Cifas Homepage
NewsroomCareersContact Us

Home Office crackdown on fraud – what does it mean for your business? 

21 April 2023

The Home Office announced last week that they intend to create a new offence which will make it easier to prosecute large organisations if an employee commits fraud for the benefit of the organisation. The “failure of prevent fraud” offence will be introduced as an amendment to the Economic Crime and Corporate Transparency Bill, which is currently at the second reading stage within the House of Lords. So what are the practical implications for large organisations? Tracey Carpenter, Insider Threat Manager at Cifas, gives her thoughts: 

What will change?  

The new failure to prevent fraud offence means that large organisations could be prosecuted if an employee or agent commits fraud for the benefit of the company, and the organisation has failed to put “reasonable procedures” in place to prevent the fraud.   

How might frauds that benefit the organisation be carried out?  

There are a number of ways. For example, where a company purports to be more profitable than it really is in order to attract further investment from shareholders, or where they commit fraud by false representation - for example by falsifying documents in order to make the business look more financially attractive when applying for lending. Other examples include where funding is sought for a particular product and the rewards have been mis-sold in an attempt to secure investment. The House of Lords is considering the specific fraud offences, such as fraud by false representation, which will be covered by the failure to prevent offence.   

How can companies ensure they are protected?  

The specific actions required depend on the maturity of an organisation’s anti-fraud measures, and organisations should be considering their current fraud controls and how well protected they are against these threats. 

Interestingly, in a recent survey carried out by Cifas less than half of large UK organisations (45%) said that they were concerned about the threat posed to their business as a result of internal fraud over the coming year.  

Organisations shouldn’t underestimate the devastating financial and reputational consequences of fraud carried out by employees.  

Organisations must ensure that employees are not only checked when commencing employment, but also throughout the lifecycle of their employment, to maintain an accurate picture of risk. The Cifas Internal Fraud Database holds fraud risk data relating to internal fraud threats, such as bribery and corruption, theft of personal and/or commercial data and false applications (including fake qualifications). We recommend that employees are checked against the database on at least an annual basis.  

Many organisations focus on regulatory checks such as the Senior Managers Regime, but our own research and statistics tell us that those who commit fraudulent conduct are more likely to be lower grade employees.  

As well as responding to current threats, organisations must ensure they are constantly scanning the horizon for upcoming fraud threats. Remember too that staff can be the first line of defence against fraud, and so employers should ensure that their people are well trained to identify and take action against fraud.  

Our Fraud & Cyber Academy courses and  Digital Learning solution use the latest fraud intelligence to provide the most up-to-date insights to learners and build knowledge and resilience within their organisations. Indeed, in the Internal Fraud Strategy course that I run, we cover how working from home can have a huge impact on the insider threat, and how companies need to be considering this in light of employees being increasingly likely to be driven to fraudulent conduct as a result of the cost-of-living crisis. I regularly run webinars and workshops for our members to help them ensure that they are protected against these threats, as we know that collaboration is key when combatting economic crime. 

Is this the first legislation of its type where an employer can be held responsible for the conduct of an employee?  

Absolutely not. Under section 7 of the Bribery Act 2010, a company can be found guilty of failing to prevent bribery if an individual associated with that company bribes or seeks to retain or obtain an advantage for themselves or their employer. This new legislation introduces fraud into the equation. We have seen huge variations in the fines handed out for failing to prevent bribery - for example one company was fined £2.25m and another £77m. Cases such as these should alert organisations to the seriousness of failing to comply with such legislation.  

The legislation has not come in to force yet, so is it a case of sitting tight or should organisations be undertaking work in the background in preparation?  

Organisations should be preparing to review their anti-fraud policies and identifying any gaps which could mean they are leaving themselves open to this type of fraud – and potential prosecution under the new offence. Many organisations should already have controls in place in relation to S7 of the Bribery Act 2010, and so it may just be a case of enhancing those controls to cover fraud. Working with other areas of the business is also key, for example making sure that Fraud, Compliance, Risk and Audit Teams are all aligned and understand the consequences of failing to adhere to this legislation. HR Teams should also be engaged if they manage part of the company’s fraud policy. 

Posted by: Tracey Carpenter

Tracey is Cifas' Insider Threat Manager


The Insider Threat and AI

3 August 2023

Artificial Intelligence (AI) sounds like a business’s dream. The ability to utilise software that can think like a human but process data on a scale that humans can only dream of, what’s not to love? To start, there have been reports of businesses making redundancies in favour of AI solutions. BT recently announced they were cutting 55,000 jobs with plans to replace 1 in 5 of affected roles with AI. To many businesses this could seem like a sensible option – AI doesn’t need a salary, pension contributions or sick pay and it doesn’t need time off either, so what’s the risk?


Cyber Security and International Womens Day

8 March 2023

Cyber security is one of the fastest-growing areas of the technology sector, and it's no surprise that more and more companies are electing to store and protect their data online.

Back to blog home >
Posted by: Tracey Carpenter

Tracey is Cifas' Insider Threat Manager