Creating an anti-fraud culture

07 December 2023

New legislation has been passed that creates a corporate offence of failing to prevent fraud. This means an organisation may be held liable if any employees or agents commit fraud that benefits the organisation. After some back and forth between the house the approved legislation is limited to large organisations, as defined by the Companies Act 2006, which have two out of: more than more than 250 employees, £36m in turnover, more that £18m in total assets. Although medium and small organisations are not immediately impacted they may face requirements from larger organisations in their supply chain to provide some assurance that measure are in place to prevent fraud.

To date, much of the fraud prevention work completed by organisations focuses on frauds committed against their company. With many charities undertaking paid contractual work for other organisations, such as the NHS, it is important to have measures in place to ensure your staff recognise what fraud is, and are not defrauding your commissioners.

Many of the suggested preventative and recommended steps below will greatly assist any organisation in reducing their own fraud risk exposure.

Rising employee fraud

In addition to the new legislation, figures obtained by RSM UK under a freedom of information request (FOI) show a 10% rise in reported fraud cases committed by employees against their employers. The data obtained from City of London Police also shows that there was a fivefold increase in total losses stolen through employee fraud, with an average loss of £256,668 per incident. The increase in both the volume and value of funds stolen by employees reminds us that robust measures are essential to protect against fraud. These types of crimes are particularly damaging to charities, as they can cause widespread reputational damage, in addition to financial loss at a time where charities are needing it most.

What is employee fraud?

There are several types of employee fraud, which may be unique to each charity. Below you’ll find examples with accompanying suggestions to mitigate each of the fraud risks.

	Types of fraud	Anti-fraud procedures
Misappropriation of funds	The misappropriation of funds by an employee for their own use. This can involve stealing cash, diverting donations, amending invoice details or misusing company credit cards.	Organisations should have strong internal controls, such as segregation of duties, regularly reviewing financial records using data analytics, and limiting access to financial information and resources to authorised personnel.
False expense claims	Employees may submit false claims for expenses they never incurred or overstate the amount they spent to obtain reimbursement.	Having a clear expense policy, requiring receipts for all expenses, using expense management software to track expenses and identify anomalies, conducting regular reviews of expense claims and applying data analytics.
Payroll fraud	This can include altering time records, claiming overtime hours not worked or creating fictitious employees.	Implementing controls such as background checks for new employees, be that permanent or temporary, reviewing payroll records regularly, using biometric or time and attendance systems to track employee hours and conducting regular audits of payroll records. Having a process in place for verifying any bank account request changes to prevent staff pay being diverted.
Private work	With the rise of agile working, there is an increased risk of employees working more than one job to the detriment or conflict of another. This risk is heightened with the boom of generative AI allowing employees to be more productive in certain roles.	Clear policies and guidelines for secondary employment and declarations of interest, flexible working policies, monitoring employee activity by managerial oversight and conducting reviews of employee productivity and timekeeping records.
Insider collusion	Employees, board members or trustees within charities may collude with external parties to conduct fraudulent activities such as awarding contracts to friends/family at inflated prices, kick backs from the awarding of contracts, financial misreporting and grant/funding misappropriation to favour individuals/organisations.	Clear policies in place around contracts/funding awards, declarations of interest and bribery, as well as an up to date and regularly communicated conflicts of interest register, which is also tested.

Although not strictly fraud, employees accepting payments or gifts in exchange for preferential treatment or for awarding contracts or business to specific vendors is covered by the Bribery Act 2010. This can be mitigated by implementing a clear policy and code of ethics covering declarations of interests, conducting regular training on anti-bribery and regularly reviewing contracts and transactions with vendors for any signs of impropriety.

Creating an anti-fraud culture

According to a report from the Association of Certified Fraud Examiners (ACFE), 29% of fraud is due to a lack of internal fraud prevention controls, with 20% overriding existing controls and 16% due to a lack of management review. Utilising the platform and support of Charity Fraud Awareness Week as well as referring to government guidance will assist in building upon your fraud awareness strategy.

To minimise fraud risk and improve fraud detection, we recommend charities consider creating an anti-fraud culture by:

ensuring that there are confidential and clearly defined reporting routes, supported by a sound whistleblowing policy and process, with a feedback mechanism where appropriate. Respond quickly to suspected fraud by initiating an investigation, documenting evidence and involving a counter-fraud specialist or the police. Prompt action can prevent further losses and minimise fraud impact;
providing periodic anti-fraud training for all employees as well as bespoke training for key risk areas such as finance, procurement and HR/recruitment. Training should incorporate the publication of successful sanctions where appropriate to demonstrate the organisation’s approach;
having a regularly reviewed anti-fraud policy that outlines the organisation’s approach to fraud, responsibilities, and tone from the top. The policy should be widely publicised, internally and externally, and supported by a response plan for when incidents occur. In addition, it should have an annual strategy for combating fraud; and
conducting formal fraud risk assessments periodically to identify and measure areas within the organisation susceptible to fraud. These areas may require further proactive testing, training and increased controls. The fraud risk assessment should feed into the annual fraud strategy, which defines the areas of focus for that year.

What next?

An economic crisis for businesses, a cost-of-living crisis for individuals, geopolitical uncertainty and the rise of agile working all create the perfect storm for increased employee fraud risk. The rise of generative AI will only exacerbate this risk if charities cannot keep up. Charities need a clear and robust plan in place to prevent and detect fraud at the earliest opportunity, as well as promptly and thoroughly investigate any instances or suspicions.

For further information on how to mitigate your fraud risks, please contact Becci Goodchild, Matt Wilson or Andrea Deegan.

To hear our experts discuss how to reduce fraud risk and take a look at some real life case studies, on a recent webinar, please click here.