Date:

Ten key things to consider in the aftermath of a fraud crisis

"Imagine, if you will, that your internal audit team have reported a discrepancy in the accounts. They don't yet know how much is at issue but have reason to suspect that it is in the £100,000's. It relates to a specific customer account which is solely managed by the Operations Manager. How should your business react? We look at the issues which a business dealing with an internal fraud has to face."

What criminal fraud and disclosure issues have arisen from what’s been discovered and what steps should be taken to minimise them. The matter must be dealt with and the company must follow its internal investigation procedure.

Ten key things to consider

  1. On suspecting fraud or where a discrepancy in the accounts has been reported you must obtain external specialist legal advice. This will ensure that you get initial clear advice in respect of the legal position and that the results of the investigation and subsequent internal management meetings are covered by legal privilege. This is important, as regardless of any subsequent legal action by the authorities; a disgruntled employee; or even a client or customer the details of the investigation and any documents created during it remain confidential.
  2. Senior management or the board will need to be advised about the practical legal and procedural matters which can arise from a criminal investigation and then sanction the company’s response.
  3. You must decide on your objectives and formulate your investigation strategy, and if criminal activity is found, you will need to report it to the authorities. Depending on any subsequent criminal proceedings you will need to provide further evidence and assistance.
  4. You should decide how you are going to resource the investigation: how will it be managed and who will be the internal lead; who will the team comprise; to whom will they report; and will it require specialist non-legal external assistance such as IT Forensics and Forensic accountancy advice. Again, if outside specialists are brought in then they must be instructed through your legal advisors so that their reports will be covered by legal privilege.
  5. You must formulate a list of those you intend to interview. Try and narrow the list of issues which arise and which paper and electronic document sources you will need to access.
  6. You must ensure that the electronic systems, documents and phone data which are to be searched and sifted are data which is lawfully owned by the company. Any misuse of private data by the Team could leave the company open to a possible complaint under the Data Protection Act or the Human Rights Act.
  7. At some point you will pull together all the different strands of the investigation and formulate your conclusions. The report will include key documents, financial records and statements. These may then form part of your complaint or disclosure to the authorities and also the basis for formulating any subsequent civil recovery strategy.
  8. Other disclosures may also have to be made either through your solicitors or your accountants. For example, due to Proceeds of Crime issues, external advisors may independently make a disclosure to the authorities via a suspicious activity report (SAR) and in the event that you do not proactively deal with these matters, this could trigger external interest in the issue. Also, if the allegation proves correct and if there is any loss suffered by the Company, then it will have to be shown in the company’s accounts.
  9. As this is a key account, that relationship must be managed. Given the relationship with this customer, the allegation must be discretely and professionally investigated, and if the allegations prove correct, then at the opportune moment, they can be notified and hopefully they will support any action the company takes against this particular individual.
  10. Finally, what lessons have been learned: should internal company procedures be refreshed; should there be changes to internal financial sign off and individual limits, do internal audit need to review their own methods so that these matters can be caught quicker.

If you have any questions or would like more information please contact a member of our team.

Read more articles in our series dedicated to the response in a fraud crisis:

Handling a suspected fraud

Rebuilding your business’s reputation

Be prepared

This information is intended as a general discussion surrounding the topics covered and is for guidance purposes only. It does not constitute legal advice and should not be regarded as a substitute for taking legal advice. DWF is not responsible for any activity undertaken based on this information.

Steffan Groch

Partner and Head of Regulatory - Head of Sectors

I head up DWF's national Regulatory team as well as leading the firm’s ‘go to market’ sector expertise. I am also Chair of the UK Health and Safety Lawyers Association.