Citigroup.com Homepage
Insights

In the Event of Fraud, is Your Business Prepared?

Cybersecurity and Fraud Prevention  •  Article  •  June 06, 2025

First Response

Icon of a circle, representing a clock, with an hour hand in the center pointing to the top right.Act Quickly
Immediately inform your bank about any suspected fraud. The shorter the time between a fraudulent transaction and its detection and reporting, the greater the chance of recovery. Remember, every
minute counts.
Icon of hazard or warning sign. Alert Your Banks and Use the ‘F’ Word
Be prepared to state that you suspect “fraud” and not “potential fraud” when notifying your bank. Confirm this in writing and be specific.
Icon of paper page with lines of text, bullet points, and the bottom, left-hand corner of the page folded.Provide the Details
Provide all fraudulent transaction and background details on the suspected fraud. Your bank will need clear information before they can act. Some jurisdictions may require additional actions, so ensure you are aware of local requirements in the areas your business operates.
Icon of a circle, with two horizontal arrows racing right on top and left on the bottom.Provide Indemnity
Be prepared to complete follow-up actions as required and provide your bank with indemnity documents to facilitate the bank-to-bank recall process.
Icon of paper page with header and lines of text.File a Police Report
Obtain a copy of the report or take a crime reference number, as this may later be requested from the beneficiary bank(s). Depending on your jurisdiction, you may also be required to file a police report in both the remittance and ultimate beneficiary jurisdictions.

 

Additional Incident Handling

Phase 1

Icon of check mark in a circle.Legal Counsel
Consider engaging legal counsel to navigate the recovery of funds especially if the beneficiary bank is located outside of your home jurisdiction.
Icon of shield with hazard or warning sign in the foreground.Internal Resources
Ensure your internal fraud/security resources are engaged as the subject matter experts. Implement a communications plan (both internal and external) so that key stakeholders are fully informed and remain vigilant.
Icon of laptop screen with dollar sign on the left and two text lines on right.Review Transactions
Independently review all recent transactions for other suspicious payments or unauthorized activity across your bank accounts.
Icon of magnifying glass with a hazard or warning sign in the foreground. Investigate
Initiate an internal investigation. Make sure to secure and retain any potential evidence.
Icon of laptop screen with a pie chart on the left and line text on the right.

Forensic Analysis
Complete a digital forensic analysis to identify points of compromise. Report your findings to the relevant parties. For example, if malicious domain name registrations are found, report them to the relevant Domain Registrar(s).

For business email compromise (BEC):

-Alert all employees of the incident and activate your internal fraud/cybersecurity contingency plans.

-Notify your suppliers/vendors about what has transpired and reconfirm the correct payment instructions.

Phase 2

Small icon of a gear.Review
Conduct a full review of your internal controls and fraud prevention processes. Implement new measures where necessary.

 

Post Fraud/Attack

Icon of paper page with three check marks on the left, text lines on the right, and a fold on the bottom lefthand corner. Develop and Implement an Internal Fraud/Cybersecurity Response Plan
Your plan should be documented and socialized with all employees, clearly defining roles and responsibilities. It should also include escalation points of contact and any information that should be communicated. This plan will detail how your organization’s response to a fraud incident will be managed.
Icon_Proctcols.jpgDevelop Fraud Escalation Protocols
Consider creating robust fraud escalation protocols, including a defined internal communications strategy, which is clearly documented and accessible to all relevant stakeholders.
Icon of group of three people.Staff Training
Provide regular and updated fraud awareness trainings to ensure all employees are aware of current fraud trends, best practices, and current internal contingency and escalation protocols.
Icon of an eye.Monitor
Consistently monitor supplier/vendor relationships, other business partnerships, transaction activity, and internal procedures.

For more information, visit Cybersecurity and Fraud Prevention

More about Insights

Sign up to receive the latest insights from Citi.