The hidden cost of organisational fraud: why prevention matters

Malta has faced numerous fraud scandals in recent years. The true scale of losses is likely far greater than official figures may suggest. Fraud often goes undetected for months or even years, particularly when perpetrated by trusted senior figures. 

This raises a vital question: who is responsible for preventing and detecting fraud? The answer points to management. Tackling fraud proactively is not just about compliance; it is a test of accountability and governance. The Association of Certified Fraud Examiners (ACFE) reports that over half of occupational frauds stem from weak internal controls or their control override by senior management.

Trust lies at the heart of successful businesses but when left unchecked, it can lead to costly surprises. To counter this, organisations must embed robust safeguards. Senior executives, who through authority may bypass controls more easily, pose a high risk. A strong ethical culture, reinforced by independent non-executive directors and sound governance, is critical. Regular fraud awareness training empowers employees to recognise red flags and report suspicions through clear, confidential channels. 

Research shows whistleblowing and tip-offs are the most effective detection tools; yet their success hinges on trust and accessibility. Detection is as crucial as prevention. On average, fraud persists for 12 months before discovery, with senior management schemes often the costliest and lasting longer. Over 50% of reported cases involve personal red flags, such as perpetrators living beyond their means or facing financial distress. Maltese businesses must adopt a risk-based approach, monitoring these warning signs while fostering a culture of vigilance.

External threats are escalating, with fraudsters leveraging advanced technology. Business e-mail compromise (BEC) remains a dominant concern, with Bank of Valletta reporting 23 cases in 2024, totalling €1.5 million and a sharp rise in 2025. Fraudsters hijack communications to divert funds, exploiting trust in digital systems. Also, alarming is the rise of AI-driven deepfakes. Recent scams in Malta have used deepfake videos of public figures like Prime Minister Robert Abela to lure victims into fraudulent schemes. Similarly, scammers could impersonate corporate leaders to authorise fake transfers or manipulate employees. 

Ransomware attacks are another growing menace, with cybercriminals encrypting company systems and demanding cryptocurrency ransoms. Small- and medium-sized enterprises (SMEs), which form the backbone of Maltese business, often lack the resources to combat these sophisticated threats, making them easy targets. Preventing fraud before it takes root is far more effective than recovering losses. Yet prevention alone is insufficient. Companies must pair robust internal controls with proactive detection mechanisms. Regular audits, management oversight, secure IT systems and employee training are essential. By fostering a culture of accountability, leveraging whistleblowing channels and staying ahead of technological threats, Maltese organisations can better protect themselves and their stakeholders.

This article was first published on Times of Malta on 19 November 2025.