Penalties for fraud and non-compliance

Penalise customers, staff or third parties that commit fraud or do not comply with rules, processes and expectations.

This control targets both internal and external fraud risks.

Examples

Examples of this control include:

raising debts, penalties and interest payments for clients who commit fraud or do not comply with requirements
fining, suspending or cancelling providers or third parties who commit fraud or do not comply with requirements or standards
sanctioning or terminating staff for misconduct or fraud
penalties for contractor misconduct or unreasonable failures to meet contract obligations.

A lack of penalties for fraud and non-compliance can lead to:

Methods to evaluate the effectiveness of this control include:

reviewing the results of compliance reviews or fraud investigations to confirm that penalties are:
- enforced, e.g. debts raised, termination, prosecution
- appropriate for the type of fraud
- consistent across similar cases
- recorded against the customer, vendor, staff member or contractor records
- reported on
- shared with other parties who need to know, e.g. other departments are notified of serious or organised fraud, or staff or contractor terminations for fraud or misconduct
analysing statistics and reports on repeated non-compliance or criminals reoffending
confirming that controls are in place to disrupt repeated non-compliance or criminals reoffending.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.