Legislation and policies
Summary
Legislation and policy can help prevent, detect and respond to fraud, such as by:
- outlining clear rules, regulations and criteria
- allowing entities to collect, use and disclose information
- allowing entities to enforce penalties and recover fraud losses.
Why this countermeasure matters
Activities that are not guided by good legislation or policy may lead to:
- high levels of non-compliance due to inconsistent and unclear processes, rules and decision-making
- fraudsters taking advantage of loose rules and requirements to commit fraud and avoid exposure or prosecution
- fraud or corrupt activity going unnoticed or unchallenged
- less action and accountability to prevent, detect and respond to fraud and corruption
- unknown and unaddressed systemic fraud or corruption.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- legislation that outlines clear requirements and criteria, and policies that support them
- legislation that allows the collection, use and disclosure of information to prevent, detect and respond to fraud, and policies that support this
- legislation that supports fraud investigations, the enforcement of penalties and the recovery of fraud losses, and policies that support these activities
- processes that align with the Public Governance, Performance and Accountability Act 2013 and Accountable Authority Instructions
- processes that align with the Australian Privacy Principles
- processes and policies that align with the Protective Security Policy Framework
- policies and processes that govern how assets are managed and reported
- policies and processes that govern staff travel and other HR matters.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- confirm that legislation and policies exist.
- review policies to confirm they are consistent with the legislation.
- review processes to confirm they are consistent with policies.
- confirm that staff can easily find and reference legislation and policies.
- confirm that staff can easily understand and apply legislation and policies.
- ask staff about any known vulnerabilities in the policies and processes that may increase rates of non-compliance and fraud.
- ask staff about any legislation or policies that unreasonably limit their ability to collect, use and disclose information to prevent, detect and respond to fraud.
- ask fraud control staff about any barriers to conducting fraud investigations, enforcing penalties and recovering fraud losses.
Related countermeasures
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.
These are penalties for customers, staff or third parties that commit fraud or do not comply with rules, processes and expectations.
These are processes that identify and recover debts owed by staff, customers and third parties.
Related Fraudster Personas
This countermeasure helps prevent, detect or respond to the following Fraudster Personas:
