Guidance

Government Counter Fraud Professional Standards and Guidance: Counter Fraud Investigator (HTML)

Updated 9 December 2022

Glossary of Terms

Core disciplines

Areas of expertise, knowledge, skills and experience that are needed for an effective counter fraud response. They are not people, role or category specific.

Subdisciplines

Areas of additional knowledge skills and experience that enhance capability in those areas across a number of core disciplines.

Core components

Behind each core discipline and sub-discipline there are high-level components outlining the required knowledge, skills & experience.

Elements

Specific descriptors of the required knowledge, skills and experience within a core discipline or subdiscipline. These are grouped into a competency framework document.

Subject matter expertise

We will recognise not only technical specialism but also where individuals have deep knowledge in a particular subject (e.g.tax, legal aid, grant fraud).

Competency framework

Group of elements found in core disciplines or subdisciplines. Grouped together with varying levels of required knowledge, skills and experience.

Competency levels

Used to identify progression within the standards and competencies. The competency levels are Trainee, Foundation, Practitioner, and Advanced Practitioner.

Categories

Defined combinations of elements, which show the expected knowledge skills and experience for each core discipline. These enable a common assessment of skills and draw a distinction of those with a level of skill, and those without.

Technical specialism

Specific focussed areas which usually build from or enhance core disciplines. The specialism will often be the primary focus of the role.

  A. Introduction to the Counter Fraud Investigator Standard

A1. Purpose

This document contains the agreed professional standards and guidance for the implementation of a consistent approach for the counter fraud investigator in the public sector. There are a range of counter fraud standards covering the core disciplines and subdisciplines in the Counter Fraud Framework.

The counter fraud standards and guidance are designed to present a consistent cross-government approach to countering fraud; raise the capability of individuals and, through this, increase the quality of organisations’ counter fraud work.

The aims of the professional standards and guidance are:

  • to describe the knowledge, skills and experience required for an individual to achieve Practitioner level in counter fraud work in this area. This document contains the associated competency framework, outlining how someone can achieve this standard;

  • to provide guidance to those using the standards on the processes and products they will use to deliver the core discipline and what they should seek to put in place in the organisation to achieve this; and

  • the ‘Organisational Guidance’ to consider what should be in place in an organisation applicable to this core discipline.

Organisations that assess a low degree of risk, or have an agreed high-risk tolerance may not have access to counter fraud investigation capability within their business.  Regardless of whether the resource is internal or external, investigators must meet the standard.

These standards must be met to be acknowledged as a counter fraud professional.

A2. Contents

This document contains the following:

  • Professional Standards and Guidance: the individual level of knowledge, skills and experience for those undertaking investigation activity in relation to fraud and economic crime.

  • The Competency Framework: outlining the required knowledge, skills and experience by those operating effectively and how these develop through the competency framework levels – Trainee, Foundation, Practitioner, and Advanced Practitioner.

  • Guidance for Professionals includes:

  • Product: detailing what good quality investigation products look like;

  • Process: describing the recommended processes to correctly implement an effective investigation approach; and

  • Organisation: for those organisations with a specialist investigation resource.

The standards have been created, reviewed and agreed by the Professionals’ Board, the body responsible for the Counter Fraud Professional Standards and Guidance. The board has been assisted by an expert cross-sector advisory group and the Fraud Advisory Panel.

A3. Government Counter Fraud Framework

This document covers the Counter Fraud Investigator Standard of the Government Counter Fraud Framework.

The framework covers all of the core disciplines and subdisciplines that a public sector organisation will need to call upon to deal with the fraud threat that the public sector faces. Organisations will call on these to different extents depending on the nature of their business and services, and the associated fraud threat, as assessed through their fraud risk assessment.

  • Organisational Level: This is aimed at the organisation. It is covered by the Counter Fraud Functional Standards. These state the basics that organisations should have in place to have an effective counter fraud response. It includes things like having a risk assessment, a fraud policy and having fraud awareness across the organisation.

  • Core Disciplines: The core disciplines include a functional leadership level (Leadership, Management, Strategy) for those that are responsible for coordinating an organisation’s overall response to fraud and economic crime. The main area is in the functional delivery level. This details the core disciplines that an organisation may use in an effective counter fraud response. Within these core disciplines are details of the required knowledge, skills and experience to undertake these disciplines effectively.

  • Sub-disciplines: The sub disciplines are areas of additional knowledge, skills and experience that enhance capability across a number of core disciplines. For instance, knowledge, skills and experience in Bribery and Corruption will help counter fraud professionals undertake more effective risk assessments and investigations (depending on the role).

Government Counter Fraud Framework

Organisational Level

Functional Standards - The Functional Standards detail the basics that an organisation should have in place to have an effective counter fraud response. This includes a level of fraud awareness across the organisation.

Core Disciplines - Functional Leadership

Leadership, Management and Strategy - An awareness across all specialist areas and the capability to define an effective counter-fraud response and how to deploy the specialisms in the business.

Core Disciplines - Functional Delivery

  • Risk Assessment

  • Measurement

  • Prevention and Deterrence

  • Use of Data and Analytics

  • Detection

  • Intelligence and Analysis

  • Investigation

  • Sanctions, Redress and Punishment

  • Culture

Sub Disciplines

  • Bribery and Corruption

  • Money Laundering

  • Disruption

  • Cyber Fraud

  • Criminal Justice

  B. Professional Standards and Competencies for Investigation

B1. Introduction

The professional standards and competencies are designed to present a consistent public sector approach to counter fraud and raise the quality of organisations’ counter fraud work and the skills of their individuals.

They set out high-level principles to be reflected in counter fraud work. They are designed to help organisations identify the research, training and resources needed to develop their capability further. Individuals should use the standards to assess and develop their skills.

When using these standards, organisations must ensure that they have the necessary legal authorities in their enabling legislation before implementing any particular standard.

The Professional Standards and Competencies are not intended to cover every eventuality or every specific issue that may arise and should be adapted to the organisation’s resources and fraud risk profile.

This document focuses on individuals’ competency to investigate fraud. An investigation is defined as the determination, through the objective and unbiased gathering, analysis, interpretation and presentation of evidence, as to whether any suspicions or allegations of fraud have substance to them.

This standard is therefore focused on the practical investigation of allegations of fraud, through both civil and criminal routes. It includes many factors, such as:

  • an understanding of the law, what routes of redress are available and the investigative options available; and

  • the evidence gathering and investigative techniques that can be applied, consideration of the limitations, both practical and legal, on activities that can be undertaken.

It covers how to collect, scrutinise, store, disclose and present evidence, and skills such as interviewing. It covers how to present information from investigations, resulting from witness statements and briefings through to providing evidence in court. It covers how evidence should be maintained and stored to enable an effective investigation, and guidance on decision-making within investigations.

B2. General Guidance

These professional standards and competencies specify the skills that are required by those involved in counter fraud investigations working to the criminal, civil or regulatory standard, and are set at the Practitioner level.

The skill competence levels required would be at an increasing level of expertise; from Trainee to Foundation to Practitioner to Advanced Practitioner. These levels of expertise are not necessarily held by different roles within an organisation. Investigation managers will be required to meet managerial standards specific to investigation, as well as the required prerequisite knowledge in investigation.

B3. General Principles

Counter Fraud investigators are expected to display the highest standards of professionalism, objectivity, fairness, expertise, integrity and vision. The conduct of all investigations will abide by these principles and if a conflict of interest exists, investigators will disclose this fact at the earliest opportunity.

  • Investigators must be able to conduct professional and competent investigations to a standard that informs a robust process and decision. The standard of the investigation must be able to withstand independent review/scrutiny pursuant to the relevant process concerned whether criminal, civil, regulatory or disciplinary.

  • Investigators will be skilled at understanding core business processes affected by a matter under investigation or have direct access to those that do. They will directly, or with the support of others e.g. internal audit, recommend appropriate improvements in controls, ensuring that these are reported to those charged with governance, such as audit committees.

  • Investigators will have an understanding that fraud often stretches across organisational and process boundaries, and be able to undertake a post investigation review and identify relevant recommendations to assist the future prevention, deterrence and detection of fraud.

  • Investigators will have an understanding of the financial and legal implications of decisions made during the course of the investigation.

  • Recognising that investigators have different knowledge, skills and experience, both generally and covering specific areas, a mentoring type arrangement should be in place so that investigators can call upon advice when required.

B4. Competency Framework (Investigation)

The information below explains the structure of the Competency Framework and how it can be utilised by members of the Profession.

B4.1. Key Components Explained

Components outline, at a high level, the required knowledge, skills and experience for each core discipline and subdiscipline. There are 10 components for Investigation highlighting the knowledge, skills and experience required for effective investigation activity. These elements are then grouped into a Competency Framework document.

Investigation Standards - Key Components Explained

Manager

Demonstrates strategic managerial knowledge, skills and experience.

Case Initiation

Has technical and investigation competency to plan and address issues raised in accordance to organisational procedures and legislation.

Evidence Gathering

Ability to identify, gather, retain and reveal material in accordance to relevant legislation and organisational policy.

Stakeholder Engagement

Establish a network of counter fraud stakeholders both internally and externally to the investigation organisation.

Quality, Performance and Review

Recognise and review training and development opportunities to increase knowledge and capability and apply performance and productivity management, and skills to perform quality control.

Legislation and Departmental Policy

Conduct investigations in accordance to relevant legislation and organisational policy.

Investigative Interviewing

Ability to undertake a range of investigative interviews including planning, conducting and evaluating.

Case Progression

Has report writing skills, articulating evidence and progressing cases to conclusion in accordance with relevant legislation and organisational policy.

Parallel/multi track Approach

Ability to undertake civil, disciplinary, regulatory and criminal investigations to relevant standards in accordance in legislation and organisational policy.

B4.2. Competency Levels

Within the Competency Framework are four Competency Levels. These are Trainee, Foundation, Practitioner and Advanced Practitioner. These can be used to identify progression within the Counter Fraud Investigator standard. The Framework helps to establish where your competency level is and where you have areas you may wish to develop.

General rules about the Competency Levels are set out below:

  • Trainee is about developing introductory knowledge;

  • Foundation is about having the knowledge;

  • Practitioner is about demonstrating the application of the knowledge; and

  • Advanced Practitioner is about having a more expansive, specialist knowledge and being able to use this to evaluate and improve what is being done.

B4.3. Understanding Categories

Categories are defined combinations of elements, which show the knowledge, skills and experience expected for each core discipline. Categories are not people or grade specific and the title or description used by organisations may be different to those below. By considering the investigation activity you undertake, you will be able to determine which Category, A, B or C, is relevant.

For Investigation there are 3 core categories:

  • A – Referral Management – accurately recording information, completing initial enquiries and evidence gathering;

  • B – Evidence Gatherer – building up evidence for the investigator, using a variety of techniques and sources; and

  • C – Investigator – evaluating evidence, planning and leading interviews, and dealing with the subject of the investigation.

For each Category there is a specific group of elements from the Competency Framework that should be demonstrated. Recognition will be available at Foundation or Practitioner level initially. Trainee level will not be formally recognised, but the elements in this level set out how you can begin your journey to develop knowledge and skills in investigation. So for example you will be classified as a Category A Investigator, Foundation. This structure allows progression within categories, across to other categories and then wider to demonstrate skill in other core disciplines or subdisciplines.

We recognise that investigation activity may be undertaken in a criminal, civil or combined context and we have therefore incorporated this into the structure and approach. The elements are designed to be specific to criminal, civil or combined investigation activity. The Category Matrix tools have been developed to offer a guide on the elements for each category. For example you may be a Category A Investigation, Civil, Foundation.

We have incorporated hybrid roles into the structure, as we recognise that in some organisations investigation roles may require a level of technical competence in intelligence to support their combined role. This is often where there is no separate intelligence function within the organisation.

To be recognised as a Practitioner Hybrid, investigators must demonstrate Practitioner level investigation competency in the category they operate in (A, B or C) before accessing the elements in intelligence identified in the Hybrid Category Matrix for their category A, B or C in Intelligence.

We have also introduced two Categories for Managers:

  • Investigation Manager (IM) – Strategic oversight of operations, resource and investigation activity; and

  • Senior Investigation Officer (SIO) – As above for IM, but with the addition of being actively involved in investigations, leading major/complex investigations and/or still having own casework alongside managerial duties.

There is a prerequisite knowledge required to access the Manager Categories. This is as follows:

  • Investigation Manager (IM) – must demonstrate Foundation level in the category of Investigation standards they manage staff in, then the Manager elements; and

  • Senior Investigation Officer (SIO) – must demonstrate Practitioner level in the category of Investigation standards they manage staff in, then the Manager elements.

There is also a Category for Hybrid Managers, with a prerequisite model following the similar approach above, but the skills required must be demonstrated in both Investigation and Intelligence to achieve Hybrid Manager or Hybrid SIO/A status.

Advanced Practitioner works differently to the other levels as there are no predetermined categories for this level. Instead, members can select individual elements or groups of elements they have a particular interest or focus in, to demonstrate their skills, knowledge and experience.

How we will recognise the Advanced Practitioner level will be determined at a later stage, but for now members may use those elements in the framework for self-assessment of their knowledge, skills and experience to help map their development.

Categories will enable a common assessment of skills and draw a distinction of those with a level of skill and those without.

Investigation Standards - Competency Levels

The Key investigation skills are broken down in the competency framework and this coversheet provides a summary of the requirements for each.

Trainee

A developing level of competence, building initial knowledge of reverent legislation principles and counter fraud practice People will only be at Trainee for a set time.

Foundation

Have the foundation of knowledge and skills to be able to deliver the element. Have the ability to explain and demonstrate knowledge of relevant legislation, principles and fraud investigation practice.

Practitioner

Have demonstrated they can apply their knowledge and skills in delivery. They demonstrate practical application of relevant legislation, principles and fraud investigation practice in their role.

Advanced Practitioner

A level of competence, and breadth of knowledge beyond Practitioner, the ability to interpret and evaluate complex principles and develop fraud investigation practice/processes for others.

Manager

There are 2 Categories of Managers for Investigation: Investigation Managers and Senior Investigation Officers. They follow the same approach to Competency levels as core disciplines.

      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    1.1    Legislation and Departmental Policies – Application of Legislation,   Associated Codes and Departmental Policy     Identify   where to access reference material to identify the legislation relevant to   investigations, and where to locate departmental policy.     Explain   the legislation and associated codes of practice relevant to investigations   as well as an understanding of departmental policy.     Demonstrate   practical application of legislation and associated codes of practice and can   determine points to prove in pursuing an investigation. Demonstrate   application of departmental policy.     Interpret   the application of the relevant legislation, associated codes of practice and   departmental policy. Can identify points to prove and support colleagues to   do so.
    1.2    Legislation and Departmental Policies – Government Marking Scheme     Recognise   that the government protective marking scheme and source management processes   should apply when disseminating material.     Explain   when the government protective marking scheme and source management processes   should apply when disseminating material.     Demonstrate   application of the government protective marking scheme and source management   before disseminating material.     Interpret   the government marking scheme and source management and its use when   disseminating material – provide advice and support to others.
    1.3    Legislation and Departmental Policies – Data Protection Act     Identify   different types of data, such as open and closed and where to access guidance   on the principles of data protection legislation     Explain   the principles of data protection legislation and the potential impact on investigations   and how to apply these to access and when disclosing open and closed sourced   data.     Apply   the principles of data protection legislation when obtaining and disclosing   information / evidence for an investigation, using the legal gateways, where   appropriate.     Interpret   the application of data protection legislation to obtain and when disclosing   information / evidence for an investigation, and know its limitations.     Support   others to apply the correct principle to obtain relevant information / evidence.
    1.4    Legislation and Departmental Policies – Human Rights Act 1998     Identify   the requirements under the Human Rights Act 1998 (HRA) and identify where to   access guidance on the principles of the HRA.     Explain   the principles of the HRA and consider its implications for the conduct of   the investigation, and any subsequent legal proceedings and the legal   gateways that may exist.     Apply   the principles of the HRA during an investigation; ensuring actions are   proportionate, necessary and legal.     Evaluate   the application of the principles of the HRA and can support others in   applying them.
    1.5    Legislation and Departmental Policies – Data Governance, Code of Conduct and   Protective Marking     Identify   there are requirements and policies concerning digital & data governance   and identify where to access these requirements and policies.     Explain   their organisation’s employee code of conduct and relevant policies   concerning digital & data governance.     Apply   the principles of their organisation’s employee code of conduct and relevant   policies concerning digital & data governance.     Evaluate   the principles of their organisation’s employee code of conduct and relevant   policies concerning digital & data governance.
    1.6    Legislation and Departmental Policies – Departmental Code of Conduct and   Internal Policies     Identify   the requirements and policies concerning digital & data governance and   their relevance to disciplinary investigations.     Explain   their organisation’s employee code of conduct and relevant policies   concerning digital & data governance when applied to disciplinary   investigations.     Apply   the principles of their organisation’s employee code of conduct and relevant   policies concerning digital & data governance to determine if there is a   case to answer (CTA) or no case to answer (NCTA). Apply the requirement to   continue investigations where the subject has resigned. (Disciplinary   Investigations).     Evaluate   the principles of their organisation’s employee code of conduct and relevant   policies concerning digital & data governance to determine if there is a   case to answer (CTA) or no case to answer (NCTA). Apply the requirement to   continue investigations where the subject has resigned and has experience of   working with HR / Legal to best pursue such cases. (Disciplinary Investigations).
    1.7    Legislation and Departmental Policies – Legislative Guidance           (See C1)     Identify   the investigation requirements, legislation and policies related to the   practice for criminal investigation.     Explain   the investigation requirements, legislation and policies related to the   practice for criminal investigation     Apply   the principles of the investigation requirements, legislation and policies   related to the practice for criminal investigation, demonstrate its   application in the conduct of investigations.     Interpret   the investigation requirements, legislation and policies related to the   practice for criminal investigation and have the expertise to address complex   issues arising under the act. Provide advice and support to others.
    1.8    Legislation and Departmental Policies – Criminal Procedure             (See C1)     Identify   the requirements and/or policies related to Criminal Procedure.     Explain   the requirements and/or policies related to Criminal Procedure.     Apply   requirements related to Criminal Procedure and/or policies as appropriate in   the conduct of investigations.     Interpret   all investigative issues raised by the requirements and/or policies related   to Criminal Procedure and/or policies as appropriate, including the   conclusion of lines of enquiry and the recording, retention and revealing of   material at the enquiry conclusion. Provide advice and support to others.
    1.9    Legislation and Departmental Policies – Public Interest Disclosure Act 1998     Identify   there are requirements and policies related to the Public Interest Disclosure   Act (PIDA) 1998 and Whistleblowing (WB), and identify where to access these   requirements and policies.     Explain   the principles of PIDA and WB policies and the protection they provide.     Apply   the principles of PIDA and apply WB policies to investigations.     Interpret   PIDA and WB policies for investigations and support others to ensure   processes are correctly applied and whistleblowers are afforded the necessary   protection.
      Competency       Trainee (T)       Foundation (F)       Practitioner (P)       Advanced Practitioner (AP)

|— |— |— |— |— |

    2.1    Quality, Performance and Capability –      Individual Capability       Discuss their own level of training and experience and can list their   training and development needs.     Review your own level of training and experience. Able to identify and   plan training and development opportunities for self and others.     Evaluate changes in practice, policy and law concerning counter fraud   investigation. Contribute to the development of investigation training for   self and others.
    2.2    Quality, Performance and Capability –      Performance Management       Explain the performance measures in place and expectations of them in   their role.     Review performance management data and proactively report individual   performance against criteria.     Analyse performance management data and proactively report individual   and team performance against criteria.
    2.3    Quality, Performance and Capability –      Productivity       Explain   the measures in place to monitor productivity and their expected   contribution.     Review   individual productivity and outcomes in investigations and report upwards.     Evaluate   the productivity of investigations, utilising a range of outcome-based   metrics.
    2.4    Quality, Performance and Capability –      Quality Control       Explain   the organisation’s quality control structure.     Apply the   organisation’s quality control structure.     Evaluate   the organisation’s quality controls for a complex range of investigations   including recommendations / lessons learnt. Interpret the results to suggest   process improvements.
      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    3.1    Case Initiation –      File Standards     Recognise case files are utilised during an investigation.     Explain how to open and maintain a case file to the required standards   for criminal, civil, regulatory or disciplinary matters.     Apply the maintenance of case files to the required standards for   criminal, civil, regulatory or disciplinary matters.     Evaluate the maintenance of case files to the required standards for   criminal, civil, regulatory or disciplinary, and support others to meet   standards.
    3.2    Case Initiation – Investigation Planning     Recognise   investigations must be planned and a process must be followed.     Explain   how to plan an investigation to the required standard for criminal, civil,   regulatory or disciplinary matters, and with support can do so.     Demonstrate   the production of robust investigation plans to the required standard for   criminal, civil, regulatory or disciplinary matters.     Evaluate   the production of robust investigation plans to the required standard for   criminal, civil, regulatory or disciplinary. Has produced plans to support   complex cases, incorporating all aspects of the investigation process. Lead   or coordinate the resource requirements for an investigation and assess the   need to escalate requirements upwards.
    3.3    Case Initiation –      Fraud Investigation Model or Equivalent     Recognise   there is a Fraud Investigation Model (Criminal), or organisational   equivalent, to consider when responding to allegations of fraud, and identify where to access it.     Explain   the Fraud Investigation Model (Criminal) / or organisational equivalent when   responding to allegations of fraud.     Apply   the Fraud Investigation Model (Criminal) / or organisational equivalent when   responding to allegations of fraud.     Evaluate   the application of the Fraud Investigation Model (Criminal) / or   organisational equivalent when responding to allegations of fraud. Provide   advice and support to others.
      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    4.1    Evidence Gathering – Evidential Types     Recognise   there are different types of evidence for investigators to consider.     Explain   the different types of evidence (direct, circumstantial, hearsay etc.)     Demonstrate   the application to differentiate between types of evidence (direct,   circumstantial, hearsay etc.) and relate their significance.     Interpret   the application of the different types of evidence (direct, circumstantial,   hearsay etc.) and their significance. Provide advice and support to others.
    4.2    Evidence Gathering – Forensic Services     Recognise   the need for forensic services to be utilised.     Explain   the types of forensic opportunity available and when they can be used to   gather evidence.     Demonstrate   the consideration of forensic opportunity, and how to apply in investigations   (where relevant to the type of investigations undertaken).     Evaluate   the consideration of forensic opportunity, and how to apply in investigations   (where relevant to the type of investigations undertaken). Provide advice and   support to others.
    4.3    Evidence Gathering - Regulation of Surveillance            (See C1)     Recognise   surveillance is governed by legislation and must be authorised and undertaken   by trained staff.     Explain   the principles of the regulation of surveillance.     Demonstrate   principles of the regulation of surveillance.     Evaluate   the application of the principles of the regulation of surveillance.
    4.4    Evidence Gathering – Investigation Note Taking     Recognise   the need to record notes of interviews and conversations during the course of   an investigation.     Explain   why the recording of notes of interviews and conversations during the course   of an investigation is necessary and has knowledge of best practice use.     Apply   best practice for note taking during the course of an investigation.     Interpret   the application of best practice in note taking. Provide advice and support   to others.
    4.5    Evidence Gathering – Investigation Record Keeping     Recognise   the need to record activities / enquiries during an investigation.     Explain   why recording investigation activities / enquiries during the course of an   investigation are necessary and have knowledge of best practice use.     Apply   best practice for recording investigation activities / enquiries during the   course of an investigation.     Interpret   the application of best practice in recording activities / enquiries during   the course of an investigation. Provide advice and support to others.
    4.6    Evidence Gathering – Search Procedures     Recognise   only authorised and trained staff may conduct searches of persons, vehicles,   premises and workplace and recognise principles of Legal Professional   Privilege     Explain   the relevant legislation and procedures (including Legal Professional   Privilege) in the participation at a search of a person, premises, vehicles   or workplaces.     Demonstrate   practical experience participating in searches (including consideration of   Legal Professional Privilege) of a person, premises, vehicles or workplaces,   adhering to policy and legislation.     Demonstrate   practical experience of planning and executing large search operations, using   intelligence and tools to conduct an effective search and specialist   legislative requirements, such as Legal Professional Privilege. Provide   advice and support to others.
    4.7    Evidence Gathering – Evidence Assessment     Identify   the different levels of evidence, subject to role.     Explain   how to assess the strength of evidence in a civil, disciplinary, regulatory   or criminal investigation, subject to role.     Apply   the assessment of the strength of evidence in a civil, disciplinary,   regulatory or criminal investigation, subject to role.     Evaluate   the assessment of the strength of evidence in a civil, disciplinary,   regulatory or criminal investigation, subject to role. Provide advice and   support to others.
    4.8    Evidence Gathering – Evidential Standards     Recognise   evidence must be lawfully gathered to required standards for a criminal,   civil, regulatory or disciplinary investigation.     Explain   the requirement to lawfully gather evidence to required standards for a   criminal, civil, regulatory or disciplinary investigation.     Apply   the relevant legislation and codes of practice to gather evidence to required   standards for a criminal, civil, regulatory or disciplinary investigation.     Evaluate   the application of the relevant legislation and codes of practice to gather   evidence to required standards for a criminal, civil, regulatory or   disciplinary investigation. Provide advice and support to others.
    4.9    Evidence Gathering –  Data Analysis     Recognise   that data must be analysed and collated in order to make sound and fair   investigation decisions in a civil, disciplinary, regulatory or criminal   investigation, as appropriate.     Explain   how data may be analysed and collated to support investigative decisions and   outcomes in a civil, disciplinary, regulatory or criminal investigation, as   appropriate.     Apply   analysis techniques to a range of data and make sound and fair investigation   decisions in a civil, disciplinary, regulatory or criminal investigation, as   appropriate.     Evaluate   the application of data analysis and collation techniques in a civil,   disciplinary, regulatory or criminal investigation, as appropriate. Provide   advice and guidance to others.
    4.10    Evidence Gathering – Witness Statements     Recognise   witness statements / affidavits must be produced in a formal template to a   required standard and be utilised for the purpose for which it was obtained.     Explain   how to produce witness statements to the standards required by legislation.  Explain how to produce witness statements /   affidavits to the standard required for non-criminal investigations.     Produce   witness statements to the standards required by legislation (criminal   investigations). Produce witness statements / affidavits to the standard   required for non-criminal investigations.     Evaluate   the production of witness statements or affidavits to the standards required   by legislation (criminal investigations) and the standard required for   non-criminal investigations. Produce witness statements / affidavits in   complex investigations. Provide advice and support to others.
    4.11    Evidence Gathering – Continuity of Evidence     Recognise   the requirements around the identification, source recording, securing and   storing of potential evidence.     Explain   the rules and relevant policies relating to the continuity of evidence such   that the source of evidence can be fully supported.     Apply   the rules and relevant policies relating to the continuity of evidence so the   source of evidence can be fully supported.     Review   and evaluate the application of the rules and relevant policies relating to   the continuity of evidence so the source of evidence is fully supported and   the evidence can be relied upon. Provide advice and support to others.
    4.12    Evidence Gathering – Statement Identification     Identify   the process around the use of people as witnesses.     Explain   how to identify people and exhibits/productions in witness statements and/or   affidavits.     Apply   the identification of people and exhibits/productions in witness statements   and/or affidavits.     Evaluate   the identification of people and exhibits/productions in witness statements   and/or affidavits and review potential discrepancies. Provide advice and   support to others.
    4.13    Evidence Gathering – National Intelligence Model     Recognise   what information and intelligence is.     Explain   the National Intelligence Model and National Intelligence Methodology   (criminal investigation).     Apply   the classification and handling of information in line with the National   Intelligence Model and National Intelligence Methodology (criminal   investigation).     Interpret   the application of the National Intelligence Model and Methodology. Support   others to produce NIM assessments (criminal investigation).
    4.14    Evidence Gathering – Intelligence Handling     Recognise   what evidence and intelligence are.     Explain   the demarcation of intelligence and evidence and demonstrate awareness of   source and evidence handling.     Apply   appropriate handling principles to source and intelligence material,   demonstrating knowledge of potential risks of mishandling.     Review   and evaluate potential risks of crossover between intelligence and evidence   and ensure appropriate handling principles are applied. Provide advice and   support others.
      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    5.1    Investigative Interviewing – Interview Strategy     Summarise   the key components of an overarching investigative interviewing strategy.     Explain   how to produce an overarching investigative interviewing strategy, where   appropriate.     Apply   an overarching investigative interviewing strategy, where appropriate.     Analyse   factors that affect an investigative interviewing strategy. Evaluate the   application of investigative interviewing strategy, where appropriate.   Provide advice and support to others.
    5.2    Investigative Interviewing – Interview Planning     Recognise   interviews with people must be planned and executed using a methodology.     Explain   how to produce an interview plan to the required standard for a civil,   disciplinary, regulatory or criminal investigation.     Produce   interview plans to the required standard for a civil, disciplinary,   regulatory or criminal investigation.     Evaluate   interview plans to provide assurance they meet the required standard for a   civil, disciplinary, regulatory or criminal investigation.
    5.3    Investigative Interviewing – Witness Interviews     Recognise   that a witness may have varying demands to that of subjects and identify   appropriate ways to respond to those demands.     Explain   the varying demands of the witness and how to respond to them.     Demonstrate   the ability to recognise and respond to the varying demands of the witness.     Evaluate   the recognition and response to the varying demands of the witness.
    5.4    Investigative Interviewing – Testimony & Evidence Introduction     Recognise   the interview plan will include the consideration of when to introduce   testimony and exhibits/productions during interviews.     Explain   how to introduce testimony and exhibits/productions during interviews.     Apply   the introduction of testimony and exhibits/productions during interviews.     Evaluate   the introduction of testimony and exhibits/productions during interviews and   support others in their application.
    5.5    Investigative Interviewing – PEACE/PRICE Model     Recognise   there is a model utilised for interviews and associated techniques to use in   interviews.     Explain   the PEACE/PRICE model and the use of conversation management and open recall   techniques.     Apply   the PEACE/PRICE model for interviewing, utilising conversation management and   open recall techniques.     Evaluate   the application of the PEACE/PRICE model for interviewing. Apply the   PEACE/PRICE model to interviews in complex or sensitive investigations.
    5.6    Investigative Interviewing – Interview Skills     Identify   the key skills such as listening, summarising and observing during   interviews.     Explain   effective listening, summarising and observation skills during interviews.     Apply   effective listening, summarising and observation skills during interviews.     Evaluate   the application of effective listening, summarising and observation skills   during interviews. Support others in their application.
    5.7    Investigative Interviewing – Recording Equipment     Recognise   that audio, visual and digital recording equipment may be used to conduct   interviews.     Explain   how to use audio, visual and digital recording equipment to conduct   interviews (dependent on departmental/legislative practices).     Demonstrate   the use of audio, visual and digital recording equipment to conduct   interviews (dependent on departmental /legislative practices).     Evaluate   the use of audio, visual and digital recording equipment to conduct   interviews. Support others to use audio, visual and digital recording   equipment to conduct interviews (dependent on departmental/legislative   practices).
    5.8    Investigative Interviewing – Investigator Notes & Records     Recognise   the importance of recording notes, statements and transcripts of interviews   and the requirements for retention.     Explain   how to produce investigator notes, narrative statements, 3rd party   witness testimonies and transcripts and the requirements for retention.     Produce   and retain accurate investigator notes, narrative statements, 3rd   party witness testimonies and transcripts.     Evaluate   the production and retention of investigator notes, narrative statements, 3rd   party witness testimonies and transcripts. Provide advice and support to   others.
    5.9    Investigative Interviewing – Legislative requirements     Recognise   the requirements for interviews, including legislative compliance (criminal   investigations).     Recognise   the requirements for conducting an interview which is fully compliant with   relevant legislation or departmental policy (non-criminal investigations).     Explain   the requirements for conducting an Interview Under Caution (IUC) fully   compliant with the legislative requirements (criminal investigations).   Explain the requirements for conducting an interview which is fully compliant   with relevant legislation or departmental policy (non-criminal   investigations).     Undertake   an IUC fully compliant with the legislative requirements (criminal   investigations). Undertake an interview which is fully compliant with   relevant legislation or departmental policy (non-criminal investigations).     Evaluate   the delivery of IUC and assess where issues may have occurred. Undertake an   IUC in sensitive, serious and complex investigations, applying the   legislative requirements (criminal investigations) or relevant legislation or   departmental policy (non-criminal investigations).
    5.10    Investigative Interviewing – Interview Evaluation     Recognise   the need to evaluate an investigatory interview to identify further   investigative actions.     Explain   how to evaluate an investigatory interview to identify further investigative   actions.     Evaluate   an investigatory interview to identify further investigative actions.     Analyse   the evaluation of an investigatory interview. Provide advice and support to   others.
      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    6.1    Case Progression – Report Writing & Communications     Recognise the need to produce balanced information for use in reports.     Explain how to produce concise, clear, balanced and accurate reports,   letters, e-mails and other items of correspondence.     Demonstrate production of concise, clear, balanced and accurate reports,   letters, e-mails and other items of correspondence.     Interpret the effectiveness of written reports. Have the foresight to   address all potential case implications. Provide advice and support to   others.
    6.2    Case Progression – Evidence Files     Recognise   the need to produce material to support court, tribunal or disciplinary   proceedings in accordance with the requirements of the relevant legislation,   codes of practice or departmental policy.     Explain   how to prepare an evidence file with material to support court, tribunal or   disciplinary proceedings in accordance with the requirements of the relevant   legislation, codes of practice or departmental policy.     Produce   an evidence file with material to support court, tribunal or disciplinary   proceedings in accordance with the requirements of the relevant legislation,   codes of practice or departmental policy.     Evaluate   the production of an evidence file with material to support court, tribunal   or disciplinary proceedings in accordance with the requirements of the   relevant legislation, codes of practice or departmental policy. Provide   advice and support to others.
    6.3    Case Progression – Disclosure     Recognise   evidence and supporting documentation in investigations conducted for court,   tribunal or disciplinary proceedings may be disclosed.     Explain   compliance with the provisions for disclosure in court, tribunal or   disciplinary proceedings as appropriate.     Demonstrate   compliance with the provisions of disclosure in court, tribunal or   disciplinary proceedings, as appropriate.     Evaluate   compliance with the provisions of disclosure in court, tribunal or   disciplinary proceedings, as appropriate. Provide advice and support to   others.
    6.4    Case Progression – Operational Learning     Recognise   investigations inform identification of gaps and weaknesses in business   processes and that they need to be addressed.     Explain   how to provide insight from investigations to identify and facilitate   improvements to policy and processes to assist prevention, deterrence and   increased future detection.     Provide   insight from investigations to identify and facilitate improvements to policy   and processes to assist prevention, deterrence and increased future   detection. Produce full and accurate post investigation assessments.     Analyse   insight from investigations to identify and facilitate improvements to policy   and processes to assist prevention, deterrence and increased future   detection. Produce full and accurate post investigation assessment,   demonstrating an innovative approach to remedial action. Provide advice and   support to others.
    6.5    Case Progression –      Law Enforcement Referral     Recognise   there is a process to report cases to law enforcement agencies.     Explain   the process for referring a case to law enforcement.     Demonstrate   the process for referring an appropriate case to law enforcement.     Evaluate   the referral of cases to law enforcement and their requirements. Demonstrate   the ability to expedite matters to reduce delays to the investigation.
    6.6    Case Progression – Evidence Presentation     Recognise   the results of investigations that may be presented to courts, tribunals or   hearings.     Explain   the procedures and requirements to give evidence as a witness at hearings   (criminal / civil / regulatory / disciplinary investigations).     Demonstrate   experience of the procedures and presenting as a witness at hearings   (criminal / civil / regulatory / disciplinary investigations).     Evaluate   the presentation of witness evidence and provide advice and guidance on   giving evidence (criminal / civil / regulatory / disciplinary   investigations).
      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    7.1    Parallel/Multi Track Approach (criminal, disciplinary, regulatory and civil   investigations) – Investigation and Reporting     Recognise   the production of material for a variety of approaches in parallel.     Explain   how to prepare files and investigate at the relevant standards, in parallel.     Demonstrate   experience of compiling a file and investigating at the relevant standards in   parallel.     Evaluate   the production of files and investigating at the relevant standards in   parallel. Provide advice and support to others.
    7.2    Parallel/Multi Track Approach (criminal, disciplinary, regulatory and civil   investigations) – Civil Enforcement and Recovery/Compensation     Recognise   investigation outcomes can include parallel civil enforcement and/or   recovery/compensation actions.     Explain   the relevant parallel civil enforcement and/or recovery/compensation actions   and understand how to progress them.     Demonstrate   experience in identifying and progressing parallel civil enforcement and/or   recovery/compensation actions.     Evaluate   the identification and progress of parallel civil enforcement and/or   recovery/compensation actions. Provide advice and support to others.
      Competency       Trainee (T)       Foundation (F)       Practitioner (P)       Advanced Practitioner (AP)

|— |— |— |— |— |

    8.1    Stakeholder Engagement – Building Stakeholder Relationships     Recognise investigations have an impact on other parts of an   organisation that must be kept informed.     Explain the need to build and maintain new and existing   partner/stakeholder relationships with those involved in investigations to   achieve progress on objectives, key initiatives and shared interests.     Demonstrate the ability to actively build and maintain new and existing   partner/stakeholder relationships to achieve progress on objectives, key   initiatives and shared interests.     Evaluate the building and maintaining of new and existing   partner/stakeholder relationships. Demonstrate effective engagement with   senior stakeholders to achieve required risk mitigation measures, offering   technical insight.
    8.2    Stakeholder Engagement – Working with Stakeholders     Identify   who potential stakeholders may be.     Explain   how to work with stakeholders to define and improve service delivery, and   value for money outcomes.     Demonstrate   the ability to work with stakeholders to define and improve service delivery,   and value for money outcomes.     Evaluate   service improvements and value for money outcomes by working with   stakeholders at all levels, using technical expertise to identify key   stakeholders.
    8.3    Stakeholder Engagement – Government Counter Fraud Community and Law   Enforcement Sector     Identify   the agencies that work in counter fraud.     Explain   who are the partners in the government counter fraud community and law   enforcement sector.     Demonstrate   networking with partner organisations in the government counter fraud   community and law enforcement sector organisations and developing beneficial   working relationships.     Evaluate   networking with partner organisations in the government counter fraud   community and law enforcement sector and develop beneficial working   relationships. Demonstrate a well-developed network of contacts within the   government counter fraud community and law enforcement sector and act as a   primary conduit to facilitate the progression of complex investigations.
      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    9.1    Sanctions Redress & Punishment –      Fraud Typologies     Identify the different types of fraud committed against the public   sector.     Explain the different types of fraud committed against the public sector   and how these frauds could be perpetrated.     Demonstrate practical experience of categorising fraud and providing   insight into how the fraud was perpetrated.     Review and evaluate fraud categorisation modus operandi and impact,   support others to do so.
    9.2    Sanctions Redress and punishment –      Calculating Losses & Costs     Recognise   that in cases of fraud the calculation and presentation of losses and costs   must be undertaken for sanction and redress outcomes.     Explain   the processes required to determine the losses and costs figures in sanction   and redress outcomes.     Demonstrate   practical experience of calculating the losses and costs borne in cases of   fraud for use in sanctions and redress outcomes.     Evaluate   the processes and calculations of losses and costs borne in cases of fraud   and support others when making calculations.
      Competency       Trainee    (T)       Foundation    (F)       Practitioner    (P)       Advanced    Practitioner (AP)

|— |— |— |— |— |

    10.1    Manager –      Management of Team Resources/Activity     Identify   how to prioritise team resources, workstream allocation and activity   including operational planning.     Explain   the process for prioritising team resources, workstream allocation and   activity including operational planning.     Demonstrate   practical application of how to prioritise team resources, workstream   allocation and activity including operational planning.     N/A
    10.2    Manager –      Authority Approval     Recognise   how to identify activity that requires manager approval.     Explain   the process for monitoring and approving activity that requires manager   approval.     Demonstrate   practical application of monitoring and approving activity requiring manager   approval.     N/A
    10.3    Manager –      Deploy and Manage Caseloads     Recognise   how to deploy skills and resources effectively to manage an investigation   caseload.     Explain   how to deploy skills and resources effectively to manage an investigation   caseload.     Demonstrate   how to deploy skills and resources effectively to manage an investigation   caseload.     N/A
    10.4    Manager –      Developing Skills     Recognise   how to develop the skills required, including identifying capability gaps in   an investigation team to align to the HMG Investigation Standards.     Explain   how to develop the skills required and identify capability gaps in an   investigation team to align to the HMG Investigation Standards.     Demonstrate   how to develop the skills required and any capability gaps in an   investigation team to align to the HMG Investigation Standards.     N/A
    10.5    Manager –      Case Progression & Reviews     Recognise   how to conduct case reviews, monitor case progression and identify the   relevant departmental guidance legislation and aims and provide advice and   direction, where appropriate.     Explain   how to conduct case reviews, monitor case progression and identify the   relevant departmental guidance legislation and aims and provide advice and   direction, where appropriate.     Demonstrate   how to conduct effective case reviews, whilst monitoring case progression in   line with the relevant departmental guidance, legislation & aims and   provide advice and direction, where appropriate.     N/A
    10.6    Manager –      Quality Control & Performance     Identify   the process for quality control (QC) relevant to investigations.     Explain   the process for QC relevant to investigations.     Demonstrate   application of existing quality control processes for investigations as well   as reviewing and amending QC structures to improve investigation practices.     N/A
    10.7    Manager –      Productivity & Management Information     Recognise   how to review productivity using relevant management information (MI).     Explain   how to review productivity drawing upon relevant MI.     Demonstrate   ability to review productivity drawing upon relevant MI.     N/A
    10.8    Manager –      Information Management     Recognise   relevant information management policies complying with General Data   Protection Regulation (GDPR) and Information Commissioner guidelines.     Explain   relevant information management policies, including GDPR and Information   Commissioner guidelines.     Demonstrate   the application of relevant information management policies, complying with   GDPR and Information Commissioner guidelines.     N/A
    10.9    Manager –      Decision making – Case Outcomes     Identify   if there are different routes available for a case outcome, including civil,   disciplinary, criminal or regulatory.     Explain   how to use judgement to achieve a case outcome using the relevant route;   civil, disciplinary, criminal or regulatory.     Demonstrate   judgement to achieve a case outcome using the relevant route; civil,   disciplinary, criminal or regulatory.     N/A
    10.10    Manager –      Stakeholder Engagement     Recognise   how to build and maintain new and existing stakeholder relationships to   enable efficient investigations.     Explain   how to actively build and maintain new and existing stakeholder relationships   to enable efficient investigations.     Demonstrate   the ability to seek new and strengthen existing stakeholder relationships at   a senior level to enable efficient investigations.     N/A
    10.11    Manager –      Media and Publicity     Recognise   the options for proactive and reactive media handling and identify the   relevant departmental policies.     Explain   the different options and how to apply departmental policies for proactive   and reactive media activity.     Demonstrate   practical application of the options and apply departmental policies for   proactive and reactive media activity.     N/A

  C. Guidance for Professionals

Guidance on Processes – Investigation

Introduction

This guidance covers effective investigatory processes. Investigators must be able to assess what matters are appropriate to investigate, how these will be investigated and the process by which this will be managed.

The creation of standard operating procedures should be considered for investigation processes. Different standard operating procedures could be considered for different fraud types.

All processes and procedures should be regularly reviewed and evaluated to ensure they are of the required standard and remain current.

Those working in investigations should have knowledge of the following legislation and policy and understand how it impacts upon their role and may include the following dependent on jurisdiction:

England & Wales

  • Fraud Act 2006

  • Theft Act 1968

  • Bribery Act 2010

  • Proceeds of Crime Act 2002

  • Human Rights Act 1998

  • Data Protection Act 1998

  • Computer Misuse Act 1990

  • Criminal Procedure & Investigations Act 1996

  • Police and Criminal Evidence Act 1984

  • Criminal Justice Act 2003

  • Regulation of Investigatory Powers Act 2000

  • Investigatory Powers Act 2016

  • Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

  • Freedom of Information Act 2000

  • Public Interest Disclosure Act 1998

  • Government Security Classifications

  • Civil Service Code

  • Criminal Finances Act 2017

Northern Ireland

  • Fraud Act 2006

  • Theft Act Northern Ireland 1969

  • Bribery Act 2010

  • Proceeds of Crime Act 2002

  • Human Rights Act 1998

  • Data Protection Act 1998

  • Computer Misuse Act 1990

  • Criminal Procedure & Investigations Act 1996

  • The Police and Criminal Evidence (Northern Ireland) Order 1989

  • Criminal Justice NI Order 2003

  • Regulation of Investigatory Powers Act 2000

  • The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2013

  • Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

  • Freedom of Information Act 2000

  • Public Interest Disclosure NI Order 1998

  • Government Security Classifications

  • Civil Service Code

  • Criminal Finances Act 2017

Scotland

  • Scots Common Law - Fraud and Related Offences

  • Bribery Act 2010

  • Proceeds of Crime Act 2002

  • Human Rights Act 1998

  • Data Protection Act 1998

  • Computer Misuse Act 1990

  • Criminal Procedure (Scotland) Act 1995

  • Regulation of Investigatory Powers (Scotland) Act 2000

  • Investigatory Powers Act 2016

  • Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

  • Freedom of Information Act 2000

  • Public Interest Disclosure Act 1998

  • Government Security Classifications

  • Civil Service Code

  • Criminal Finances Act 2017

  • Common Law - Fairness in Suspect Interviews

  • Criminal Justice and Licensing (Scotland) Act 2010

Investigation Assessment

  • All potential cases for investigation will be considered against the organisation’s case acceptance criteria.

  • The organisation will have clear processes describing when to engage with others e.g. executive staff members, statutory officers, Money Laundering Reporting Officers (MLRO) (if applicable), press officers, HR, legal advisors, the police and regulatory authorities.

  • The organisation should have a considered approach to how the intelligence and investigation functions interact.

  • Organisations should utilise an auditable investigation management system to record as a minimum:

  • the receipt of investigation referrals;

  • the referral assessment and the decision whether or not to investigate and the reasons;

  • case progress, including diarised events and the storage of electronic and other evidence;

  • any key milestone dates;

  • any formal review points;

  • record policy decisions;

  • date of recorded outcome;

  • conclusions reached, and potentially findings established; and

  • follow up decisions and action taken.

  • Organisations will have a secure repository to store key documents and products. This repository should be protected from staff working outside of the counter fraud function.

The Investigation Process

Review

  • There may be a time lapse between acceptance of a case for investigation and commencement of the investigation. The investigator should review and update the available information as required, and consider whether any new information affects the case to investigate. It may be appropriate to reconsider the case for investigation or refer the matter back to the case evaluator/intelligence function for further consideration. The investigator should consider the sources of information required to assist the investigation, of which the following are examples:

  • previous related investigations;

  • financial records;

  • organisational records or electronic data;

  • Government open data such as Companies House and Land Registry;

  • open source internet information;

  • closed source information requiring authorisation;

  • any complainant or individual with knowledge of the matters involved; and

  • in-house intelligence teams.

Planning

  • All investigations should start with the creation of an investigation plan. When preparing an investigation plan, an investigator will consider the following factors, amongst others:

  • offences under investigation

  • case summary including a working hypothesis;

  • disruption opportunities;

  • resources;

  • intelligence;

  • parameters of the investigation;

  • actions (lines of enquiry);

  • subjects;

  • witnesses;

  • location of evidence;

  • forensic and financial opportunities;

  • risk assessment;

  • community / business impact;

  • disclosure;

  • diversity;

  • media;

  • CPS early consultation;

  • target dates for actions; and

  • victim liaison.

  • Having reviewed and updated the information available, the investigator should ensure they have sufficient resources, in terms of staff, skills and other resources, to undertake the investigation. This may have been covered through the assessment process or by an investigation team manager. At this stage it will be appropriate to consider how, if at all, other investigators can be involved to gain experience.

  • Investigators should be aware of developments throughout the investigation process, which could support an extension or curtailment of the investigation, and ensure stakeholders and senior managers are briefed of the developments.

  • Organisations are likely to have a range of investigations from high volume limited value, through to large and major investigations, which may also be complex. Policies should specify how to identify and address this range of casework with investigators and investigation managers responsible for interpreting policies, such that all investigations are completed effectively within agreed key performance indicators. This will involve the allocation of appropriate grades, numbers of staff and staff with particular skill sets to one or more investigations.

  • Certain investigations may require specialist resource, which is either limited or not available within the organisation, i.e. Financial Investigators. The organisation should have pre-agreed arrangements to bring in specialist resources, from within or outside the organisation, as and when required and to amend case priorities and timelines, as necessary. Such decisions should only be taken having recognised the implications for all casework and the staff involved.

  • All material collected should be organised and stored in a manner which ensures that its provenance can be recalled and the material’s disclosure decided upon. This process should meet relevant legislation, where applicable.

  • An investigation plan should include a communication strategy of who needs to be made aware of the investigation, in what order and when, covering both managerial staff and those directly involved in the case. This strategy must take account of a risk assessment concerning the impact of any communication upon the potential loss of evidence; ‘tipping off’ offenders; the prevention of continual offending; public interest; and the Contempt of Court Act.

Investigating

  • All investigations will be fully compliant with relevant legislation. A failure by staff to comply with the legal and organisational requirements of an investigation may be determined as serious misconduct.

  • The actual investigation required will depend on the facts of each case, as will the skills required. The investigation process should include case reviews with the investigation manager or SIO at agreed stages throughout the investigation.

  • There may be a need to gather information by surveillance or imaging of electronic data. The investigator should consider and obtain the appropriate authorisations, using legal gateways where applicable, before the commencement of any such activity.

  • Interviews undertaken should adhere to the skill standards specified in the Investigation Competency Framework.

  • Organisations should have a process to address non-cooperation by individuals who may be able to assist the investigation or are the subject of an investigation.

  • The investigation should be directed to address:

  • whether the concerns that led to the investigation are borne out;

  • if there are any additional concerns or wider issues;

  • the factual narrative of the matter in hand;

  • any relevant financial implications;

  • any non-financial/reputational issues; and

  • any implications for existing processes such as control weaknesses.

Investigation Management

  • An investigation methodology, which is legislatively compliant and has appropriate levels of governance, needs to be developed and documented within an organisation’s investigation guidance.

  • Organisations will have a process to allocate the right case to the right member of staff based on appropriate expertise.

  • The investigation manager is responsible for providing terms of reference for each investigation and for the strategic direction of the enquiry, ensuring an investigator produces an investigation plan outlining their approach to the investigation, if the nature of the investigation warrants this.

  • The terms of reference will cover health and safety issues, planned timescales, costs, a risk assessment concerning immediate considerations e.g. on-going losses (asset restraint)/offenders still offending/ vulnerable victims and timing for review and evidential evaluation meetings.

  • The methodology should cover the process by which specialist advice is sought; including legal, proceeds of crime and any forensic services.

  • At the conclusion of an investigation, if the nature of the investigation warrants, there should be a review process including all appropriate stakeholders. This will identify any lessons learned and, if required, result in an action plan of measures to assist in the future prevention, deterrence and detection of recurrences.

  • Organisations will embed a quality assurance framework, and feedback mechanism from customers, to ensure a continuous cycle of learning and development underpins the core investigation activity.

  • The investigation manager will ensure, where an investigation report or briefing is required, that it is factually accurate, robustly supported by evidence and adheres to the organisation’s product standards.

  • In regard to (published) reports subject to ‘fairness procedures’, managers will be aware of what information should be disclosed to those involved for comment prior to report completion.

  • Investigators must take steps to protect their sources of information, witnesses and other parties to the investigation, as required. The investigator must follow relevant statutory frameworks when required, but also the spirit of relevant legislation when they do not apply.

  • As part of their review of an investigation, the investigation manager is responsible for assessing the quality of any investigative interviews conducted and the general investigation standard.

  • Organisations and investigation managers must ensure that investigators have the appropriate skills and knowledge to deliver quality investigations, compliant with policy and guidance.

  • Where serious issues are identified during or following an investigation that require communication to a wider audience, the organisation will ensure an appropriate escalation route exists.

  • Organisations should have a protocol for the management of sensitive or high-profile investigations, ensuring key stakeholders are advised where the case is likely to attract ministerial, regulatory, press or public interest.

  • Protocols should exist between the counter fraud function and other key departments including internal audit, human resources and legal services. This protocol will clearly define each function’s responsibilities and promote engagement between the professions to ensure an early exchange of information is made and no conflicts exist in the work to resolve a fraud matter.

  • Following the conclusion of an investigation, if the nature of the investigation warrants, there will be a process to identify what further action, if any, is required. This will include dissemination and the circumstances in which dissemination should be made; dissemination issues may be covered by legislation, particularly in regard to regulatory reports.

  D. Guidance for Professionals

Guidance on Products – Investigation

Introduction

This guidance covers what good quality products should include. An investigation outcome report will be a product in many investigations and may be the only product. However, notably where further action is anticipated, the product may be a package of relevant information in support of a case summary or briefing note for example, rather than a formal investigation report.

Case Acceptance Criteria

  • The organisation should have set case acceptance criteria. This may be a stand-alone document or be incorporated in the case management system.

  • The criteria should take into account factors such as financial value, reputational impact, high-profile nature, and the information available or likely to be obtainable.

Terms of Reference

  • The terms of reference should set out the parameters and methodology of the investigation. This can be a template available to investigators setting out key criteria: methodology, purpose, legal gateways, recourse, requirements or it may be cross referenced through an investigation plan.

  • This should be agreed by a manager or SIO and for high-value, high-profile cases it should be flagged to the executive board/senior managers for information.

Key Decision Log (KDL)

  • The KDL could be a standalone document or incorporated into the case management system. It is used to record all key decisions made during the investigation and log details of case reviews. When making decisions and recording these in the KDL, the investigator/investigation manager should keep in mind necessity, proportionality, legality, and accountability. Examples of key decisions include narrowing or expanding lines of enquiry, subject designation, and consideration of applications of relevant legislation amongst others.

Case Progression Log

  • The case progression log could be a standalone document or could be incorporated in the case management system. This should log all activity undertaken by the investigator from the case acceptance to the closure of the enquiry. It should be auditable, with actions taken and outcomes clearly recorded.

Pocket Notebook (PNB)

  • A PNB is a recommended requirement for investigations as a contemporaneous record of events, observations and activity on investigations. PNBs must be used to record details of interviews under caution. PNBs should be in a hardback bound format, lined and with numbered pages. Pages should not be taken out and any retrospective notes should be clearly labelled, dated and timed as such. Each page should be signed and dated.

Case Review Report

  • A senior investigator or manager, at regular intervals, should review the progress of an investigation. The purpose of the review is to have an auditable path throughout the investigation to ensure the enquiries are necessary, proportionate and within the legal parameters of the organisation. The review should consider and document the decision to continue the investigation with rationale for the decision made.

  • Status reports are usually stand-alone products but may also be a function of a case management system. They provide a point-in-time update on the investigation in terms of progress, time lapsed and loss identified and or secured/recovered. These should be proactively produced at regular intervals to keep stakeholders/senior managers updated.

Investigation Report

  • All investigations will result in an investigation closure report or formal assessment document, which should be produced in a standard format while covering the issues specific to the investigation objectives.

  • Standard sections should normally be:

  • investigation background;

  • summary;

  • information obtained;

  • conclusions; and

  • recommendations; such as control improvements.

  • Specific reporting conventions will be set out in organisational guidance as particular areas of responsibility may need to be addressed. Some regulatory specific reports may only require reporting of the facts, rather than conclusions to be drawn from them, as these will be an independent matter for the sponsoring organisation.

  • Investigators should avoid speculative content and where it is considered appropriate to offer a professional opinion, specify this fact clearly in their report.

  • Investigators should ensure that their report does not extend beyond their appointment terms or expertise.

  • The purpose of an investigation report is to set out the facts of a particular matter and generally reach conclusions; and that an assessment can be made on what action, if any, needs to be taken. The report must fully detail and reference information supporting the findings and conclusions reached such that an independent reader, without previous knowledge of the matter in hand, is able to independently review information available to the investigator, including key documentation, and follow the reasoning on which their conclusions were based. The investigation file will be readily reviewable on a similar basis.

  • Reports will be:

  • factually correct;

  • impartial and objective;

  • concise, clear and complete; and

  • logically organised.

  • Reports will include the steps taken by the investigator to gather evidence and analyse it.

  • Reports will be clear and not open to interpretation.

  • Depending on legal advice, it may be inappropriate to name all or certain individuals involved in the report. In such circumstances, investigators should ensure that their report is drafted in such a way as to prevent the inadvertent disclosure of those involved.

  • Investigators should be aware of the organisations and individuals likely to read their report, within the sponsoring organisation and to whom the organisation might wish to disclose the report, and draft their report such that it is readily understandable to all stakeholders.

  • In the case of regulatory reports, legislation may reflect the circumstances in which reports can be disclosed. If the disclosure regime is unclear, reports will include the circumstances in which reports may be disclosed, with the investigator or sponsoring department to be consulted in all cases.

  • Investigation reports should be protectively marked with the appropriate security classification to assist correct handling. Any reports identifying a potential criminal offender, sensitive and closed sources of information, and any personal data concerning a staff member must be classified at a minimum of OFFICIAL SENSITIVE.

Investigation Performance Report

  • An organisation should set a clear expectation that investigations which are sensitive or high profile, or likely to attract Ministerial, press or public interest will be subject to regular update briefings for senior stakeholders throughout the investigation.

  • Upon conclusion of an investigation, a final summary briefing should be provided to senior stakeholders, highlighting the findings of the investigation and the actions arising from it. The investigator will be responsible for informing the content of such briefings to senior managers.

Further Action Investigation Products

  • Where a referral is made to the police or another law enforcement agency, a comprehensive evidential package should be produced. This should contain all material gathered as part of that enquiry including: a case summary note, an investigator’s witness statement and exhibit/production schedule, exhibits/productions, witness statements, all other material produced in the investigation and any related HR or disciplinary material.[footnote 1]

  • Consideration should be given to completing a crime report on Action Fraud, the UK’s national fraud and cybercrime reporting system. This offers a number of advantages. It means the matter has been recorded as a criminal offence according to Home Office Counting Rules. Secondly, the information in the report will be matched against existing and future crime reports made on the system as well as other data which can form networks of linked crimes reflecting the true scale of offences. Finally, it will form part of the statistics used to show the scale of fraud in the UK. However, because of the high volume of reporting and competing demands within policing, the report may not be disseminated for investigation.

  • Following an investigation, which identifies a system or control weakness, the investigator will produce an assessment for use in prevention and deterrence activities. The purpose of the assessment is to:

  • summarise the allegation and findings;

  • identify the methods employed in the apparent breach;

  • identify known associates;

  • specify the opportunity, motive and rationalisation; and

  • process weaknesses or control failures.[footnote 2]

  • Upon conclusion of an investigation, a final summary briefing should be provided to senior stakeholders and those charged with governance, highlighting the findings of the investigation and the actions arising from it.

File Standards (Not Applicable in Scotland)

  • The Crown Prosecution Service (CPS) National File Standard (NFS) provides for a staged and proportionate approach to the preparation of criminal prosecution case files. It specifies the material required for the first hearing and identifies how the file is to be developed at appropriate stages throughout the life of the case.

  • The NFS provides the prosecutor, the defence and the court with information proportionate and necessary to progress the case. The standard should continue to be used to develop the file should it be required to proceed to summary trial, committal or sending it to the crown court for jury trial. The NFS covers a range of products which can also be utilised in civil and regulatory investigations. For example:

  • case summary

  • witness statements;

  • search and seizure logs and records;

  • endorsed notification of powers and legal rights;

  • exhibit labels;

  • disclosure schedules;

  • interview transcripts;

  • pre-interview disclosure form;

  • Ordinarily, the CPS will make charging decisions on the information provided by the MG3 (Report to Crown Prosecutor), MG3A (Further report to Crown Prosecutor) and any key evidence. These forms make up the ‘Precharge report’ for a charging decision, along with other documents which vary depending on the type of report being prepared i.e. whether there is an anticipated guilty or not guilty plea. However, the method of communication with the CPS may dictate the form of the document.

  E. Guidance for Professionals

Guidance for Organisations – Investigation

Introduction

This guidance is designed to present a consistent cross-government approach to counter fraud and raise the quality of organisations’ counter fraud work and the skills of their individuals. The aim is two-fold; to outline what individuals working in counter fraud should aim to get in place in their organisation; and for organisations to gain an understanding of what should be in place in particular areas.

They are designed to help organisations identify the research, training and resources needed to develop their capability further. Individuals should use this guidance and competency framework to measure and develop their skills.

This guidance is not intended to cover every eventuality or every specific issue that may arise and should be adapted to the organisation’s resources and fraud risk profile.

This document focuses on organisations’ capability to investigate fraud.

Policies

  • Organisations will have a counter fraud investigations policy, supported by an action plan against which the progress, outcome and quality of investigations can be measured.

  • The investigations policy should include:

  • reference to standard operating procedures (SOP);

  • case acceptance criteria;[footnote 3]

  • how to identify and prioritise investigations[footnote 4] taking into account issues such as proportionality and resources;

  • how to identify and address the organisation’s approach to serious and complex investigations to ensure sufficient resources, both expertise and staff numbers, are identified and made available as and when appropriate;

  • regular and consistent monitoring of investigations including target timescales;

  • operational learning processes, including debriefs and case reviews, detailing how to implement learning points from concluded investigations; and

  • joint working procedures outlining effective working arrangements between investigators, audit, prosecutors, HR, advisory lawyers, and management to ensure any criminal, civil or disciplinary proceedings are brought, regulatory action taken, or procedural changes made in a timely and effective manner.[footnote 5]

  • Organisations will implement/ensure promotion of professional and ethical practices underpinned by the Human Rights Act 1998 to guide investigations and investigators.

  • Where there are shared responsibilities between organisations, agreements should be developed to ensure that appropriate arrangements are in place to share data and support any joint investigations or lead accountabilities.

  • Adequate internal processes and contractual arrangements, with suppliers and grant recipients, will be in place to provide access to necessary support and information to assist investigations. This will include access to IT systems and all information sources, as well as internal and contractor staff.

  • Terms of business and fair processing notices governing the use and administration of services provided to members of the public. These must contain appropriate clauses that provide for access to people, documents and systems in the event that fraud is suspected and is subject to investigation.

  • Organisations will have a fraud response plan outlining the key contacts and processes to follow to investigate, report and address fraud in the organisation.

  • Investigation complaint handling guidance will be available. Complaints will be handled in a timely, appropriate and comprehensive manner with clear escalation points for persistent or sensitive complaints.

  • A specific counter fraud investigation’s retention and destruction policy will cover documentation obtained during the course of investigations, together with related information.

  • A confidentiality policy will be in place covering investigation-related information reflecting general and specific legislative arrangements.

  • The organisation will have a secure method set out to safeguard investigation-related material including exhibits/productions and case papers.

  • Policies and procedural guidance will be established to support the delivery of a quality investigation service. This guidance will outline the principles for investigation and provide a procedural framework to be followed by investigators and managers when conducting investigations into staff and third parties conduct.

  • Organisations will have a policy on information security relevant to investigations.

  • Guidance will aim to ensure that investigators and managers:

  • understand their roles and responsibilities;

  • carry out investigations legally and ethically;

  • interpret policy and the law correctly; and

  • make best use of recognised good practice and help develop it.

Team Structure and Support

  • Organisations must outwardly demonstrate to all their staff, and others working with them, that the investigative counter fraud function has the full support of the board and the audit committee.

  • Organisations will authorise an individual who is responsible for overseeing and providing strategic direction for investigative counter fraud activity including bribery and corruption.[footnote 6] This individual must have the requisite skills, knowledge and experience to manage the counter fraud function specific to the particular organisation.

  • An executive team officer[footnote 7] should be authorised to have direct responsibility for investigative and other counter fraud related issues; have the authority to debate with their peers for investigative resources; and represent the organisation internally and externally on investigative matters.

  • Depending on the size, nature of issue and approach of the organisation, the team may add to its investigative capacity using internal or external resources. The organisation will have proactive arrangements in place to access individuals with the appropriate skills as and when necessary.

  • Organisations will have a system to receive, record, develop and retain information and intelligence and facilitate its use in the investigation process. Depending on the organisation concerned, this may include information such as a record of previous investigations, complaints that did not lead to investigations or intelligence that is more specific.

  • A training, recruitment and/or development programme will be implemented to ensure that investigation staff have and retain appropriate skills to undertake the investigations allocated to them. This could involve qualification-based training; attending bespoke courses; reflecting the investigatory experience of staff or a combination.[footnote 8]

  • There should be procedures to ensure that all investigations are allocated to appropriately experienced staff. These procedures need to recognise that the ambit of investigations can change substantively during their course and may require considerably more or less resource, both in terms of numbers and specialist input, than originally envisaged.

  • The organisation should utilise a specialist function to coordinate and support counter fraud operations to aid the efficient and effective delivery of services; as well as provide greater consistency in the way fraud is tackled, recorded and reported across government. This could be an internal function or the utilisation of an external service provider.

Performance and Assessment Measure

  • A time and cost recording system for investigations undertaken, covering both internal staff and any outsourced investigations should be implemented. This should reflect direct and indirect costs including management time. This will ensure that relevant costs can be recovered through the appropriate mechanism.

  • Effective performance management arrangements (including outcome-based metrics) to drive and monitor progress and review impact, covering both internal staff and any outsourced investigations, should be operated by the organisation.

  • Individual organisations should regularly benchmark investigation performance with comparable internal and external investigation teams.

  • Counter fraud functions should maintain close liaison with other departments, providing engagement and reporting to assist in providing a high-quality, professional, cost effective investigation service, ensuring investigations are carried out to agreed targets and standards.

  • All performance assessments should reflect expertise and experience in the area concerned and anticipated timescales to provide required services, efficiency and cost benefit.[footnote 9]

Infrastructure and Process

Organisations must be able to assess what matters are appropriate to investigate, how these will be investigated and the process by which this will be managed.

  E1.1. Investigation Assessment

  • All potential cases for investigation will be considered against the organisation’s case acceptance criteria.

  • The organisation will have clear processes describing when to engage with others e.g. executive staff members, statutory officers e.g. MLROs (if applicable), press officers, HR, legal advisors, the police and regulatory authorities.

  • The organisation should have a considered approach to how their intelligence and investigation functions interact.

  • Organisations should utilise an auditable investigation management system to record as a minimum:

  • the receipt of investigation referrals;

  • the referral assessment and the decision whether or not to investigate and the reasons;

  • case progress, including diarised events and the storage of electronic and other evidence;

  • any key milestone dates;

  • any formal review points;

  • record policy decisions;

  • date of recorded outcome;

  • conclusions reached, and potentially findings established; and

  • follow up decisions and action taken.

  • Organisations will have a repository to store key documents and products. This repository should be protected from staff working outside of the counter fraud function.

  E1.2. The Investigation Process

  • There may be a time lapse between acceptance of a case for investigation and commencement of the investigation. Investigators may need to review and update available information, when required.

  • The organisation should have processes in place so that the investigator has available sources of information required to assist the investigation, of which the following are examples:

  • previous related investigations;

  • financial records;

  • organisational records or electronic data;

  • government open data such as Companies House and Land Registry;

  • open source internet information;

  • closed source information requiring authorisation;

  • any complainant or individual with knowledge of the matters involved;

  • in-house intelligence teams;

  • access to relevant business information; and

  • access to people, records systems and processes held by third parties.

  • Organisations are likely to have a range of investigations from high volume limited value through to large investigations, which may also be complex. Policies should specify how to identify, address and allocate this range of casework, including key performance indicators. This will involve the allocation of appropriate grades, numbers of staff and staff with particular skill sets to one or more investigations.

  • Certain investigations may require skills (or resources) which are either limited or not available within the organisation. The organisation should have pre-agreed arrangements to bring in staff from within or outside the organisation, to defer other cases or to amend case timelines. Such decisions should only be taken having recognised the implications for all casework and the staff involved.

  • There should be a suite of indicators to monitor performance of an investigation, including the timeliness and costs associated.

  • An investigation plan should include a communication strategy of who needs to be made aware of the investigation and in what order, covering both managerial staff and those directly involved in the case. This should be regularly reviewed as the investigation progresses.

  • Organisations should have a review process to address non-cooperation by individuals who may be able to assist the investigation or are the subject of the investigation.

  E1.3. Investigation Management

  • An investigation methodology, which is legislatively compliant and has appropriate levels of governance, needs to be developed and documented within an organisation’s investigation guidance.

  • Organisations will have a process to allocate the right case to the right member of staff based on appropriate expertise.

  • The investigation manager is responsible for agreeing terms of reference for each investigation and for the strategic direction of the enquiry, ensuring an investigator produces an investigation plan outlining their approach to the investigation, if the nature of the investigation warrants this.

  • The terms of reference will cover health and safety issues, planned timescales and timing for review meetings. The methodology should cover the process through which specialist advice is sought, including legal and any forensic services.

  • At the conclusion of an investigation, if the nature of the investigation warrants, there should be a review process including all appropriate stakeholders. This will identify any lessons learned and, if required, result in an action plan of measures to assist in the future prevention, deterrence and detection of recurrences.

  • Organisations will embed a quality assurance framework, and feedback mechanism from customers and staff, to ensure a continuous cycle of learning and development underpins the core investigation activity.

  • Organisations must ensure that investigators have the appropriate skills and knowledge to deliver quality investigations, compliant with policy and guidance.

  • Where serious issues are identified during or following an investigation that require communication to a wider audience, the organisation will ensure an appropriate escalation route exists.

  • Organisations should have a protocol for the management of sensitive or high-profile investigations, ensuring key stakeholders are advised where the case is likely to attract ministerial, press or public interest.

  • Following the conclusion of an investigation, if the nature of the investigation warrants, there will be a process to identify what further action, if any, is required. This will include dissemination and the circumstances in which dissemination should be made; dissemination issues may be covered by legislation, particularly in regard to regulatory reports.

  F. Further guidance

Further Information

These Professional Standards and Guidance have been created in order to align counter fraud capability across the public sector.

If you have any questions surrounding the Government Counter Fraud Profession, and how you can get yourself and your department involved, please contact [email protected]

Alternatively, the Counter Fraud and Investigation Team in the Government Internal Audit Agency (GIAA) provide a range of services defined in the Government Counter Fraud Framework. They can be contacted to discuss how they are able to assist you to meet your requirements at [email protected]

  1. In many regulatory investigations, a report will be completed and referred to specific prosecuting authorities as a stand-alone document, with supporting information, as appropriate. It will then be for prosecuting authorities to decide on what action, if any, it might be appropriate to take. 

  2. Some organisations will include such information in an all-encompassing report. The most appropriate method of reporting for each organisation should be included in specific organisational guidance. Depending on circumstances and investigator expertise, it may be appropriate to engage with internal audit in this process. 

  3. This will depend on the nature of the organisation. Organisations which undertake investigations irregularly are far less likely to need a policy setting out formal grounds to accept a matter for investigation than a regulatory organisation with investigatory powers 

  4. Prioritisation will be particularly relevant to cases with potentially serious reputational, financial or other high-risk implications 

  5. Different organisations may require working arrangements with different departments 

  6. It is anticipated that specific standards will be issued separately covering bribery and corruption issues. 

  7. There will be different descriptors of senior staff in different public sector organisations. However, they should be at such a level to influence policy and/or have direct contact with Ministers. 

  8. Having a specialist qualification evidences knowledge to a certain standard but not by itself the experience to undertake fully a range of investigatory work. Bespoke courses can be tailored to suit a specific function but again may not necessarily support required levels of first-hand expertise. Experienced staff may be able to undertake a range of work but can be limited to their areas of experience and expertise and will not have independent verification. 

  9. Assessment of investigation services within government should be the first consideration in seeking to identify a quality investigative offering and the most efficient use of public expenditure before seeking private sector involvement. However, the availability of immediate resources and the requirement for specialist skill sets are issues that might support an initial approach to the private sector. It may also be an option to discuss payment by results with the private sector if there is a link between the investigation process and recovery options.