Performing proper due diligence in all staff and recruitment matters is an essential part of getting to know the people who work for you. It can greatly reduce the risk of insider fraud.
Introduction
No one likes to think that the colleague at the next desk, or the helpful volunteer working in the shop, might be a fraudster. But no matter how sophisticated your anti-fraud systems are, the human element will always be your weakest link. It is extremely important to take care over the kind of people you employ, and to recruit them into a workplace where dishonest behaviour is never acceptable.
What is insider fraud?
This is when someone exploits their role or occupation for personal gain by deliberately misusing the organisation’s assets and resources. It often includes the abuse of trust.
Fraud can be committed by anyone, whether:
- a trustee;
- an employee (temporary or permanent); or
- a volunteer.
This person may act alone or in collusion with someone else. Sometimes criminal gangs will deliberately seek out people ‘on the inside’ to help them commit fraud, for example by asking for information on how to bypass controls.
Common examples include:
- exaggerating or falsifying expenses or overtime;
- stealing cash (culprits often occupy senior or responsible roles); and
- stealing other assets and resources, including intellectual property.
Employee application fraud
This is when someone provides false or misleading information to get a job.
Common examples include:
- lying about qualifications or previous experience;
- falsifying employment history to hide a previous dismissal;
- not disclosing unspent criminal convictions, CCJs or bankruptcies; and
- producing supporting documents which have been forged or tampered with.
Conflicts of interest
A colleague’s concealed relationships (inside or outside) can become an enabler of fraud. Conflicts of interest are inevitable, but if declared they can be managed appropriately and transparently.
Basic checks
Pre-employment
- Screen everyone: permanent and temporary, high and low.
- Make all checks before the employee starts work.
- Make sure new applicants know that checks will be made.
- As a minimum verify identity, address, employment history and eligibility to work in the position applied for.
- Ask to see original identity documents (if you are unsure about authenticity use a document verification service).
- Check qualifications either directly, with the issuing college/university, or via Hedd (the UK’s higher education verification service).
- Check work history by taking up references and calling referees.
- For senior and finance positions consider enhanced checks, including criminal history and financial background.
In service
- Let existing staff know that periodic checks will be made, including when they are promoted or given a new role.
- Be alert to changes in people’s lives which might put them under increased pressure.
- Listen to customer complaints – they might indicate that something is not right.
- Consider proactive monitoring of staff, perhaps as part of your quality assurance processes. This can identify unusual staff behaviour which may deserve further investigation.
Accountability versus trust
Trust is integral to the health and success of the charity sector, but it is not a control. Trust can easily be abused or manipulated. Replace trust with a culture of accountability in which supervisors supervise, and fraud prevention policies and procedures are respected and followed by everyone, everywhere, at every level.
A SIGNIFICANT PROPORTION OF ALL FRAUD…
is committed by people ‘on the inside’. The risks are significantly increased by inadequate controls, excessive reliance on trust and individual responsibility, and a lack of effort devoted to challenging and overseeing key activities.
Warning signs
Certain kinds of individual behaviour can be red flags for insider fraud. For example:
- an aggressive or bullying manner that makes colleagues unwilling to challenge their behaviour;
- a tendency to be over-protective of their work or to take on additional tasks beyond their job description;
- asking to use someone else’s log-in details because they have forgotten their password;
- an unwillingness to take holidays or be away from the office for more than a day or two at a time;
- an addiction of some kind (drugs, alcohol or gambling); and
- signs that they are living beyond their means or are in financial difficulty.
None of these are clear-cut evidence of fraud, but might point to the need for further.
Handling suspicions
If you suspect fraud:
- remain calm;
- write down your concerns and what prompted them;
- report your suspicions to the appropriate manager (check your organisation’s whistleblowing policy for details);
- do not try to investigate the matter yourself; and
- do not talk to other colleagues about your concerns.
Taking action
If you suspect that your charity has fallen victim to insider fraud you should act promptly.
- Refer to your response plan which should explain how, when and by whom the suspected fraud will be investigated, reported and resolved. It might include engaging external professional support.
- Report the incident to your relevant national law enforcement agency. In the UK this is Action Fraud (England, Wales and Northern Ireland) or Police Scotland (Scotland only).
- Report matters promptly to your charity regulator. For reports to the Charity Commission for England and Wales treat it as a serious incident. Use the online form to make your report, stating what happened and how you’re dealing with it.
Checklist
BUILDING YOUR CHARITY’S DEFENCES
Ask yourself:
- Do we have a workplace culture in which fraud is never acceptable and everyone knows it? (An essential part of preventing fraud is to have the right ‘tone at the top’.)
- Do we talk openly about fraud and is it clearly explained in our anti-fraud, bribery and corruption policy?
- Is a whistleblowing policy promoted and supported widely within the organisation?
- Are we developing standard operating procedures that reduce risk and encourage honesty? Are we making sure they are being followed?
- Do we perform pre-employment screening of new recruits and in-service checks for established employees? Do we expect our partners to do the same?
- Are we sharing our knowledge with other organisations so that known fraudsters cannot simply job-hop?
- Do we offer support to employees in difficulty? (Desperation and dissatisfaction are common causes of fraud.)
- Do we keep registers of gifts, hospitality and conflicts of interest? Are they transparent and reviewed regularly?
- Do we provide mandatory anti- fraud and corruption training?
- Is there a response plan for when an insider fraud does happen?
Other resources
The Charity Commission for England and Wales has produced some helpful Case studies of insider fraud in charities
Preventing Charity Fraud contains resources to help charities prevent, detect and respond to fraud.
ACKNOWLEDGEMENT
This helpsheet was kindly prepared by Cifas and the Fraud Advisory Panel.
DISCLAIMER
Published 2019. Last updated August 2021.
© Fraud Advisory Panel and Charity Commission for England and Wales 2019, 2021. Fraud Advisory Panel and Charity Commission for England and Wales will not be liable for any reliance you place on the information in this material. You should seek independent advice.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.