Three Steps to Relatable Fraud Training

[November's most-read weekly email newsletter follows - sign up here.]

Fraud training means defining fraud

The title may sound like a statement of the staggeringly obvious, but I'm wondering if it might explain why fraud awareness training remains the exception, not the norm. This week is International Fraud Awareness Week, and the helpful folks at the Association of Certified Fraud Examiners compiled the graphic below (among many others). According to the ACFE's data, not having fraud training leads to nearly double the fraud losses.

In our Fraud Prevention Survey (mainly completed by European mid-caps), we asked how people felt about their fraud prevention training. 56% of respondents scored themselves 'low' and 44% 'medium.' There were no high scores. Training scored lower than any other element of compliance (policies, assessments, monitoring, etc.).

The questions we asked included:

💡 Are employees regularly trained and made aware of economic crime and fraud prevention measures?

💡 Is there role- or function-specific fraud prevention training for employees in high-risk positions?

💡 Is there a process to assess employees' understanding and retention of fraud prevention training? The answers here were terrifying (83% have no process).

💡 Rate the quality and comprehensiveness of fraud training programs. (5-point scale: Poor to Excellent).

So, what's happening? Why are Europeans lagging behind the US (where much of the ACFE's data comes from)

I don't know, but I wonder if defining fraud would help.

During pre-investment risk assessment work, I see a lot of codes and policies. Fraud might be mentioned here or there, while bribery, corruption, money laundering, and conflicts of interest are discussed in detail. Some purists might argue all those other economic crimes are technically fraud. A dictionary definition of fraud might go: "wrongful or criminal deception intended to result in financial or personal gain." By that reasoning, bribes, conflicts of interest, and the rest are fraud.

Others will define fraud more expansively. The ACFE's 'Fraud Tree' maps out all the areas in detail. Others, myself included, might (initially) take a middle road when trying to get someone (or an organisation) to consider their potential fraud exposure. Maybe something like this:

👉 Misappropriation

👉 Misuse

👉 Misrepresentation

I'd keep bribery and corruption (and AML) separate. Why? Because they're concepts a kid understands and are widely discussed and legislated. Using the three Ms above is not perfect, but it's as close to MECE (mutually exclusive, collectively exhaustive) as I can get fraud. Here, we might deal with theft (in all forms), including disbursements, under misappropriation. Misuse may seem a small category, but it's a biggy in most organisations - especially misuse of company property and assets as many embark on side hustles and other WFH risky activities (opening up cyber exposure). Finally, misrepresentation will cover the headline horror stories (financial reporting fudges) and the more vanilla issues like conflicts of interest in hiring decisions.

It's not perfect, but starting a conversation with some parameters is more helpful (I feel) than presenting this abstract concept of "fraud", which, in most of our heads, just means "fake." It's much more than that. So, if you're wondering how to get some fraud training together, see if those bucket categories help. If you're stuck, schedule a call (we've just finished developing training spanning 50+ countries on this topic for a financial services organisation, and it's been eye-opening!).

What resources next?

After weeks spent updating the website (for businesses and investors) and developing the content therein (myriad assessment tools, whitepapers, cheat sheets, etc.), I was already fried. Then, we heaped on TWO nascent AI projects. One I mentioned last week was making the newsletter, blog, and all the other content developed searchable. The developer then suggested adding the ~200 resources as optional (not free) downloadable content if people wanted to move from the ideas to the implementation stage.

Finally, we've been exploring the possibility of an intelligent assessment tool (that learns from what you do, where and how) to create rightsized assessment frameworks. Yet, somehow, it still feels like there are gaps.

So, which of these ideas, resources, or tools might you find helpful:

1. Compliance Checklist Generator: Develop a tool where users input their industry and company size and receive a tailored compliance checklist in exchange for their email. 2.
2. Crisis Management Playbook Template: Provide a customisable template for creating a crisis management plan for different types of businesses and potential crises.
3. "Top 10 Compliance Pitfalls" E-book: Create a short, actionable guide highlighting common compliance mistakes and how to avoid them. Offer it as a free download in exchange for email sign-up.
4. Compliance Training Webinar Series: Host a series of webinars on key compliance topics. Offer free registration by email and send recordings to those who sign up.
5. Compliance ROI Calculator: Create an interactive tool that helps businesses estimate the return on investment for implementing robust compliance programs.

Let me know by commenting or DM.

Contextual quote for the week:

“Change is the end result of all true learning.”

Leo Buscaglia

Need more?

Find out why the world's most ethical investors say I'm "particularly skilled at sensitively engaging with firm leadership on very tricky topics." Why SMEs we've screened as potential investments thank us for, "the deep thoughtful approach." And why Transparency International said, "We wholeheartedly recommend Rupert for his creativity, inventiveness, and professionalism - a definite 10 out of 10," after a recent collaboration.

Plus free assessments, in-depth guides on integrity risk and sustainability, two chapters of my book, and how to schedule a no obligation strategy session.

Get More