Whether it’s internal mistakes or deliberate deception, workplace fraud poses real financial and reputational risks for small businesses.
You may not be aware, but there is also a new law that establishes a corporate criminal offence of “failure to prevent fraud” (introduced on 1st Sptember 2025) under the Economic Crime and Corporate Transparency Act 2023 that aims to help increase transparency, disrupt economic crime and strengthen national security.
Although aimed at UK’s large businesses (over 250 employees or £36M t/o or £18M assets), this new legislation provides useful guidance for all organisations on fraud prevention. According to Gov.uk, fraud accounts for around 40% of all crime in England and Wales. Research undertaken by Visa last year revealed that more than two fifths of small to medium-sized businesses in the UK have been a victim of fraud, with the average amount lost due to fraudsters being nearly £4000. It’s also highly likely that larger businesses will require all organisations in their supply chains to demonstrate reasonable fraud prevention procedures to help show their compliance.
There are many and varied ways that fraud can occur in small businesses from both internal and external sources, for example:
- Payroll Fraud: overstated hours and overtime, ghost employees receiving fictitious wages, misrepresenting roles or hours to gain benefits.
- Expense Claim Fraud: inflated or fake receipts submitted (including AI generated fakes), personal purchases disguised as business expenses, double-claiming the same receipt.
- Procurement Fraud: collusion with suppliers for kickbacks, inflated supplier pricing passed through to the company, favouring suppliers and bypassing fair procurement.
- Invoice and Payment Diversion Fraud: fake invoices submitted by fraudsters posing as legitimate suppliers, bank account details changed via phishing emails.
- Asset Misappropriation: theft of stock, tools or equipment, misuse of company vehicles or fuel cards for personal benefit.
- Data and Intellectual Property Theft: downloading client lists, unauthorised access to sensitive data for personal or competitive advantage, sharing trade secrets with competitors.
- False Representation by Third Parties: contractors exaggerating qualifications or licenses, bogus subcontractors billing for work not completed, online scams targeting small businesses through fake business directories or advertising packages.
- Financial Statement Fraud: manipulating accounts to secure loans or investment, underreporting income to evade tax, overstating turnover to gain credit or partnerships.
- Charity and Community Fund Fraud: donations or grants siphoned off or used inappropriately, misrepresentation of charitable status for tax or funding benefits.
- Cyber-enabled Fraud: phishing emails designed to steal login credentials, ransomware locking critical business files, fake domain registrations mimicking a company to scam clients or customers.
So what should small businesses be doing to protect themselves?
Their best defence is to establish reasonable fraud prevention procedures and carry out regular checks. This following approach provides some practical guidance aimed particularly at the small business:
1. Establish a strong ethical culture with top level commitment, to help champion transparency, honesty and accountability, supported by clear codes of conduct and an anti-fraud policy that are communicated throughout the company and to key stakeholders.
2. Assess current systems and identify vulnerabilities by carrying out risk assessments across different areas of the businesses, including supply chains and partnerships.
3. Implement internal controls and reporting mechanisms eg always undertaking pre-employment checks, defining who checks invoices and expenses, documenting how payments and transactions are approved, taking inventories of company property and devices, vetting partnerships, recording all gifts and hospitality, taking precautions to protect and back-up IT systems and carrying out financial audits and spot-checks on a regular basis.
4. Deliver training to employees to stress the importance of ethical decision-making, accuracy and vigilance when carrying out tasks, regulatory compliance and how individuals can help reduce exposure to risk and prevent fraud. Provide ongoing refresher training to keep knowledge up-to-date. Supplement with scheduled reminders, monthly posts, and bulletins to reinforce awareness. Use simple quizzes, discuss anonymized mini-cases and give ‘what would you do if…’ scenarios.
5. Establish safe and secure whistleblowing mechanisms to support an ‘open’ culture where raising concerns is valued and encouraged – eg if something feels off or suspicious, speak up – it’s not about blame, but catching mistakes/problems/scams early.
By taking these steps, businesses can not only demonstrate their commitment to fraud prevention, but adopt a more proactive approach to help protect themselves, as well as the wider business community, from fraudulent activity.