Wow where has that year gone, I hear you all ask, or is it just me as I get older, or is it the adage, “Time flies, when you are having fun” believe it or not I love my job & the evolving world of fraud.
As we sit here in the UK today, believe it or not, but fraud appears to be the only upward industry, coupled with the recent budget & much commentary around the fact that we are stunting any potential growth, I fear fraud may continue to grow for some considerable time yet, due to the rapid innovation and accessibility to technology, which enables fraudsters to operate at scale, with increased complexity. This is compounded by human vulnerabilities, a complex regulatory landscape, and as it has been suggested, policing has an in-balance in fraud resource and reactive where fraud is concerned. A fraudster's paradise.
Thankfully one area of business bucking that trend is the public sector. The PSFA have continued to develop and strengthen, especially in the area of fraud prevention, risk identification and loss measurement and long may their development continue.
Over the last year we have seen significant emerging threats & trends in fraud with the ongoing risk of Generative AI allowing fraudsters to generate highly convincing deepfake voices, images, and documents, making it problematic to detect fraud. The change to online living and e-commerce, has increased the "attack surface" for fraudsters. Most fraud is now digitally enabled, with a large majority of cases starting on online platforms or telecommunications networks. The dark web is offering ready-made "phishing kits" and stolen data, lowering the barrier to entry, allowing rookies to commit fraud on a substantial scale.
During the last 12 months we have seen Jaguar Land Rover (JLR) and Marks & Spencer (M&S) suffering significant cyberattacks, linked to the same hacking group, which caused major operational disruption and substantial financial losses. M&S was hit by a complicated ransomware attack causing the suspension of all online orders and impacted in-store operations, including preventing contactless payments for a time.
The incident caused an estimated financial loss of £300 million for M&S.
Similarly, Jaguar Land Rover (JLR) suffered a major cyberattack leading to a global shutdown of its IT systems and production facilities, severely disrupting manufacturing and supply chains. Dealership systems were also affected, preventing the registration and delivery of new cars during a peak sales period. The incident posed a systemic risk to the UK's automotive supply chain, with many smaller suppliers facing severe cash flow problems and potential collapse. Causing a reported loss of nearly £500 million.
Lastly, but by no means least, we saw the introduction of the Economic Crime & Corporate Transparency Act introduced with regards to the Failure to Prevent Fraud, so what does that mean and what do you & your organisations need to do.
“Failure To Prevent Fraud” is now a UK corporate offence that holds medium to large organisations liable if an ‘associated’ person(including, employees, agents, and subsidiaries) commits fraud & the organisation benefits and, they lacked having ‘reasonable fraud prevention procedures’ in situ. The sole defence is proving the organisation had "reasonable procedures" to prevent the fraud or that such procedures were not reasonably expected. The offence applies to large companies, charities, and partnerships meeting at least two of the 3 criteria: 250 employees, £36M turnover or £18M assets.
Penalties will consist of unlimited fines and obvious reputational damage, that may lead to loss of confidence in the services or products that the company provides.
The only defence to Failure to Prevent Fraud is that organisations must show they had reasonable and proportionate fraud prevention procedures in place. These must be in line with the six principles for these procedures: top-level commitment, specific fraud risk assessment, proportionate procedures, due diligence, communication (including training), and all of the above is monitored and reviewed.
The response to the Act will surely drive fraud prevention activity with the key being comprehensive fraud risk assessment. Many of you who may know me are fully aware that I have been preaching the virtues of high-quality fraud risk assessment as it forms the foundation of building an appropriate level of prevention. I am as, I’m sure some would say, like the proverbial dog with a bone when it comes to this subject, so much so that I have even set up a consultancy company “3B Risk Group Limited” offering support to the business sector. 2025 has been a full-on year and I have remained active in my support of the government functional standards which will underpin the fraud prevention work being completed in the public sector. The work we as a company have done with the private sector has made it very clear to me that by adopting similar measures, mandated for the public sector the private sector will be able to evidence the requirements of the act.
I feel 2026, will be yet another mammoth year for fraudulent activity…….
But I also expect to see the Serious Fraud Office (SFO) punishing those that don’t adhere to the Reasonable Procedures, you heard it here first.
Please do not hesitate in making contact with me either through the GCFP network platform or via my website www.3b-riskltd.com should you wish to discuss how we can continue to ensure our finite resources are used to the very best of their abilities in combating fraud.
Wishing you all a very prosperous and, fraud free 2026.