Government Counter Fraud Professional Standards and Guidance: Counter Fraud Investigator (HTML)
Updated 9 December 2022
Glossary of Terms
Core disciplines
Areas of expertise, knowledge, skills and experience that are needed for an effective counter fraud response. They are not people, role or category specific.
Subdisciplines
Areas of additional knowledge skills and experience that enhance capability in those areas across a number of core disciplines.
Core components
Behind each core discipline and sub-discipline there are high-level components outlining the required knowledge, skills & experience.
Elements
Specific descriptors of the required knowledge, skills and experience within a core discipline or subdiscipline. These are grouped into a competency framework document.
Subject matter expertise
We will recognise not only technical specialism but also where individuals have deep knowledge in a particular subject (e.g.tax, legal aid, grant fraud).
Competency framework
Group of elements found in core disciplines or subdisciplines. Grouped together with varying levels of required knowledge, skills and experience.
Competency levels
Used to identify progression within the standards and competencies. The competency levels are Trainee, Foundation, Practitioner, and Advanced Practitioner.
Categories
Defined combinations of elements, which show the expected knowledge skills and experience for each core discipline. These enable a common assessment of skills and draw a distinction of those with a level of skill, and those without.
Technical specialism
Specific focussed areas which usually build from or enhance core disciplines. The specialism will often be the primary focus of the role.
A. Introduction to the Counter Fraud Investigator Standard
A1. Purpose
This document contains the agreed professional standards and guidance for the implementation of a consistent approach for the counter fraud investigator in the public sector. There are a range of counter fraud standards covering the core disciplines and subdisciplines in the Counter Fraud Framework.
The counter fraud standards and guidance are designed to present a consistent cross-government approach to countering fraud; raise the capability of individuals and, through this, increase the quality of organisations’ counter fraud work.
The aims of the professional standards and guidance are:
-
to describe the knowledge, skills and experience required for an individual to achieve Practitioner level in counter fraud work in this area. This document contains the associated competency framework, outlining how someone can achieve this standard;
-
to provide guidance to those using the standards on the processes and products they will use to deliver the core discipline and what they should seek to put in place in the organisation to achieve this; and
-
the ‘Organisational Guidance’ to consider what should be in place in an organisation applicable to this core discipline.
Organisations that assess a low degree of risk, or have an agreed high-risk tolerance may not have access to counter fraud investigation capability within their business. Regardless of whether the resource is internal or external, investigators must meet the standard.
These standards must be met to be acknowledged as a counter fraud professional.
A2. Contents
This document contains the following:
-
Professional Standards and Guidance: the individual level of knowledge, skills and experience for those undertaking investigation activity in relation to fraud and economic crime.
-
The Competency Framework: outlining the required knowledge, skills and experience by those operating effectively and how these develop through the competency framework levels – Trainee, Foundation, Practitioner, and Advanced Practitioner.
-
Guidance for Professionals includes:
-
Product: detailing what good quality investigation products look like;
-
Process: describing the recommended processes to correctly implement an effective investigation approach; and
-
Organisation: for those organisations with a specialist investigation resource.
The standards have been created, reviewed and agreed by the Professionals’ Board, the body responsible for the Counter Fraud Professional Standards and Guidance. The board has been assisted by an expert cross-sector advisory group and the Fraud Advisory Panel.
A3. Government Counter Fraud Framework
This document covers the Counter Fraud Investigator Standard of the Government Counter Fraud Framework.
The framework covers all of the core disciplines and subdisciplines that a public sector organisation will need to call upon to deal with the fraud threat that the public sector faces. Organisations will call on these to different extents depending on the nature of their business and services, and the associated fraud threat, as assessed through their fraud risk assessment.
-
Organisational Level: This is aimed at the organisation. It is covered by the Counter Fraud Functional Standards. These state the basics that organisations should have in place to have an effective counter fraud response. It includes things like having a risk assessment, a fraud policy and having fraud awareness across the organisation.
-
Core Disciplines: The core disciplines include a functional leadership level (Leadership, Management, Strategy) for those that are responsible for coordinating an organisation’s overall response to fraud and economic crime. The main area is in the functional delivery level. This details the core disciplines that an organisation may use in an effective counter fraud response. Within these core disciplines are details of the required knowledge, skills and experience to undertake these disciplines effectively.
-
Sub-disciplines: The sub disciplines are areas of additional knowledge, skills and experience that enhance capability across a number of core disciplines. For instance, knowledge, skills and experience in Bribery and Corruption will help counter fraud professionals undertake more effective risk assessments and investigations (depending on the role).
Government Counter Fraud Framework
Organisational Level
Functional Standards - The Functional Standards detail the basics that an organisation should have in place to have an effective counter fraud response. This includes a level of fraud awareness across the organisation.
Core Disciplines - Functional Leadership
Leadership, Management and Strategy - An awareness across all specialist areas and the capability to define an effective counter-fraud response and how to deploy the specialisms in the business.
Core Disciplines - Functional Delivery
-
Risk Assessment
-
Measurement
-
Prevention and Deterrence
-
Use of Data and Analytics
-
Detection
-
Intelligence and Analysis
-
Investigation
-
Sanctions, Redress and Punishment
-
Culture
Sub Disciplines
-
Bribery and Corruption
-
Money Laundering
-
Disruption
-
Cyber Fraud
-
Criminal Justice
B. Professional Standards and Competencies for Investigation
B1. Introduction
The professional standards and competencies are designed to present a consistent public sector approach to counter fraud and raise the quality of organisations’ counter fraud work and the skills of their individuals.
They set out high-level principles to be reflected in counter fraud work. They are designed to help organisations identify the research, training and resources needed to develop their capability further. Individuals should use the standards to assess and develop their skills.
When using these standards, organisations must ensure that they have the necessary legal authorities in their enabling legislation before implementing any particular standard.
The Professional Standards and Competencies are not intended to cover every eventuality or every specific issue that may arise and should be adapted to the organisation’s resources and fraud risk profile.
This document focuses on individuals’ competency to investigate fraud. An investigation is defined as the determination, through the objective and unbiased gathering, analysis, interpretation and presentation of evidence, as to whether any suspicions or allegations of fraud have substance to them.
This standard is therefore focused on the practical investigation of allegations of fraud, through both civil and criminal routes. It includes many factors, such as:
-
an understanding of the law, what routes of redress are available and the investigative options available; and
-
the evidence gathering and investigative techniques that can be applied, consideration of the limitations, both practical and legal, on activities that can be undertaken.
It covers how to collect, scrutinise, store, disclose and present evidence, and skills such as interviewing. It covers how to present information from investigations, resulting from witness statements and briefings through to providing evidence in court. It covers how evidence should be maintained and stored to enable an effective investigation, and guidance on decision-making within investigations.
B2. General Guidance
These professional standards and competencies specify the skills that are required by those involved in counter fraud investigations working to the criminal, civil or regulatory standard, and are set at the Practitioner level.
The skill competence levels required would be at an increasing level of expertise; from Trainee to Foundation to Practitioner to Advanced Practitioner. These levels of expertise are not necessarily held by different roles within an organisation. Investigation managers will be required to meet managerial standards specific to investigation, as well as the required prerequisite knowledge in investigation.
B3. General Principles
Counter Fraud investigators are expected to display the highest standards of professionalism, objectivity, fairness, expertise, integrity and vision. The conduct of all investigations will abide by these principles and if a conflict of interest exists, investigators will disclose this fact at the earliest opportunity.
-
Investigators must be able to conduct professional and competent investigations to a standard that informs a robust process and decision. The standard of the investigation must be able to withstand independent review/scrutiny pursuant to the relevant process concerned whether criminal, civil, regulatory or disciplinary.
-
Investigators will be skilled at understanding core business processes affected by a matter under investigation or have direct access to those that do. They will directly, or with the support of others e.g. internal audit, recommend appropriate improvements in controls, ensuring that these are reported to those charged with governance, such as audit committees.
-
Investigators will have an understanding that fraud often stretches across organisational and process boundaries, and be able to undertake a post investigation review and identify relevant recommendations to assist the future prevention, deterrence and detection of fraud.
-
Investigators will have an understanding of the financial and legal implications of decisions made during the course of the investigation.
-
Recognising that investigators have different knowledge, skills and experience, both generally and covering specific areas, a mentoring type arrangement should be in place so that investigators can call upon advice when required.
B4. Competency Framework (Investigation)
The information below explains the structure of the Competency Framework and how it can be utilised by members of the Profession.
B4.1. Key Components Explained
Components outline, at a high level, the required knowledge, skills and experience for each core discipline and subdiscipline. There are 10 components for Investigation highlighting the knowledge, skills and experience required for effective investigation activity. These elements are then grouped into a Competency Framework document.
Investigation Standards - Key Components Explained
Manager
Demonstrates strategic managerial knowledge, skills and experience.
Case Initiation
Has technical and investigation competency to plan and address issues raised in accordance to organisational procedures and legislation.
Evidence Gathering
Ability to identify, gather, retain and reveal material in accordance to relevant legislation and organisational policy.
Stakeholder Engagement
Establish a network of counter fraud stakeholders both internally and externally to the investigation organisation.
Quality, Performance and Review
Recognise and review training and development opportunities to increase knowledge and capability and apply performance and productivity management, and skills to perform quality control.
Legislation and Departmental Policy
Conduct investigations in accordance to relevant legislation and organisational policy.
Investigative Interviewing
Ability to undertake a range of investigative interviews including planning, conducting and evaluating.
Case Progression
Has report writing skills, articulating evidence and progressing cases to conclusion in accordance with relevant legislation and organisational policy.
Parallel/multi track Approach
Ability to undertake civil, disciplinary, regulatory and criminal investigations to relevant standards in accordance in legislation and organisational policy.
B4.2. Competency Levels
Within the Competency Framework are four Competency Levels. These are Trainee, Foundation, Practitioner and Advanced Practitioner. These can be used to identify progression within the Counter Fraud Investigator standard. The Framework helps to establish where your competency level is and where you have areas you may wish to develop.
General rules about the Competency Levels are set out below:
-
Trainee is about developing introductory knowledge;
-
Foundation is about having the knowledge;
-
Practitioner is about demonstrating the application of the knowledge; and
-
Advanced Practitioner is about having a more expansive, specialist knowledge and being able to use this to evaluate and improve what is being done.
B4.3. Understanding Categories
Categories are defined combinations of elements, which show the knowledge, skills and experience expected for each core discipline. Categories are not people or grade specific and the title or description used by organisations may be different to those below. By considering the investigation activity you undertake, you will be able to determine which Category, A, B or C, is relevant.
For Investigation there are 3 core categories:
-
A – Referral Management – accurately recording information, completing initial enquiries and evidence gathering;
-
B – Evidence Gatherer – building up evidence for the investigator, using a variety of techniques and sources; and
-
C – Investigator – evaluating evidence, planning and leading interviews, and dealing with the subject of the investigation.
For each Category there is a specific group of elements from the Competency Framework that should be demonstrated. Recognition will be available at Foundation or Practitioner level initially. Trainee level will not be formally recognised, but the elements in this level set out how you can begin your journey to develop knowledge and skills in investigation. So for example you will be classified as a Category A Investigator, Foundation. This structure allows progression within categories, across to other categories and then wider to demonstrate skill in other core disciplines or subdisciplines.
We recognise that investigation activity may be undertaken in a criminal, civil or combined context and we have therefore incorporated this into the structure and approach. The elements are designed to be specific to criminal, civil or combined investigation activity. The Category Matrix tools have been developed to offer a guide on the elements for each category. For example you may be a Category A Investigation, Civil, Foundation.
We have incorporated hybrid roles into the structure, as we recognise that in some organisations investigation roles may require a level of technical competence in intelligence to support their combined role. This is often where there is no separate intelligence function within the organisation.
To be recognised as a Practitioner Hybrid, investigators must demonstrate Practitioner level investigation competency in the category they operate in (A, B or C) before accessing the elements in intelligence identified in the Hybrid Category Matrix for their category A, B or C in Intelligence.
We have also introduced two Categories for Managers:
-
Investigation Manager (IM) – Strategic oversight of operations, resource and investigation activity; and
-
Senior Investigation Officer (SIO) – As above for IM, but with the addition of being actively involved in investigations, leading major/complex investigations and/or still having own casework alongside managerial duties.
There is a prerequisite knowledge required to access the Manager Categories. This is as follows:
-
Investigation Manager (IM) – must demonstrate Foundation level in the category of Investigation standards they manage staff in, then the Manager elements; and
-
Senior Investigation Officer (SIO) – must demonstrate Practitioner level in the category of Investigation standards they manage staff in, then the Manager elements.
There is also a Category for Hybrid Managers, with a prerequisite model following the similar approach above, but the skills required must be demonstrated in both Investigation and Intelligence to achieve Hybrid Manager or Hybrid SIO/A status.
Advanced Practitioner works differently to the other levels as there are no predetermined categories for this level. Instead, members can select individual elements or groups of elements they have a particular interest or focus in, to demonstrate their skills, knowledge and experience.
How we will recognise the Advanced Practitioner level will be determined at a later stage, but for now members may use those elements in the framework for self-assessment of their knowledge, skills and experience to help map their development.
Categories will enable a common assessment of skills and draw a distinction of those with a level of skill and those without.
Investigation Standards - Competency Levels
The Key investigation skills are broken down in the competency framework and this coversheet provides a summary of the requirements for each.
Trainee
A developing level of competence, building initial knowledge of reverent legislation principles and counter fraud practice People will only be at Trainee for a set time.
Foundation
Have the foundation of knowledge and skills to be able to deliver the element. Have the ability to explain and demonstrate knowledge of relevant legislation, principles and fraud investigation practice.
Practitioner
Have demonstrated they can apply their knowledge and skills in delivery. They demonstrate practical application of relevant legislation, principles and fraud investigation practice in their role.
Advanced Practitioner
A level of competence, and breadth of knowledge beyond Practitioner, the ability to interpret and evaluate complex principles and develop fraud investigation practice/processes for others.
Manager
There are 2 Categories of Managers for Investigation: Investigation Managers and Senior Investigation Officers. They follow the same approach to Competency levels as core disciplines.
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
1.1 Legislation and Departmental Policies – Application of Legislation, Associated Codes and Departmental Policy | Identify where to access reference material to identify the legislation relevant to investigations, and where to locate departmental policy. | Explain the legislation and associated codes of practice relevant to investigations as well as an understanding of departmental policy. | Demonstrate practical application of legislation and associated codes of practice and can determine points to prove in pursuing an investigation. Demonstrate application of departmental policy. | Interpret the application of the relevant legislation, associated codes of practice and departmental policy. Can identify points to prove and support colleagues to do so. |
1.2 Legislation and Departmental Policies – Government Marking Scheme | Recognise that the government protective marking scheme and source management processes should apply when disseminating material. | Explain when the government protective marking scheme and source management processes should apply when disseminating material. | Demonstrate application of the government protective marking scheme and source management before disseminating material. | Interpret the government marking scheme and source management and its use when disseminating material – provide advice and support to others. |
1.3 Legislation and Departmental Policies – Data Protection Act | Identify different types of data, such as open and closed and where to access guidance on the principles of data protection legislation | Explain the principles of data protection legislation and the potential impact on investigations and how to apply these to access and when disclosing open and closed sourced data. | Apply the principles of data protection legislation when obtaining and disclosing information / evidence for an investigation, using the legal gateways, where appropriate. | Interpret the application of data protection legislation to obtain and when disclosing information / evidence for an investigation, and know its limitations. Support others to apply the correct principle to obtain relevant information / evidence. |
1.4 Legislation and Departmental Policies – Human Rights Act 1998 | Identify the requirements under the Human Rights Act 1998 (HRA) and identify where to access guidance on the principles of the HRA. | Explain the principles of the HRA and consider its implications for the conduct of the investigation, and any subsequent legal proceedings and the legal gateways that may exist. | Apply the principles of the HRA during an investigation; ensuring actions are proportionate, necessary and legal. | Evaluate the application of the principles of the HRA and can support others in applying them. |
1.5 Legislation and Departmental Policies – Data Governance, Code of Conduct and Protective Marking | Identify there are requirements and policies concerning digital & data governance and identify where to access these requirements and policies. | Explain their organisation’s employee code of conduct and relevant policies concerning digital & data governance. | Apply the principles of their organisation’s employee code of conduct and relevant policies concerning digital & data governance. | Evaluate the principles of their organisation’s employee code of conduct and relevant policies concerning digital & data governance. |
1.6 Legislation and Departmental Policies – Departmental Code of Conduct and Internal Policies | Identify the requirements and policies concerning digital & data governance and their relevance to disciplinary investigations. | Explain their organisation’s employee code of conduct and relevant policies concerning digital & data governance when applied to disciplinary investigations. | Apply the principles of their organisation’s employee code of conduct and relevant policies concerning digital & data governance to determine if there is a case to answer (CTA) or no case to answer (NCTA). Apply the requirement to continue investigations where the subject has resigned. (Disciplinary Investigations). | Evaluate the principles of their organisation’s employee code of conduct and relevant policies concerning digital & data governance to determine if there is a case to answer (CTA) or no case to answer (NCTA). Apply the requirement to continue investigations where the subject has resigned and has experience of working with HR / Legal to best pursue such cases. (Disciplinary Investigations). |
1.7 Legislation and Departmental Policies – Legislative Guidance (See C1) | Identify the investigation requirements, legislation and policies related to the practice for criminal investigation. | Explain the investigation requirements, legislation and policies related to the practice for criminal investigation | Apply the principles of the investigation requirements, legislation and policies related to the practice for criminal investigation, demonstrate its application in the conduct of investigations. | Interpret the investigation requirements, legislation and policies related to the practice for criminal investigation and have the expertise to address complex issues arising under the act. Provide advice and support to others. |
1.8 Legislation and Departmental Policies – Criminal Procedure (See C1) | Identify the requirements and/or policies related to Criminal Procedure. | Explain the requirements and/or policies related to Criminal Procedure. | Apply requirements related to Criminal Procedure and/or policies as appropriate in the conduct of investigations. | Interpret all investigative issues raised by the requirements and/or policies related to Criminal Procedure and/or policies as appropriate, including the conclusion of lines of enquiry and the recording, retention and revealing of material at the enquiry conclusion. Provide advice and support to others. |
1.9 Legislation and Departmental Policies – Public Interest Disclosure Act 1998 | Identify there are requirements and policies related to the Public Interest Disclosure Act (PIDA) 1998 and Whistleblowing (WB), and identify where to access these requirements and policies. | Explain the principles of PIDA and WB policies and the protection they provide. | Apply the principles of PIDA and apply WB policies to investigations. | Interpret PIDA and WB policies for investigations and support others to ensure processes are correctly applied and whistleblowers are afforded the necessary protection. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
2.1 Quality, Performance and Capability – Individual Capability | Discuss their own level of training and experience and can list their training and development needs. | Review your own level of training and experience. Able to identify and plan training and development opportunities for self and others. | Evaluate changes in practice, policy and law concerning counter fraud investigation. Contribute to the development of investigation training for self and others. |
2.2 Quality, Performance and Capability – Performance Management | Explain the performance measures in place and expectations of them in their role. | Review performance management data and proactively report individual performance against criteria. | Analyse performance management data and proactively report individual and team performance against criteria. |
2.3 Quality, Performance and Capability – Productivity | Explain the measures in place to monitor productivity and their expected contribution. | Review individual productivity and outcomes in investigations and report upwards. | Evaluate the productivity of investigations, utilising a range of outcome-based metrics. |
2.4 Quality, Performance and Capability – Quality Control | Explain the organisation’s quality control structure. | Apply the organisation’s quality control structure. | Evaluate the organisation’s quality controls for a complex range of investigations including recommendations / lessons learnt. Interpret the results to suggest process improvements. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
3.1 Case Initiation – File Standards | Recognise case files are utilised during an investigation. | Explain how to open and maintain a case file to the required standards for criminal, civil, regulatory or disciplinary matters. | Apply the maintenance of case files to the required standards for criminal, civil, regulatory or disciplinary matters. | Evaluate the maintenance of case files to the required standards for criminal, civil, regulatory or disciplinary, and support others to meet standards. |
3.2 Case Initiation – Investigation Planning | Recognise investigations must be planned and a process must be followed. | Explain how to plan an investigation to the required standard for criminal, civil, regulatory or disciplinary matters, and with support can do so. | Demonstrate the production of robust investigation plans to the required standard for criminal, civil, regulatory or disciplinary matters. | Evaluate the production of robust investigation plans to the required standard for criminal, civil, regulatory or disciplinary. Has produced plans to support complex cases, incorporating all aspects of the investigation process. Lead or coordinate the resource requirements for an investigation and assess the need to escalate requirements upwards. |
3.3 Case Initiation – Fraud Investigation Model or Equivalent | Recognise there is a Fraud Investigation Model (Criminal), or organisational equivalent, to consider when responding to allegations of fraud, and identify where to access it. | Explain the Fraud Investigation Model (Criminal) / or organisational equivalent when responding to allegations of fraud. | Apply the Fraud Investigation Model (Criminal) / or organisational equivalent when responding to allegations of fraud. | Evaluate the application of the Fraud Investigation Model (Criminal) / or organisational equivalent when responding to allegations of fraud. Provide advice and support to others. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
4.1 Evidence Gathering – Evidential Types | Recognise there are different types of evidence for investigators to consider. | Explain the different types of evidence (direct, circumstantial, hearsay etc.) | Demonstrate the application to differentiate between types of evidence (direct, circumstantial, hearsay etc.) and relate their significance. | Interpret the application of the different types of evidence (direct, circumstantial, hearsay etc.) and their significance. Provide advice and support to others. |
4.2 Evidence Gathering – Forensic Services | Recognise the need for forensic services to be utilised. | Explain the types of forensic opportunity available and when they can be used to gather evidence. | Demonstrate the consideration of forensic opportunity, and how to apply in investigations (where relevant to the type of investigations undertaken). | Evaluate the consideration of forensic opportunity, and how to apply in investigations (where relevant to the type of investigations undertaken). Provide advice and support to others. |
4.3 Evidence Gathering - Regulation of Surveillance (See C1) | Recognise surveillance is governed by legislation and must be authorised and undertaken by trained staff. | Explain the principles of the regulation of surveillance. | Demonstrate principles of the regulation of surveillance. | Evaluate the application of the principles of the regulation of surveillance. |
4.4 Evidence Gathering – Investigation Note Taking | Recognise the need to record notes of interviews and conversations during the course of an investigation. | Explain why the recording of notes of interviews and conversations during the course of an investigation is necessary and has knowledge of best practice use. | Apply best practice for note taking during the course of an investigation. | Interpret the application of best practice in note taking. Provide advice and support to others. |
4.5 Evidence Gathering – Investigation Record Keeping | Recognise the need to record activities / enquiries during an investigation. | Explain why recording investigation activities / enquiries during the course of an investigation are necessary and have knowledge of best practice use. | Apply best practice for recording investigation activities / enquiries during the course of an investigation. | Interpret the application of best practice in recording activities / enquiries during the course of an investigation. Provide advice and support to others. |
4.6 Evidence Gathering – Search Procedures | Recognise only authorised and trained staff may conduct searches of persons, vehicles, premises and workplace and recognise principles of Legal Professional Privilege | Explain the relevant legislation and procedures (including Legal Professional Privilege) in the participation at a search of a person, premises, vehicles or workplaces. | Demonstrate practical experience participating in searches (including consideration of Legal Professional Privilege) of a person, premises, vehicles or workplaces, adhering to policy and legislation. | Demonstrate practical experience of planning and executing large search operations, using intelligence and tools to conduct an effective search and specialist legislative requirements, such as Legal Professional Privilege. Provide advice and support to others. |
4.7 Evidence Gathering – Evidence Assessment | Identify the different levels of evidence, subject to role. | Explain how to assess the strength of evidence in a civil, disciplinary, regulatory or criminal investigation, subject to role. | Apply the assessment of the strength of evidence in a civil, disciplinary, regulatory or criminal investigation, subject to role. | Evaluate the assessment of the strength of evidence in a civil, disciplinary, regulatory or criminal investigation, subject to role. Provide advice and support to others. |
4.8 Evidence Gathering – Evidential Standards | Recognise evidence must be lawfully gathered to required standards for a criminal, civil, regulatory or disciplinary investigation. | Explain the requirement to lawfully gather evidence to required standards for a criminal, civil, regulatory or disciplinary investigation. | Apply the relevant legislation and codes of practice to gather evidence to required standards for a criminal, civil, regulatory or disciplinary investigation. | Evaluate the application of the relevant legislation and codes of practice to gather evidence to required standards for a criminal, civil, regulatory or disciplinary investigation. Provide advice and support to others. |
4.9 Evidence Gathering – Data Analysis | Recognise that data must be analysed and collated in order to make sound and fair investigation decisions in a civil, disciplinary, regulatory or criminal investigation, as appropriate. | Explain how data may be analysed and collated to support investigative decisions and outcomes in a civil, disciplinary, regulatory or criminal investigation, as appropriate. | Apply analysis techniques to a range of data and make sound and fair investigation decisions in a civil, disciplinary, regulatory or criminal investigation, as appropriate. | Evaluate the application of data analysis and collation techniques in a civil, disciplinary, regulatory or criminal investigation, as appropriate. Provide advice and guidance to others. |
4.10 Evidence Gathering – Witness Statements | Recognise witness statements / affidavits must be produced in a formal template to a required standard and be utilised for the purpose for which it was obtained. | Explain how to produce witness statements to the standards required by legislation. Explain how to produce witness statements / affidavits to the standard required for non-criminal investigations. | Produce witness statements to the standards required by legislation (criminal investigations). Produce witness statements / affidavits to the standard required for non-criminal investigations. | Evaluate the production of witness statements or affidavits to the standards required by legislation (criminal investigations) and the standard required for non-criminal investigations. Produce witness statements / affidavits in complex investigations. Provide advice and support to others. |
4.11 Evidence Gathering – Continuity of Evidence | Recognise the requirements around the identification, source recording, securing and storing of potential evidence. | Explain the rules and relevant policies relating to the continuity of evidence such that the source of evidence can be fully supported. | Apply the rules and relevant policies relating to the continuity of evidence so the source of evidence can be fully supported. | Review and evaluate the application of the rules and relevant policies relating to the continuity of evidence so the source of evidence is fully supported and the evidence can be relied upon. Provide advice and support to others. |
4.12 Evidence Gathering – Statement Identification | Identify the process around the use of people as witnesses. | Explain how to identify people and exhibits/productions in witness statements and/or affidavits. | Apply the identification of people and exhibits/productions in witness statements and/or affidavits. | Evaluate the identification of people and exhibits/productions in witness statements and/or affidavits and review potential discrepancies. Provide advice and support to others. |
4.13 Evidence Gathering – National Intelligence Model | Recognise what information and intelligence is. | Explain the National Intelligence Model and National Intelligence Methodology (criminal investigation). | Apply the classification and handling of information in line with the National Intelligence Model and National Intelligence Methodology (criminal investigation). | Interpret the application of the National Intelligence Model and Methodology. Support others to produce NIM assessments (criminal investigation). |
4.14 Evidence Gathering – Intelligence Handling | Recognise what evidence and intelligence are. | Explain the demarcation of intelligence and evidence and demonstrate awareness of source and evidence handling. | Apply appropriate handling principles to source and intelligence material, demonstrating knowledge of potential risks of mishandling. | Review and evaluate potential risks of crossover between intelligence and evidence and ensure appropriate handling principles are applied. Provide advice and support others. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
5.1 Investigative Interviewing – Interview Strategy | Summarise the key components of an overarching investigative interviewing strategy. | Explain how to produce an overarching investigative interviewing strategy, where appropriate. | Apply an overarching investigative interviewing strategy, where appropriate. | Analyse factors that affect an investigative interviewing strategy. Evaluate the application of investigative interviewing strategy, where appropriate. Provide advice and support to others. |
5.2 Investigative Interviewing – Interview Planning | Recognise interviews with people must be planned and executed using a methodology. | Explain how to produce an interview plan to the required standard for a civil, disciplinary, regulatory or criminal investigation. | Produce interview plans to the required standard for a civil, disciplinary, regulatory or criminal investigation. | Evaluate interview plans to provide assurance they meet the required standard for a civil, disciplinary, regulatory or criminal investigation. |
5.3 Investigative Interviewing – Witness Interviews | Recognise that a witness may have varying demands to that of subjects and identify appropriate ways to respond to those demands. | Explain the varying demands of the witness and how to respond to them. | Demonstrate the ability to recognise and respond to the varying demands of the witness. | Evaluate the recognition and response to the varying demands of the witness. |
5.4 Investigative Interviewing – Testimony & Evidence Introduction | Recognise the interview plan will include the consideration of when to introduce testimony and exhibits/productions during interviews. | Explain how to introduce testimony and exhibits/productions during interviews. | Apply the introduction of testimony and exhibits/productions during interviews. | Evaluate the introduction of testimony and exhibits/productions during interviews and support others in their application. |
5.5 Investigative Interviewing – PEACE/PRICE Model | Recognise there is a model utilised for interviews and associated techniques to use in interviews. | Explain the PEACE/PRICE model and the use of conversation management and open recall techniques. | Apply the PEACE/PRICE model for interviewing, utilising conversation management and open recall techniques. | Evaluate the application of the PEACE/PRICE model for interviewing. Apply the PEACE/PRICE model to interviews in complex or sensitive investigations. |
5.6 Investigative Interviewing – Interview Skills | Identify the key skills such as listening, summarising and observing during interviews. | Explain effective listening, summarising and observation skills during interviews. | Apply effective listening, summarising and observation skills during interviews. | Evaluate the application of effective listening, summarising and observation skills during interviews. Support others in their application. |
5.7 Investigative Interviewing – Recording Equipment | Recognise that audio, visual and digital recording equipment may be used to conduct interviews. | Explain how to use audio, visual and digital recording equipment to conduct interviews (dependent on departmental/legislative practices). | Demonstrate the use of audio, visual and digital recording equipment to conduct interviews (dependent on departmental /legislative practices). | Evaluate the use of audio, visual and digital recording equipment to conduct interviews. Support others to use audio, visual and digital recording equipment to conduct interviews (dependent on departmental/legislative practices). |
5.8 Investigative Interviewing – Investigator Notes & Records | Recognise the importance of recording notes, statements and transcripts of interviews and the requirements for retention. | Explain how to produce investigator notes, narrative statements, 3rd party witness testimonies and transcripts and the requirements for retention. | Produce and retain accurate investigator notes, narrative statements, 3rd party witness testimonies and transcripts. | Evaluate the production and retention of investigator notes, narrative statements, 3rd party witness testimonies and transcripts. Provide advice and support to others. |
5.9 Investigative Interviewing – Legislative requirements | Recognise the requirements for interviews, including legislative compliance (criminal investigations). Recognise the requirements for conducting an interview which is fully compliant with relevant legislation or departmental policy (non-criminal investigations). | Explain the requirements for conducting an Interview Under Caution (IUC) fully compliant with the legislative requirements (criminal investigations). Explain the requirements for conducting an interview which is fully compliant with relevant legislation or departmental policy (non-criminal investigations). | Undertake an IUC fully compliant with the legislative requirements (criminal investigations). Undertake an interview which is fully compliant with relevant legislation or departmental policy (non-criminal investigations). | Evaluate the delivery of IUC and assess where issues may have occurred. Undertake an IUC in sensitive, serious and complex investigations, applying the legislative requirements (criminal investigations) or relevant legislation or departmental policy (non-criminal investigations). |
5.10 Investigative Interviewing – Interview Evaluation | Recognise the need to evaluate an investigatory interview to identify further investigative actions. | Explain how to evaluate an investigatory interview to identify further investigative actions. | Evaluate an investigatory interview to identify further investigative actions. | Analyse the evaluation of an investigatory interview. Provide advice and support to others. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
6.1 Case Progression – Report Writing & Communications | Recognise the need to produce balanced information for use in reports. | Explain how to produce concise, clear, balanced and accurate reports, letters, e-mails and other items of correspondence. | Demonstrate production of concise, clear, balanced and accurate reports, letters, e-mails and other items of correspondence. | Interpret the effectiveness of written reports. Have the foresight to address all potential case implications. Provide advice and support to others. |
6.2 Case Progression – Evidence Files | Recognise the need to produce material to support court, tribunal or disciplinary proceedings in accordance with the requirements of the relevant legislation, codes of practice or departmental policy. | Explain how to prepare an evidence file with material to support court, tribunal or disciplinary proceedings in accordance with the requirements of the relevant legislation, codes of practice or departmental policy. | Produce an evidence file with material to support court, tribunal or disciplinary proceedings in accordance with the requirements of the relevant legislation, codes of practice or departmental policy. | Evaluate the production of an evidence file with material to support court, tribunal or disciplinary proceedings in accordance with the requirements of the relevant legislation, codes of practice or departmental policy. Provide advice and support to others. |
6.3 Case Progression – Disclosure | Recognise evidence and supporting documentation in investigations conducted for court, tribunal or disciplinary proceedings may be disclosed. | Explain compliance with the provisions for disclosure in court, tribunal or disciplinary proceedings as appropriate. | Demonstrate compliance with the provisions of disclosure in court, tribunal or disciplinary proceedings, as appropriate. | Evaluate compliance with the provisions of disclosure in court, tribunal or disciplinary proceedings, as appropriate. Provide advice and support to others. |
6.4 Case Progression – Operational Learning | Recognise investigations inform identification of gaps and weaknesses in business processes and that they need to be addressed. | Explain how to provide insight from investigations to identify and facilitate improvements to policy and processes to assist prevention, deterrence and increased future detection. | Provide insight from investigations to identify and facilitate improvements to policy and processes to assist prevention, deterrence and increased future detection. Produce full and accurate post investigation assessments. | Analyse insight from investigations to identify and facilitate improvements to policy and processes to assist prevention, deterrence and increased future detection. Produce full and accurate post investigation assessment, demonstrating an innovative approach to remedial action. Provide advice and support to others. |
6.5 Case Progression – Law Enforcement Referral | Recognise there is a process to report cases to law enforcement agencies. | Explain the process for referring a case to law enforcement. | Demonstrate the process for referring an appropriate case to law enforcement. | Evaluate the referral of cases to law enforcement and their requirements. Demonstrate the ability to expedite matters to reduce delays to the investigation. |
6.6 Case Progression – Evidence Presentation | Recognise the results of investigations that may be presented to courts, tribunals or hearings. | Explain the procedures and requirements to give evidence as a witness at hearings (criminal / civil / regulatory / disciplinary investigations). | Demonstrate experience of the procedures and presenting as a witness at hearings (criminal / civil / regulatory / disciplinary investigations). | Evaluate the presentation of witness evidence and provide advice and guidance on giving evidence (criminal / civil / regulatory / disciplinary investigations). |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
7.1 Parallel/Multi Track Approach (criminal, disciplinary, regulatory and civil investigations) – Investigation and Reporting | Recognise the production of material for a variety of approaches in parallel. | Explain how to prepare files and investigate at the relevant standards, in parallel. | Demonstrate experience of compiling a file and investigating at the relevant standards in parallel. | Evaluate the production of files and investigating at the relevant standards in parallel. Provide advice and support to others. |
7.2 Parallel/Multi Track Approach (criminal, disciplinary, regulatory and civil investigations) – Civil Enforcement and Recovery/Compensation | Recognise investigation outcomes can include parallel civil enforcement and/or recovery/compensation actions. | Explain the relevant parallel civil enforcement and/or recovery/compensation actions and understand how to progress them. | Demonstrate experience in identifying and progressing parallel civil enforcement and/or recovery/compensation actions. | Evaluate the identification and progress of parallel civil enforcement and/or recovery/compensation actions. Provide advice and support to others. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
8.1 Stakeholder Engagement – Building Stakeholder Relationships | Recognise investigations have an impact on other parts of an organisation that must be kept informed. | Explain the need to build and maintain new and existing partner/stakeholder relationships with those involved in investigations to achieve progress on objectives, key initiatives and shared interests. | Demonstrate the ability to actively build and maintain new and existing partner/stakeholder relationships to achieve progress on objectives, key initiatives and shared interests. | Evaluate the building and maintaining of new and existing partner/stakeholder relationships. Demonstrate effective engagement with senior stakeholders to achieve required risk mitigation measures, offering technical insight. |
8.2 Stakeholder Engagement – Working with Stakeholders | Identify who potential stakeholders may be. | Explain how to work with stakeholders to define and improve service delivery, and value for money outcomes. | Demonstrate the ability to work with stakeholders to define and improve service delivery, and value for money outcomes. | Evaluate service improvements and value for money outcomes by working with stakeholders at all levels, using technical expertise to identify key stakeholders. |
8.3 Stakeholder Engagement – Government Counter Fraud Community and Law Enforcement Sector | Identify the agencies that work in counter fraud. | Explain who are the partners in the government counter fraud community and law enforcement sector. | Demonstrate networking with partner organisations in the government counter fraud community and law enforcement sector organisations and developing beneficial working relationships. | Evaluate networking with partner organisations in the government counter fraud community and law enforcement sector and develop beneficial working relationships. Demonstrate a well-developed network of contacts within the government counter fraud community and law enforcement sector and act as a primary conduit to facilitate the progression of complex investigations. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
9.1 Sanctions Redress & Punishment – Fraud Typologies | Identify the different types of fraud committed against the public sector. | Explain the different types of fraud committed against the public sector and how these frauds could be perpetrated. | Demonstrate practical experience of categorising fraud and providing insight into how the fraud was perpetrated. | Review and evaluate fraud categorisation modus operandi and impact, support others to do so. |
9.2 Sanctions Redress and punishment – Calculating Losses & Costs | Recognise that in cases of fraud the calculation and presentation of losses and costs must be undertaken for sanction and redress outcomes. | Explain the processes required to determine the losses and costs figures in sanction and redress outcomes. | Demonstrate practical experience of calculating the losses and costs borne in cases of fraud for use in sanctions and redress outcomes. | Evaluate the processes and calculations of losses and costs borne in cases of fraud and support others when making calculations. |
Competency | Trainee (T) | Foundation (F) | Practitioner (P) | Advanced Practitioner (AP) |
|— |— |— |— |— |
10.1 Manager – Management of Team Resources/Activity | Identify how to prioritise team resources, workstream allocation and activity including operational planning. | Explain the process for prioritising team resources, workstream allocation and activity including operational planning. | Demonstrate practical application of how to prioritise team resources, workstream allocation and activity including operational planning. | N/A |
10.2 Manager – Authority Approval | Recognise how to identify activity that requires manager approval. | Explain the process for monitoring and approving activity that requires manager approval. | Demonstrate practical application of monitoring and approving activity requiring manager approval. | N/A |
10.3 Manager – Deploy and Manage Caseloads | Recognise how to deploy skills and resources effectively to manage an investigation caseload. | Explain how to deploy skills and resources effectively to manage an investigation caseload. | Demonstrate how to deploy skills and resources effectively to manage an investigation caseload. | N/A |
10.4 Manager – Developing Skills | Recognise how to develop the skills required, including identifying capability gaps in an investigation team to align to the HMG Investigation Standards. | Explain how to develop the skills required and identify capability gaps in an investigation team to align to the HMG Investigation Standards. | Demonstrate how to develop the skills required and any capability gaps in an investigation team to align to the HMG Investigation Standards. | N/A |
10.5 Manager – Case Progression & Reviews | Recognise how to conduct case reviews, monitor case progression and identify the relevant departmental guidance legislation and aims and provide advice and direction, where appropriate. | Explain how to conduct case reviews, monitor case progression and identify the relevant departmental guidance legislation and aims and provide advice and direction, where appropriate. | Demonstrate how to conduct effective case reviews, whilst monitoring case progression in line with the relevant departmental guidance, legislation & aims and provide advice and direction, where appropriate. | N/A |
10.6 Manager – Quality Control & Performance | Identify the process for quality control (QC) relevant to investigations. | Explain the process for QC relevant to investigations. | Demonstrate application of existing quality control processes for investigations as well as reviewing and amending QC structures to improve investigation practices. | N/A |
10.7 Manager – Productivity & Management Information | Recognise how to review productivity using relevant management information (MI). | Explain how to review productivity drawing upon relevant MI. | Demonstrate ability to review productivity drawing upon relevant MI. | N/A |
10.8 Manager – Information Management | Recognise relevant information management policies complying with General Data Protection Regulation (GDPR) and Information Commissioner guidelines. | Explain relevant information management policies, including GDPR and Information Commissioner guidelines. | Demonstrate the application of relevant information management policies, complying with GDPR and Information Commissioner guidelines. | N/A |
10.9 Manager – Decision making – Case Outcomes | Identify if there are different routes available for a case outcome, including civil, disciplinary, criminal or regulatory. | Explain how to use judgement to achieve a case outcome using the relevant route; civil, disciplinary, criminal or regulatory. | Demonstrate judgement to achieve a case outcome using the relevant route; civil, disciplinary, criminal or regulatory. | N/A |
10.10 Manager – Stakeholder Engagement | Recognise how to build and maintain new and existing stakeholder relationships to enable efficient investigations. | Explain how to actively build and maintain new and existing stakeholder relationships to enable efficient investigations. | Demonstrate the ability to seek new and strengthen existing stakeholder relationships at a senior level to enable efficient investigations. | N/A |
10.11 Manager – Media and Publicity | Recognise the options for proactive and reactive media handling and identify the relevant departmental policies. | Explain the different options and how to apply departmental policies for proactive and reactive media activity. | Demonstrate practical application of the options and apply departmental policies for proactive and reactive media activity. | N/A |
C. Guidance for Professionals
Guidance on Processes – Investigation
Introduction
This guidance covers effective investigatory processes. Investigators must be able to assess what matters are appropriate to investigate, how these will be investigated and the process by which this will be managed.
The creation of standard operating procedures should be considered for investigation processes. Different standard operating procedures could be considered for different fraud types.
All processes and procedures should be regularly reviewed and evaluated to ensure they are of the required standard and remain current.
Those working in investigations should have knowledge of the following legislation and policy and understand how it impacts upon their role and may include the following dependent on jurisdiction:
England & Wales
-
Fraud Act 2006
-
Theft Act 1968
-
Bribery Act 2010
-
Proceeds of Crime Act 2002
-
Human Rights Act 1998
-
Data Protection Act 1998
-
Computer Misuse Act 1990
-
Criminal Procedure & Investigations Act 1996
-
Police and Criminal Evidence Act 1984
-
Criminal Justice Act 2003
-
Regulation of Investigatory Powers Act 2000
-
Investigatory Powers Act 2016
-
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
-
Freedom of Information Act 2000
-
Public Interest Disclosure Act 1998
-
Government Security Classifications
-
Civil Service Code
-
Criminal Finances Act 2017
Northern Ireland
-
Fraud Act 2006
-
Theft Act Northern Ireland 1969
-
Bribery Act 2010
-
Proceeds of Crime Act 2002
-
Human Rights Act 1998
-
Data Protection Act 1998
-
Computer Misuse Act 1990
-
Criminal Procedure & Investigations Act 1996
-
The Police and Criminal Evidence (Northern Ireland) Order 1989
-
Criminal Justice NI Order 2003
-
Regulation of Investigatory Powers Act 2000
-
The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2013
-
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
-
Freedom of Information Act 2000
-
Public Interest Disclosure NI Order 1998
-
Government Security Classifications
-
Civil Service Code
-
Criminal Finances Act 2017
Scotland
-
Scots Common Law - Fraud and Related Offences
-
Bribery Act 2010
-
Proceeds of Crime Act 2002
-
Human Rights Act 1998
-
Data Protection Act 1998
-
Computer Misuse Act 1990
-
Criminal Procedure (Scotland) Act 1995
-
Regulation of Investigatory Powers (Scotland) Act 2000
-
Investigatory Powers Act 2016
-
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
-
Freedom of Information Act 2000
-
Public Interest Disclosure Act 1998
-
Government Security Classifications
-
Civil Service Code
-
Criminal Finances Act 2017
-
Common Law - Fairness in Suspect Interviews
-
Criminal Justice and Licensing (Scotland) Act 2010
Investigation Assessment
-
All potential cases for investigation will be considered against the organisation’s case acceptance criteria.
-
The organisation will have clear processes describing when to engage with others e.g. executive staff members, statutory officers, Money Laundering Reporting Officers (MLRO) (if applicable), press officers, HR, legal advisors, the police and regulatory authorities.
-
The organisation should have a considered approach to how the intelligence and investigation functions interact.
-
Organisations should utilise an auditable investigation management system to record as a minimum:
-
the receipt of investigation referrals;
-
the referral assessment and the decision whether or not to investigate and the reasons;
-
case progress, including diarised events and the storage of electronic and other evidence;
-
any key milestone dates;
-
any formal review points;
-
record policy decisions;
-
date of recorded outcome;
-
conclusions reached, and potentially findings established; and
-
follow up decisions and action taken.
-
Organisations will have a secure repository to store key documents and products. This repository should be protected from staff working outside of the counter fraud function.
The Investigation Process
Review
-
There may be a time lapse between acceptance of a case for investigation and commencement of the investigation. The investigator should review and update the available information as required, and consider whether any new information affects the case to investigate. It may be appropriate to reconsider the case for investigation or refer the matter back to the case evaluator/intelligence function for further consideration. The investigator should consider the sources of information required to assist the investigation, of which the following are examples:
-
previous related investigations;
-
financial records;
-
organisational records or electronic data;
-
Government open data such as Companies House and Land Registry;
-
open source internet information;
-
closed source information requiring authorisation;
-
any complainant or individual with knowledge of the matters involved; and
-
in-house intelligence teams.
Planning
-
All investigations should start with the creation of an investigation plan. When preparing an investigation plan, an investigator will consider the following factors, amongst others:
-
offences under investigation
-
case summary including a working hypothesis;
-
disruption opportunities;
-
resources;
-
intelligence;
-
parameters of the investigation;
-
actions (lines of enquiry);
-
subjects;
-
witnesses;
-
location of evidence;
-
forensic and financial opportunities;
-
risk assessment;
-
community / business impact;
-
disclosure;
-
diversity;
-
media;
-
CPS early consultation;
-
target dates for actions; and
-
victim liaison.
-
Having reviewed and updated the information available, the investigator should ensure they have sufficient resources, in terms of staff, skills and other resources, to undertake the investigation. This may have been covered through the assessment process or by an investigation team manager. At this stage it will be appropriate to consider how, if at all, other investigators can be involved to gain experience.
-
Investigators should be aware of developments throughout the investigation process, which could support an extension or curtailment of the investigation, and ensure stakeholders and senior managers are briefed of the developments.
-
Organisations are likely to have a range of investigations from high volume limited value, through to large and major investigations, which may also be complex. Policies should specify how to identify and address this range of casework with investigators and investigation managers responsible for interpreting policies, such that all investigations are completed effectively within agreed key performance indicators. This will involve the allocation of appropriate grades, numbers of staff and staff with particular skill sets to one or more investigations.
-
Certain investigations may require specialist resource, which is either limited or not available within the organisation, i.e. Financial Investigators. The organisation should have pre-agreed arrangements to bring in specialist resources, from within or outside the organisation, as and when required and to amend case priorities and timelines, as necessary. Such decisions should only be taken having recognised the implications for all casework and the staff involved.
-
All material collected should be organised and stored in a manner which ensures that its provenance can be recalled and the material’s disclosure decided upon. This process should meet relevant legislation, where applicable.
-
An investigation plan should include a communication strategy of who needs to be made aware of the investigation, in what order and when, covering both managerial staff and those directly involved in the case. This strategy must take account of a risk assessment concerning the impact of any communication upon the potential loss of evidence; ‘tipping off’ offenders; the prevention of continual offending; public interest; and the Contempt of Court Act.
Investigating
-
All investigations will be fully compliant with relevant legislation. A failure by staff to comply with the legal and organisational requirements of an investigation may be determined as serious misconduct.
-
The actual investigation required will depend on the facts of each case, as will the skills required. The investigation process should include case reviews with the investigation manager or SIO at agreed stages throughout the investigation.
-
There may be a need to gather information by surveillance or imaging of electronic data. The investigator should consider and obtain the appropriate authorisations, using legal gateways where applicable, before the commencement of any such activity.
-
Interviews undertaken should adhere to the skill standards specified in the Investigation Competency Framework.
-
Organisations should have a process to address non-cooperation by individuals who may be able to assist the investigation or are the subject of an investigation.
-
The investigation should be directed to address:
-
whether the concerns that led to the investigation are borne out;
-
if there are any additional concerns or wider issues;
-
the factual narrative of the matter in hand;
-
any relevant financial implications;
-
any non-financial/reputational issues; and
-
any implications for existing processes such as control weaknesses.
Investigation Management
-
An investigation methodology, which is legislatively compliant and has appropriate levels of governance, needs to be developed and documented within an organisation’s investigation guidance.
-
Organisations will have a process to allocate the right case to the right member of staff based on appropriate expertise.
-
The investigation manager is responsible for providing terms of reference for each investigation and for the strategic direction of the enquiry, ensuring an investigator produces an investigation plan outlining their approach to the investigation, if the nature of the investigation warrants this.
-
The terms of reference will cover health and safety issues, planned timescales, costs, a risk assessment concerning immediate considerations e.g. on-going losses (asset restraint)/offenders still offending/ vulnerable victims and timing for review and evidential evaluation meetings.
-
The methodology should cover the process by which specialist advice is sought; including legal, proceeds of crime and any forensic services.
-
At the conclusion of an investigation, if the nature of the investigation warrants, there should be a review process including all appropriate stakeholders. This will identify any lessons learned and, if required, result in an action plan of measures to assist in the future prevention, deterrence and detection of recurrences.
-
Organisations will embed a quality assurance framework, and feedback mechanism from customers, to ensure a continuous cycle of learning and development underpins the core investigation activity.
-
The investigation manager will ensure, where an investigation report or briefing is required, that it is factually accurate, robustly supported by evidence and adheres to the organisation’s product standards.
-
In regard to (published) reports subject to ‘fairness procedures’, managers will be aware of what information should be disclosed to those involved for comment prior to report completion.
-
Investigators must take steps to protect their sources of information, witnesses and other parties to the investigation, as required. The investigator must follow relevant statutory frameworks when required, but also the spirit of relevant legislation when they do not apply.
-
As part of their review of an investigation, the investigation manager is responsible for assessing the quality of any investigative interviews conducted and the general investigation standard.
-
Organisations and investigation managers must ensure that investigators have the appropriate skills and knowledge to deliver quality investigations, compliant with policy and guidance.
-
Where serious issues are identified during or following an investigation that require communication to a wider audience, the organisation will ensure an appropriate escalation route exists.
-
Organisations should have a protocol for the management of sensitive or high-profile investigations, ensuring key stakeholders are advised where the case is likely to attract ministerial, regulatory, press or public interest.
-
Protocols should exist between the counter fraud function and other key departments including internal audit, human resources and legal services. This protocol will clearly define each function’s responsibilities and promote engagement between the professions to ensure an early exchange of information is made and no conflicts exist in the work to resolve a fraud matter.
-
Following the conclusion of an investigation, if the nature of the investigation warrants, there will be a process to identify what further action, if any, is required. This will include dissemination and the circumstances in which dissemination should be made; dissemination issues may be covered by legislation, particularly in regard to regulatory reports.
D. Guidance for Professionals
Guidance on Products – Investigation
Introduction
This guidance covers what good quality products should include. An investigation outcome report will be a product in many investigations and may be the only product. However, notably where further action is anticipated, the product may be a package of relevant information in support of a case summary or briefing note for example, rather than a formal investigation report.
Case Acceptance Criteria
-
The organisation should have set case acceptance criteria. This may be a stand-alone document or be incorporated in the case management system.
-
The criteria should take into account factors such as financial value, reputational impact, high-profile nature, and the information available or likely to be obtainable.
Terms of Reference
-
The terms of reference should set out the parameters and methodology of the investigation. This can be a template available to investigators setting out key criteria: methodology, purpose, legal gateways, recourse, requirements or it may be cross referenced through an investigation plan.
-
This should be agreed by a manager or SIO and for high-value, high-profile cases it should be flagged to the executive board/senior managers for information.
Key Decision Log (KDL)
- The KDL could be a standalone document or incorporated into the case management system. It is used to record all key decisions made during the investigation and log details of case reviews. When making decisions and recording these in the KDL, the investigator/investigation manager should keep in mind necessity, proportionality, legality, and accountability. Examples of key decisions include narrowing or expanding lines of enquiry, subject designation, and consideration of applications of relevant legislation amongst others.
Case Progression Log
- The case progression log could be a standalone document or could be incorporated in the case management system. This should log all activity undertaken by the investigator from the case acceptance to the closure of the enquiry. It should be auditable, with actions taken and outcomes clearly recorded.
Pocket Notebook (PNB)
- A PNB is a recommended requirement for investigations as a contemporaneous record of events, observations and activity on investigations. PNBs must be used to record details of interviews under caution. PNBs should be in a hardback bound format, lined and with numbered pages. Pages should not be taken out and any retrospective notes should be clearly labelled, dated and timed as such. Each page should be signed and dated.
Case Review Report
-
A senior investigator or manager, at regular intervals, should review the progress of an investigation. The purpose of the review is to have an auditable path throughout the investigation to ensure the enquiries are necessary, proportionate and within the legal parameters of the organisation. The review should consider and document the decision to continue the investigation with rationale for the decision made.
-
Status reports are usually stand-alone products but may also be a function of a case management system. They provide a point-in-time update on the investigation in terms of progress, time lapsed and loss identified and or secured/recovered. These should be proactively produced at regular intervals to keep stakeholders/senior managers updated.
Investigation Report
-
All investigations will result in an investigation closure report or formal assessment document, which should be produced in a standard format while covering the issues specific to the investigation objectives.
-
Standard sections should normally be:
-
investigation background;
-
summary;
-
information obtained;
-
conclusions; and
-
recommendations; such as control improvements.
-
Specific reporting conventions will be set out in organisational guidance as particular areas of responsibility may need to be addressed. Some regulatory specific reports may only require reporting of the facts, rather than conclusions to be drawn from them, as these will be an independent matter for the sponsoring organisation.
-
Investigators should avoid speculative content and where it is considered appropriate to offer a professional opinion, specify this fact clearly in their report.
-
Investigators should ensure that their report does not extend beyond their appointment terms or expertise.
-
The purpose of an investigation report is to set out the facts of a particular matter and generally reach conclusions; and that an assessment can be made on what action, if any, needs to be taken. The report must fully detail and reference information supporting the findings and conclusions reached such that an independent reader, without previous knowledge of the matter in hand, is able to independently review information available to the investigator, including key documentation, and follow the reasoning on which their conclusions were based. The investigation file will be readily reviewable on a similar basis.
-
Reports will be:
-
factually correct;
-
impartial and objective;
-
concise, clear and complete; and
-
logically organised.
-
Reports will include the steps taken by the investigator to gather evidence and analyse it.
-
Reports will be clear and not open to interpretation.
-
Depending on legal advice, it may be inappropriate to name all or certain individuals involved in the report. In such circumstances, investigators should ensure that their report is drafted in such a way as to prevent the inadvertent disclosure of those involved.
-
Investigators should be aware of the organisations and individuals likely to read their report, within the sponsoring organisation and to whom the organisation might wish to disclose the report, and draft their report such that it is readily understandable to all stakeholders.
-
In the case of regulatory reports, legislation may reflect the circumstances in which reports can be disclosed. If the disclosure regime is unclear, reports will include the circumstances in which reports may be disclosed, with the investigator or sponsoring department to be consulted in all cases.
-
Investigation reports should be protectively marked with the appropriate security classification to assist correct handling. Any reports identifying a potential criminal offender, sensitive and closed sources of information, and any personal data concerning a staff member must be classified at a minimum of OFFICIAL SENSITIVE.
Investigation Performance Report
-
An organisation should set a clear expectation that investigations which are sensitive or high profile, or likely to attract Ministerial, press or public interest will be subject to regular update briefings for senior stakeholders throughout the investigation.
-
Upon conclusion of an investigation, a final summary briefing should be provided to senior stakeholders, highlighting the findings of the investigation and the actions arising from it. The investigator will be responsible for informing the content of such briefings to senior managers.
Further Action Investigation Products
-
Where a referral is made to the police or another law enforcement agency, a comprehensive evidential package should be produced. This should contain all material gathered as part of that enquiry including: a case summary note, an investigator’s witness statement and exhibit/production schedule, exhibits/productions, witness statements, all other material produced in the investigation and any related HR or disciplinary material.[footnote 1]
-
Consideration should be given to completing a crime report on Action Fraud, the UK’s national fraud and cybercrime reporting system. This offers a number of advantages. It means the matter has been recorded as a criminal offence according to Home Office Counting Rules. Secondly, the information in the report will be matched against existing and future crime reports made on the system as well as other data which can form networks of linked crimes reflecting the true scale of offences. Finally, it will form part of the statistics used to show the scale of fraud in the UK. However, because of the high volume of reporting and competing demands within policing, the report may not be disseminated for investigation.
-
Following an investigation, which identifies a system or control weakness, the investigator will produce an assessment for use in prevention and deterrence activities. The purpose of the assessment is to:
-
summarise the allegation and findings;
-
identify the methods employed in the apparent breach;
-
identify known associates;
-
specify the opportunity, motive and rationalisation; and
-
process weaknesses or control failures.[footnote 2]
-
Upon conclusion of an investigation, a final summary briefing should be provided to senior stakeholders and those charged with governance, highlighting the findings of the investigation and the actions arising from it.
File Standards (Not Applicable in Scotland)
-
The Crown Prosecution Service (CPS) National File Standard (NFS) provides for a staged and proportionate approach to the preparation of criminal prosecution case files. It specifies the material required for the first hearing and identifies how the file is to be developed at appropriate stages throughout the life of the case.
-
The NFS provides the prosecutor, the defence and the court with information proportionate and necessary to progress the case. The standard should continue to be used to develop the file should it be required to proceed to summary trial, committal or sending it to the crown court for jury trial. The NFS covers a range of products which can also be utilised in civil and regulatory investigations. For example:
-
case summary
-
witness statements;
-
search and seizure logs and records;
-
endorsed notification of powers and legal rights;
-
exhibit labels;
-
disclosure schedules;
-
interview transcripts;
-
pre-interview disclosure form;
-
Ordinarily, the CPS will make charging decisions on the information provided by the MG3 (Report to Crown Prosecutor), MG3A (Further report to Crown Prosecutor) and any key evidence. These forms make up the ‘Precharge report’ for a charging decision, along with other documents which vary depending on the type of report being prepared i.e. whether there is an anticipated guilty or not guilty plea. However, the method of communication with the CPS may dictate the form of the document.
E. Guidance for Professionals
Guidance for Organisations – Investigation
Introduction
This guidance is designed to present a consistent cross-government approach to counter fraud and raise the quality of organisations’ counter fraud work and the skills of their individuals. The aim is two-fold; to outline what individuals working in counter fraud should aim to get in place in their organisation; and for organisations to gain an understanding of what should be in place in particular areas.
They are designed to help organisations identify the research, training and resources needed to develop their capability further. Individuals should use this guidance and competency framework to measure and develop their skills.
This guidance is not intended to cover every eventuality or every specific issue that may arise and should be adapted to the organisation’s resources and fraud risk profile.
This document focuses on organisations’ capability to investigate fraud.
Policies
-
Organisations will have a counter fraud investigations policy, supported by an action plan against which the progress, outcome and quality of investigations can be measured.
-
The investigations policy should include:
-
reference to standard operating procedures (SOP);
-
case acceptance criteria;[footnote 3]
-
how to identify and prioritise investigations[footnote 4] taking into account issues such as proportionality and resources;
-
how to identify and address the organisation’s approach to serious and complex investigations to ensure sufficient resources, both expertise and staff numbers, are identified and made available as and when appropriate;
-
regular and consistent monitoring of investigations including target timescales;
-
operational learning processes, including debriefs and case reviews, detailing how to implement learning points from concluded investigations; and
-
joint working procedures outlining effective working arrangements between investigators, audit, prosecutors, HR, advisory lawyers, and management to ensure any criminal, civil or disciplinary proceedings are brought, regulatory action taken, or procedural changes made in a timely and effective manner.[footnote 5]
-
Organisations will implement/ensure promotion of professional and ethical practices underpinned by the Human Rights Act 1998 to guide investigations and investigators.
-
Where there are shared responsibilities between organisations, agreements should be developed to ensure that appropriate arrangements are in place to share data and support any joint investigations or lead accountabilities.
-
Adequate internal processes and contractual arrangements, with suppliers and grant recipients, will be in place to provide access to necessary support and information to assist investigations. This will include access to IT systems and all information sources, as well as internal and contractor staff.
-
Terms of business and fair processing notices governing the use and administration of services provided to members of the public. These must contain appropriate clauses that provide for access to people, documents and systems in the event that fraud is suspected and is subject to investigation.
-
Organisations will have a fraud response plan outlining the key contacts and processes to follow to investigate, report and address fraud in the organisation.
-
Investigation complaint handling guidance will be available. Complaints will be handled in a timely, appropriate and comprehensive manner with clear escalation points for persistent or sensitive complaints.
-
A specific counter fraud investigation’s retention and destruction policy will cover documentation obtained during the course of investigations, together with related information.
-
A confidentiality policy will be in place covering investigation-related information reflecting general and specific legislative arrangements.
-
The organisation will have a secure method set out to safeguard investigation-related material including exhibits/productions and case papers.
-
Policies and procedural guidance will be established to support the delivery of a quality investigation service. This guidance will outline the principles for investigation and provide a procedural framework to be followed by investigators and managers when conducting investigations into staff and third parties conduct.
-
Organisations will have a policy on information security relevant to investigations.
-
Guidance will aim to ensure that investigators and managers:
-
understand their roles and responsibilities;
-
carry out investigations legally and ethically;
-
interpret policy and the law correctly; and
-
make best use of recognised good practice and help develop it.
Team Structure and Support
-
Organisations must outwardly demonstrate to all their staff, and others working with them, that the investigative counter fraud function has the full support of the board and the audit committee.
-
Organisations will authorise an individual who is responsible for overseeing and providing strategic direction for investigative counter fraud activity including bribery and corruption.[footnote 6] This individual must have the requisite skills, knowledge and experience to manage the counter fraud function specific to the particular organisation.
-
An executive team officer[footnote 7] should be authorised to have direct responsibility for investigative and other counter fraud related issues; have the authority to debate with their peers for investigative resources; and represent the organisation internally and externally on investigative matters.
-
Depending on the size, nature of issue and approach of the organisation, the team may add to its investigative capacity using internal or external resources. The organisation will have proactive arrangements in place to access individuals with the appropriate skills as and when necessary.
-
Organisations will have a system to receive, record, develop and retain information and intelligence and facilitate its use in the investigation process. Depending on the organisation concerned, this may include information such as a record of previous investigations, complaints that did not lead to investigations or intelligence that is more specific.
-
A training, recruitment and/or development programme will be implemented to ensure that investigation staff have and retain appropriate skills to undertake the investigations allocated to them. This could involve qualification-based training; attending bespoke courses; reflecting the investigatory experience of staff or a combination.[footnote 8]
-
There should be procedures to ensure that all investigations are allocated to appropriately experienced staff. These procedures need to recognise that the ambit of investigations can change substantively during their course and may require considerably more or less resource, both in terms of numbers and specialist input, than originally envisaged.
-
The organisation should utilise a specialist function to coordinate and support counter fraud operations to aid the efficient and effective delivery of services; as well as provide greater consistency in the way fraud is tackled, recorded and reported across government. This could be an internal function or the utilisation of an external service provider.
Performance and Assessment Measure
-
A time and cost recording system for investigations undertaken, covering both internal staff and any outsourced investigations should be implemented. This should reflect direct and indirect costs including management time. This will ensure that relevant costs can be recovered through the appropriate mechanism.
-
Effective performance management arrangements (including outcome-based metrics) to drive and monitor progress and review impact, covering both internal staff and any outsourced investigations, should be operated by the organisation.
-
Individual organisations should regularly benchmark investigation performance with comparable internal and external investigation teams.
-
Counter fraud functions should maintain close liaison with other departments, providing engagement and reporting to assist in providing a high-quality, professional, cost effective investigation service, ensuring investigations are carried out to agreed targets and standards.
-
All performance assessments should reflect expertise and experience in the area concerned and anticipated timescales to provide required services, efficiency and cost benefit.[footnote 9]
Infrastructure and Process
Organisations must be able to assess what matters are appropriate to investigate, how these will be investigated and the process by which this will be managed.
E1.1. Investigation Assessment
-
All potential cases for investigation will be considered against the organisation’s case acceptance criteria.
-
The organisation will have clear processes describing when to engage with others e.g. executive staff members, statutory officers e.g. MLROs (if applicable), press officers, HR, legal advisors, the police and regulatory authorities.
-
The organisation should have a considered approach to how their intelligence and investigation functions interact.
-
Organisations should utilise an auditable investigation management system to record as a minimum:
-
the receipt of investigation referrals;
-
the referral assessment and the decision whether or not to investigate and the reasons;
-
case progress, including diarised events and the storage of electronic and other evidence;
-
any key milestone dates;
-
any formal review points;
-
record policy decisions;
-
date of recorded outcome;
-
conclusions reached, and potentially findings established; and
-
follow up decisions and action taken.
-
Organisations will have a repository to store key documents and products. This repository should be protected from staff working outside of the counter fraud function.
E1.2. The Investigation Process
-
There may be a time lapse between acceptance of a case for investigation and commencement of the investigation. Investigators may need to review and update available information, when required.
-
The organisation should have processes in place so that the investigator has available sources of information required to assist the investigation, of which the following are examples:
-
previous related investigations;
-
financial records;
-
organisational records or electronic data;
-
government open data such as Companies House and Land Registry;
-
open source internet information;
-
closed source information requiring authorisation;
-
any complainant or individual with knowledge of the matters involved;
-
in-house intelligence teams;
-
access to relevant business information; and
-
access to people, records systems and processes held by third parties.
-
Organisations are likely to have a range of investigations from high volume limited value through to large investigations, which may also be complex. Policies should specify how to identify, address and allocate this range of casework, including key performance indicators. This will involve the allocation of appropriate grades, numbers of staff and staff with particular skill sets to one or more investigations.
-
Certain investigations may require skills (or resources) which are either limited or not available within the organisation. The organisation should have pre-agreed arrangements to bring in staff from within or outside the organisation, to defer other cases or to amend case timelines. Such decisions should only be taken having recognised the implications for all casework and the staff involved.
-
There should be a suite of indicators to monitor performance of an investigation, including the timeliness and costs associated.
-
An investigation plan should include a communication strategy of who needs to be made aware of the investigation and in what order, covering both managerial staff and those directly involved in the case. This should be regularly reviewed as the investigation progresses.
-
Organisations should have a review process to address non-cooperation by individuals who may be able to assist the investigation or are the subject of the investigation.
E1.3. Investigation Management
-
An investigation methodology, which is legislatively compliant and has appropriate levels of governance, needs to be developed and documented within an organisation’s investigation guidance.
-
Organisations will have a process to allocate the right case to the right member of staff based on appropriate expertise.
-
The investigation manager is responsible for agreeing terms of reference for each investigation and for the strategic direction of the enquiry, ensuring an investigator produces an investigation plan outlining their approach to the investigation, if the nature of the investigation warrants this.
-
The terms of reference will cover health and safety issues, planned timescales and timing for review meetings. The methodology should cover the process through which specialist advice is sought, including legal and any forensic services.
-
At the conclusion of an investigation, if the nature of the investigation warrants, there should be a review process including all appropriate stakeholders. This will identify any lessons learned and, if required, result in an action plan of measures to assist in the future prevention, deterrence and detection of recurrences.
-
Organisations will embed a quality assurance framework, and feedback mechanism from customers and staff, to ensure a continuous cycle of learning and development underpins the core investigation activity.
-
Organisations must ensure that investigators have the appropriate skills and knowledge to deliver quality investigations, compliant with policy and guidance.
-
Where serious issues are identified during or following an investigation that require communication to a wider audience, the organisation will ensure an appropriate escalation route exists.
-
Organisations should have a protocol for the management of sensitive or high-profile investigations, ensuring key stakeholders are advised where the case is likely to attract ministerial, press or public interest.
-
Following the conclusion of an investigation, if the nature of the investigation warrants, there will be a process to identify what further action, if any, is required. This will include dissemination and the circumstances in which dissemination should be made; dissemination issues may be covered by legislation, particularly in regard to regulatory reports.
F. Further guidance
Further Information
These Professional Standards and Guidance have been created in order to align counter fraud capability across the public sector.
If you have any questions surrounding the Government Counter Fraud Profession, and how you can get yourself and your department involved, please contact [email protected]
Alternatively, the Counter Fraud and Investigation Team in the Government Internal Audit Agency (GIAA) provide a range of services defined in the Government Counter Fraud Framework. They can be contacted to discuss how they are able to assist you to meet your requirements at [email protected]
-
In many regulatory investigations, a report will be completed and referred to specific prosecuting authorities as a stand-alone document, with supporting information, as appropriate. It will then be for prosecuting authorities to decide on what action, if any, it might be appropriate to take. ↩
-
Some organisations will include such information in an all-encompassing report. The most appropriate method of reporting for each organisation should be included in specific organisational guidance. Depending on circumstances and investigator expertise, it may be appropriate to engage with internal audit in this process. ↩
-
This will depend on the nature of the organisation. Organisations which undertake investigations irregularly are far less likely to need a policy setting out formal grounds to accept a matter for investigation than a regulatory organisation with investigatory powers ↩
-
Prioritisation will be particularly relevant to cases with potentially serious reputational, financial or other high-risk implications ↩
-
Different organisations may require working arrangements with different departments ↩
-
It is anticipated that specific standards will be issued separately covering bribery and corruption issues. ↩
-
There will be different descriptors of senior staff in different public sector organisations. However, they should be at such a level to influence policy and/or have direct contact with Ministers. ↩
-
Having a specialist qualification evidences knowledge to a certain standard but not by itself the experience to undertake fully a range of investigatory work. Bespoke courses can be tailored to suit a specific function but again may not necessarily support required levels of first-hand expertise. Experienced staff may be able to undertake a range of work but can be limited to their areas of experience and expertise and will not have independent verification. ↩
-
Assessment of investigation services within government should be the first consideration in seeking to identify a quality investigative offering and the most efficient use of public expenditure before seeking private sector involvement. However, the availability of immediate resources and the requirement for specialist skill sets are issues that might support an initial approach to the private sector. It may also be an option to discuss payment by results with the private sector if there is a link between the investigation process and recovery options. ↩