BSI just raised the bar on fighting fraud

The financial sector faces a growing threat from sophisticated fraud. BSI, the UK’s national standards body, has published new guidance to strengthen organizational defenses. This new standard, Fraud Control Management Systems – Guidance for Organizations Managing the Risk of Fraud (ISO 37003), offers a comprehensive framework. It helps financial institutions and other businesses proactively identify, manage, and respond to fraud risks. The goal is to protect assets, reputation, and stakeholders.

The escalating threat of fraud

Alarming statistics highlight the urgency for this standard. In 2024, the banking industry reported a 16% rise in fraud cases. A staggering £3 million was stolen every single day in the UK. This surge shows the escalating challenge for financial institutions, public agencies, and non-profit organizations. Fraud is becoming more sophisticated and widespread in our digital world.

ISO 37003: a proactive framework

ISO 37003 provides essential tools. Organizations can establish, implement, maintain, and continually improve an effective fraud control management system (FCMS). This robust framework helps businesses recognize, track, and monitor fraud risks. It offers strategies to mitigate both internal and external threats. Crucially, it helps detect fraud even when preventative measures are bypassed.

Incident response and resilience

The standard also offers vital recommendations for incident response. These include strategies for recovering losses and minimizing reputational damage. It also covers incorporating lessons learned into future fraud control measures. This enhances overall resilience. Fraud’s evolving nature makes this holistic approach particularly relevant. BSI’s recent supply chain risks report, published in February, showed a spike in thefts across most sectors in 2024. Geopolitical uncertainty, adverse weather, and inflationary pressures have driven new fraudulent practices. These include companies or employees staging their own truck hijackings for fraudulent insurance claims. The new standard addresses this complexity. It covers a broad scope of risks, including internal fraud, external fraud, and collusion. It also covers fraud committed on behalf of or in the name of the organization.

Expert endorsement and global impact

David Fatscher, Head of Standards Development at BSI, emphasized the proactive nature of the new guidance. He stated, “The publication of this guidance on managing and responding to fraud marks a significant milestone in global efforts to combat this significant challenge. Crucially, the focus is on proactive anti-fraud practices. It provides organizations with a clear, adaptable framework to foster a culture of integrity, transparency, and accountability.”

Fatscher added, “As fraud continues to evolve and exploit technological advances and societal vulnerabilities, ISO 37003 offers the structure needed to fight back. It reduces financial and reputational damage. It enhances trust with stakeholders. It improves an organization’s ability to detect and respond to fraudulent activity. This provides the tools to strengthen resilience and facilitate effective governance. Ultimately, it intends to help organizations better protect their assets, reputation, and value across jurisdictions.”

ISO/TC 309 – Governance of Organizations led the development of ISO 37003. This followed extensive global consultation and a survey of organizations from 22 countries. The survey included the finance sector. Findings consistently revealed a pressing need for standardized guidance. This guidance would improve fraud prevention and control systems worldwide.

This new guidance complements the recently published Anti-bribery Management Systems (ISO 37001). This reinforces BSI’s commitment to supporting organizations in building trust, resilience, and long-term success through international standards. Together, ISO 37001 and ISO 37003 provide a coherent and strategic framework. It helps tackle integrity and fraud risks. Financial institutions now have a much-needed defense against sophisticated cyber and financial crime.