What is internal fraud?
Internal fraud, also known as insider fraud, is carried out from inside an organisation by its own staff. Although only committed by a minority, it can have a large impact on a business. Internal fraud can take many forms, from payment and receipt fraud, to travel and procurement fraud.
How to prevent internal fraud
- Background checks: Instigate thorough background checks when hiring prospective employees, including referencing the Cifas’ Enhanced Internal Fraud Database for previous offences1
- Restrict access: Ensure employees only have access to the data and programmes they need to perform their role and implement systems that alert you to any suspicious activity
- Whistleblowing: Implement a robust whistleblowing policy so your staff are informed and empowered to detect and report suspicious behaviour
- Zero-tolerance policy: Inform your staff that you have a zero-tolerance approach to fraud and how to identify suspicious behaviour so they can be your first line of defence
- Employee wellbeing: Ensure you are promoting employee wellbeing as life and work pressures can motivate otherwise law-abiding staff to commit internal fraud2
- Employee monitoring: Put robust employee monitoring in place throughout the employee lifecycle, from onboarding to other monitoring measures like CCTV
- Fraud response plan: Create a fraud response plan that sets out the steps your organisation should take in the event of internal fraud
- Hiring and promotion: Ensure you have equitable and transparent hiring and promotion processes so all staff feel supported and will be less likely to rationalise fraud.
What to do if you're a victim
- Investigate: If you suspect internal fraud is taking place it’s important to investigate it in a confidential and legal manner.3 Only report your suspicions to people you trust
- Employment lawyer: Consult with an employment lawyer to ensure you protect the rights of your workforce when investigating
- Act fast: Act upon any suspected fraud in a timely manner and have appropriate processes in place. Be aware that there is a risk of perpetrators deleting data if they become aware that they are under suspicion
- Preservation: Take steps to retain and preserve any data, documentation, or equipment that has been used to carry out the fraud
- Restrict access: Restrict access to sensitive data and systems that could be used to perpetuate internal fraud, such as bank accounts, company cards or payment authorisations
- Keep records: Document each phase of your investigation in a systematic way so you have robust records and can justify your conclusions
- Report: Report the fraud to the appropriate authority. Consider consulting corporate lawyers or hiring a forensic accountant to investigate the extent of any fraud and link it to the perpetrators.
Wake up to the reality of internal fraud
Understanding the Fraud Triangle
The Fraud Triangle is a framework for understanding the factors that lead to internal fraud.7
Employees may commit internal fraud due to financial pressures caused by the cost-of-living crisis or being targeted by criminal gangs.8
The increase in remote and hybrid working means staff are often unsupervised and have enhanced access to company systems and data.
The stories people tell themselves to justify their actions. This could be resentment at being passed over for promotion or feeling like they “have no other choice”.
Your next steps
To report any fraudulent activity, or attempts, contact Barclays corporate fraud on 0330 156 0155*.
If you receive a suspicious email, send it as an attachment to email@example.com and delete the email immediately.
Are you protected?
To keep yourself, and your organisation protected from criminals, ensure you keep up to date with our latest resources and advice.
Fraud and Scam Toolkit