Contractual clauses

This control targets both internal and external fraud risks.

Examples

Examples of this control include contractual clauses that:

set out requirements to report fraud
set out requirements to have counter fraud arrangements in place
define obligations and/or permissions
set out liability for fraud and clawback arrangements
allow access to premises and documents for quality assurance, compliance and investigation purposes
obtain consent to collect and share information
require directions to be followed in the event of suspected fraud
allow recovery of debts and fraud losses
are easy to comply with.

A lack of clear contractual clauses can lead to:

fraudsters deceiving others to take advantage of loose rules and unclear processes to commit fraud and avoid exposure or prosecution
limiting an organisation’s ability to take effective legal or counter fraud action
inability to recover funds in the event of fraud occurring.

Methods to evaluate the effectiveness of this control include:

confirming contractual clauses are clear, fit for purpose and legally enforceable, in line with the organisation’s activities and applicable legislation
confirming that employees can easily find and reference contractual clauses
confirming that employees can easily understand and apply contractual clauses
asking employees about any known vulnerabilities in contracts that may increase rates of non-compliance or fraud
asking employees about any contractual clauses that limit their ability to collect, use and disclose information to prevent, detect and respond to fraud
asking employees about any contractual barriers to conducting fraud investigations, enforcing penalties and recovering fraud losses.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.