Principle 1: It starts at the top - ECCTA Countdown to Compliance

The Government published reasonable procedures on 06/11/2024, highlighted below:

The fraud prevention framework put in place by relevant organisations should be informed by the following six principles:

1.    top level commitment
2.    risk assessment
3.    proportionate risk-based prevention procedures
4.    due diligence
5.    communication (including training)
6.    monitoring and review

These principles are intended to be flexible and outcome-focussed, allowing for the huge variety of circumstances that relevant bodies find themselves in. Procedures to prevent fraud should be proportionate to the risk.

To assist with preparations and as part of our commitment to clients and organisations, we will be reaffirming the Government’s guidance on each of the six principles in the lead up to the September deadline, commencing with principle one ‘top level commitment’.

Principle one — top level commitment

1.0 Top Level Commitment

Responsibility for the prevention and detection of fraud rests with those charged with the governance of the organisation. The board of directors, partners and senior management of a relevant body should be committed to preventing associated persons from committing fraud. They should foster a culture within the organisation in which fraud is never acceptable and should reject profit based on, or assisted by, fraud.

Senior management have a leadership role in relation to fraud prevention. The level and nature of their involvement will vary depending on the size and structure of the relevant body, but their role is likely to include:

• communication and endorsement of the organisation’s stance on preventing fraud, including mission statements
  
  
• ensuring that there is clear governance across the organisation in respect of the fraud prevention framework
• commitment to training and resourcing
• leading by example and fostering an open culture, where staff feel empowered to speak up if they encounter fraudulent practices

1.1 Communication and endorsement of the organisation’s stance on preventing fraud

Effective formal statements to demonstrate the commitment by senior managers within the relevant body may include:

• a commitment to reject fraud, even if this results in short term business loss, missed opportunities or delays
• articulation of the business benefits of rejecting fraud (reputational, customer and business partner confidence)
• articulation and endorsement of the relevant body’s policies or codes of practice on fraud prevention and its key fraud prevention procedures
• naming the key individuals and/or departments involved in the development and implementation of the organisation’s fraud prevention procedures
• articulation of the consequences for those associated with the relevant body of breaching the policy on fraud. This may include contractual clauses where appropriate
• reference to any membership of collective action against fraud. For example, through initiatives undertaken by trade bodies, etc

The style and method of communication may vary depending on the target audience. For example, communications aimed at the relevant body’s contractors may be different from those aimed at employees.

1.2 Ensuring that there is clear governance across the organisation in respect of the fraud prevention framework

Organisations should ensure that there is clear governance in respect of the fraud prevention framework.

In some organisations, it may be appropriate for senior management to be personally involved in the design and implementation of fraud prevention measures. In other cases, senior management may delegate this task to the Head of Ethics and Compliance or a similar person who is responsible for the organisation’s financial crime compliance and prevention.

Best practice is likely to reflect the following elements:

Designated responsibility for:

• horizon scanning for new fraud risks
• approving the assessment of risk
• developing and implementing fraud detection measures
• developing, implementing and testing fraud prevention measures
• ensuring that appropriate management information is collected and shared to enable senior managers to understand the risks and the effectiveness of fraud prevention procedures
• developing and implementing disciplinary measures relating to the breach of the relevant body’s policies
• whistleblowing
• investigations if fraud is detected or suspected
• monitoring and review of the framework
• ensuring that the Head of Ethics and Compliance (or similar person) has direct access to the board or CEO as they think necessary, even if their primary or day-to-day reporting line is to another senior leader or a committee
• reporting to the board as appropriate
• reviewing the fraud prevention framework and its implementation
• minuting decisions and actions
• maintaining governance when members of staff move to other positions, leave the organisation or are off work with illness

1.3 Commitment to training and resource

Best practice is likely to include:

• senior managers commit to allocating a reasonable and proportionate budget specifically for the leadership, staffing and implementation of the fraud prevention plan, including training: this budget could encompass not only personnel costs but also funding for technology that may include third party due diligence, platforms and related due diligence tools
• senior managers commit to resourcing the fraud prevention plan over the long term
• senior managers commit to sustaining anti-fraud practices when key members of staff are on annual leave, or off work with illness, or when they leave the organisation

1.4 Leading by example and fostering an open culture

Early action can prevent fraudulent practices from taking hold. Senior managers have a leadership role in fostering an open culture where staff are encouraged to speak up early if they have any ethical concerns, no matter how minor.

According to an article in the CPA Journal, fraudsters often rationalise fraud by a variety of techniques:

• focus on the bigger mission (“someone needs to do this to save the business”)
• focus on responsibility (“it was a group decision”, “it’s the auditors’ job to catch this”, “everyone does it”)
• focus on the consequences of the act (“it is not material”, “I am levelling the field”)
• focus on the victim (“fraud is a victimless crime”, “it’s their duty to exercise proper due diligence”)

Senior managers can show leadership by challenging these arguments proactively, pointing out the effects of fraud on the business, other colleagues, the sector and public trust. This position may be codified in the organisation’s code of ethics or other ethical policies.