With latest ACCC data revealing losses from Australian financial crime exceeding $2.7 billion last year, small and medium business owners must remain alert to increasingly sophisticated fraudulent activity.

From doctored financial information and fake invoices to identity fraud, phishing emails and other online scams, the types of fraud SMEs need to keep on their radar are continuing to grow in scope and complexity.

Creating fake invoices to skim money out to different accounts and payroll fraud is increasing. And businesses need to ask themselves, where you have people dealing with customer data – are there enough internal controls to ensure that customer data is not leaked to the dark web?

Another concerning trend is the prevalence of compromised business email addresses from executive teams.

They usually have a flavour of urgency to them, saying something like the CEO saying they’re stuck at a conference so they can’t talk, but asking for gift cards to be bought for an upcoming function. The messages will often say the purchaser will be reimbursed for the expense, but it never happens.

In my experience, these kinds of email scams usually target new employees. They feel silly going to another colleague or HR to check that it’s legitimate. They just think, ‘Oh, well, it’s just buying gift cards, and the email itself seems very plausible’.

Against this fast-evolving landscape, here are five strategies for SMEs that have been proven to detect fraud as soon as it occurs and minimise the chance of it happening again in the future.

1. Find a reputable external auditor

Appoint external fraud detection and prevention experts to conduct an audit of your business, including regular penetration testing. Not only will an external auditor be able to see if fraud is already happening, but they can also identify where it may be at risk of it occurring.

2. Keep financial reports up to date and accurate

Regularly reviewing accounting records and conducting random internal audits allows you to stay on top of your finances and spot either suspicious transactions, or regular payments being made to accounts where they should not be made.

3. Introduce an anti-fraud/ethical conduct policy

An anti-fraud policy that outlines acceptable and unacceptable behaviour is fundamental to minimising fraud. It establishes clear processes across the business for how payments are disbursed and the procedures for handling reimbursements.

This policy will typically include restricted access to financial data, expense reporting and stock/inventory in order make fraud detection — and the person(s) carrying it out — easier to identify.

4. Implement strong internal controls

While it may be common for SMEs to have just one person responsible for handling ‘the books’ and financial reporting, this is also a common formula for fraud.

When the same person oversees payments and accounting, skimming or fake invoicing may go unnoticed. Assigning different duties to different employees improves oversight, as well as the likelihood of ‘irregularities’ being caught by another set of eyes.

5. Develop an action plan

Knowing what to do when you spot fraud is critical. It clarifies a ‘chain of command’ for reporting a suspicion of fraudulent activity and it provides a strategy for minimising further losses.

If related to a cybercrime attack, an action plan should outline the steps to follow to protect other sensitive data and ensure business continuity. For directors, it should also clarify who to speak to in terms of legal and professional advice.

Christopher Cam is head of credit for portfolio management at Banjo Loans.