Detailed guidance designed to help organizations protect themselves and their customers from the growing threat of fraud, as well as respond to incidents after they have occurred has been published by BSI, the UK’s national standards body.
In today’s increasingly digital, interconnected world, fraud is becoming more sophisticated and widespread, impacting every sector — from financial institutions and public agencies to non-profit organizations. The banking industry alone reported a 16% rise in fraud cases in 2024, with over £3 million stolen every single day in the UK[1].
To help organizations of all types, sizes, and sectors navigate this growing threat, Fraud Control Management Systems – Guidance for Organizations Managing the Risk of Fraud (ISO 37003) has been developed to provide organizations with the tools to proactively identify, manage, and respond to fraud risks, enabling them to better protect their assets, reputation, and stakeholders. The standard is designed to offer comprehensive guidance to organizations on establishing, implementing, maintaining, and continually improving an effective fraud control management system (FCMS).
The standard sets out how organizations can establish a robust environment for recognizing, tracking, and monitoring fraud risks. It offers tools for mitigating both internal and external threats, along with strategies for detecting fraud in cases where preventive measures are bypassed. Additionally, it includes recommendations for responding to fraud events, such as recovering losses, minimizing reputational damage, and incorporating lessons learned into future fraud control measures to enhance resilience.
BSI’s most recent supply chain risks report, published in February, found that most sectors experienced spike in thefts in 2024, as geopolitical uncertainty, weather, inflationary pressures drove new practices in fraud, including cases of companies or employees staging the hijacking of their own trucks to file fraudulent insurance claims. In light of this increasingly complex landscape, the standard addresses a broad scope of risks, including fraud committed internally against the organization, fraud perpetrated by external actors, and collusion between internal and external parties. It also covers fraud conducted on behalf of or in the name of the organization.
David Fatscher, Head of Standards Development at BSI said: “The publication of this guidance on managing and responding to fraud marks a significant milestone in global efforts to combat this significant challenge. Crucially, the focus is on proactive anti-fraud practices, providing organizations with a clear, adaptable framework to foster a culture of integrity, transparency, and accountability.
“As fraud continues to evolve and exploit technological advances and societal vulnerabilities, ISO 37003 offers the structure needed to fight back. By reducing financial and reputational damage, enhancing trust with stakeholders, and improving an organization’s ability to detect and respond to fraudulent activity, this provides the tools to strengthen resilience and facilitate effective governance. Ultimately, it is intended to help organizations better protect their assets, reputation, and value across jurisdictions.”
This new guidance follows the recent publication of Anti-bribery Management Systems (ISO 37001), reinforcing BSI’s commitment to supporting organizations in fostering trust, resilience, and long-term success through the effective use of international standards. Together, ISO 37001 and ISO 37003 provide a complementary framework for tackling integrity and fraud risks in a coherent and strategic way.
The development of ISO 37003 was led by ISO/TC 309 – Governance of Organizations, following comprehensive global consultation and a survey of organizations from 22 countries across sectors such as finance, government, mining, forestry and non-profits. The findings revealed a pressing need for standardized guidance to improve fraud prevention and control systems globally.
[1] https://www.bbc.co.uk/news/articles/cglk7dlpwl5o
