Employee fraud – how to create an anti-fraud culture?

26 May 2023

Increase in employee fraud

Figures obtained by RSM UK under a freedom of information request (FOI) show a 10% rise in reported fraud cases committed by employees against their employers. The data obtained from City of London Police also shows that there was a fivefold increase in total losses stolen through employee fraud, with an average loss of £256,668 per incident. The increase in both the volume and value of funds stolen by employees reminds us that robust measures are essential to protect against fraud. These types of crimes are particularly damaging to companies, as they can cause widespread reputational damage and loss of customer and employee trust, in addition to financial loss.

The Prime Minister recently announced that fraud now accounts for over 40% of crime, costing nearly £7 billion a year. Demonstrating their commitment to tackling fraud, the government have published a new strategy. Continuing this commitment, the Economic Crime and Corporate Transparency Bill is also making its way through the House of Lords, which will bring into law a new corporate criminal offence of ‘failure to prevent fraud’ which will hit businesses soon. This could see organisations held to account if they profit from the fraudulent actions of their employees. Proposed organisations covered by this are large organisations and they can avoid prosecution if they can demonstrate that there are reasonable procedures in place to prevent fraud.

Types of employee fraud

There are several types of employee fraud, which may be unique to each organisation. Some examples are below with accompanying suggestions to mitigate each of the fraud risks:


Types of fraud

Anti-fraud procedures

Misappropriation of fund

The misappropriation of funds by an employee for their own use. This can involve stealing cash, diverting funds, amending invoice details or misusing company credit cards. 

Organisations should have tight internal controls, such as segregation of duties, regularly reviewing financial records using data analytics, and limiting access to financial information and resources to authorised personnel.


False expense claims

Employees may submit false claims for expenses they never incurred or overstate the amount they spent to obtain reimbursement.

Having a clear expense policy, requiring receipts for all expenses, using expense management software to track expenses and identify anomalies, conducting regular reviews of expense claims and applying data analytics.


Payroll fraud

This can include altering time records, claiming overtime hours not worked or creating fictitious employees.

Implementing controls such as background checks for new employees, be that permanent or temporary, reviewing payroll records regularly, using biometric or time and attendance systems to track employee hours and conducting regular audits of payroll records. 


Asset misappropriation

This can involve stealing supplies, equipment or other company assets for personal use or resale.

 Implementing security measures, such as surveillance cameras, asset tracking, transparent disposals processes and employee training on the importance of safeguarding company assets.


Data theft

This can include stealing or copying sensitive company information, such as customer lists or intellectual property, for personal gain or to sell to competitors. 

 Implementing strict access controls for sensitive information, regularly reviewing and monitoring data access logs and implementing security measures such as encryption, firewalls and intrusion detection systems.


Private work

With the rise of agile working, there is an increased risk of employees working more than one job to the detriment or conflict of another. This risk is heightened with the boom of generative AI allowing employees to be more productive in certain roles

 Clear policies and guidelines for secondary employment and declarations of interest, flexible working policies, monitoring employee activity by managerial oversight and conducting reviews of employee productivity and timekeeping records.

Although not strictly fraud, employees accepting payments or gifts in exchange for preferential treatment or for awarding contracts or business to specific vendors is covered by the Bribery Act 2010. This can be mitigated by implementing a clear policy and code of ethics covering declarations of interests, conducting regular training on anti-bribery and regularly reviewing contracts and transactions with vendors for any signs of impropriety.

Create an anti-fraud culture

According to a report from the Association of Certified Fraud Examiners (ACFE), 29% of fraud is due to a lack of internal fraud prevention controls, with 20% overriding existing controls and 16% due to a lack of management review. To minimise fraud risk and improve fraud detection, organisations should have the following in place:

  • ensure that there are confidential and clearly defined reporting routes, supported by a sound whistleblowing policy and process, with a feedback mechanism where appropriate. Respond quickly to suspected fraud by initiating an investigation, documenting evidence and involving a counter-fraud specialist or the police. Prompt action can prevent further losses and minimise fraud impact;
  • provide periodic anti-fraud training for all employees as well as bespoke training for key risk areas such as finance, procurement and HR/recruitment. Training should incorporate the publication of successful sanctions where appropriate to demonstrate the organisation’s approach;
  • have in place a regularly reviewed anti-fraud policy that outlines the organisation’s approach to fraud, responsibilities, and tone from the top. The policy should be widely publicised, internally and externally, and supported by a response plan for when incidents occur. In addition, it should have an annual strategy for combating fraud; and
  • formal fraud risk assessments should be conducted periodically to identify and measure areas within the organisation susceptible to fraud. These areas may require further proactive testing, training and increased controls. The fraud risk assessment should feed into the annual fraud strategy, which defines the areas of focus for that year.


An economic crisis for businesses, a cost-of-living crisis for individuals, geopolitical uncertainty and the rise of agile working all create the perfect storm for increased employee fraud risk. For businesses, it is now a case of when, not if, they will fall victim, so they need a clear and robust plan in place to prevent and detect fraud at the earliest opportunity.

If you have any concerns or questions about the employee fraud risk to your organisations, please contact Erin Sims.