Blog Marcel: Anti-fraud corporate culture prevents and limits damage

Every year, many companies fall victim to business fraud. In such fraud, a fraudster attempts to gain an advantage - usually financial - at the expense of a business. Any business owner can fall victim to this. For example, through internal fraud in which employees take away money or goods. Employees - for example, in procurement fraud - can also conspire with external fraudsters.

 External fraud involves, for example, the theft of data about your clients, production processes or banking information. The sending of fake invoices by third parties also concerns a nasty and damaging phenomenon. The impact on your company, employees and yourself can be substantial and the damage great.

Studies and reports on fraud are published periodically by accounting firms, the Association of Certified Fraud Examiners (ACFE) and academics. Allianz Trade conducts an annual study of fraud trends in the Netherlands and Belgium, of which the 2025 edition was recently published. The results provide a good picture of the vulnerability and resilience of business in both countries. The survey involved a total of 375 companies and organizations with an annual turnover of at least €10 million and at least 50 employees (214 in the Netherlands and 161 in Belgium), of which 42% were B2B companies, 38% B2C companies and 20% government & non-profit organizations. That gives an excellent cross-section of and insight into the fraud problem.

Some 80 % of the survey participants see the risk of fraud increasing, for example due to the emergence of new technologies in the field of digital fraud ("deepfakes" and fake emails) and the advance of Artificial Intelligence (AI). About 78% of the participants actually experienced (attempted) internal or external fraud; moreover, the impact of fraud increased.

Not infrequently, companies receive fake invoices for goods or services that have not been delivered. Or they encounter so-called CEO fraud, in which the fraudster poses as the CEO (or another high-ranking official) and makes an urgent and compelling request for money to be transferred. This often involves large sums of money that leave the company that way.

The examples mentioned are easily preventable with consistently implemented procedures and control actions. But this is still sometimes lacking. For example, because financial employees perform their work too routinely and are too trusting when a (fake) high-ranking official reports to them with an urgent request.

Being too trusting also poses a danger when third parties use "phishing" or "social engineering" to manipulate and manipulate employees to obtain personal or confidential data, for example, passwords or client information. Obtaining such data by fraudsters can also be done through hacking into computer systems. Even against such a form of external fraud, a company can protect itself by paying serious attention to security measures. However, the human factor remains the biggest threat and therefore such fraud can never be completely prevented.

Corporate culture can be affected at both the bottom and the top of the company. At the bottom, for example, representatives who travel around the country and do not take working hours and expense claims very seriously. Or in maintenance and contracting companies where project managers allow themselves to be feted by clients who thus obtain lucrative contracts through bribery.

At the upper end of the company, this involves management or board members who do not set a good example. For example, by keeping revenue off the books, making black payroll payments or directing employees to book private expenses as business expenses. Or an corporate culture in which executives at law and accounting firms or consulting firms encourage employees to write and claim more hours on assignments than were actually incurred on those assignments.

These are all examples of behaviors that indicate a weak anti-fraud corporate culture. In companies and other organizations where this is the case, danger lurks. On fraud, on damage and negative impact on employees and other stakeholders. This can and must be prevented by building and continuously strengthening the (anti-fraud) corporate culture.

For example, by making fraud negotiable internally and clearly indicating what is considered desirable (positive approach) and undesirable (negative approach) within the company. By making employees aware and alert, for example by providing fraud training or discussing dilemmas. By promoting an open corporate culture so that employees dare to stand up (aka: "speak up") who observe undesirable behavior - including that of managers. By familiarizing employees with the internal reporting procedure and offering them protection by establishing and complying with a robust whistleblower policy. By paying sufficient attention to the design, existence and operation of procedures that make fraud more difficult. For example, by applying segregation of duties, the four-eye principle and strict compliance with internal guidelines and procedures.

Yet many companies still often lack a robust anti-fraud policy. Sometimes this is due to nonchalance or underestimation of fraud risks, due to the thought "that won't happen to us. However: how often do we read about the loyal employee who was always at the company and never went on vacation, but was eventually exposed as a fraudster? How often do we read about the administrator or treasurer who was supposed to watch the pennies neatly, but in the meantime transferred money to himself or made a cash grab? How often are senior employees and managers the ones who commit fraud because they know the business processes inside out, especially the weaknesses and loopholes.

I recommend that every company adopt a focused fraud policy and conduct periodic fraud risk assessments. Make fraud prevention a focal point, a permanent part of business operations.

But also be prepared for the actual occurrence of fraud. In particular, consider (perhaps not immediately obvious to everyone): drawing up a script in case you are actually confronted with fraud. Who do you then engage? By whom and in what way do you have the fraud investigated? Do you need a lawyer and if so, which one? How do you limit the impact and on whom will you recover damages? Can the damage be claimed on fraud insurance or do we really need to take out such insurance now? How do you make your employees more fraud-aware and alert? But also: are you or are you not vulnerable to digital fraud and abuse through the use of AI?

The conclusion of this contribution is that business fraud is a serious problem to which every company should pay adequate attention. The goal and benefits of doing so are obvious: to limit the damage and impact of fraud. This can be done (among other things) by increasing fraud awareness, taking preventive measures, building in control mechanisms and strengthening and repeatedly confirming the corporate culture. Collaborating with experts and sharing best practices within the industry is an effective way to keep up with the latest fraud trends and prevention methods. Finally, while technical measures are important, the human factor remains critical. Constantly tightening fraud policies and investing in preventive measures is therefore not a luxury.