Staff fraud and dishonesty

Internal fraud is a dishonest act perpetrated by misrepresentation, omission or abuse of position in the workplace. Some acts of fraud may be criminal, but, even if it is not a criminal act, the person responsible could still be committing an act that an employer would see as misconduct.

For the purpose of this guide, the term ‘staff’ is defined as any individual with a contractual arrangement, whether directly or indirectly (for example through a recruitment agency), to provide their personal services to an organisation. This therefore includes permanent staff, temporary staff on short- or fixed-term contracts, and staff supplied by a recruitment agency or third party. The term ‘staff’ or ‘employee’ in this guide refers to all of these groups.

For the purpose of this guide, the term ‘fraud’ includes those occurrences when a person dishonestly makes a false representation, wrongfully fails to disclose information or abuses a position of trust, with the intent to make a gain, cause a loss or expose another to the risk of loss.

The term ‘staff fraud’ in this context is also known as:

• employee fraud
• insider fraud
• internal fraud
• workplace fraud
• insider threat.

You can find details of the different types of staff fraud in the download at the end of this guide.

An important legal aspect to bear in mind is employers’ liability for fraud committed by employees.

If an employee causes financial damage to their employer, the employee who committed the fraud will usually be liable. However, they may not be able to compensate the employer. Where a third party is affected, employers may also be liable for fraudulent acts, if the employee acted within the scope of their employment.

The way organisations approach the issue of staff fraud is changing. While some organisations will handle potential fraud cases quietly with no publicity, many businesses are now sharing data on incidences of staff fraud within their organisations (under carefully controlled conditions). Members of Cifas recorded over 250 individuals for dishonest conduct to the Insider Threat Database in 2024. 

The threat from staff fraud can be combated effectively in two ways: 

• by cooperating and adopting a common approach that encompasses zero tolerance of all types of staff fraud
• by focusing on prevention and introducing a rigorous anti-fraud internal culture that promotes honesty, openness, integrity and vigilance throughout the workforce. 

The challenge lies not only in ensuring that the correct policies and culture are in place to facilitate such an approach, but also ensuring that such policies are consistently followed. However, it’s important to ensure that staff do not misuse business property or systems or carry out any illegal activity, balanced with fostering a culture of mutual trust and respect. 

This can be done by adopting a risk-based approach, which takes into account the nature of the business, the industry sector and different job roles. Clear communication on the reasons for adopting a particular approach as well as the potential risks to the business will mean employees are more likely to view any measures put in place as reasonable and necessary. 

To combat staff fraud effectively, consider:

• why staff commit fraud
• the profile and common characteristics shared by those who commit fraud.

There is no single profile for someone who commits fraud. Donald R. Cressey, an American criminologist, devised the ‘Fraud Triangle’ of triggers, which can help us to understand what could lead employees to commit fraud.

Opportunity

For fraud to take place, there must be an opportunity to commit it. A lack of internal controls, a blame culture and lack of reporting structure can all create an opportunity. 

Areas that can lead to opportunity are:

• Weak internal controls: For example, if there is only one staff member who deals with accounts or invoicing, there is more opportunity for embezzlement. Such opportunities could be reduced by implementing dual controls, such as having another staff member checking and signing off transactions.
• Unclear policies and procedures: If there is no clear and concise policy in place, there will be no fear of exposure or reprisal, or a staff member could believe that the activities they were undertaking were acceptable. 
• Poor security: Lack of physical security – for example, no CCTV surveillance or computer passwords – may lead to opportunities for fraud. Individuals are more likely to commit fraud if they believe they will not be caught.
• Open doors to criminal infiltration: In some business sectors, organised criminals may attempt to plant a member of staff within an organisation with the intention of defrauding them. Criminals have been known to target call centres, hospitals, bank branches and retail outlets in this way. When under continued pressure because of high staff turnover, the quality of recruitment and security screening has been known to suffer to get people in and working as soon as possible, which such infiltrators can take advantage of. Criminals have been known to target call centres, hospitals, bank branches and retail outlets in this way. Criminals may also approach employees and offer them money in exchange for divulging confidential company or customer data. 

Motivation

Motivations for fraud are often rooted in individual issues outside work. These issues can include: 

• Financial pressures: such as keeping up with any day-to-day costs, including mortgage payments or rent, food bills, or any additional pressure caused by looking after family. High costs of living could also be a major influence. As a result of the pandemic, and in the UK the cost-of-living crisis, an employee who would not have previously thought about committing fraud could now find themselves doing so in an attempt to make ends meet.
• Addiction: to fund an addiction such as drugs, gambling or alcohol. The CIPD guide on handling drug and alcohol use can be helpful in managing such situations
• Debts: sometimes mounting debts can become unmanageable, adding further pressure if they need to be repaid within a strict timescale.
• Domestic issues: such as pressures attributed to relationship breakdowns, divorce or child maintenance payments, or family pressure to bring in a higher income.
• Modern-day pressures: social media and the internet can have a huge impact on some as people attempt to replicate the lifestyles they see online, which are often not achievable financially. 

Rationalisation

If an employee is unhappy at work, they may find it easier to commit fraud, as they are able to rationalise their own behaviour. Unhappy employees could commit internal fraud as a way to get ‘revenge’ or act maliciously if they don’t feel they have been treated fairly – for example, because of low pay or being passed over for promotion. Personal differences with management, redundancies or if remuneration policies or bonus distributions are thought not to be fair could also be factors. In addition, staff who feel insignificant, powerless or taken for granted are also able to rationalise any fraudulent activity. This is not to say that poor staff morale will result in fraud, simply that it may be a factor in why a staff member chooses to do so.

• Strengthen your zero-tolerance policy to employee fraud and nurture a culture of ethical behaviour and integrity.
• Aim to create an internal culture that promotes honesty, openness, integrity and vigilance throughout the workforce. 
• Ensure that employees are aware of the whistleblowing policy and how to report suspicious activity, and highlight any support for those who are prepared to do so. 
• Provide training and/or guidance that communicates potential early warning signs of fraud, and how to report staff fraud.
• Lead from the top – ensure that those in senior positions within the organisation follow the same rules as other employees.
• Review your approach to employee voice and recognition - even if employees are not motivated to commit fraud themselves, unhappy people are unlikely to be committed to combating it or being vigilant with respect to the behaviour of others.
• Provide support and guidance to employees who could be struggling either financially or in other ways, for example through your Employee Assistance Programme (EAP) if you have one. 
• Monitor suspicious activity, such as unauthorised access, or sending restricted confidential documents outside of the organisation or to personal email addresses, but in a way that complies with data protection and privacy law, and is justifiable.
• Ensure that policies and practices are reviewed regularly. And whenever there are major changes in your organisation, such as the switch to working from home, review them all again.
• Carry out regular audits and spot checks.
• If practical and where your business is considered to be at higher risk, consider establishing dedicated units to specialise in proactively targeting and reactively investigating cases of staff fraud.
• Review instances of fraud and ensure that controls are put in place to prevent it from happening again.
• Keep up to date with trends in internal fraud.
• Restrict staff access to systems, databases and communication channels to a level relevant to their individual role. 
• In certain sectors, consider using specialist in-house software to monitor, flag and identify suspicious activity and create exception reports after analysing variables from employee, customer and transactional information.

• Screen all candidates to the appropriate level, driven by risk not seniority, and do not ignore any concerns.
• If relevant, consider additional checks throughout the year, such as criminal record, fraud or credit checks, bearing in mind any legal requirements. (For the legal requirements concerning checks, see our guide to pre-employment checks – although focused on checking new recruits, the information is still relevant.) 
• Ensure that any anomalies (such as a different reason for leaving a previous employment on a reference) are investigated thoroughly.
• Ensure that temporary and third-party staff are screened to the same standard as permanent employees.
• In addition to your normal ‘right to work’ identity checks, consider if you need to use a specialist agency to carry out vetting or security background checks on prospective employees.

• Ensure that your disciplinary procedures include fraud as potential gross misconduct and be clear on when external agencies such as the police need to be involved.
• Make sure anyone investigating fraud has received and completed appropriate training.
• In the event of fraud, follow your fraud response plan if you have one. Secure any evidence such as audit trails, CCTV, etc, so it can no longer be tampered with.
• Engage with any relevant stakeholders, such as communications teams, if reputational damage is expected as a result of fraud. 
• Engage with a third-party company who can investigate fraud if there is insufficient knowledge/ability within your organisation to investigate. 
• Form a solid working relationship with fraud investigators so that if you need to work together, the relationship is already there. 

To take a holistic approach to fraud prevention, you will need a company culture that supports this. Your culture should stress the need for openness and trust between employees at all levels. This does not simply mean that people are comfortable reporting suspicions of staff fraud, but also reporting personal issues that could impact the performance of other staff members and increase the likelihood they will commit fraud. It must be made clear that if staff have concerns about co-workers, they have an obligation and duty to report this. You should have a whistleblowing policy that facilitates an independent and confidential way to report these concerns that creates an environment where people feel able to report instances and are confident that the matter will be dealt with in a discreet, professional and considerate manner. 

It is also vital that staff are made fully aware that, should they commit fraud, there will be zero tolerance. However, you should also be careful that, while making employees aware of the zero-tolerance policy, the honest majority of the workforce do not feel that everyone is under suspicion and being monitored. 

Good people management can also make a difference when it comes to opportunistic fraud. If an employee is happy in their workplace, this could mean they are less likely to commit fraud than if they feel undervalued. To help create this organisational culture: 

• Consider the impact of any new policies on your employees, especially when a change in policy will result in an employee spending more – for example, on commuting, or utility bills if working from home.
• If necessary, review your reward policies to remove where possible areas that could be perceived as unfair by staff.
• Ensure salaries are fair. Differing salaries could make an employee feel unhappy if they are doing the same job as a colleague but not being paid as much.
• Treat employees fairly and with respect.

Tools such as employee assistance programmes offering confidential counselling and mediation services are useful in helping to create a trust-based culture. 

Make sure that your existing policies in areas such as staff code of conduct, discipline, whistleblowing and investigations are clear that fraud is unacceptable.

The Fraud Advisory Panel has published anti-fraud policy statements and templates on its website that may help you.

To help reduce the risk, you may wish to consider putting (or reviewing) policies and practices in place to support the welfare of your employees. The help could be something as simple as ensuring employees are aware of employee assistance programmes, or signposting to relevant organisations that can help. 

However, a policy alone cannot ensure that the appropriate controls to prevent staff fraud are maintained. This is only achieved by action and by others seeing that action is taking place. It is this that creates the preferred behaviour the policies set out to achieve. The anti-fraud culture needs to be endorsed and followed at all levels, meaning that, for example, managers and high-performers must follow the rules just as any other employee is expected to do.

As part of your normal onboarding/induction processes you should already be covering your code of conduct or other approaches to business ethics. If your risk assessment suggests your organisation is at a higher risk of fraud, you may also wish to incorporate fraud prevention and staff responsibilities in this area. 

You should also make new staff aware that every computer transaction they undertake leaves a footprint for audit trails, and that they are personally responsible for all activity undertaken using their logins and/or passwords. Staff who have committed fraud have been known to use unlocked computers and co-worker logins and passwords; therefore, it is best practice to update passwords regularly and ensure everyone is aware that they are responsible for any activity carried out using their password, and so they should not under any circumstances share or disclose it.  

Depending on your business environment and risk assessment, you may want to organise refresher sessions on fraud awareness, the potential penalties for fraud (which can include prison) and how staff should report suspicions of fraud.

Training and awareness of organisational whistleblowing procedures are important in combatting potential fraud and the CIPD employment law page on whistleblowing will give CIPD members some useful advice on this aspect.

"Monitoring staff" is a complex term with varied definitions and you must be careful to comply with any related privacy laws. In the UK this would include GDPR, the Data Protection Act 2018 and privacy law. You should only monitor staff if it is justified and there is a lawful basis. Protecting a business from theft or legal action and ensuring company resources are used appropriately is a legitimate basis. However, monitoring must be reasonable, necessary and proportionate, and you need to find a balance between your interests and any intrusion into employees’ personal lives. You should always consider less intrusive ways of achieving the same results, such as training or regular performance reviews. 

Policies must state clearly when monitoring, including covert action, might take place. There may be exceptional circumstances when advanced notice would defeat the point of the monitoring, such as if serious fraud is suspected and the employee who is under investigation could be tipped off, which could lead to the disposal of evidence. But you should carry out a data protection impact assessment before any covert monitoring, and any such monitoring should only be done as part of a specific investigation for a limited period.

Due to the complexity of the problem, larger organisations may already have or wish to consider creating dedicated teams of fraud investigators and fraud detection specialists dealing specifically with staff fraud. If you have limited resources or small fraud teams, you should consider creating ‘staff fraud champions’, who will act as specialists for your organisation. If you are part of a small organisation that doesn’t need an internal fraud team, set out a clear process of who should be notified when potential/confirmed fraud is identified. In smaller organisations, any investigation should be undertaken by somebody who has received sufficient training to do so or by a third-party company who specialises in internal fraud investigation. 

Both line managers and HR professionals need to understand the process to investigate allegations or suspicions of fraud, without which investigations may fail because:

• Potential evidence or relevant legal processes are compromised by people who are not trained properly.
• Those qualified to undertake the investigation are deployed too late to gather the necessary evidence.
• The police or other relevant organisations are not involved early enough in the investigative process.
• Managers or others conceal information or evidence to hide perceived failure in their management or control of the business area.

While in most potential disciplinary situations alternatives to suspension should be considered, in the case of possible fraud it is more likely that you may wish to suspend at the start of the investigation process. This is to prevent possible interference with witnesses or destruction of evidence.

Any investigation should be used to gather enough evidence to suspend, arrest or clear an individual. You should ensure that there are clear communication procedures in place to make certain that any witnesses are not interfered with. Anyone involved in the investigative process should avoid protracted conversations or unnecessary confrontation. 

During an investigation there are likely to be interviews conducted with the staff member suspected of fraud and any possible witnesses. It is vital that organisations clearly set out who is responsible for interviews and ensure that they do not become entangled with any disciplinary procedures. The interviews should inform the disciplinary decision, but the disciplinary process should be kept completely separate. 

In cases of potential fraud, there can be several different groups involved in the investigation. It is important to be clear on the role of each party and that HR has a responsibility to make sure that the company’s employment obligations are met.

If the police or other external body are involved, they may wish you to pause any internal investigation to allow them to undertake their enquiries. HR professionals should be guided by this and ensure that this is communicated to the employee (and their representative if they have one). The police may be unwilling to disclose evidence they have if they believe it might prejudice a prosecution. Similarly, an employee may be advised by their lawyer that participating in a workplace investigation might be harmful to any potential defence and they may refuse to co-operate or provide any information.

In both these situations, HR professionals need to consider how to deal with this. A police investigation might take months (or even years in a complex case) and it would not be reasonable for an employer to maintain an employee on suspension for such a prolonged period. Equally, a refusal to co-operate with an investigation (or to attend a subsequent disciplinary hearing) may not in itself prevent you from dealing with the employment aspects as you can take decisions based on the evidence available.

If an employee is in custody and is unable to attend meetings, you may wish to consider written submissions from them.

If your organisation has specialist fraud investigators, they will normally take the lead in any investigation process. It is important however that there is close cooperation between them and HR. The investigators need to understand the employment law implications – this may be dealt with via training or, in some cases, by having HR representatives sit in on interviews. Whatever approach is taken, it is important that both work closely together, communicate effectively and ensure that their actions are complementary. In certain situations, it may be necessary for fraud investigations to commence without HR knowledge but HR should be informed at the earliest opportunity.

The circumstances of each case are likely to be different and if in doubt HR should take advice from employment lawyers to ensure that the employment aspects are dealt with correctly while ensuring that specialist are able to conduct their investigation thoroughly.

Remember that the standard of proof is different in an employment matter than a criminal matter. In employment the test is the balance of probability while a criminal situation requires a higher standard of beyond reasonable doubt. This means that you may be able to fairly dismiss an employee even if the police decide not to take matters further.

An initial investigation will normally be required before suspension, and it should not be automatic. 

This edition of this guide is based on an edition published in 2023 that was produced in partnership with Cifas – the UK’s Fraud Prevention Service.