Finance Leadership Blog

Here you'll find insights, trends and tools to help you excel as a finance leader.

THE Most common type of Business Fraud I've seen

founders risks Oct 22, 2022

Not the most ground-breaking topic, but a necessary one!

The most common fraud I see is when a “supplier” requests to change their bank details.

It’s so common, that I have seen this 3 times in the last couple of years and in one instance, procedures weren’t followed, and the business lost £14,500.

I'm sure there are plenty of larger examples around - but most fast growth businesses I know can't afford this kind of write off.

While card fraud is still one of the highest types of financial fraud, banking fraud such as this was still £160m in 2020 in the UK alone*.

While looking around for some statistics on this topic, I found Nedbank explain this process in a simple way:

How this scam works (from Nedbank website):

Victim: I've just been scammed and lost everything! 

Friend: What happened? 

Victim: I got an email from my largest supplier saying that their banking details have changed. The invoice also contained their new banking details. 

Victim: I then changed their banking details on my internet banking and made the payment, on time, as I always do. But after paying the invoice, I got a call from my supplier saying that my account has not been paid and has been blocked.

Friend: Why, what happened?

Victim: Turns out it wasn’t my supplier who sent the email and invoice with new banking details, it was a fraudster. I had paid the money into a fraudster's account and now the money is gone!

 

Does this situation sound familiar?

So, what can be done about it?

Generally, putting in a process to protect the company by simply checking that the email request is legitimate.

I thought it might be useful to share what I put in place with all my clients within the first few weeks of engagement. So if you don’t have a current policy, feel free to copy any of the below that would work for your company.

 

I create an Accounts Payable process and within it is the following guidelines for any change of bank detail requests:

• Call the contact listed in the [accounting software OR CRM] contact details (NOT from the communication received) and ask the supplier if change of bank details were issued.

• Email the supplier the “change banking details form” [see details below] for them to complete and email back. (This form should be changed and issued every single year – be very wary of any change bank detail requests are made on an old template)

• Confirm that the details received back on the “change of banking details form” are accurate

• Send a notification to the vendor after the change – both letter and email (again only the details recorded in the accounting software / CRM). Do this by either taking a snapshot of the new bank details in your accounting software / banking software to ensure that fat fingers are not the reason for incorrect bank account details for future payments!

• The new bank account details entered into [accounting software or banking software] must be reviewed and approved by Finance Controller / Finance Director.

 

The Change of banking details form includes questions like:

1. What were your old bank account details? (a fraudster may not know this)

2. What was the last payment received from [your company] – amount and date received?

3. Who is your contact person at [your company]?

4. Of course: what are your new bank account details?

5. Signature

Essentially you want to ask any information that is simple enough to be completed by a junior accounting person – but not so simple for a fraudster / hacker.

 

A similar process could also be formed for New Suppliers. This is less of a risk, especially as many suppliers are engaged directly through their own website, but some suppliers could be more prone to fraud – so use your judgement.

As a starting point, I would encourage the In-house purchaser to gather information from the new supplier. Information such as:

1. Full company name

2. Company number & VAT number

3. Address

4. Telephone & Email details

 

Then checks such as

• Companies House in the UK / ASIC in Australia / Company register in your country.

• Looking at the website and who owns the domain name.

• Verify that the email address of the company's representative is writing from is in fact owned by the company.

• Anything else appropriate – such as calling the company from their website contact numbers

 

Hopefully you find some of the above useful.

If you have any more ideas on how to tighten up change of bank detail request fraud, please do let me know! 


Links:

    1. Get your FREE Guide: Stepping into the role of Finance Director or CFO
    2. Register for the mini-course, Upgrade your Management Accounts and get noticed by the business 
    3. Work with me in the Financial Leadership Foundations course  that includes monthly Q&A sessions where we can discuss all of your questions and how to apply your learnings to your current role. 
    4. Book at FLF Career Planning session.

THE FAST GROWTH CONSULTING NEWSLETTER

Resources for finance leaders, delivered right to your inbox.

Sign up for the Fast Growth Consulting Newsletter to receive weekly tips and tricks, info on our latest courses, as well as trends and tools in the finance field.

 

We respect your privacy. Unsubscribe at any time.