Preventing corporate fraud by strengthening risk culture

Fraud has become the most prevalent crime in modern business, accounting for 41% of all crime against individuals in England and Wales. Over £1.1 billion was lost to financial fraud in the UK during 2024, with identity fraud reports surging to 421,000 cases—a 12.5% increase—and a 76% explosion in account takeover incidents. Across the EU, losses reached €2.8 billion to EU’s financial interests and €4.3 billion in payment fraud.

These statistics signal a fundamental shift where organized and sophisticated fraud outpaces traditional crimes, often facilitated by weak or corrupt insiders. This demands comprehensive responses from organizations, particularly as new regulatory frameworks impose unprecedented accountability.

[RECORDED WEBINAR] Your Duty to Prevent Fraud: A Gateway to Assessing Your Risk Culture

***

Get weekly finance insights from The Intuition Finance Digest. Elevate your understanding of the finance world with expertly-crafted articles and podcasts sent straight to your inbox every week. Click here: https://www.intuition.com/finance-insights-the-intuition-finance-digest/

***

A stepped-up corporate accountability

The Economic Crime and Corporate Transparency Act 2023 introduced on September 1st, 2025, a new corporate criminal offense: Failure to Prevent Fraud. Organizations are now directly liable for fraud committed by associated persons—employees, agents, subsidiaries—that benefits the organization or customers.

Consequences include unlimited fines, profit confiscation, victim compensation orders, and reputational damage. Exposure scenarios include marketing “greenwashing,” finance staff manipulating figures, sales teams providing false tax information, or directors making misleading statements to induce sales.

Organizations can defend against liability by demonstrating reasonable prevention procedures. The comprehensive guidance from public agencies like the Crown Prosecution Service, Serious Fraud Office, and Financial Conduct Authority offers more than compliance—a powerful framework for analyzing organization response in all sizes.

What role does AI play in fraud detection & AML?

Beyond compliance: A framework for transformation

Six core principles provide a lens for defining and implementing fraud management programs, representing opportunities to strengthen fraud resilience and risk culture. They focus on internal attitudes, roles, processes, and mechanisms, revealing gaps between stated values and actual behaviors.

Top-level commitment: Setting the tone

Leadership commitment forms the foundation. Organizations must articulate genuine commitment to conducting “first-class business in a first-class way,” ensuring role-holders are fit and proper, with anti-fraud messaging reflecting reality.

Effectiveness from top-level requires clear governance frameworks—the “3 Lines of Defense“—along with robust mechanisms for maintaining governance during absences and crises. Organizations must maintain detailed records of debates, rationale, and decisions while ensuring leaders walk the talk through consistent example-setting. Whistleblowing mechanisms should be robust and, where appropriate, transparent rather than shrouded in unnecessary secrecy.

Financial crime is outpacing compliance

Risk assessment: Understanding the threat landscape

Effective fraud prevention begins with understanding where vulnerabilities exist. Organizations must conduct dynamic, documented risk assessments informed by peer experiences, operational reality, creative thinking, and scenario planning. The guidance recommends approaching risk assessment through the “fraud triangle” framework, examining opportunity, motive, and rationale for committing fraud.

This requires moving beyond static annual reviews to embrace data analytics, sometimes behavioral, for identifying anomalies, regular “what if” exercises, and both inherent and residual risk assessment. Organizations must understand fraud psychology, recognizing that motivations and opportunities evolve. The challenge lies in balancing thoroughness with practicality.

Risk isn’t a checklist: 10 insights on enterprise risk

Proportionate risk-based procedures: Building defenses

Control procedures must be proportionate to the risks identified, tailored to the organization’s specific circumstances. This principle demands clear documentation justifying decisions, avoidance of duplication, and realistic expectations. Organizations face the proportionality conundrum: balancing feasibility against desirability, conducting cost-benefit analyses of controls, and accepting that zero-risk environments don’t exist.

This may mandate a “comply or explain” approach, creating adaptable frameworks reflecting genuine risk rather than box-ticking. Organizations must be willing to rethink structures when evidence suggests better approaches.

Due diligence: Strengthening the perimeter

Organizations must implement robust due diligence for all who act on their behalf—staff, consultants, vendors, and service providers. This includes risk assessment, need-to-know protocols, segregation of duties, and appropriate data access controls. Historical vendor or consultant landscapes must be understood and addressed, particularly during acquisitions, divestitures, or transition situations.

Technology plays a crucial role, from third-party risk management tools to screening systems. Organizations must balance technological solutions with human judgment, particularly facing emerging risks from cryptocurrencies and AI. Fighting AI-enabled fraud, like documentary or deepfakes, increasingly requires AI-powered defenses, but human capital remains irreplaceable.

Communication and training: Building vigilance

Effective fraud prevention requires that all stakeholders understand their roles and responsibilities. Organizations must leverage internal and external communication channels, demonstrating empathy with stakeholders while clarifying what data can and cannot be shared. Engagement with industry bodies, peer groups, and law enforcement agencies provides valuable intelligence beyond generalities.

Training must evolve beyond traditional lecture formats or canned video clips to embrace innovative techniques that foster engagement and commitment, involving outsiders when it makes sense. Culture mapping, ethical dilemma simulations, risk scenario exercises, and post-mortem analysis of actual cases can create “blame-free” safe spaces for learning. Experiential training on realistic scenarios provoke reflection and discussion, provided appropriate warnings and support mechanisms are in place.

Monitoring and review: Maintaining momentum

Effective monitoring encompasses three elements: detection of fraud and attempted fraud, thorough investigations, and continuous assessment of prevention measure effectiveness. Organizations need meaningful performance metrics including both leading and lagging indicators, real-time monitoring capabilities, and the ability to identify systemic weaknesses beyond individual incidents.

The challenge lies in balancing comprehensive oversight with alert fatigue, demonstrating prevention value when success means incidents that never occur, and maintaining investigation objectivity. This requires multi-layered frameworks and collaborative intelligence sharing internally and across the industry.

Cultivating a risk culture

These six principles reveal something profound: they’re not merely compliance requirements but diagnostic instruments exposing the true health of organizational risk culture. The evolution from sterile “command and control” through sometimes adversarial “trust but verify” to optimized “sustained risk-aware collaborative risk management” represents a fundamental shift in organizational thinking.

A mature risk culture requires acquiring and applying a “risk mindset” at both individual and team levels. This means following both letter and spirit of regulations, seeking advice including contrarian perspectives, relating frameworks to real-life situations, and embracing evolving technology even without complete understanding. Organizations must nurture the ability to influence, advise, and conduct action-oriented research while encouraging calculated risk-taking—even “trying to break things” to identify vulnerabilities before fraudsters do.

Ultimately, the duty to prevent fraud presents both challenge and opportunity. Organizations viewing it merely as compliance burden miss potential for strategic advantage. Robust fraud prevention frameworks can differentiate organizations in attracting customers, partners, and talent who value ethical practices, transforming regulatory obligation into competitive edge.