How to prevent scams from damaging your business reputation
As the ATO identifies several new scams making the rounds, here’s what you can do to protect both your business and your clients.
In brief
- New scams are more sophisticated than ever but still tend to rely on employees breaking protocol
- Spoofing scams can damage your reputation even though you had nothing to do with it
- Our Code of Ethics requires members to ’have an inquiring mind‘ when identifying, evaluating and addressing threats to our ethics
One of your key responsibilities as a Chartered Accountant is to exercise due care in your business to prevent scams from impacting your clients, employees or employer.
While technology has made scamming more sophisticated than ever, the new schemes making the rounds are generally variations of ones you might already be familiar with. Generally speaking, scammers are simply trying to either harvest personal information or access money.
That’s why it’s important to have an inquiring mind. You must consider the source, relevance and sufficiency of information and be open to further investigation or other action, where money or data are at stake. By applying a critical and cautious lens, you can help your clients understand the risks and act accordingly, while also protecting the reputation of your business.
ATO warns of latest scams
There are many scams out there to be aware of. Luckily, most of the common ones are easy to spot, for example, automated calls from organisations purporting to be the Australian Taxation Office (ATO). In these cases, the scammer will tell your client they have an outstanding tax debt that must be paid immediately in gift cards.
The ATO has also indicated an increase in scams related to superannuation investments. These scams are more sophisticated than the automated calls because they can spoof or fake a legitimate business phone number in your client’s caller ID. They may also know some key details like AFSL numbers.
In other cases, our members’ clients have received a phone call or email from a scammer who claims to be from the accountant’s practice. The scammer is attempting to gain personal information about individuals or organisations to perpetrate fraud. These scams can be damaging to your reputation with your clients even though you had nothing to do with it.
COVID-19 scams going viral
The general uncertainty around the COVID-19 pandemic and support programs has also made it a target for illegal or unethical behaviour.
Some of our members have reported instances where their clients have wanted to make false or inflated claims to take advantage of COVID-19 support programs, like JobKeeper. If you encounter a situation like this, you must use your professional ethics to guide your response and manage your clients’ expectations.
That’s why the requirement to have an inquiring mind is important. By applying a critical and cautious lens, you can help your clients understand the risks and act accordingly, while also protecting the reputation of your business.
On the other side, scammers are using these programs as an angle to access sensitive business data. In some cases, the scammers pretend to be government agencies providing information through text messages and emails. Their goal is to get you to click on a malicious link or download a file that will steal personal and financial information. It’s an old scamming method but the timeliness and confusion around COVID-19 has made it particularly effective.
Another scam making the rounds features scammers calling those in financial hardship and offering to help them access their superannuation. These scammers offer unnecessary financial services or steal a portion of the superannuation while charging a fee.
One of the common touchpoints in these types of scams is that they begin with an unexpected and unsolicited call claiming to be from a superannuation or financial services provider.
What you can do to prevent these scams
Use strong processes to limit the risks
If you are in practice, you need to consider the risks raised by scams as part of your compliance with APES 325 Risk Management for Firms. APES 325 requires firms to periodically identify, assess and manage key organisational risks, including technology/cyber security risks. APES 320 Quality Control for Firms also applies to members in practice. Firms need to have in place a system of quality control to ensure that the firm complies with its professional standards and the law. For example, a scam could imperil compliance with requirements about client monies, custody of client assets and confidentiality. So your quality control system needs to include controls to safeguard against scams.
Educate your clients
Be clear with your clients about:
- the type of information you will request
- the channels you will use to ask for it, and
- who in your firm is authorised to make requests.
By doing this, you can establish a safer working relationship with your clients.
You should also encourage and upskill your clients to adopt the same professional scepticism as you. If they have any doubts about the veracity of a request, they should ask for a phone confirmation from you or a staff member who is known to them.
It's also important to remind your clients that the ATO will never send through a pre-recorded message or threaten you with arrest. While the ATO does make phone calls, they will always show up as ‘No Caller ID’ on your client’s phone.
The importance of using your ethical lens
Setting up appropriate checks and steps to verify requests can protect you and your clients. If you don’t exercise the appropriate checks before sharing information or transferring assets, this may be a breach of your obligations to act with professional competence and due care.
You also have a responsibility to your clients to respect confidentiality. You should not share client information with outside parties without their consent unless there is a legal obligation. Having the controls in place to ensure client data is safe is just a part of being vigilant about their interests.
If you’re concerned that your systems or processes are vulnerable, you should seek professional IT advice.
Where to go for more information
Do you have any further questions or need practical guidance on a complex professional issue? As part of your membership with CA ANZ, you can speak directly to an experienced member of the Professional Standards and Ethics Advisory team.
This free support service is completely confidential and available to all current members. Make an enquiry via phone or email, or by using the online form provided on our contact page below.
Contact usQuality Management
A new hub of information, guidance and standards providing a comprehensive illustrative risk matrix and pro-forma toolkit.