you may consider testing your employees on anti-fraud measures they’ve learned in training courses. Further, sharing resources like articles and videos with your team on an ongoing basis can help keep fraud front-of-mind. If you’re in an industry that’s particularly vulnerable to fraud, you may also wish to post a visual checklist in your workplace.

To help supplement fraud training, we’ve created an infographic for companies to share with employees. We welcome you to print the graphic and hang it in your workplace in order to help ensure that fraud is always front-of-mind for your employees or forward it to your team via email.

 

To download this infographic, simply right click on the image and click “Save Image As.”

Finally, Anderson points out that one of the best ways to improve the effectiveness of your fraud training program is to ensure that senior leadership is setting a good example. “Fraud training needs to be done from the top down,” he explains. “It’s hard to expect lower-level associates to be actively engaged if they don’t see supervisors actively engaged in the training.”

For more fraud prevention resources and insights, visit regions.com/fraudprevention.

Next

This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional concerning your specific situation and irs.gov for current tax rules. Regions, the Regions logo, and the LifeGreen bike are registered trademarks of Regions Bank. The LifeGreen color is a trademark of Regions Bank.

Regions provides links to YouTube and other websites merely and strictly for your convenience. The site is operated or controlled by a third party that is unaffiliated with Regions. The privacy policies and security at the linked website may differ from Regions' privacy and security policies and procedures. You should consult privacy disclosures at the linked website for further information