I’ve recently been forwarded an email from the MHRA (Medical and Healthcare products Regulatory Agency) warning that they are aware of people trying to use their identity to send companies fictitious invoices with bank details that are certainly not the MHRA’s. This type of crime is on the increase and unfortunately in a busy world and with genuine looking invoices and email addresses that may be only 1 character different it can be easy to pay these invoices in error. Therefore, it is imperative that your business has very strong financial controls in place! Below are some things to consider to avoid invoice fraud.
I worked as an FD for a number of years and over the last 4-5 years it became clear that scammers were becoming smarter in trying to defraud the company. Emails coming in claiming to be from the MD or a senior person in Germany became frequent, usually suggesting that there had an issue that would need money transferring. All the names were correct, the English was good and not a Nigerian Prince in sight. The email would be from a domain just 1 letter different or a transposition of letters, that if you didn’t look closely would seem genuine.
A genuine error paying one of these could cost the company thousands and you wouldn’t get the money back.
So how do you guard against making an error and paying a fraudster? The answer is simple, good systems and clear communication. It is a matter of good financial discipline that is becoming more and more important.
Firstly, have a good purchase ordering system that is filled in by those raising the orders and includes, what is being ordered, dates, delivery times, supplier details, prices and a unique purchase order number.
Make sure that there are authority limits appropriate to your company. A purchasing manager may have the authority to sign up to £5000 say, the Board of Directors may need to sign off capital acquisitions, the receptionist may order stationery up to £300, whatever the rules, have them documented and enforce them.
Good links between purchasing and accounts
Match up invoices coming in to the purchase order to make sure they match and the PO number is quoted , ensure that the ordering person has a way of authorising that the invoice can be paid because goods or services have been adequately received. Never accept invoices which say verbal or a person’s name as an order reference.
Have a system for ‘setting up’ new suppliers that includes contact details of appropriate individuals with all the information required for dealing with and paying that supplier. This is important because if you get a letter or email requesting that bank details be changed (a reason for alarm bells to ring!) you can go back to the original company details to confirm if this is genuine. Equally have a rigorous system for updating these details.
Any request to change details like supplier bank details need to be authorised by someone senior.
Defined Responsibilities and authorities
Have clear guidelines set out for who has responsibility for the different parts of the purchase ledger process and what to do if something is out of the ordinary. Encourage staff to be vigilant, it is vitally important that they are aware of the issues that can arise and that they actively look out for them.
Ensure that a senior person signs off the payments and that they can see that the processes have been followed, they should question the payments and only pay if the payments have been generated in line with procedure.
Pay suppliers off statements, this also helps to keep your ledgers clear if there are missing invoices.
It is sometimes painful but the best way to stay safe from fraud is rigid systems that are audited regularly and enforced without exception.
Let your customers know clearly that if you were to change any details like bank accounts, rare for most businesses, that they should confirm with you independently before making any changes.
Conclusion and Actions
This is summary guidance if you would like a detailed discussion about financial controls within your organisation and making sure that they are robust, then contact us at firstname.lastname@example.org or call 07943 291250 and we will happily use our years of financial control experience to help keep you safe.