Skip to main content

Managing An In-house Investigation

Managing fraud investigations: an in-house perspective

Upon discovering fraud there are important issues to consider and preliminary steps which need to be taken before involving external advisors. Arun Chauhan takes us through what good practice looks like in the current fraud environment and what in-house legal teams should think about when conducting a regulatory investigation.


  • Fraud is not black and white. Conduct of some may be interpreted as sharp practice by one person but fraud by another.  Making clear what your company perceives as dishonest conduct and educating employees is key in fraud prevention.
  • Organisations need to have operational teams focus on their role as the first line of defence and to recognise that “prevention is better than cure” when it comes to fraud.
  • Having an established ‘fraud response plan’ that anticipates the types of fraud you are at risk to and which can be put into action quickly will likely help reduce losses and limit reputational damage.
  • Identifying an internal investigation team ahead of a fraud event will save time and confusion in the wake of discovering fraud.
  • The type of fraud will have a bearing on preliminary steps and the overall objective of any investigation.
  • There are a number of key issues to consider at the start of any investigation and prior to embarking on any form of litigation.

The current fraud environment

Fraud is generally under-reported; however, this does not mean that it is not happening. According to PwC’s Global Economic Crime Survey 2020 [1], 56% of UK companies claim to have experienced fraud, corruption or other economic crime in the last 24 months. There is no doubt that the COVID pandemic has led to an increase in fraud; the pressure to make ends meet and opportunities for fraud via government grants and schemes has contributed to the increase. Similarly, home working is driving a change in behaviours. The volume of emails and pace expected from staff has also contributed to an increase in cybercrime, mistakes and concealment.

The truth is that whilst most employers are aware of the need to educate their people about fraud, for some reason many still have the mindset of “it will never happen to us”. Much of the root cause of this comes from two areas.  Firstly, that there is not a clear understanding of what “fraud” is.  Fraud is not black and white, dishonesty comes in many shades and to some, that leaves their conduct open to interpretation.  Certain conduct may be seen as fraud, for others it is sharp practice.

Secondly, there is a misunderstanding around trust; dependent on a range of circumstances, good people can do bad things. Whilst trust in a workplace is essential, it should not be at the expense of being aware of how fraud can be perpetrated against your own organisation.

In reality, there is a real prospect of one of your people (or more) not following the rules for a range of reasons, be it that they are disenchanted by what is asked of them, that getting their work done by circumnavigating rules makes it easier, or worse, they may knowingly be committing fraud.


Fraud response plan

Organisations must move away from thinking it will never happen to us. Fraud is much more common that we might think, accounting for 39% of all crime in the UK.[2] Therefore it is important for organisations to consider what they would do if they discovered fraud, and more specifically, different types of fraud. Having a ‘fraud response plan’ in place is about knowing what you will do before the event occurs. This is critical as speed of action can reduce losses and limit reputational damage.

The type of fraud will affect the type of response required; for example, cybercrime may be focused on data recovery and limiting reputational damage rather than recovery of loss, whereas employee or supplier fraud may have financial recovery as the primary objective. Therefore, it is important to consider what initial steps may need to be taken and how these might differ depending on the objective.

Identifying your internal investigation team prior to the occurrence of a fraud event is also good practice as this will save time and confusion in the wake of discovering the fraud. Ensuring that those members of the investigation team know their role and are aware of the response plan is critical for smooth communication and control. Your team may consist of people representing governance/risk, HR, IT, PR, finance, data protection and legal.

For in-house legal teams initially tasked with progressing a suspicion of a fraud event / regulatory breach, the key is to ensure those in the business with knowledge of how the business operates (particularly in the department from which the suspected fraud arises) are brought in to assist you with the factual background to help you assess how far somebody’s conduct may have departed from policy, procedure or regulation.

The onus will be on the in-house team to play a key part in co-ordinating an investigation.   The aim of the information we set out below is to aid in-house teams to think about the key first steps to take using the resource internally in the business as well as thinking about what lies ahead.


Preliminary considerations

There are a number of issues that will need to be considered ‘up-front’.

As already highlighted, it is important to have an internal team in place who know what to do if fraud is suspected as well as the ability to identify the type of fraud which has or may have occurred as this will determine the ideal early first steps to take. For the purpose of the guidance in this article, the focus is on employee / insider fraud.

Covert or overt?

One very important consideration is whether to conduct the investigation covertly or overtly. At the beginning of an investigation of employee fraud, there may be a thread to pull, a concern or suspicion, but no reason to suspend. In these circumstances, should the employee be approached about the concerns or not?  There are risks with both approaches; for example, if the employee is made aware you risk tipping off the employee and any third parties to destroy evidence, equally you risk the dissipation of assets. Another consideration is the disruption to business continuity that may follow an open investigation, especially if it involves suspending a senior key employee.

However, if the investigation is conducted covertly does this restrict what the employer is able to achieve? For example, what right does an employer have to search emails without notifying the employee? What about personal emails in office email accounts? Case law suggests that an employer is able to review private emails provided the review is ‘justified and proportionate’. The use of specialist software to conduct a first stage review of emails thereby reducing the extent of any human review may assist in justifying such an intrusion of privacy.   Consideration needs to be given as to how long is a reasonable period of time to investigate and not inform an employee they are under suspicion.

HR advice

With any internal investigation, HR will need to be closely involved to ensure that the correct processes and procedures are followed in relation to the employee in question. A key consideration is balancing the risk of suspending or dismissing an employee too early i.e. before conclusions have been drawn. HR will need to advise on the terms of the employee’s contract; when was the last time the employee in question had their contract terms updated, when did they last attend counter-fraud training, do they have access to and can you demonstrate that they had read the Disciplinary Procedure, the Code of Conduct / Employee Handbook and do these documents cover fraud/ethics/abuse of position/conflicts of interest? An interesting question is how does your organisation demonstrate that an employee knew what was contractually and ethically expected of them?

What you are trying to identify is the ‘low-hanging fruit’ obligations you can hold an employee to account with, rather than having to spend more money, time and likely external resources from your legal budget to prove fraud (as that is what you are left with in the absence of contractual clauses that can hold an employee to account, especially where conduct is not black or white).

Contracts / policies

A regular review of contracts and policies can be a helpful exercise and certainly when it comes to internal fraud, having robust polices can assist in demonstrating an employee’s wrongdoing. This not only relates to employment documentation (i.e. employment contracts, employee handbook, disciplinary procedure (although it is also crucial that these documents deal with fraud and ethics)) but to wider company polices. For example, policies around procurement or the onboarding of new suppliers, and indeed supply contracts themselves may contain clauses around probity, conflict or dishonesty leading to rights of termination. It is important that the word “fraud” is clearly defined and explained so that the reader understands what type of behaviour is included in this reference.

Preservation of evidence

The preservation of evidence, which these days is mostly electronic, needs to be considered very early on in any investigation. Consulting internal IT personnel is critical in order to preserve data and restrict access whilst decisions are made about how to conduct a review i.e. whether external e-disclosure experts and software are required to identify early stage key documents that may be presented to an employee in an investigation interview which may be fatal to any defence an employee tries to put up.

Reporting obligations

You will need to consider what reporting obligations the organisation is under. For example, if there are any relevant insurance policies you may need to notify the insurer depending on the circumstances. Check any deadlines, for example, most fidelity insurance policies will require notification within a certain number of days of discovery. In addition, many organisations will have regulatory bodies that need to be notified, for example, charities will need to report any fraudulent event to the Charity Commission, or there may be a need to file a suspicious activity report with the National Crime Agency

You will also need to decide whether you wish to report the fraud to the police.  You may have to do that to ensure your insurance policy responds to an insured event, or you may consider that involvement of the police is the high point of a deterrent to others contemplating defrauding your organisation.


From the outset of any investigation, it is important to be aware of the legal options going forward should the matter progress in that way.  Civil fraud is an umbrella term encompassing many different causes of action and injunctive remedies. Some of these are listed below:

  • Breach of fiduciary duties/abuse of position
  • Breach of contract
  • Misrepresentation
  • Unjust enrichment
  • Freezing injunction
  • Search order
  • Delivery up order
  • Norwich Pharmacal/Bankers Book Evidence Act order

However, there are some key issues to consider before embarking on any form of litigation process. As already mentioned, different types of fraud will have different objectives. In respect of internal/employee fraud, the objective is likely to be financial recovery or recovery of confidential data. However, for financial recovery claims it is important to consider whether the employee is able to meet any eventual judgment. What do you know about their financial position? What have they done with the proceeds of their fraud? Are third parties involved who may be good for the money if a claim can be constructed against them as some form of accessory to the wrongful acts?

Following on from this, is the importance of obtaining quotes for the litigation process to enable you to carry out a costs/benefit analysis. It is so important to do this before embarking on a course of action. What are the prospects of success? Even if they are good, what are the chances of recovery from the defendant? Consider any internal resources that may be utilised to keep costs down.


When it comes to fraud, the statistics support the approach of “prevention is better than cure”. Financial recovery in fraud claims is difficult and costly in both time and financial terms but our experience is that there are times where it remains necessary to instigate proceedings. The best approach is timely and regular review of policies, procedures and training to ensure they are fit for purpose.  What you do not want is a gap analysis after the event which demonstrates a systematic failure of control of the risks, especially if you then have to reveal to your regulator how your assessment of controls was incorrect.

This article explores at a high level just some of the considerations that in-house counsel should be thinking about when planning for a fraud response. Should you suspect that your organisation has fallen victim to fraud or other wrongdoing please do not hesitate to get in touch at We can offer support to an internal investigation or advice on litigation options going forward. Equally, we can assist with ongoing policy/procedure reviews and training on fraud awareness/prevention and investigation considerations.

Published on December 2, 2021

Contact details

Phone: 0121 796 4020


Fax: 0843 216 4240


Tenet Compliance & Litigation Limited
Sterling House, 71 Francis Road, Edgbaston, Birmingham B16 8SP


Copyright © Tenet Law. All Rights Reserved.

Tenet Compliance & Litigation Limited. Registered Office, Sterling House, 71 Francis Road, Edgbaston, Birmingham B16 8SP. Registered in England and Wales. Registered No: 09776405. Authorised and regulated by the Solicitors Regulation Authority. SRA Identification No. 626562.

Created by Gritt & Co