Fraud in the workplace – how to protect your business

Most employees and third parties are trustworthy, but the actions of just one individual can cause catastrophic financial damage to your business. This article looks at employee fraud including new legislation on fraud prevention and what employers should do on discovering fraud in the workplace.

What do I need to know about the new fraud legislation?

The Economic Crime and Corporate Transparency Act has recently come into force (having been granted Royal Assent on Thursday 26 October 2023). Amongst other things, it introduces a new corporate criminal offence of failure to prevent fraud and, in doing so, will make certain organisations liable for failing to prevent fraud. The new law means that a company may be guilty of a criminal offence if a person associated with the company, such as a director or other employee, commits a specified fraud offence intending to benefit the company or someone that the company provides services to. Liability for the offence carries an unlimited fine, in addition to the associated public relations consequences.

There are potential defences to the offence, such as the business being able to show that they are a victim of the fraud, rather than an intended beneficiary of the fraud. There is also a defence if it is deemed that the business had reasonable prevention procedures in place to try to prevent fraud.

Currently the offence only applies to large organisations determined by specified criteria in relation to turnover, balance sheet and number of employees. However, there is potential for the offence to be extended to SMEs or small companies in future.

As part of our steps to help prevent fraud series, our fraud experts also surveyed 1,000 senior managers across the UK giving a snapshot of senior managers’ views and business’ preparedness to fight fraud as the Economic Crime and Corporate Transparency Act progressed through Parliament. 

Find out the result of our survey in our full report here.

In that case, what should my business do to prevent fraud?

Notwithstanding the new legislation, and the fact that it will currently only apply to large organisations, it is prudent for all employers to consider their fraud prevention policies and practices. The shift towards remote and flexible working has revolutionised the way we work, but at the same time means that employees are working in a less secure environment with enhanced opportunities for fraud to be committed without oversight.

So, what measures should employers put in place to prevent fraud?

  • Have clear policies in place in relation to data protection, information security, monitoring, whistleblowing, expenses and the disciplinary process and make sure all employees are aware of and trained on these policies.
  • Make it easy for employees to report fraud by:

    - Ensuring the whistleblowing policy specifically refers to fraud;
    - Creating easy reporting procedure; and 
    - Providing regular training / education on fraud and the relevant policies.
  • Increase security risk, IT and fraud training for employees, with a focus on phishing and complying with internal policies.
  • Tighten controls on sensitive commercial data and confidential information in terms of who has access and how it can be shared.
  • Be aware of CV fraud - double check references and qualifications and complete enhanced recruitment due diligence.
  • Have specific contractual provisions in place to prevent fraud e.g. exclusive service, suspension on full pay and garden leave to give you flexibility when responding to fraud.
  • Organise regular audits for your financial accounts and teams.
  • Ensure there is a system to monitor all expenses and verify them e.g. receipts.
  • Keep an eye out for warning signs of fraud and respond quickly when they are identified.

What are the warning signs that employers should look out for?

  • Flight risks – do you have employees who are likely to jump ship to competitors? A lot of fraud entails employees taking confidential information when they shouldn’t.
  • Disgruntled employees – whilst not all disgruntled employees will go on to commit fraud, dissatisfaction at work can provide a motive for employees to commit fraud.
  • Accessibility to commit fraud – employees who have worked at the company longer tend to have more trust and are more likely to be able to commit fraud or may be in a trusted role such as finance which provides access to important/valuable data.
  • Working long hours and on weekends with no sick leave, annual leave or time off – employees might be taking advantage of quieter hours as they are less likely to get caught or they might not be taking time off to prevent issues being detected with their work whilst they're off.
  • Frequent complaints/comments about suspicious behaviour – such reports should be taken seriously rather than dismissed.
  • Inconsistent transactions when invoicing, a sudden increase in expenses, vague or unaccounted for transactions.
  • Staff resisting tighter controls – try to find out why staff are resisting tighter controls by setting up 1-2-1 meetings with them.
  • If an employee's lifestyle is beyond their means / doesn't match their salary – there could be external reasons for this and you will need to tread carefully when looking into it but it could be because they're benefiting from internal fraud.

What should I do if I suspect or discover fraud in the workplace?

When fraud has been discovered it can be a shock and place pressure on the business. An employer should remain calm and ensure that any internal discussions that take place remain productive rather than emotive. This allows the employer to take control of the situation, devise a plan and consider who needs to be involved e.g. solicitors to advice on disciplinary procedures, forensic accountants, public relation consultants, notifying insurers and/or the bank, private investigators or even the police.

In any fraud situation, the usual employment law principles continue to apply i.e. any disciplinary process should be fair and reasonable and in accordance with the ACAS code. The employer may consider suspending the employee if they may continue to commit the fraud whilst employed or may interfere with the disciplinary process. The employer may ultimately wish to dismiss the employee for gross misconduct so will need to demonstrate that the misconduct is suitably serious, and dismissal is within the range of reasonable responses.

Sometimes employees commit fraud outside of the workplace. The employer may still wish to dismiss in this case but it's unlikely to be a conduct matter as it's not internal. In such cases the employer may need to consider the "some other substantial reason" route to dismiss the employee instead, particularly if, for example, the employee works in a position of trust for the employer. Whichever route the employer decides to take, as always, consistency and following a fair process is key.

If fraud has taken place, it is highly likely to constitute both a civil and a criminal offence. Sometimes, it's the police who will come to the employer and inform them of the fraud and in that case they may guide the employer as to when and how they should be conducting any internal investigation. However. often a question for the business is whether to follow the civil route or take the matter to the police.

  • Police - Going to the police is free, the investigation won't cost the business, it can send a strong message to other employees and can be effective if the business is looking for justice in the non-monetary sense. However, the police and CPS are not primarily concerned, at least initially, with recovery of the business' losses. Police investigations can also take a long time and the business will not have any control over this. Police investigations can sometimes have a prejudicial impact on the business' own investigations, for example through the confiscation of documents and because internal investigations must not prejudice any potential criminal prosecution.
  • Civil – A civil route can be pursued where the business is primarily concerned with the recovery of its losses/assets. Often the advice is to go to the police after you've exhausted the civil remedies if you still want "justice". Our fraud experts can provide further advice on the civil recovery process.

Find out more about all of the above by listening to our recent podcast episode below.

If you require advice or have any queries in relation to this topic, please contact our experts on the details below.

Key contacts