No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Fraud

New UK Law Shines a Light on Internal Fraud Surveillance

‘Failure to prevent fraud’ could result in harsh penalties

by Sujata Dasgupta
May 6, 2024
in Fraud
parliament building

A 2023 law in the UK seeks to encourage employee fraud prevention, and as finserv specialist Sujata Dasgupta argues, it’s not a moment too soon.

Up until now, monitoring employees to prevent fraud in organizations has remained a taboo subject and not discussed or reported very often, possibly to avoid tarnishing the company’s image and reputation. Yet, internal fraud committed by employees and agents have accounted for high volumes of fraud losses in organizations globally. While huge budgets are spent every year to prevent and intercept fraud committed by external parties, employee surveillance systems and procedures have not been a topic of discussion in the industry. However, now things are set to change as the UK government enacted the Economic Crime and Corporate Transparency Act (ECCTA) in October 2023, which has employee fraud prevention as one of its key provisions.

The current landscape

Over the years, the scale of internal fraud in organizations has reached staggering levels. Employees in certain departments are in unique positions by virtue of having access to customer accounts, company internal accounts and records, organization policies, loans processing, transactions, credit limits, invoice payments and so on. These can be ammunition for employees to commit fraud for material gains like higher fees and commissions, achieving work related targets or purely for misappropriating funds for personal benefit.

Take the case of a large U.S. bank whose employees opened millions of accounts in the name of their customers in the recent past without their knowledge or consent to meet aggressive targets and earn high bonuses. Employees of a UK bank manipulated the LIBOR a few years ago to benefit the bank’s trading positions. Employees of another U.S. bank misrepresented the quality of mortgages while selling mortgage-backed securities to investors. Several companies have been found guilty of accounting fraud to inflate their balance sheet. Cases of agents fraudulently selling products or services (e.g. cards, insurance policies, loans/credit, investments) by misrepresenting features or even without the customers’ consent are not uncommon, either.

These are not one-off examples; rather we have witnessed several cases of fraud committed by employees where the intent was to benefit themselves or the company. Yet the internal fraud monitoring landscape is far from mature in most organizations across the globe. Except for trading related surveillance, most firms do not have documented policies to prevent or detect internal fraud, the risks may have rarely been assessed, and consequently no specific controls built for this function.

Voltmeter pointing to high voltage
Financial Services

European Regulators Moving the Needle on Real-Time AML Monitoring

by Sujata Dasgupta
July 12, 2023

Financial institutions may have adopted methods of detecting fraud in real time, but money laundering detection remains an after-the-fact judgment. Finserv specialist Sujata Dasgupta explores how one bank’s adoption of EU guidance could chart a path forward for true money laundering prevention.

Read moreDetails

New UK law

A key provision of the new UK law is “Failure to prevent fraud,” which essentially focuses on fraud committed by individuals associated with an organization, including employees, agents, subsidiaries or any other person providing services on behalf of the organization. This clause applies to large companies that have (i) more than 250 employees, (ii) turnover of more than £36 million and/or (iii) a balance sheet total of more than £18 million.

These companies will now face strict penalties, including unlimited fines, if any of their associated parties are accused of committing fraud that was intended to benefit the company or any person to whom the associate provides services on behalf of the company.

However, defense is available to a company accused on the above charges if it can demonstrate that it had reasonable procedures in place to prevent insider fraud or there were no reasonable circumstances for the company to have such procedures in place. This clause makes it imperative for organizations covered by the law to take a fresh look at their internal fraud risks, build corresponding controls if not already in place and monitor existing controls if any to align with identified risks.

What it means for organizations

Internal fraud perpetrated by employees or agents of companies have consistently ranked among the top categories of financial fraud. Industry reports suggest that almost all cases of internal fraud are unearthed either during internal audits or through whistleblowing, at least 12 to 15 months after such fraud is committed. The fraud management function in most firms focuses on mechanisms to prevent, detect and mitigate risks of external fraud involving customers or third parties. But with UK ECCTA, companies covered will now have to establish the three lines of defense for internal fraud surveillance as a regulatory compliance mandate.

To start with, internal fraud prevention and monitoring requires clearly drawn up policies, well-documented procedures, educating employees about ethical conduct and the organization’s policies on internal fraud. The role of each line in the three lines of defense must have clearly laid out responsibilities and operating procedures. A formal internal fraud management mechanism is pivotal in preventing and monitoring employee fraud.

Risk assessment comes next. Organizations must establish an enterprise-wide risk assessment framework, to identify internal fraud risks, for example, those arising from physical and digital accesses, roles of specific departments (e.g. finance, accounting, vendor management), rights granted to agents and so on. Corresponding controls must be designed for each risk. It is imperative to review the effectiveness of such controls while also keeping track of new risks on a regular basis.

Enhanced security for employees and consumers

When an insider commits fraud, there are several others associated with the organization who get negatively impacted – the customers, other employees and the brand itself. Customers may face financial losses, employees’ morale and job security take a hit, while the company incurs reputational damage. Companies covered by this new law will also face strict penalties including unlimited fines.

Most organizations across the world may be exposed to risks of internal fraud, albeit to varying degrees. Building a secure, ethical workplace by incorporating internal fraud prevention measures can protect against such frauds on the one hand and improve productivity and customer trust on the other. So even while ECCTA may apply to organizations in the UK, regulators in other jurisdictions may soon follow suit given the scale of employee-enabled fraud across the globe.

 


Tags: Internal Controls
Previous Post

Money Laundering Costs the Average British Household £255 Per Year, So Why Aren’t Financial Institutions & Regulators Doing More About It?

Next Post

Easy Wins & Early Moves: What New CEOs Need to Know in Their First Few Months

Sujata Dasgupta

Sujata Dasgupta

Sujata Dasgupta is a multiple international award-winning industry leader and global head of financial crime compliance advisory at Tata Consultancy Services, based in Stockholm. She has over 24 years of experience, having worked extensively in the areas of fraud and financial crime prevention across banking operations, IT services and consulting. She has had a rich global exposure through her work with premier banks in several major financial hubs in seven countries across North America, Europe and Asia. She is an accomplished thought leader, author, columnist and speaker and is regularly interviewed by reputed international journals for her analysis and opinions on contemporary topics in this area. She can be contacted on LinkedIn.

Related Posts

contactless payment

Can Virtual Credit Cards Outsmart Employee Fraud?

by Cher Pearsall
March 27, 2025

Emerging digital payment tools promise control over operational purchasing while maintaining efficiency

news roundup green bars

2 in 3 Legal Chiefs Also Managing Functions Like Risk, Compliance or Privacy

by Staff and Wire Reports
February 7, 2025

Analysis finds most US retirement plans contain regulatory or fiduciary violations; internal audit group finalizes cybersecurity requirement

uk parliament building

Your Liability for Fraud: Are You Looking the Right Way?

by Mark Hunting
January 31, 2025

Changes to UK regulation make companies responsible for third parties’ fraudulent conduct

executive meeting room empty seats

UK Corporate Crime Law Puts ‘Senior Managers’ in the Hot Seat

by Ben Boorer
January 23, 2025

As Britain’s landmark economic crime law takes effect later this year, organizations face expanded liability and unclear guidance on compliance

Next Post
passing the baton

Easy Wins & Early Moves: What New CEOs Need to Know in Their First Few Months

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights