Corporate Fraud Investigation in the UK: A Complete Guide for Businesses

Corporate fraud costs UK businesses over £190 billion annually

That figure, from the National Crime Agency’s fraud assessment, accounts for roughly 40% of all crime in England and Wales by volume. Most corporate fraud goes unreported. Of the fraud that is reported, only a fraction results in prosecution. The gap between what businesses lose and what they recover is enormous, and it widens with every week that fraud continues undetected.

This guide covers how UK businesses can detect, investigate and respond to corporate fraud. It draws on 29 years of investigation experience across hundreds of cases, from expense fraud at small firms to multimillion-pound procurement schemes at listed companies.

What counts as corporate fraud under UK law

The Fraud Act 2006 defines three categories: fraud by false representation, fraud by failing to disclose information, and fraud by abuse of position. Corporate fraud typically falls under the third category, where an employee or director exploits their position for personal gain at the organisation’s expense.

In practice, corporate fraud in the UK takes several common forms.

Procurement and billing fraud

An employee creates fictitious suppliers, inflates invoices, or directs contracts to companies they have a financial interest in. We investigated a case in 2024 where a purchasing manager at a Midlands manufacturing firm had diverted £1.4 million to three shell companies over four years. The companies had registered addresses at serviced offices and no genuine employees. The scheme only came to light when the manager went on paternity leave and his temporary replacement queried an invoice.

Expense fraud

False mileage claims, fictitious client entertainment, personal purchases on company cards. Individually, these amounts may be small. Cumulatively, across multiple employees over several years, the losses can be large. HMRC treats systematic expense fraud as a criminal matter, not merely an employment issue.

Payroll and commission fraud

Ghost employees on the payroll. Overtime claims for hours not worked. Commission calculations based on inflated sales figures or fictitious orders that are later cancelled. Payroll fraud often requires collusion between at least two people, which makes detection harder but also creates more evidential opportunities when it is investigated properly.

Asset misappropriation

Theft of stock, materials, equipment, or intellectual property. This is the most common form of corporate fraud globally and the one with the lowest median loss per case. But frequency matters: a warehouse operative removing £200 of stock per week costs the business over £10,000 per year, and the behaviour almost always escalates.

Financial statement fraud

Manipulation of company accounts to overstate revenue, understate liabilities, or smooth earnings. This is less common than other types but carries the highest median loss. It is typically carried out by senior management and is harder to detect through routine audit procedures.

Warning signs that a business should not ignore

Fraud detection starts with recognising patterns, not individual incidents. A single unexplained discrepancy could be an error. A cluster of discrepancies around the same person, department, or process warrants investigation.

Financial red flags: Suppliers that only one employee deals with. Invoices in round numbers or just below approval thresholds. Write-offs that are disproportionate to the activity. Bank details changes for existing suppliers without proper verification. Revenue recognised before goods are delivered or services rendered.

Behavioural indicators: An employee who refuses to share responsibility for a process. Someone who works when the office is empty. Resistance to internal audits or system changes. A lifestyle that visibly exceeds the person’s salary. Reluctance to take annual leave, because the fraud depends on their ongoing involvement.

Systemic vulnerabilities: Weak segregation of duties. A single person controlling purchasing, receiving, and payment. No regular reconciliation of physical stock against records. Approval processes that are routinely bypassed. IT access controls that have not been reviewed since the system was installed.

The investigation process

A corporate fraud investigation follows a structured sequence. Rushing any stage risks losing evidence, alerting the suspect, or producing findings that cannot withstand legal scrutiny.

Preliminary assessment

Before a full investigation begins, the initial report or suspicion is assessed. Is there enough to warrant investigation? What is the potential scale? Who might be involved? What evidence might exist and where? This assessment typically takes two to five days and informs the investigation strategy.

At this stage, it is critical to restrict knowledge of the investigation to the minimum number of people necessary. If the suspect becomes aware, evidence will be destroyed. We have seen cases where an email to “the team” about “irregularities” gave the fraudster 48 hours to delete files and manufacture cover stories.

Evidence preservation

Digital evidence is preserved first because it is the most vulnerable to destruction. This includes emails, files, browser history, accounting system logs, access records, and communications on company devices. A forensic image of relevant devices and systems should be taken before any review begins, creating an unalterable copy that maintains the chain of evidence.

Physical evidence comes next: original documents, delivery notes, contracts, personnel files, CCTV footage. Storage systems should be checked for retention periods; many businesses automatically delete CCTV after 30 days.

Financial analysis

The financial trail is reconstructed. This involves analysing accounting records, bank statements, supplier payments, expense claims, payroll data, and any other financial records relevant to the suspected fraud. The analysis identifies the full extent of the loss, the period over which it occurred, and the specific transactions involved.

This work requires someone who understands both forensic accounting principles and the practicalities of how the business operates. An investigator who does not understand the business processes cannot spot where those processes have been manipulated.

Interviews

Witness interviews are conducted before the suspect is interviewed. This establishes the normal processes, identifies further anomalies, and builds a picture of the suspect’s behaviour and access. The suspect interview comes last, by which point the investigator should already have answers to most questions and is testing the suspect’s account against the evidence.

All interviews should be documented. In cases that may lead to prosecution, interviews should follow procedures consistent with the Police and Criminal Evidence Act 1984 (PACE), even though private investigators are not bound by PACE. Evidence gathered in accordance with PACE standards is harder to challenge in court.

Reporting

The investigation report sets out the findings, the evidence supporting those findings, and the methods used. It should be factual, not argumentative. If the matter proceeds to court, the report will be disclosed, and anything speculative or prejudicial will be challenged.

Legal considerations for UK businesses

A business investigating fraud must balance the need to gather evidence against its legal obligations as an employer and data controller.

Employment law: Employees under investigation retain their employment rights. Suspension must be on full pay unless the contract provides otherwise. Any disciplinary process must follow the ACAS Code of Practice. Failure to follow proper procedures can result in unfair dismissal claims, even where the fraud is proven.

Data protection: The UK GDPR and Data Protection Act 2018 permit processing of personal data for fraud investigation under the legitimate interest basis (Article 6(1)(f)). However, the investigation must be proportionate. Monitoring an employee’s personal phone without justification would likely be disproportionate. Reviewing their company email in the context of a specific fraud allegation would generally be proportionate.

Computer misuse: The Computer Misuse Act 1990 applies to investigators as well as suspects. Accessing a suspect’s personal accounts without authorisation is a criminal offence, regardless of what evidence it might produce. Investigation must be confined to systems and data the employer has lawful access to.

Proceeds of Crime Act 2002: Businesses have obligations to report suspected money laundering. Where corporate fraud involves the movement of stolen funds through bank accounts, this may constitute money laundering. Failure to report can itself be a criminal offence.

When to bring in professional investigators

Not every suspected fraud requires external investigators. Minor expense irregularities can often be addressed through management and HR processes. But professional investigation is warranted when the suspected fraud involves losses above £50,000, the suspect is senior enough to influence the investigation internally, there is a risk that evidence will be destroyed, the matter may result in criminal prosecution or civil litigation, or the business does not have the internal skill to conduct a forensic investigation.

A professional investigator brings four things that internal teams typically lack: forensic evidence handling that maintains admissibility, experience with interview techniques that produce reliable accounts, independence that withstands challenge from the suspect’s legal representatives, and knowledge of the legal rules that govern what evidence can be gathered and how.

Recovery options after fraud is confirmed

Confirming the fraud is only part of the process. The business then faces decisions about recovery.

Criminal prosecution: Report to Action Fraud or directly to the police. The Crown Prosecution Service will decide whether to prosecute based on evidential sufficiency and public interest. Prosecution can result in compensation orders, confiscation orders under the Proceeds of Crime Act, and imprisonment. However, criminal proceedings are slow and the business has limited control over the process.

Civil recovery: A civil claim allows the business to pursue recovery directly. The standard of proof is lower (balance of probabilities versus beyond reasonable doubt). Freezing injunctions can prevent the fraudster from dissipating assets before trial. Fraud investigation services often include asset tracing to identify where stolen funds have gone.

Insurance: Fidelity insurance or crime insurance may cover part of the loss. Most policies require the business to have conducted a proper investigation and to cooperate with the insurer’s own investigators. Policies typically exclude losses that result from the employer’s failure to maintain reasonable controls.

Prevention measures that actually work

Fraud prevention is about making fraud harder to commit and easier to detect, not about eliminating the possibility entirely.

Segregation of duties remains the single strongest control. No one person should control an entire process from initiation to completion. The person who approves a purchase should not be the person who receives the goods or authorises payment.

Regular, unannounced spot checks on financial processes. Mandatory annual leave for all employees with financial responsibilities. Whistleblowing channels that employees trust to be confidential. Background screening at recruitment, particularly for roles with financial access. Regular reconciliation of systems against physical reality: stock checks, bank reconciliations, asset registers.

None of these measures is foolproof. A determined fraudster with sufficient seniority can circumvent most controls. But controls increase the risk that fraud will be detected quickly, and that prospect deters most opportunistic fraud.

How UKPI approaches corporate fraud investigations

We have investigated corporate fraud across every sector and at every scale, from a sole trader embezzling from a family business to a finance director falsifying accounts at a company with 800 employees. Our approach is the same in every case: preserve the evidence, follow the money, interview the people, and present findings that stand up to scrutiny.

We work with solicitors, forensic accountants, and digital forensics specialists. Our investigators are accredited through the IAAR and operate within the legal boundaries set by the Data Protection Act, the Regulation of Investigatory Powers Act, and the requirements of the courts.

If you suspect fraud in your business, the first step is a confidential conversation. You can reach us on 0800 043 1754 or through our confidential enquiry form. Initial consultations are free and without obligation.