Author: Inesh Perera

How to Implement Anti-fraud Measures

In my last insight on the topic of Fraud (which you can read here), I outlined the new “failure to prevent fraud” offence in the UK, and how to implement a fraud prevention framework. 

In this latest insight, the finer points of fraud prevention measures are highlighted.  

Did you know that the three points of our triangular logo represent the behaviours of an individual committing fraud, these traits are motivation, rationalisation and opportunity. 

Understanding the most common methods in how fraud is discovered, as well as looking into the behavioural traits of fraudsters, can both be the foundation for implementing effective fraud prevention and detection measures. 


 Reporting Fraud – Hotlines or Online? 

Interestingly, a recent fraud report shared by the Association of Certified Fraud Examiners (“ACFE”), highlighted that 42% of reported fraud cases were actually discovered by “tips” from employees, customers, partners and competitors.  This reinforces the need for organisations to implement anti-fraud awareness measures, not only on how to spot a fraud, but by giving them the tools and mechanisms to report suspicions of fraud.   

 The sooner a fraud is reported, the quicker it can be investigated, stopped and the perpetrators dealt with. 

 In cases where a reporting mechanism was used to report fraud, the use of telephone hotlines has declined substantially over the last few years; yet there has been a significant rise in fraud reporting via email and web-based/online platforms.  

 If an organisation only has a telephone reporting hotline, then it should consider other email/web based alternatives. If your organisation has yet to implement such reporting measures, then as these findings demonstrate, use a combination of online, electronic forms and telephone hotlines.  

 It is also imperative employees are taught how to communicate concerns or suspicious activity through the correct reporting channels. Equally, organisations should make it clear to employees that suspicious activity will be evaluated in a confidential, prompt and through manner.  

Organisations should extend these reporting lines and communication channels to external parties such as customers, vendors and competitors. 

Behavioural Red Flags 

When an individual is engaged in workplace fraud, they will often display certain behavioural traits that tend to be associated with fraudulent conduct.  Of the 85% reported fraud cases, it was revealed fraudsters exhibited at least one behavioural red flag. Worryingly, it was identified that 51% of the perpetrators exhibited multiple behavioural red flags.  

It is not uncommon for a workplace to be a stressful or pressurised environment, however, having an understanding and being able to recognise behavioural red flags can help organisations detect fraud and mitigate losses. Red flags displayed by fraudsters include the following: 

  • Living beyond one’s means.  Look out for individuals with lifestyle changes, purchasing of expensive cars, houses, holidays, and/or luxury goods, even private school education for children, all of which are beyond their normal income expectations. 
  • Check for financial difficulties or a history of debt, be aware of any arising financial problems, consider addictive behaviours such as gambling, or drug addiction. 
  • Look for an unusually close association with a vendor/customer, could they be receiving a bribe, financial favour or kickback. 
  • Does an individual appear to have a character which is irritable, suspicious, intimidating or defensive, sometimes bullying in the workplace. 
  • Look for individuals with excessive control issues, an unwillingness to share duties, refusal to take holidays, working out of normal hours or weekends. 
  • Look for traits such as a “wheeler-dealer” attitude involving shrewd or devious behaviour 
  • Has an individual been denied or overlooked for a promotion or raise in salary, received poor performance evaluations, demoted, or even complained openly about lack of authority or inadequate pay? 

Understanding the most common types of fraud in the workplace, can also assist in developing fraud prevention and detection strategies. 

  • Asset Misappropriation: Of the three primary categories of workplace fraud, asset misappropriation is by far the most common, occurring in 89% of the cases in the study. Asset misappropriation involves an individual stealing or misusing an organisation’s resources and include theft, skimming, forgery, invoice fraud, payroll fraud, expense fraud and resource misuse. 
  • Corruption: Corruption schemes are the next most common form of workplace fraud; with 38% of reported cases involving some form of corrupt act.  Types of corruption include conflict of interest, bribery, illegal gratuities, kickbacks and extortion. 
  • Financial Statement Fraud: The least common, but most costly form of workplace fraud is financial statement fraud, which occurred in 10% of reported cases. Types of financial statement fraud include fictitious reporting, concealments, overstatements, timing differences, improper asset valuations. 

How to Implement Anti-fraud Measures

There are various ways in which to implement strong anti-fraud measures.  Apply the following controls in all areas of your organisation, from finance and accounting departments to procurement and vendor onboarding functions as well as sales and operation teams. 

 Segregation of Duties 

Segregation of duties is a key risk management tool that can be used to reduce the risk of fraud and errors. It involves assigning specific tasks and responsibilities to different individuals, groups, or departments. For example, someone responsible for authorising a purchase should not also be responsible for receiving and recording the purchase. This ensures that any errors or irregularities are caught before they can cause harm to the organisation.  

Organisations should also consider implementing internal controls, such as requiring dual authorisation for certain transactions, or regularly monitoring transactions for irregularities. These controls can help to further reduce the risk of fraud and errors. 

Access Controls

Applying access controls will help protect financial systems from unauthorised access, preventing errors and fraud by restricting access based on employees’ job responsibilities and the principle of segregation of duties. 

To prevent access control failures, organisations should implement access control measures with clearly defined roles and responsibilities for each user. This system should include a variety of authentication methods such as passwords, biometric scans, and two-factor authentication, as well as permission and access control policies. 

Additionally, organisations should monitor and audit access control systems to ensure compliance with security policies and detect any suspicious activities. Finally, organisations should also implement a strict process for granting, revoking, and modifying access privileges. 

 Mandatory Vacations

To successfully commit a fraud in the workplace, perpetrators are willing to devote a significant amount of time and effort to execute the fraud, and not be caught. 

 One way to deter fraud in the workplace is for the organisation to implement a policy of mandatory holiday/vacation time for its employees. During the employee’s absence, other staff members can watch out for any suspicious activity or discrepancies in financial records. 

This helps to create an environment of accountability for all employees, making it less likely that an employee will commit fraud.  Additionally, the fear of being caught during their absence may deter employees from even considering any impropriety. 

Background Checks 

Including false information in an application is fraud. Let that sink in. Performing background checks when a new employee is poised to join an organisation is an essential anti-fraud measure. Yes, not all people will have a criminal, or fraudulent past; however, background checks is a proactive approach and helps mitigate the risk of hiring dishonest employees who could potentially engage in fraudulent activities within the organisation. 

Not only does pre-employment screening act as a deterrent for dishonest individuals applying for positions within your organisation, but it also sets a positive culture for all employees, knowing that an organisation has a zero tolerance to fraudulent behaviour and looks to save the organisation from fraud losses. 

Organisations should also consider extending their background checks to third parties including vendors and suppliers. 

Do you need help implementing fraud prevention measures? 

If you need help with implementing an anti-fraud framework, we can help guide you through the process. Implementing effective fraud prevention procedures is not only ethically sound, but it is also beneficial for the anti-fraud culture across all organisations.    

Do you have a suspicion of fraud in the workplace?  

The detection of corporate fraud usually arises from an internal audit finding, anonymous tip off, suspicion, complaint, whistle-blower or allegation. In our experience, suspicions of fraud are normally well founded, irrespective of the source.  

Contact us immediately if you have a suspicion of fraud, and we will help you set out clear objectives in an investigation plan, and:  

  • determine the finer details of the suspected fraud, look to identify those involved and understand the mechanics of the fraud  
  • perform thorough investigations, both in the interest of the victim and to clear innocent people under suspicion  
  • identify and recover assets lost to fraud and prevent further losses  
  • provide accurate evidence to help establish proof of loss, guilt and personal gain  
  • review and implement measures to prevent fraud from occurring again  

Whatever the investigation, each case must begin with the intention and preparation that it could end in litigation.  


Written by

Neil Miller, CFE

Recognising Fraud and the Fraudster Personas 

An important aspect of preventing and disrupting fraud and financial is understanding the mindset of fraudsters and why they commit fraud in the first place. The Fraud Triangle was developed by criminologist Donald R Cressey, and it suggests that people will commit fraud when the following three factors are present:  

  1. Pressure / motivation – such as a sudden change in circumstances, a sense of being wronged, or pressure to retain status. 
  2. Opportunity – the knowledge of weaknesses in procedures which can lead to undetected fraud.  
  3. Rationalisation – the ability to justify that the fraudulent activities are not necessarily wrong.  

In addition to this, it is important to understand that there are various types of fraudsters that commit different types of fraud. The Commonwealth Fraud Prevention Centre was established in 2019 and developed the Fraudster Personas to raise awareness for the different types of fraudsters. Each persona utilises a variety of methods to defraud their victims and dishonestly gain personal benefits.  

  •  The Reckless – a fraudster that does not care for the consequences of their actions. They disregard any requirements or warnings to gain personal benefits. An example of The Reckless fraudster can be a contractor who accepts a job despite knowing that they cannot provide the correct service.  
  • The Deceiver – a fraudster that uses false statements, deliberately misrepresents facts, or withholds relevant information, in order to make their victims believe something that is not true. The Deceiver fraudster can be someone who lies about their circumstances to receive Employment and Support Allowance.  
  • The Impersonator – a fraudster who pretends to be another person using false or stolen identities to dishonestly gain personal benefits. The Impersonator fraudster can be a scammer receiving fraudulent payments using stolen identities.  
  • The Fabricator – a fraudster who invents or creates false documents, invoices, or receipts which can be used to receive money or other benefits. The Fabricator fraudster could be a business owner that fabricates documents so they can receive a grant.  
  • The Coercer – a fraudster who manipulates their victims into acting in a desired way. The victim might be threatened, intimidated, or even bribed. The Coercer fraudster could be someone who intimidates their victim into handing over personal or banking information.  
  • The Exploiter – a fraudster that uses something in a wrongful way to commit fraud. The Exploiter fraudster could be a member of staff who uses their position or privileges at their place of work to access their company’s systems to steal funds or commit other acts of fraud.  
  • The Concealer – a fraudster that hides evidence of their actions. The Concealer could be a service provider that deletes company records to hide their fraudulent activities.  
  • The Organised – a group of fraudsters that use a combination of methods in planned, coordinated, and sophisticated ways to commit fraud and gain personal benefits. The Organised fraudster could be a scam operator who creates a false business and website to legitimise a fraud scheme.  

Fraudster personas

When it comes to fighting against fraud, prevention is the best cure. Therefore, being able to recognise the different types of fraudsters allows for people to avoid becoming potential victims. In March 2020, the Commonwealth Fraud Prevention Centre published an introductory guide that explains the various counter measures that can be implemented against the different types of fraudsters. These counter measures include the sharing and verification of information and identity, as well as measures that promote honesty and integrity in the workplace.  

Furthermore, pre-employment screening act as a deterrent for dishonest individuals applying for positions within your organisation, but it also sets a positive culture for all employees, knowing that an organisation has a zero tolerance to fraudulent behaviour and looks to save the organisation from fraud losses. 


TenIntelligence Thoughts 

TenIntelligence is committed to ensuring the security of our Clients and organisations.  

If you have a suspicion of fraud in the workplace, or have spotted some of the fraud personas highlighted above, then consider reporting the fraud to your legal, security or compliance team.  

Alternatively, we are here to help, by setting out clear objectives in an investigation plan, and:  

  • determine the finer details of the suspected fraud, look to identify those involved and understand the mechanics of the fraud  
  • perform thorough investigations, both in the interest of the victim and to clear innocent people under suspicion  
  • identify and recover assets lost to fraud and prevent further losses  
  • provide accurate evidence to help establish proof of loss, guilt and personal gain  
  • review and implement measures to prevent fraud from occurring again  

Whatever the investigation, each case must begin with the intention and preparation that it could end in litigation.  

By utilising various OSINT techniques, a “Trust but verify” mindset, and providing the required due diligence, we enable our clients to make assured decisions about an individual, a company or an investment.  Contact our team for further information about how we can help.  


 Written by

Rachael Legg – Senior Analyst

Demystifying Due Diligence vs. Enhanced Due Diligence


In today’s intricate business landscape, risk assessment and compliance are paramount for safeguarding the interests of both investors and businesses. Two crucial terms that frequently surface in this context are “due diligence” and “enhanced due diligence (EDD).” While both share the common goal of mitigating risks, it’s crucial to discern the subtle disparities between them. Here, we will shed light on the contrasting realms of due diligence and enhanced due diligence, elucidating their respective scopes, methodologies, and applications. 

Understanding Due Diligence 

Due diligence represents a comprehensive process of investigation and research conducted before entering into a business relationship or transaction. It serves as a means to assess the risks and potential outcomes associated with a specific venture. Due diligence primarily focuses on collecting and analysing relevant information to form an informed decision or recommendation. 

In practice, due diligence typically involves evaluating financial statements, legal documents, contracts, intellectual property rights, operational procedures, and any other pertinent information. Its purpose is to identify any red flags, vulnerabilities, or discrepancies that might impact the transaction or partnership. The extent and depth of due diligence depend on factors such as the nature of the business, the industry involved, and the perceived risk level. 

Enhanced Due Diligence: Digging Deeper 

Enhanced due diligence takes the concept of due diligence a step further. It is an escalated level of investigation that applies when dealing with higher-risk transactions, clients, or jurisdictions. Enhanced due diligence incorporates additional layers of scrutiny to address potential vulnerabilities and ensure compliance with regulatory frameworks, industry standards, and best practices. 

components of enhanced due diligence

The factors triggering the need for enhanced due diligence can include high-value transactions, politically exposed persons (PEPs), individuals or entities from high-risk jurisdictions, complex  ownership structures, or engagements involving sensitive sectors such as finance, energy, or defence. Enhanced due diligence encompasses a more intensive examination of a broader range of factors, such as reputational risks, regulatory compliance, source of funds, beneficial ownership, and potential exposure to money laundering or corruption. 

Techniques utilized in enhanced due diligence may involve conducting in-depth background checks, analysing media coverage and online presence, verifying the legitimacy of business operations, and engaging specialized third-party services or experts. The aim is to use Open Source Intelligence (OSINT) to uncover hidden risks, ensure transparency, and provide a more comprehensive risk assessment to guide decision-making. 

The Value of Distinction 

Distinguishing between due diligence and enhanced due diligence is crucial for businesses and investors. It allows them to allocate resources appropriately based on the level of risk and complexity involved. While due diligence provides a fundamental layer of investigation, enhanced due diligence serves as an advanced risk management tool, addressing heightened concerns and regulatory requirements. 

Thoughts from Ten Intelligence 

In a world where financial crimes, regulatory breaches, and reputational damage pose significant threats, due diligence and enhanced due diligence play vital roles in protecting businesses and investors. Understanding the distinctions between these two approaches empowers decision-makers to tailor their risk management strategies effectively. 

By embracing a proactive and tailored due diligence framework, businesses and investors can make informed choices, navigate complex landscapes, and foster trust and integrity in their operations. Whether conducting due diligence or implementing enhanced due diligence measures, a comprehensive and meticulous approach is essential in today’s interconnected and dynamic business environment. 

Written by

Daniel Wilkes | Associate 

The ECCT Act: A New Dawn for Fraud Prevention in the UK

“It will never happen to me”, is a phrase we often hear when it comes to fraud. Yet, in reality, fraud is the most predominant criminal offence in the UK.  A recent Parliamentary report stated that fraud accounts for 40% of all reported crimes in the period ending September 2022.  More worrying is that this 40% figure only accounts for reported crimes, what about the fraud crimes that are not reported.  

Fraud is any behaviour by which a person intends to gain a dishonest advantage over another, usually a financial advantage.  Corporate fraud refers to those cases in the workplace in which an individual, company or organisation is the victim, or worse, the perpetrator. 


Fraud in the workplace 

Fraudulent activities in the workplace can be in various forms, including deceitful sales practices, false accounting and manipulation of financial statements, concealment of vital information from consumers or investors, bribery and corruption, asset misappropriation and misconduct within financial markets.  

It is often said that “fraud is a victimless crime”, I wholeheartedly disagree.  Fraud costs billions of pounds in damage to organisations and individuals each year. Additionally, fraud can dramatically affect the quality of life of its victims as well as the employees of its victims.  This will often result in job losses, the loss of savings and investments, weakened trust in organisations and a significant strain on resources. 

Anti-fraud professionals at the Association of Certified Fraud Examiners (ACFE) estimate that the typical organisation loses 5% of its revenue annually to fraud. Think for a minute about your organisation. How will the loss of those funds affect you? Fewer pay rises, potential layoffs, greater pressure to increase revenue or cut costs, or decreases in employee benefits. Fraud will also affect an organisation’s reputation with its Customers, and potentially lose them to competitors. 


Fraud Penalties 

Are there penalties that are in place? The UK Fraud Act 2006 covered a wide range of criminal activities, including fraud by false representation, fraud by failing to disclose information, fraud by abuse of position, use of deception to obtain services, money or property.   

Yet, the maximum sentence for committing fraud under the Fraud Act, was 10 years in prison and, or an unlimited fine.  However, most fraudsters realistically only serve 2 to 7 years imprisonment if they orchestrated a complex fraud, and those who participate tend to get 12 to 18 months community based sentences for their involvement.  

Is that enough? I don’t think so, and certainly does not send a strong deterrent message to fraudsters, compared to a maximum life sentence for armed robbery for example. 


New “Failure to Prevent Fraud” offence 

However, 17 years on from the UK’s Fraud Act, the UK Government has made significant changes to the UK’s economic crime and fraud regime. This includes a new “failure to prevent fraud” offence for large organisations and a widening of corporate criminal liability for economic crimes committed by senior employees and management.  The new Economic Crime and Corporate Transparency Act (ECCT Act) is now in force and introduces a number of changes to how the UK tackles economic crime.  

The ECCT Act will serve to safeguard victims, including organisations, and combat financial crime and fraud by promoting a cultural transformation towards enhanced fraud prevention procedures within organisations. 

One of the key objectives for this new ECCT Act is to minimise fraud against individuals, organisations and SME businesses who are often unknowingly the victims of fraud by other organisations. The key introduction of the “failure to prevent fraud” offence, intends to hold organisations accountable for any gains derived from fraudulent acts committed by their employees, by penalising and prosecuting organisations that consistently undertake fraudulent behaviour.  

Under this new “failure to prevent fraud” offence, an organisation will be liable if fraud is committed by an employee or contractor, for the organisation’s benefit; and if the organisation failed to implement reasonable fraud prevention measures.  

The “failure to prevent fraud” offence is applicable across all sectors. However, the ECCT Act is only currently limiting the offence to large organisations that meet two out of three of the following criteria: 

  • have more than 250 employees 
  • generate a turnover of more than £36 million
  • and possess total assets exceeding £18 million.  

 The Courts will decide the appropriate level of punishment, which is likely to be an unlimited fine against the organisation for “failing to prevent fraud”.  Individual fraudsters within the organisation will still face prosecution and prison sentences, but senior management and company officers will not face direct prosecution if they did not know the offence was happening. 

Organisations will avoid prosecution if they have “reasonable procedures” in place to prevent fraud. The Government have yet to publish more information about reasonable procedures, but these will be published before the new offence comes into force. 

By incentivising organisations to establish or enhance their fraud prevention procedures, this “failure to prevent fraud” offence will foster a significant shift in corporate culture, ultimately contributing to a reduction in fraudulent activities.  


How to implement fraud prevention measures 

It is not a new phenomenon to include anti-fraud measures in risk management frameworks; however, organisations will now need to revisit and implement specific fraud prevention strategies that are appropriate and designed into all areas of the organisation. 

To help prevent, detect and mitigate fraud exposure, as well as helping organisations meet the new  “failure to prevent fraud” offence, our advice is to start with the following prevention reviews: 

  • Design, develop and implement written fraud policies and procedures to promote consistency and mutual understanding between the organisation and stakeholders. 
  • Conduct security audits across the organisation to review, identify and assess known and unknown fraud risks. 
  • Develop and monitor the procurement regime of supply chains and their compliance to fraud policies. 
  • Examine whether corruption schemes exist within an organisation, procurement functions and supply chains. 
  • Review existing contractual terms with employees, clients and supply chains to ensure compliance with anti-bribery legislation and “adequate procedures” requirements. 
  • Provide new and updated background checks on all employees, including senior hires and external contractors. 
  • Identify behavioural red flags displayed by fraud perpetrators. 

If you need help with implementing an anti-fraud framework, we can help guide you through the process. Implementing effective fraud prevention procedures is not only ethically sound, but it is also beneficial for the anti-fraud culture across all organisations.   


Do you have a suspicion of fraud in the workplace? 

The detection of corporate fraud usually arises from an internal audit finding, anonymous tip off, suspicion, complaint, whistle-blower or allegation. In our experience, suspicions of fraud are normally well founded, irrespective of the source. 

Contact us immediately if you have a suspicion of fraud, and we will help you set out clear objectives in an investigation plan, and: 

  • determine the finer details of the suspected fraud, look to identify those involved and understand the mechanics of the fraud 
  • perform thorough investigations, both in the interest of the victim and to clear innocent people under suspicion 
  • identify and recover assets lost to fraud and prevent further losses 
  • provide accurate evidence to help establish proof of loss, guilt and personal gain 
  • review and implement measures to prevent fraud from occurring again 

Whatever the investigation, each case must begin with the intention and preparation that it could end in litigation. 

How Secret Financial Networks Sustain the Russian Economy

Are Sanctions Working?

Strict sanctions enforced on Russia by Western nations have become even more stringent in the wake of the Russian invasion of Ukraine. Yet the subsequent economic collapse predicted by some has not materialised, and the Russian economy seems to be quite resilient. This means that the Russian government can continue to fund its war effort and prolong an already lengthy and bloody conflict.

But the resilience of the economy still does not explain how exactly Putin’s regime is able to purchase sanctioned goods like the technology required for military operations (e.g. microchips used in the production of drones and missiles). Such tech, as to be expected, has been made unavailable for Russian purchase by the West.

At least, that is, by legal means.

How Does Russia Evade Sanctions?

Pavel Verkhnyatsky, a representative of the International Working Group on Russian Sanctions (“IWGRS”) states that the most often used method to evade sanctions is the simplest.


These funds most likely come from oil and gas sales and are then kept in countries where sanctions are not strictly enforced. Two of the most prominent examples of such jurisdictions are the UAE and Turkey.

The UAE is particularly noteworthy here, as Russian money has led to a luxury real estate boom in Dubai. It’s also worth pointing out that the properties bought by Russians tend to be paid for in cash.

One way in which Russia specifically acquires sanctioned goods such as weapons or military technology is through networks of shell companies, a common form of cover for Russian intelligence services. These entities then purchase the sanctioned goods required.

These shell companies are often based in countries with close ties to Russia, such as Kazakhstan and Armenia.

What is the Scale of Russia’s Secret Finance Activities?

Russia’s illicit finance activities go beyond financing its war effort and also fund the masses of associated disinformation and political interference.

Research from the University of Exeter warns that illicit financing will give Russia a significant advantage in its war against Ukraine, citing the Wagner group as an example of illegal financial activities and military operations being interconnected.

Dr. Tena Prelec states that, although sanctions and increased scrutiny have made Russia’s illicit financial activities harder to pull off, Russia has still managed to do so, using tools such as “opaque transactions, cash payments…and non-Western financial centres”.

The research also adds that this illicit financing could become so much of a norm that it becomes an institution in of itself, and will run parallel to current, legitimate financial institutions, despite the clear violation of international law.

TenIntelligence Thoughts

The sophisticated network of illicit financing that Russia has built up should also increase your wariness of dealing with companies in jurisdictions both sympathetic towards and geopolitically intertwined with Russia. Examples of these jurisdictions include Kazakhstan, Armenia and Kyrgyzstan.  

As mentioned before, Russia operates whole networks of shell companies. This means that it is wise to be thorough when conducting due diligence on a company in any region. For example, a company based in the UAE may not have an obvious Russian connection, but maybe a Kazakh entity holds shares in the company, or a director of the UAE company is also a director of a shell company in Armenia.

Carrying out due diligence in these jurisdictions may prove more difficult than in Western jurisdictions, but the high level of risk they pose makes it absolutely necessary.

With a variety of OSINT methods we can use and the ability to perform research in a variety of languages, including Russian, we can provide our clients with the security and assurance they need in carrying out their due diligence.

Sources used:

Written by:


James Weeds | Analyst at TenIntelligence

The High cost of Lack of Due Diligence at the NHS


Nowadays we can all agree, the job market in the UK is daunting. With the cost of living rising and many job applicants searching for new and higher paid opportunities; employers are looking hard for the perfect candidate, with a flawless CV, the right experience level to fit the role, good interview techniques and an attractive personality.

It is well known that lying on your CV is a huge no-no. However, according to the University of Law, “more than half of CVs submitted by job applicants contain lies or inaccuracies”. The lies include gaps in employment history, false claims regarding qualifications and even failure to mention fraud committed against previous employers. Applicants should be aware that no matter how serious the deceit is, lying on a CV is a criminal offence of “fraud by false representation under the Fraud Act of 2006”.

In our experience, most of CV dishonesty is relatively minor. However, making sure pre-employment due diligence screening procedures are set in place will not only identify smaller lies, but also help uncover more serious false claims.

Welcoming a candidate who has lied about their qualifications or experience to your team can damage the company’s reputation if the fraud is discovered by customers or competitors.

Poor Due Diligence Practices at the NHS

Poor due diligence has been the case at the NHS, which in multiple occasions has been the victim owing to their own practices.

Phillip Hufton, for instance, was found to have lied about being a doctor, having a PhD, a war record and even Cancer. “The fraudster worked for the Cambridgeshire and Peterborough NHS Foundation Trust for 17 months but was sacked after staff discovered his lies”. Phillip was arrested, ordered to pay money back and dismissed from his position in the NHS.

More than once, the NHS has been on the spotlight for employing fraudsters like Jon Andrewes who was found to have lied about his qualifications to secure top roles; Peter Knight who was a Director on the Board of Oxford University Hospitals (OUH) NHS Foundation Trust, had lied about having a degree; or more recently, Zholia Alemi who worked as a psychiatrist without the necessary medical qualifications.

They all were caught and faced the consequences of their own actions. Additionally, a landmark ruling made in 2022 means that “employees caught lying about their qualifications or salaries on their CVs could be made to pay back to their employers”. This is  because employing a person who has lied to secure the role can have a negative impact in productivity and possibly lead to financial losses for your business.

Why jeopardise your company’s success and stability by unknowingly employing a fraudster, when it can simply be avoided by having comprehensive policies and procedures to ensure that new employees are suitable for their roles and the organization. By merely implementing due diligence procedures, companies can reduce their risk and ensure a safe and productive workplace.

How we can help

We have a team of Analysts and Associates who interrogate the individual’s CV, application forms and corporate history specifically looking for adverse information and risk, including undisclosed red flags, conflicting findings, false or exaggerated statements and report these findings to you. Background checks performed by us include searches with press articles, court searches, company registries, public records and documents, insolvency registers, financial regulator fines and licenses, subscribed databases, sanctions checks as well social media platforms.

When required, our team can cover global jurisdictions, performing research in key languages. Contact our team for further information about how we can help. 

Lisseth Ortiz Diaz

Lisseth Ortiz Diaz

Analyst | TenIntelligence

How Due Diligence Reveals Red Flags

How Due Diligence Reveals Red Flags

We help corporate finance firms and Nominated Advisors (Nomads) meet their financial regulatory requirements by undertaking due diligence on Company Directors who are appointed to the Board of an IPO and/or other listed companies on international exchanges. This brings to light any corporate red flags that may otherwise go unnoticed. 

The Clients’ judgement regarding the appropriateness of a Company Director has a crucial role to play in maintaining the quality of the Exchange and/or Market, as well as preventing reputational risk to the Client and the Company itself.  Accordingly, the quality of  due diligence on Directors and the judgements applied by Clients in assessing such information, is vital. 

Every year, we conduct an annual review on the background checks we have performed, and provide insight to demonstrate why due diligence is an essential risk and fraud prevention tool. 

From August 2022 to July 2023, the Team at TenIntelligence conducted background checks on 500 Company Directors on behalf of our Clients.  

We utilise a “Traffic Light” system as a way to rate the risk level of each background check in question – GREEN flags for Low Risk, AMBER flags for Moderate Risk, and RED flags for High Risk.  

As part of background checks, we interrogate the corporate history of individuals and companies, specifically looking for undisclosed red flags, adverse findings, false or exaggerated statements that might cause reputational risk to our Clients. 

corporate red flags

Upon analysing the 500 due diligence reports, we discovered that 38% of the background checks were rated as “Moderate Risk” and 6% of the background checks were rated as “High Risk”.

Whilst 6% can be considered a relatively small number, some of the RED FLAGS that we identified were certainly not.  


Common Red Flags Observed by TenIntelligence

The most common RED FLAG identified amongst the High Risk reports was the identification of adverse media or articles of interest. The articles identified ranged from reports of undisclosed bankruptcies, accusations of corruption, reckless driving and to a relative being linked to various crimes.

Other High Risk and Moderate Risk examples identified, included:  

  • Undisclosed litigation, insolvency or bankruptcy cases. 
  • Discrepancies with Company Directorships – such as undisclosed company liquidations or undisclosed companies being dissolved via compulsory strike offs.  
  • Undisclosed employment gaps or a dishonest employment history.  
  • Adverse posts and images on social media accounts.  
  • Faked or exaggerated education qualifications.  
  • Undisclosed alias or name variations.  
  • Identifying Politically Exposed Persons (PEPs) or ties to sanctioned individuals or companies. 

Red flags were also unearthed when conducting independent industry insight interviews (business intelligence) with the Company Directors’ former colleagues – such as the subject being involved in unethical business practices.  

According to the AIM Rules for Companies, the London Stock Exchange may refuse or delay the admission to the Alternative Investment Market if matters that affect the applicant’s appropriateness are brought to the attention of the London Stock Exchange or other financial regulator. Therefore, identifying red flags is a crucial part of the service we provide to our clients as it allows them to assess the fitness and appropriateness of potential new directors and stakeholders.  

As we present the information as we found it, and do not include our own interpretations, we are able to present our clients with impartial and transparent findings that they can review and consider all the potential issues that could arise.  

A client recently reached out to inform us that they decided that a company was not suitable for an Exchange due to the red flags identified whilst conducting due diligence, and that they would no longer work as this company’s corporate adviser.  Whilst this is unfortunate for the Company in question, it does highlight that background checks on Company Directors is imperative to the due diligence process. 

Working closely with our clients, we continue to provide investigative insight into the people, organisations and investments with whom they conduct business. 

TenIntelligence Thoughts 

TenIntelligence is dedicated to delivering excellence to our clients. We will continue to focus on identifying potential risks, so our clients can make assured decisions and mitigate any financial losses.  

For further information about our work with background checks and due diligence, contact us on  diligence@tenintel.com and visit www.tenintel.com/due-diligence/. 


Written by:

Rachael Legg  | Senior Analyst, TenIntelligence


Neil Miller | Founder and CEO, TenIntelligence

‘UK Government Greenlights Seamless Data Transfers to the US!: Practical Steps for Organizations

Announcement Date: September 21, 2023 | Effective Date: October 12, 2023

In a rapidly evolving digital landscape, staying on top of data privacy regulations is essential. On September 21, 2023, the UK government made a significant announcement by approving adequacy with the US, establishing a ‘data bridge’. These regulations are set to become effective on October 12, 2023, and they aim to provide a secure and streamlined mechanism for transferring personal data between the UK and the US. Under the provisions of Executive Order 14086, the US Attorney General officially recognized the UK as a ‘qualifying state’ on September 18, 2023.

This decision comes a little over two months after the European Commission’s adequacy decision on July 10, 2023, which marked the implementation of the EU-US Data Privacy Framework (DPF). Now, let’s explore some practical steps to help organizations prepare for these forthcoming changes:

  1. Assess Your Data Transfers: Begin by assessing your data processing practices, especially those involving international transfers to the United States. Determine whether the new regulations are applicable to your organization.
  2. Grasp the Regulatory Details: Delve into the specifics of the UK’s ‘data bridge’ regulations. Familiarize yourself with the precise requirements and obligations that your organization will need to adhere to. Stay vigilant for any updates or clarifications from relevant authorities.
  3. Consult Legal Experts: Given the intricacies of data privacy regulations, seeking guidance from legal experts or data protection officers (DPOs) is a wise move. They can offer tailored advice on ensuring compliance, safeguarding sensitive data, and navigating the nuances of the new framework.
  4. Map and Classify Data: Review and classify the data your organization handles. Ensure that you can readily identify and protect sensitive information, as mandated by the regulations. Implement data mapping and classification procedures to streamline compliance efforts.
  5. Update Policies and Procedures: Revise your organization’s data protection policies and procedures to align with the new regulations. Ensure that your workforce is well-informed about these updates. Compliance is a collective responsibility, and everyone should be well-versed in the new requirements.
  6. Strengthen Data Security: Enhance your data security measures. Implement robust encryption, access controls, and other security protocols to fortify the protection of personal data during transfers and processing.
  7. Continuous Monitoring: Data privacy regulations are subject to change. Establish continuous monitoring mechanisms to stay abreast of developments and revisions. Regularly review your data protection practices ensuring sustained compliance.
  8. Appoint a DPO: If your organization has not yet appointed a Data Protection Officer (DPO), consider doing so. A DPO can serve as a valuable resource for guidance, ensuring that your organization effectively adheres to data protection regulations.

In conclusion, the UK government’s approval of adequacy with the US through the establishment of a ‘data bridge’ brings significant changes to data protection requirements. Being proactive and well-prepared is crucial to avoiding compliance issues and upholding the privacy of personal data. Reach out to us as your DPO for guidance and take practical steps to align your organization with these ‘


Lynsey HansonWritten by

Lynsey Hanson | Data Protection Officer

Google’s 25-Year Journey: Balancing Innovation, Data Protection, and Challenges

Google celebrates 25 years


Google, a major tech company in our daily lives, recently celebrated its 25th anniversary. This journey has faced numerous challenges, particularly in protecting user data and dealing with complex privacy issues. In this review, we’ll explore Google’s successes, challenges, and the role of a Data Protection Officer (DPO) in ensuring data security and privacy law compliance.



Data Security

Google has a strong track record in data security, investing significantly in advanced security technologies to prevent major data breaches. While minor incidents like the 2018 Google+ data breach occurred, Google’s unwavering commitment to protecting user data is evident. This commitment, along with the expertise of data protection professionals, helps organizations maintain user trust and data integrity.


Transparency is a key part of Google’s approach, highlighted by its regular publication of Transparency Reports. These reports reveal government requests for user data and content removal, holding Google accountable. They emphasize the importance of clear communication, a skill often found in DPOs who help organizations maintain transparency and trust.


In a ground-breaking move in 2010, Google introduced HTTPS encryption for Gmail, setting a new standard for data security. This innovation ensured the privacy of user emails during transmission. Implementing such encryption practices, often advised by DPOs, should be a priority for organizations seeking to protect sensitive information.

AI and Machine Learning

Google uses artificial intelligence (AI) and machine learning to effectively detect and counteract security threats. Their AI-powered security tools, including identifying phishing attempts, have significantly improved user account protection. DPOs’ expertise in using AI for security purposes can enhance an organization’s ability to identify and respond to emerging threats swiftly.


Challenges and Compliance Issues

Privacy Violations

Despite its successes, Google has faced challenges, including criticism for bypassing Safari browser privacy settings in 2012, enabling them to track users without their consent. This incident underscores the importance of respecting user privacy preferences and consent, a fundamental consideration for every organization. DPOs play a role in ensuring organizations adhere to privacy standards, avoiding privacy violations.

Antitrust Investigations

Antitrust investigations have become a recurring theme in Google’s story, with regulatory bodies examining its market dominance and potential implications for user data privacy. This serves as a reminder for organizations to be mindful of how their market position and practices may attract regulatory scrutiny. DPOs can help organizations adapt their practices to evolving regulations proactively, reducing the risk of antitrust investigations.

Data Breaches

Data breaches, like the 2018 Google incident, continue to be a concern. Organizations must be prepared for data breaches and have well-defined incident response plans to minimize the impact on users and stakeholders. DPOs play a crucial role in creating and implementing these response plans.

Evolution of Privacy Regulations

Google’s commitment to phasing out third-party cookies reflects the increasing emphasis on privacy in online advertising. Organizations must assess their data collection and advertising practices to align with evolving privacy expectations and regulations. DPOs can help organizations navigate the complex landscape of privacy regulations and stay ahead of industry changes.


GDPR Fines and Antitrust Penalty

In addition to the mentioned challenges, Google has faced substantial fines related to data protection and antitrust issues.

Google’s GDPR Fines:

  • Google LLC – €90 million ($99 million) (2021): France’s data regulator, CNIL, fined Google LLC for using noncompliant cookie consent mechanisms, making it difficult for users to refuse cookies on Google and YouTube.
  • Google Ireland – €60 million ($66 million) (2021): Google Ireland received a €60 million fine for similar cookie consent violations, specifically related to the google.fr domain.
  • Google LLC (again) – €10 million ($10.5 million) (2022): The Spanish Data Protection Agency (AEPD) imposed a €10 million fine on Google LLC for unlawfully transferring personal data and obstructing the right to erasure.
  • The Antitrust Penalty: Google’s €2.42 Billion Fine: The European Commission fined Google a staggering €2.42 billion for breaching EU antitrust rules. Google was found to have abused its market dominance as a search engine by giving an illegal advantage to another Google product, its comparison-shopping service.


Implications for Organisations

Data Security

Investing in robust data security measures is essential to safeguard sensitive information and user data. Implement encryption technologies and regularly update security practices, guided by DPOs.


Embrace transparency in your organization’s data handling practices. Consistently communicate with users and stakeholders about how their data is collected, used, and protected. DPOs can play a pivotal role in ensuring transparent data practices.

Privacy Compliance

Stay informed about data protection regulations relevant to your organization and ensure compliance. Develop and maintain clear policies and procedures for handling user data, with DPOs providing expertise in this area.

Incident Response

Prepare for potential data breaches by creating well-defined incident response plans. Proactive planning can help minimize the impact on your organization and users, with DPOs guiding these preparations.

Advertising Practices

Review your organization’s data collection and advertising practices to align with evolving privacy expectations and regulations. Seek ways to provide personalized experiences while respecting user privacy, with DPOs offering insights into compliant practices.


The Role of a Data Protection Officer (DPO)

Throughout this journey, it is clear that a Data Protection Officer (DPO) plays a crucial role in safeguarding data security and ensuring compliance with privacy laws. A skilled DPO can serve as a guiding light in the storm, helping organizations navigate the complex waters of data protection and privacy regulations. Their expertise, often behind the scenes, is indispensable in maintaining user trust, complying with regulations, and avoiding pitfalls.



As we look at Google’s 25-year journey, we see important lessons for all organizations. By focusing on data security, transparency, following rules, and being prepared, organizations can confidently handle changing data protection and privacy demands.

Google’s journey shows that even big tech companies deal with tough choices between innovation and protecting data. These challenges remind us of the need for proactive steps to keep user data safe and follow rules that change over time. In this context, the role of a Data Protection Officer (DPO) is crucial. Embracing these ideas helps organizations succeed in the digital age, gaining trust from users and partners, with guidance from a DPO.


Lynsey HansonWritten by

Lynsey Hanson | Data Protection officer

The Role of Aquis Corporate Advisers in Due Diligence

Aquis Corporate Advisers play a pivotal role in upholding the reputation and integrity of the Aquis Growth market. Their primary responsibility lies in critically assessing the suitability of issuers, their directors, and founding shareholders for admission to the market. By conducting due diligence, Corporate Advisers ultimately ensure that applicants meet the necessary standards and disclosure requirements.  

Overseeing Due Diligence 

Corporate Advisers shoulder the responsibility of overseeing the due diligence process. This includes ensuring that the appropriate professional firms conduct financial and legal due diligence. If necessary, the due diligence should be tailored to the specific risks posed by the applicant. They review and assess the scope of due diligence and take action to remedy any identified issues. 

Legal Verification of Key Statements 

Corporate Advisers must ensure that suitable professional advisers have legally verified any key statements presented in an applicant’s prospectus or admission document for the purpose of accuracy, completeness, relevance, and fairness. 

Reviewing Financial Systems and Controls 

The Corporate Adviser’s responsible for reviewing and critically assessing the accountants’ reports and adviser comfort letters to ensure that professional advisers have conducted appropriate reviews of the working capital and financial reporting systems and controls. 

Fast Track Applicants 

For fast-track applicants, Corporate Advisers may consider limited due diligence to be sufficient, given that these applicants already trade on a market with standards corresponding to the Aquis Growth Market. However, due diligence should still be tailored to the applicant’s specific situation. 

Due Diligence on Directors 

Corporate Advisers must conduct concise due diligence on directors, substantial shareholders, or individuals with significant influence or control over the applicant’s business. This applies to scenarios such as admission processes, takeovers, and new director appointments. 

Assessing Director Suitability 

When assessing the suitability of a director, Corporate Advisers must exercise reasonable judgement and consider the efficacy of the board as a whole, given the applicant’s specific needs and the fact that it will be admitted to a UK-based, English-language public market. 

Utilizing Diverse Sources 

Corporate Advisers are expected to use a wide range of sources for due diligence and conduct investigations to mitigate concerns. They should also consider commissioning third-party reports, particularly for overseas directors, and extend these investigations as appropriate to key managers and personnel named in the prospectus. 

Disciplinary Actions and Criminal Convictions 

Corporate Advisers must identify whether any Relevant Individuals (directors, proposed directors, substantial shareholders) have faced disciplinary action by government, or regulatory bodies, or have criminal convictions. Serious offences, such as fraud, are particularly relevant, and any such information must be disclosed to the Aquis Regulation Team. 

Handling Speculation and Allegations 

When dealing with speculation, intelligence, or allegations without convictions or sanctions, Corporate Advisers must assess the reliability of the source, the likelihood of public action, and the relevance of the allegation to investors’ interests. 

Multiple Bankruptcies and Insolvencies 

Directors or proposed directors with a history of multiple bankruptcies or involvement in insolvent companies due to recklessness, negligence, incompetence, or misconduct are unlikely to be considered suitable. 


Aquis Corporate Advisers play an essential role in ensuring the suitability and integrity of applicants for the Aquis Growth market. Their responsibilities encompass a comprehensive due diligence process, a thorough assessment of directors and a diligent evaluation of all relevant information. By adhering to these roles and responsibilities, Corporate Advisers contribute significantly to maintaining the high standards of the Aquis market. 

Ten Intelligence Thoughts  

Ten Intelligence offers valuable support to Aquis Corporate Advisers in the due diligence process, enhancing market confidence and integrity. We provide comprehensive due diligence oversight, ensuring accuracy and legitimacy in critical documentation. Ten Intelligence meticulously assesses directors and key individuals, enabling Corporate Advisers to evaluate director suitability against Aquis standards. We can also leverage third-party insights, including for overseas directors, providing global perspectives to aid informed decision-making. 

Partnering with Ten Intelligence elevates the capabilities of Aquis Corporate Advisers, upholding the market’s reputation for integrity and credibility. This collaboration safeguards the interests of investors and stakeholders while promoting Aquis’s continued success. 


Written by

Daniel Wilkes | Associate at TenIntelligence