Despite the high-profile nature of fraud, some employees are nervous or reluctant to report it – they may not know how to report fraud, be fearful of repercussions, or unsure if the activity is actually fraud or not.
Fraud is a complex crime but it’s also the most commonly experienced, accounting for 41% of crimes reported in England and Wales in 2024. It’s also massively underreported, with many different types of business fraud including payroll, invoice, procurement, tax and insurance fraud.
Any organisation can experience fraud but sectors like banking, insurance and government bodies are at higher risk because of the large amounts of money criminals can extract.
Fraud is increasing year-on-year in the UK, exposing organisations to financial losses and reputational damage, so it’s important that employees are trained to both identify and report it.
There may be times when employees have to report fraud to their manager – or if they suspect their employer is acting fraudulently, to the police and/or Action Fraud, which is the UK’s national reporting centre for fraud and cybercrime.
Employees can report their employer for fraud, if they suspect it. Reporting fraud at work can be scary, especially if employees are worried about their job – but it’s essential that all suspected fraud is reported as it protects both the company and employee in the long run. Employees are covered by the Public Interest Disclosure Act 1998, which protects against any dismissal and mistreatment as a result of reporting fraud.
Here is a five-step guide to help them navigate the process and enable compliance and L&D teams support them through policies and training.
Under the UK Fraud Act 2006, there are three key offences that employees must be able to recognise:
Fraud by false representation: Where a perpetrator benefits or causes a loss to someone else by falsely representing themselves, either expressly or implied. This can include pretending to be someone else, claiming false expenses or sending bogus invoices.
Fraud by failing to disclose information: Making a gain or causing a loss to another by failing to disclose information they were legally obliged to share. For example, not informing customers that you will receive commission for a recommended product.
Fraud by abuse of position: Someone in a position of responsibility dishonestly abuses the position to make a gain or cause a loss. For example, an accountant may take money and hide it in the accounts, or a director could claim expenses for personal items (lavish meals, holidays or cars).
Research shows HMRC lost £5.5bn in 2022-23 because of tax fraud, 81% of which can be attributed to smaller businesses. Tax fraud can be challenging to identify because tax avoidance is legal, while tax evasion is illegal (more on this below).
If an employee does suspect fraud, they will need to provide evidence. This can include a basic level of detail describing the situation, business in question, details of the activity and time/date logs. However, it’s helpful to provide more context and detail where possible.
Managers or leaders can also carry out an internal investigation to help gather evidence of fraud, such as checking any relevant documents/transactions, interviewing employees who may have knowledge about it and then reporting it.
There are a number of authorities who handle fraud in the UK, including Action Fraud and HMRC. Employees should also escalate suspected cases to their manager unless they suspect their organisation of fraud.
Who to report suspected fraud to (note that it might include more than one organisation):
Reporting fraud in the UK is straightforward. The easiest way to do it is online using the Action Fraud and HMRC operating easy reporting tools, which are accessible 24/7.
In the case of Action Fraud, users need to create an account – and can track the progress of their report online and via email. They can also call 0300 123 2040.
After an employee has reported fraud to Action Fraud, the complaint will be passed on to the National Fraud Intelligence Bureau (NFIB), whose reviewers will investigate it and pass it onto the police if they need to. Employees will receive an update within 28 days. When reporting fraud to HMRC, they advise employees to keep the report confidential for their safety, and can follow up to ask more questions or collect evidence.
Having a clear reporting process is key – but the goal is to prevent fraud from happening in the first place. For this, employees need to understand the different types of business fraud and how to spot it.
Here are some of the ways a proactive approach to training can help:
Understanding the characteristics of tax fraud is essential for employees.
Tax avoidance is not typically counted as fraud and most of the time it falls into an ethically grey area. The government defines it as “bending the rules of the tax system to try to gain a tax advantage that Parliament never intended”. This can include profit shifting, where a company processes sales through a different country where tax rates are lower.
While tax avoidance isn’t illegal, businesses who use tax avoidance schemes can end up having to pay much more than the tax they tried to avoid because they’ll have to repay the tax and interest/fines in some cases. Businesses practicing tax avoidance need to disclose this to HMRC under the Disclosure of Tax Avoidance Scheme (DOTAS) rules – if it’s not recorded, the company may face penalties.
On the other hand, tax evasion is fraud and illegal in the UK. It includes activities such as deliberately hiding earnings or obscuring tax figures. For example, businesses committing tax evasion may deal in cash to avoid reporting their true income.
Employees who notice tax fraud in their own business, or are suspicious about another company they work with, should use the HMRC tax fraud reporting service. Submitting a report can help HMRC punish the offender, possibly leading to criminal proceedings.
Read more about the differences between tax avoidance and evasion.
Four-fifths of all reported fraud in the UK is related to cybercrime because it’s easier than ever for offenders to falsely represent themselves or maliciously exploit information to defraud consumers, employees and organisations.
Organisations need to be on their guard against malicious attacks. That includes regular training to help employees understand the risks and practice good cybersecurity practices. They should also feel confident reporting any potential attacks to their managers, so they can take action to contain the threat.
Our Essentials Library contains e-learning content designed to help organisations meet fundamental compliance requirements. If you are looking for focused training, our Fraud Prevention Training Package and Financial Crime Training Package also offer a complete solution for your compliance programme. Courses in our libraries include:
We've also created a comprehensive AML & CTF roadmap to help you navigate the compliance landscape. If you would like to access leading insights and compliance tips, you can browse our free resources by topic to find guides, modules, compliance bites and more.
Explore our collection