Economic Crime Survey 2024

Question 1

Summary

Accepted Answer

Economic crime has garnered significant attention in both the media and political arenas over the last few years. This Home Office study sheds new light on relatively under-examined areas within the broad spectrum of economic crime – UK businesses’ experiences of fraud, corruption, and money laundering, as well as covering breaches of financial sanctions. The Economic Crime Survey 2024 explores the scale, response, impact and costs of these experiences, and businesses’ risk perceptions and preparedness in relation to these crime types.

Numerous studies have partially explored these issues within both UK and international contexts. However, this survey represents the first comprehensive effort to examine fraud, corruption, and money laundering across the entire population of businesses with employees in the UK. Utilising rigorous quantitative survey techniques, supplemented by qualitative interviews, this study provides a robust and unique perspective on the experiences of UK businesses with employees with these forms of economic crime.

Methodology

The data was collected through a quantitative telephone and online survey of 3,477 businesses with employees in the UK between February and August 2024, weighted to be representative of this population, alongside 38 qualitative interviews undertaken from July to September 2024.

The survey covered all economic crime types, whereas the qualitative interviews focused on corruption, money laundering and financial sanctions (excluding fraud). This reflected the bigger evidence gaps in the existing literature for these areas, and the complex and nuanced nature of these crime types – which is more easily captured qualitatively.

This study focuses on the direct experiences and perceptions of UK businesses, rather than examining the UK’s broader role in the global financial sector. Given that the survey can only measure incidents that businesses are able to detect, and that businesses may be hesitant to discuss incidents which may implicate themselves, the prevalence and incidence figures included in this report are likely to be underestimations.

Key findings – fraud

One in 4 businesses with employees (27%) experienced fraud in the 12 months prior to the survey, equating to approximately 389,000 businesses.

there were a high number of repeat victims, with the average (mean) business victim experiencing 16 fraud incidents in this period; between them, it is estimated that these businesses incurred approximately 6.04 million instances of fraud
the most common types of fraud were fake invoice fraud (experienced by 11% of businesses) followed by mandate fraud (that is, fraudsters getting the business to unwittingly change bank details, to divert payments) at 7% and investment fraud (6%)
fraud was more prevalent in medium and large businesses as a combined group and those with higher turnover, compared to the average business
fraud was more prevalent in the information and communications sector and the utilities and production sector than the average business; information and communications also had a higher incidence rate, alongside the agriculture, forestry and fishing, and administration sectors

Among the 27% experiencing fraud in the last 12 months:

40% said their most recent fraud was cyber-facilitated, most commonly through a phishing attack
32% externally reported their most recent fraud attempt – of these, 41% reported to banks or building societies and 22% reported to the police or other law enforcement agencies, including 8% who reported to Action Fraud
however, many believed that some frauds were not significant enough to report because of their perceived minimal impact on the business
71% of businesses had incurred a direct (money taken by fraudsters) or indirect (for example, staff time in dealing with the fraud) financial loss from frauds experienced in the last 12 months
22% of the 6.04 million frauds experienced in the last 12 months resulted in a direct or indirect loss
the mean cost of frauds experienced in the last 12 months was £2,090 (including direct and indirect costs); for the top 10% of responses it was £19,800
the most common area of costs was for staff time dealing with the frauds, while the highest single cost category was the amount taken by the fraudsters (a mean of £1,250)
medium and large businesses as a combined group had a higher average cost of frauds experienced in the last 12 months (£4,890, including direct and indirect costs) than micro and small businesses (£1,960)
frauds also had important non-financial impacts – 31% made changes to internal business processes and 23% cancelled or did not proceed with a business transaction or activity in response to their most recent fraud
37% of business victims said it took additional staff time to deal with the frauds experienced in the last 12 months

Among all businesses with employees:

around two-thirds of all businesses (64%) had in place one or more of the fraud prevention or risk management measures covered in the survey such as insurance, codes of conduct, and digital identity checks; this rose to 93% among both medium and large businesses
finance and insurance businesses, and agriculture, forestry and fishing businesses were more likely than average to consider themselves at risk from fraud

Key findings – corruption

One in 35 businesses with employees (3%) experienced some form of bribery in the 12 months prior to the survey, equating to an estimated 40,500 businesses.

about 1% of UK businesses had been offered a bribe from another UK business or individual in the last 12 months, and 1% reported that they had to give or were asked to give a bribe to another UK business; there were an estimated 117,000 incidents in which businesses with employees were offered bribes by other UK businesses or individuals in the past 12 months
a much smaller proportion of businesses (less than 0.5%) had to give or were asked to give a bribe to a UK public official in the past 12 months
around 1% of all businesses that traded internationally had to give or were asked to give a bribe to an overseas business or public official in the past 12 months

Amongst businesses that experienced bribery involving another UK business or individual, focusing on their most recent incidents:

the average (mean) bribe in the private domestic sector was worth £2,640; this indicates that, across all businesses with employees, an estimated £309 million in bribes were offered in the previous 12 months
the clandestine nature of bribery made it challenging for businesses to evidence and detect; in 68% of the most recent incidents, bribes were offered or requested verbally; in addition, 70% of incidents in which businesses were offered a bribe were identified because the individual who was offered a bribe flagged it themselves
businesses were largely ambivalent about the impacts of direct experiences of bribery within the domestic private sector; in 61% of such incidents where they were offered bribes, and 59% of such incidents where they had to give or were asked to pay bribes, businesses said there was no impact on them

The survey highlighted considerable sector variations:

the construction, service and membership, administration, utilities and production, and transport and storage sectors had the highest prevalence or incidence rates for businesses having to, or being asked to, give bribes
incidence rates for businesses being offered bribes were highest in the real estate, retail and wholesale, and finance and insurance sectors
qualitative interviewees highlighted key sector-level risk factors including layering within supply chains, concentration of power in the awarding of contracts, the extent of large or overseas business transactions, sectoral norms and ingrained ways of working, and differential sectoral regulations and standards; factors such as the nature of leadership and vigilance from senior managers, opportunities for unsupervised decision-making power, and sales-driven work cultures were also seen to affect the risk between individual businesses; these indicate the need for a sophisticated approach to risk reduction

Impacts of bribery and corruption extended beyond those resulting from incidents where businesses themselves were offered or asked to give bribes. Across the previous 12 months:

1% of all businesses had put on hold or cancelled business activities due to concerns about corruption
5% said it was likely that they had lost a business opportunity in the UK to a competitor who offered a bribe
7% of internationally trading businesses believed they had lost a business opportunity overseas to competitors offering a bribe

Among all businesses with employees:

over half of businesses (55%) did not have any of the of the anti-corruption measures asked about in the survey in place

Key findings – money laundering

A total of 2% of businesses with employees experienced known or suspected money laundering incidents in the 12 months preceding the survey, equating to around 33,500 businesses. This includes both direct experiences as well as activities observed among staff, customers, suppliers or other businesses that the respondent business worked with. Cases where activity was prevented are also included.

these businesses experienced an average of 7 incidents each, amounting to approximately 225,000 incidents across all businesses with employees
qualitative interviews indicated that identifying money laundering was not always straightforward, and businesses often had challenges distinguishing it from other legal and illegal activities

Among the 2% of businesses experiencing money laundering in the last 12 months:

the most common types of incidents identified were businesses paying employees in cash to avoid scrutiny (26%) and the manipulation of invoices, receipts or credit notes to hide the true source of payments (20%)
twice as many businesses detected their most recent incident in an ad hoc manner compared to via an internal business process or paperwork (40% versus 21%), with businesses emphasising the importance of experience and “gut-feeling” in the detection of money laundering activity
the majority of businesses (85%) took some action in response to their most recent incident, most commonly by reporting internally to someone in a compliance or risk-related role (52%); limiting the provision of services was also common, either due to ending relationships with specific customers or suppliers (50%) or cancelling or not proceeding with the business transaction or activity in question (48%)
27% had externally reported their most recent money laundering incident, most commonly to the police or another law enforcement agency; in relation to the submission of Suspicious Activity Reports (SARs) to law enforcement, qualitative interviews suggested that businesses were keen to have more specific guidance on reporting thresholds, a less bureaucratic submissions process, and better responsiveness and feedback for submissions

Among all businesses with employees:

almost all (95%) businesses considered themselves not to be at risk from money laundering; this was most commonly due to perceptions that their business was too small to be targeted (28%), that they did not deal in physical cash (27%) or that they considered their customers to be trustworthy (25%)
two-thirds (68%) of businesses had implemented at least one of the anti-money laundering measures covered within the survey, most commonly a regular financial audit or review process (51%)
the transport and storage sector experienced a higher prevalence of money laundering incidents than other sectors

Businesses subject to anti-money laundering regulations had a different experience of, and attitude towards, money laundering compared to the wider, unregulated business population.

regulated businesses had a higher prevalence rate (6% versus 2%) and a higher incidence rate (289 versus 140 incidents per 1,000 businesses with employees) than unregulated businesses; they also tended to be more deeply informed about money laundering and more prepared to prevent, detect and manage money laundering incidents
however, the qualitative interviews demonstrated that money laundering can affect a wide range of businesses; moreover, in terms of the absolute number of businesses, estimates indicate that there were more unregulated businesses identifying money laundering (23,300) than regulated ones (10,200), due to unregulated businesses making up a large proportion of the business population

Key findings – financial sanctions

under a fifth of businesses with employees (17%) were specifically aware of the financial sanctions regime and how it affected them; awareness was higher than average among medium businesses (25%), large businesses (30%) and regulated businesses (58%, versus 12% of unregulated businesses)
of the 17% of businesses overall that were aware of how the financial sanctions regime affected them, three-quarters (77%) did not consider themselves at risk of breaching sanctions; a further 1 in 5 (18%) noted that financial sanctions were not, in their view, applicable to their business
qualitative findings indicated a lack of detailed knowledge regarding financial sanctions, with businesses seldom distinguishing between financial sanctions and the wider UK sanctions regime, and making incorrect assumptions that financial sanctions were only relevant to international traders
among the businesses that were aware of how financial sanctions affected them and considered financial sanctions risks to be applicable to their business, around three-quarters (77%) had at least one of the risk management measures asked about in the survey in place; the most common measure undertaken was having a formal process to verify the identity of customers, suppliers or contractors and the nature of their business (70%); regulated businesses were more likely than unregulated businesses to have each of these measures in place
businesses experienced challenges in understanding the financial sanctions obligations due to the complex, changing landscape and the different sanctions regimes across countries; businesses referenced drawing from a range of resources and guidance to ensure compliance, but some felt that the government guidance on the financial sanctions regime could be refined and simplified

Question 2

1. Introduction

Accepted Answer

1.1 Background

1.2 Research objectives

1.3 Summary of methodology

1.4 Interpretation of the data

The Home Office commissioned Ipsos, supported by Professor Michael Levi from Cardiff University, to design and undertake a new study of the prevalence and impact of economic crime among UK businesses with one or more employees (referred to simply as ‘businesses’ across this report). The study focused on 3 types of economic crime – namely fraud, corruption, and money laundering – as well as covering breaches of financial sanctions.

This is a new study with its own methodology. It follows a similarly named 2020 Home Office survey of UK businesses that also looked at the prevalence and impact of fraud and corruption, but deploys a new questionnaire and qualitative materials based on best practice from other UK and non-UK surveys where available, and developed through consultation with experts in academia, industry and the UK government. The earlier study covered 7 industry sectors, whereas this latest study covers the entire private sector. It also predominantly focused on economic crimes experienced over a 3-year period, rather than in the past 12 months (as this latest study has done). Therefore, the 2 studies are not directly comparable.

This report summarises the key findings from the research. The Home Office has published a separate Technical report which details the underlying methodology and relevant considerations for the findings. All study materials have also been published, including the questionnaire and topic guides (Research materials), to enhance public transparency.

1.1 Background

This study was intended to fill a substantial gap in the existing evidence base.

There have been multiple previous studies on economic crime, alongside the 2020 study of the same name. In the UK, the Crime Survey for England and Wales covers crime among individuals, and the 2023 Commercial Victimisation Survey covered crime among business premises – with both studies covering fraud. Other studies, such as the PwC Global Economic Crime Survey, the EY Global Integrity Report, and the Transparency International Global Corruption Barometer and continental variants, have considered wider areas of economic crime like corruption and perceptions of it. Much work has been done on illicit money flows, though the value and precision of previous nationwide estimates of money laundering, may be questioned, given uncertainties about offender profits and savings as well as the size of criminal markets and international transfers (for example, Levi and Reuter, 2006; Reuter, 2013; Reuter, 2017; Collin, 2020; Cobham and Janský, 2020; Caulkins and Reuter, 2022; Aziani, 2023; and Joras and Reuter, 2024).

However, previous studies have had limitations when it comes to economic crime specifically in a UK business context. Many have a global focus, with a limited range of questions about the UK, or do not include all parts of the UK. Previous studies have seldom captured a representative sample of businesses, due to limitations in the sampling and data collection approaches. This has particularly strong implications for the quality of the cost data collected, which has sometimes been filtered from a narrow, unrepresentative subgroup of businesses. Several earlier studies have also focused on measuring perceptions, rather than experiences of economic crime. This is particularly true for money laundering where the volume of activity has rarely been quantified based on experience, with previous research on scale typically relying on the estimated value of criminal proceeds. This latest Economic Crime Survey aims to address these gaps with its comprehensive approach.

1.2 Research objectives

The key objectives of the study were to:

estimate the prevalence and incidence of fraud, bribery and money laundering across UK businesses with employees
measure the economic cost of fraud to businesses
understand the impact of fraud, bribery and corruption, and money laundering incidents on businesses
quantify and understand business responses to fraud, bribery and corruption, and money laundering incidents
quantify and understand business awareness of the current UK financial sanctions regime
quantify and understand the processes that businesses have in place to minimise or deal with fraud, bribery and corruption, and money laundering, as well as the risk of breaching financial sanctions

1.3 Summary of methodology

There were 2 major strands to the research:

Quantitative survey: Ipsos designed and conducted a telephone and online survey with 3,477 UK businesses with one or more employees, with question modules on fraud, corruption, money laundering and financial sanctions. Fieldwork, incorporating a pilot phase, took place between 22 February and 30 August 2024, with findings reflecting the 12 months prior to this period. The data have been weighted by size and sector to be representative of the UK business population.

Qualitative interviews: Ipsos carried out 38 in-depth interviews recruited from businesses that had taken part in the quantitative survey, focusing primarily on those that had encountered bribery (a form of corruption) or money laundering incidents in the survey questions. These took place from 12 July to 27 September 2024. Conducting qualitative interviews allowed us to explore these complex and often nuanced incidents in more detail, including their impacts and the business response, which were more difficult to explore in the survey. The interviews also explored businesses’ understanding of, and response to, financial sanctions.

Businesses without employees, charities (which were not also registered as businesses) and public sector organisations were outside the scope of this study. Full details of the methodology can be found in the Technical report.

1.4 Interpretation of the data

1.4.1 Strengths and limitations of the study

This study represents a comprehensive effort to examine economic crime against businesses in the UK, employing rigorous methodologies to ensure reliable results. The strengths include a robust development phase, a focus on measurable incidents rather than perceptions, the use of random sampling to achieve representative results, and a thorough approach to gathering accurate cost and spending data (for fraud).

However, it is important to acknowledge the inherent challenges of a study of this nature. These include potential confidentiality concerns and social desirability bias among sampled businesses, as well as only being able to measure incidents that businesses were able to detect and identify or were willing to disclose. Estimating ‘hidden’ economic crimes which businesses are not aware of is very challenging, and was not within the scope of this report to attempt this. Some attempts have been made to cost hidden fraud, such as the Annual Fraud Indicator, although this carries its own methodological limitations.

Challenges with the detection and identification of economic crime were present across all 3 crime types, while challenges with disclosure were more consequential for corruption and money laundering (due to findings from the survey development stage that businesses were likely to be less willing to discuss incidents where they might implicate themselves). Taken together, this means that the results showing the number of fraud, bribery and money laundering incidents experienced, and the number of businesses affected, are likely to be underestimates.

There were several measures in place to mitigate limitations. These included clear assurances of confidentiality and anonymity, cognitive testing and piloting of the questionnaire, the recruitment of senior staff to capture a business-wide perspective and restricting the timeframe of incidents captured to the 12 months prior to the survey to aid recall.

The Home Office and Ipsos agreed to exclude zero-employee businesses from the study for practical reasons. These businesses will also face economic crime and make up around 74% of all UK business units.¹ Their inclusion in the research would have crowded out the sample allocated to businesses with one or more employees, making it unfeasible to report any findings specifically for small, medium and large businesses.

There is considerable further discussion of strengths and weaknesses in the Technical report, including the specific strengths and weaknesses of the cost data gathered for fraud.

1.4.2 Margins of error and statistical significance

All the survey results are subject to margins of error, which vary with the size of the sample and the percentage figure concerned. The margin of error is a statistical measure of the uncertainty associated with the survey results. It indicates the range – a lower bound and upper bound – within which the true result for the business population is likely to fall, given the responses collected from our survey sample. Within the main chapters of this report, wherever we provide an extrapolated estimate for the total population of businesses with employees, or total prevalence and incidence on the subgroup level, we quote the upper and lower bounds within the margin of error, in order to aid interpretation.

For all percentage results and mean scores, subgroup differences – differences between particular groups within the overall business population, or between a particular group and the overall result for all businesses – have been highlighted only where statistically significant (at the 95% level of confidence). Statistical significance is a measure used to determine if the differences found in our survey are likely to reflect a real difference in the population, as opposed to having occurred by chance.

The survey also reports incidence rates – the estimated total number of cases (for fraud, bribery and money laundering) among every thousand businesses. Where the incidence rates are reported for size and sector subgroups, the statistical power of this survey does not enable us to show whether these subgroup results are statistically significantly different from the average. Therefore, the commentary for these sections reflects the general pattern of results, highlighting which subgroups had the highest incidence rates in our sample, rather than statistically significant differences.

There is a further guide to margins of error and statistical reliability in an annex at the end of this report.

1.4.3 Reporting of means and medians

In certain places in the report, for example when exploring the costs of fraud, or the incidence of different economic crimes, we report both mean and median results from the relevant survey questions. Both the mean and the median are representations of the average business, and both are useful.

The mean result is calculated by summing all relevant responses and then dividing this total by the number of businesses who provided a response. This takes into account any outliers in the data. This could reflect the true distribution of values in the population, so is useful for ensuring that the businesses that are most severely or frequently impacted by economic crime are represented in the data.

The median takes the midpoint from the data, which will not be influenced by outliers. As such, the median is often considered a good representation of the typical business, outside of outliers.

1.4.4 Rounding of survey estimates

Where figures in charts do not add to 100%, or to an associated net score, this is due to rounding of percentages, questions allowing more than one response, or charts omitting certain responses for ease of interpretation (for example, below a certain percentage threshold or to exclude “don’t know” responses).

For the extrapolated figures presented across this report, we have rounded to 3 significant figures if the figure is over 1,000, and to the nearest whole number if under 1,000.

1.4.5 Subgroup definitions and conventions

Where feasible, we have examined statistically significant differences in the survey data by subgroups, including size, turnover and sector, as well as more bespoke subgroups which are explained across the report.

Analysis by size splits the sample into:

micro businesses (1 to 9 employees)
small businesses (10 to 49 employees)
medium businesses (50 to 249 employees)
large businesses (250 employees or more)

Furthermore, on occasion, we merge the above groups together (that is, micro/small and medium/large) to increase the statistical reliability of subgroup data. For example, this is done when considering subgroup differences on fraud cost and spending data.

Business size is heavily correlated with turnover^{[footnote 1]} (as discussed in the Technical report), so rather than look solely at turnover subgroups in isolation, we have typically analysed differences between low-turnover small and medium enterprises (SMEs), which have an annual turnover of under £1 million, and high-turnover SMEs earning £1 million or more annually. This allows us to look at differences by turnover that are likely to be independent of business size. There are a small number of exceptions to this across the report, where the high-turnover subgroups warrant their own discussion.

Business sector groupings that may be referred to across this report, and their respective SIC 2007 sectors, are:

agriculture, forestry and fishing (A)
utilities and production (B, D and E)
manufacturing (C)
construction (F)
retail and wholesale (including vehicle sales and repairs, as per SIC 2007) (G)
transport and storage (H)
food and hospitality (I)
information and communications (J)
finance and insurance (K)
real estate (L)
professional, scientific and technical (M)
administration (N)
education (P)
health, social care and social work (Q)
arts, entertainment and recreation (R)
service and membership organisations (S)

Analysis by geographical region is not included in this report. While there were infrequent significant differences by UK region or country for certain questions, we have been cautious about attributing these differences solely to the location of the business. They may, for instance, also be attributable to the size and sector profile of the sample in that region.

1.4.6 Chart base sizes

For certain questions, the base sizes do not cover the entire group of sampled respondents that were eligible to answer. This is because the survey was designed to ask a random proportion (for example, a random half or third) of the sample the questions relevant to them, to reduce the overall interview length. Some of these time saving measures were introduced after an initial pilot survey, so the base sizes often equate to just over half or a third of the relevant sampled group. This randomised split-sampling is specified underneath all the relevant charts in the report.

1.4.7 How to interpret the qualitative data

The qualitative findings offer more nuanced insights into the depth of awareness, attitudes and behaviours of businesses with regards to economic crime. The findings reported here represent common themes emerging across multiple interviews, as well as the unique insights and perspectives from individual businesses that help to explain particular attitudes or behaviours. Verbatim quotes from individual businesses are used to illustrate findings that emerged more broadly across interviews. However, as with any qualitative findings, these examples are not intended to be statistically representative.

Question 3

2. Fraud

Accepted Answer

2.1 Prevalence of fraud

2.2 Incidence of fraud

2.3 Characteristics of the most recent frauds experienced

2.4 Business response to the most recent frauds experienced

2.5 Impact of the frauds experienced (including the financial impact)

2.6 Perceived risk of fraud

2.7 Preparedness for fraud risks and incidents

2.8 Chapter conclusions

The first part of this chapter focuses on the businesses with employees that experienced fraud in the 12 months prior to being surveyed. This includes the types of frauds identified, whether they were successful, how they were detected, any interactions with the perpetrators, reporting of frauds and the broader business response, and the business impacts and costs associated with fraud. We provide extrapolated estimates for fraud prevalence, fraud incidence, and the associated costs.

These statistics encompass the cases where the fraudsters were successful in defrauding the business, as well as attempted frauds that businesses managed to identify (but which were not necessarily successful). They exclude speculative cases, as businesses were asked to only mention incidents they were certain of, rather than ones they suspected but could not evidence.

The rest of the chapter includes all businesses with employees, not just those experiencing fraud, and covers their perceived risk from, and preparedness for, fraud incidents.

Fraud was not explored in the qualitative research, because it was already covered more substantially in the survey than the other crime types. Therefore, this chapter exclusively deals with quantitative data. Separately, fraud was the only crime type in this study where we attempted to quantify the cost of incidents, and the amount businesses spend on fraud prevention and preparedness. As such, this chapter contains a range of economic cost and spending estimates, which we extrapolate to the whole business population.

2.1 Prevalence of fraud

Just over a quarter (27%) of businesses with employees experienced any fraud attempts in the 12 months prior to the survey (the prevalence rate). This equates to approximately 389,000 businesses from a total population of 1.4 million (the total prevalence),^{[footnote 2]} making it the most common of the 3 crime types explored in this study. This figure is subject to a margin of error, with a lower bound of 365,000 and an upper bound of 413,000.

2.1.1 Categories of fraud

As Figure 2.1 shows, the most common type of fraud, experienced by 11% of businesses, was fake invoice fraud – businesses receiving fake invoices where they were a specific intended victim (aligning with the Home Office Counting Rules for crime).^{[footnote 3]} The next most common (at 7% and 6% respectively) were mandate fraud (fraudsters getting the business to unwittingly change bank details, such as for a supplier or financial intermediary, in order to divert payments) and investment fraud (fraudsters pretending to offer the business an investment opportunity that was worthless or did not exist). At the other end, the least commonly experienced frauds involved fake accounts being set up for the business as part of an application process (for example, with banks or phone companies), or employees or suppliers making false expense claims (each affecting around 1% of all businesses).

Figure 2.1: Specific types of fraud experienced in the last 12 months (proportions and total prevalences)

Bases: 3,477 businesses; 1,051 that experienced fraud in the last 12 months

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%. The total prevalences are calculated based on non-rounded percentages.

2.1.2 Subgroup differences (size, turnover, sector and international trading status)

Fraud was more prevalent among medium and large businesses as a combined group (42%) than overall (27%). It was also correlated with business turnover, distinct from business size – small and medium enterprises (SMEs) with £1 million or more in turnover were more likely to have experienced fraud than those with smaller turnover (37% versus 27%).

Businesses in the information and communications sector (40%) and utilities and production sector (36%) were among the most likely to have experienced fraud. By contrast, it was least prevalent among finance and insurance businesses (17%), food and hospitality businesses (23%), and agriculture, forestry and fishing businesses (24%). This does not mean that fraud was uncommon, or considered less of a risk, in these 3 sectors. In fact, finance and insurance businesses were among the most likely to consider themselves at risk from fraud (see Section 2.6.2).

Specifically, fake invoice fraud was most prevalent among information and communications businesses (19%, versus 11% overall), utilities and production businesses (18%), and administration businesses (15%). Fraudulent claims by legitimate suppliers for work not done (11%, versus 4% overall) and false insurance claims (9%, versus 3% overall) were each more prevalent in the transport and storage sector than average. Customers dishonestly claiming refunds was more prevalent among retail and wholesale businesses than average (8% versus 5%).

Finally, businesses that traded internationally were also more likely to have experienced fraud than non-internationally trading businesses (39% versus 25%).

2.2 Incidence of fraud

Among the 27% of businesses that experienced any fraud in the last 12 months, three-quarters (74%) had experienced more than one incident. The average (mean) number of fraud incidents experienced was 16. The median number was 3. The substantial gap between the mean and the median indicates that there were a relatively small number of businesses in the population that experienced very high volumes of fraud.

We extrapolate from the mean results to estimate the total incidence and incidence rate of fraud in the population.^{[footnote 4]}

the total incidence represents the total number of fraud offences experienced by UK businesses with employees in the last 12 months; this was approximately 6.04 million; this figure is also subject to a margin of error, with a lower bound of 4.61 million and an upper bound of 7.48 million
the incidence rate tells us the number of fraud offences per every thousand businesses with employees; across all business sectors, this was approximately 4,230; the lower bound for this result was 3,230 and the upper bound was 5,240, according to the margin of error

2.2.1 Incidences for the specific types of fraud

Figure 2.2 shows the total incidences and incidence rates for the specific types of fraud laid out earlier in Section 2.1.1. This highlights that the largest proportion of the approximately 6.04 million frauds experienced by businesses in the last 12 months was from 3 types of frauds: fake invoice fraud, investment fraud, and mandate fraud. The other types were experienced in lower volumes.

Figure 2.2: Total incidences and incidence rates for the specific types of frauds experienced in the last 12 months

Base: 3,477 businesses

2.2.2 Frauds succeeding or being stopped by third parties

Among the businesses that had experienced fraud, not all attempts were successful. We estimate that, of all the 6.04 million attempts to defraud businesses in the last 12 months, the payment or transfer to the fraudster ended up being blocked specifically by the business’s bank, credit card company or another service provider in 19% of cases.

This does not mean that the fraudsters were successful in the remaining 81% of cases where they were not blocked by the bank, credit card company or service provider. A proportion of the remaining 81% could have been spotted or stopped via other means. Later, in Section 2.5.1, we cover the costs of fraud and estimate that 22% of frauds resulted in any kind of financial loss (direct or indirect).

Separately, the survey also explored the success rate of fraudsters attempts to access a business’s online bank account. As per Figure 2.2, we estimated there to be 178,000 cases of online banking fraud in the 12 months prior to the survey. Across these 178,000 cases, we estimate that 9% resulted in money being taken by the fraudsters. To note, in the survey, businesses that were later refunded by their bank for online banking fraud may have not classed this as money being taken by the fraudsters – and this may have erroneously reduced our percentage estimate.

2.2.3 Subgroup differences (size, turnover and sector)

Looking at the mean number of incidents by subgroup provides a sense of which businesses were more regularly affected by fraud. This analysis shows that businesses with an annual turnover of £85,000 to £250,000 were experiencing fraud more frequently, with a mean of 24 incidents in the last 12 months (versus 16 overall).

Comparing the incidence rate across subgroups shows where frauds were most concentrated in the business population. This suggests that frauds were more concentrated among large businesses than average (an estimated incidence rate of 6,350, versus 4,230 overall). In terms of sectors, the estimated incidence rates were highest in:

information and communications (7,700)
agriculture, forestry and fishing (7,270)
administration (7,030)

In the 2020 survey, which focused on 7 specific sectors, the incidence results were markedly different. However, the previous results are not comparable to this latest study, which used a different set of questions to measure fraud incidence, among other methodological differences covered at the start of this report.^{[footnote 5]} For example, the retail and wholesale sector was found to have a relatively high incidence of fraud in 2020. In this latest study, the data does not indicate that there was a particular problem with fraud in retail and wholesale businesses, over and above other businesses, beyond a slightly higher prevalence of refund fraud (see Section 2.2.2). More recent contextual evidence for this sector comes from the 2023 Commercial Victimisation Survey, and this suggests that fraud was a less common occurrence in the retail sector than other types of crime, such as theft, assaults or threats, and vandalism.

The Technical report includes the fully tabulated data for incidence rates (overall, and by size and sector) for this latest study.

It is important to note that mean results and incidence rates can be strongly influenced by any outliers in the data (which could reflect true extremes in the population). The results in this section are reported without any removal of statistical outliers, as there was no valid reason to deem the highest responses as inaccurate. Nevertheless, for transparency, the Technical report also shows what the results would be (overall, and by size and sector) if these were removed.

2.3 Characteristics of the most recent frauds experienced

This section focuses on the 27% of businesses that had experienced fraud in the 12 months prior to the survey, and delves into the most recent single fraud incident they had. It covers how the fraud was detected, whether the business recognised or made contact with the fraudsters, and whether this most recent instance was a cyber-facilitated fraud.

2.3.1 How the fraud was initially detected

Three in 10 (30%) first realised the fraud attempt when the fraudster made direct contact with them, making this the most common way that fraud was identified. Beyond this, as Figure 2.3 highlights, it was more common for businesses to discover the fraud internally (a combined result of 35%), either through an internal business process (19%) or via a staff member (15%), and less common to uncover it via a third party (25%). Section 2.7 covers the actual processes that businesses had in place.

Figure 2.3: How businesses initially detected their most recent fraud, among the businesses experiencing any frauds in the last 12 months

Base: 458 businesses that experienced fraud in the last 12 months, and could recall their most recent fraud (approximately half the available sample fitting this description, which was chosen at random to answer this question)

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. The list of categories in the chart merge together various specific response options from the survey. A further 2% said “don’t know” (not included in the chart).

The grouped categories in Figure 2.3 were split out more specifically in the survey. Financial institutions and paperwork played an important role in fraud identification, with 14% of affected businesses being alerted to their most recent fraud by a bank or insurance provider, and a further 12% finding out by checking their bank statements or invoices. It was much rarer for businesses to uncover fraud through bespoke fraud detection software (1%), or through a third-party financial audit or review (1%).

There were a small number of differences by size and sector:

small businesses (5%) and medium businesses (5%) were each more likely than average (2%) to have been alerted to their most recent fraud by their suppliers
construction businesses (25%) were more likely than average (14%) to have been alerted by a bank or insurance company
administration businesses (33%) were more likely than average (15%) to have been made aware via their own staff

2.3.2 The perpetrators of the fraud

Of the businesses that experienced fraud, two-thirds (67%) did not know who the perpetrators of their most recent fraud incident were. Among the remaining third that said they knew, the responses were as follows (not adding to 100% due to rounding):

47% said that customers (real or fake) were responsible
25% said another (non-customer) business – and these were primarily identified as fake businesses set up specifically for the fraud attempt
17% said suppliers
6% said employees (current, former or fake)
9% identified another perpetrator not fitting the above categories

Among those that knew the perpetrators, medium and large businesses as a combined group were more likely to identify suppliers (38%, versus 17% overall), and employees (23%, versus 6% overall) as the source of their most recent fraud.

In just over half of cases (54%), businesses said that they had communicated directly with the fraudster (regardless of whether they had identified them or not). This was more likely to be the case for businesses in the administrative sector (72%). Figure 2.4 shows how the fraudsters in these instances initially made contact with the businesses. It illustrates that email and phone contact were by far the most common channels through which the fraud was initiated.

Figure 2.4: How businesses were initially contacted by the perpetrator in their most recent fraud, among the businesses experiencing any frauds in the last 12 months and who had any direct contact with the perpetrators

Base: 245 businesses that were directly contacted by the perpetrator in their most recent fraud (approximately half the available sample fitting this description, which was chosen at random to answer this question)

2.3.3 Cyber-facilitated fraud

Cyber-facilitated fraud is a subset of all fraud, which uses data or access obtained through electronic means such as malware, hacking (of files, user accounts or bank accounts) or phishing attacks. The annual Cyber Security Breaches Survey (overseen by the Department for Science, Innovation and Technology, and Home Office) already estimates the prevalence and scale of cyber-facilitated fraud across UK businesses. This Economic Crime Survey adds value by exploring the proportion of all frauds that were cyber-facilitated.

Among the businesses that experienced fraud in the last 12 months, 40% said that their most recent fraud incident was cyber-facilitated. This was lower than the 48% of frauds incidents against individuals estimated by the Crime Survey for England and Wales (year ending March 2024) that were thought to be cyber-facilitated.

The breakdowns of the result for businesses are in Figure 2.5, indicating that cyber-facilitated fraud against businesses most commonly involved phishing attacks (in 29% of the most recent frauds). This matched the findings of the Cyber Security Breaches Survey 2025, which found that 54% of the businesses that were victims of cyber-facilitated fraud said the fraud emanated from a phishing attack.

In this study, instances of hacking, combining 4 of the categories on the chart (unauthorised access by people outside the business, takeovers of websites or accounts, hacking of online bank accounts, and unauthorised access by staff), accounted for 17% of the most recent frauds. This statistic takes into consideration that businesses could choose multiple categories.

Figure 2.5: Proportion of most recent frauds that were cyber-facilitated in the following ways, among the businesses experiencing any frauds in the last 12 months

Base: 458 businesses that experienced fraud in the last 12 months, and could recall their most recent fraud (approximately half the available sample fitting this description, which was chosen at random to answer this question)

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

Businesses that traded internationally were twice as likely as the average to say their most recent fraud was due to attackers taking over their website, social media or email accounts (11%, versus 6% overall).

2.4 Business response to the most recent frauds experienced

This section also focuses on the 27% of businesses that had experienced fraud in the 12 months prior to the survey, and continues to concentrate on the most recent single fraud incident they had.

2.4.1 Actions taken in response

Among the businesses that experienced fraud, the most common actions taken in response to their most recent fraud were to report the incident externally (32%) and to make changes to their internal business processes (31%), as Figure 2.6 shows.

Figure 2.6: Actions taken in response to the most recent fraud, among the businesses experiencing any frauds in the last 12 months

Base: 458 businesses that experienced fraud in the last 12 months, and could recall their most recent fraud (approximately half the available sample fitting this description, which was chosen at random to answer this question)

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

The typical (median) business had undertaken just one of the listed actions. Just under half of the affected businesses had taken more than one action (48%). Three in 10 (29%) had taken no action in response to their most recent fraud.

Certain actions were more commonly done in combination. For example:

those that reported the fraud externally were also more likely than average to have amended internal business processes (39%, versus 31% overall), engaged a third party to audit, review or investigate the fraud (20%, versus 9% overall), or hired additional staff (5%, versus 2% overall)
those that made changes to internal business processes were also more likely than average to have implemented staff training (44%, versus 21% overall), reported the fraud (40%, versus 32% overall), done an internal audit, review or investigation (34%, versus 18% overall), started using fraud detection software (30%, versus 16% overall), stopped working with specific customers or suppliers (18%, versus 12% overall), or hired additional staff (5%, versus 2% overall); this suggests that the implementation of new policies or controls was often accompanied by more direct action

Business size and turnover were important markers of likely action:

small businesses (78%), and medium and large businesses (80% as a combined group) were both more likely than micro businesses (68%) to have taken any of these actions; in particular, staff training was a much more common response among small businesses (33%), and medium and large businesses combined (48%), than among micro businesses (16%); internal audits, reviews or investigations were also more common among small businesses (27%), and medium and large businesses combined (39%), than among micro businesses (14%)
low-turnover SMEs (with annual turnover of under £1 million) were more likely than high-turnover ones (with £1 million or more) to have taken no action (33% versus 17% taking no action)

2.4.2 Reporting of fraud

Among the 32% of businesses that externally reported their most recent fraud attempt, the most common reporting was to banks or building societies (41%), again highlighting their importance as third-party actors in business frauds. A further 5% reported to a credit card company, and 3% to an insurance company. Businesses could give more than one answer to this question.

Around a fifth (21%) had reported to police or other law enforcement agencies. This included 13% mentioning “the police” generally, and 8% specifically mentioning Action Fraud. While the specific mentions of Action Fraud were relatively low, it is worth noting that the businesses saying the police generally may have in reality been redirected to Action Fraud (but not recalled it by name). A further 1 in 10 (10%) had reported to regulators or other public sector organisations. Beyond the specific mentions of Action Fraud and the police generally, other specific enforcement agencies or public sector organisations were much less frequently mentioned. These included:

the Serious Fraud Office (2%)
the National Crime Agency (2%)
HMRC’s Fraud Hotline (1%)
the National Cyber Security Centre (under 0.5%)

Reporting to suppliers was also one of the more common responses (11%).

It was rare for businesses to have reported to more than one organisation – only 12% had done so.

Among the 68% of businesses that opted not to report their most recent fraud incident, by far the most common reason given for this was that they considered the impact to be too insignificant to report (Figure 2.7). The next 2 most common responses were related to the perceived lack of impact from reporting – namely that the business would not benefit from it (16%), and that the act of reporting would not lead to any further action (12%).

Figure 2.7: Most common reasons given for not reporting the most recent fraud, among the businesses experiencing any frauds in the last 12 months (showing only responses at 5% or higher)

Base: 294 businesses that did not externally report their most recent fraud (approximately half the available sample fitting this description, which was chosen at random to answer this question)

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. Only responses rounding to 5% or higher are shown, and multiple responses were allowed, so the proportions in this chart do not add to 100%.

Medium businesses specifically were more likely to mention a couple of the less common reasons that were too infrequent to be included in the chart:

insufficient evidence of the fraud (17%, versus 4% overall)
no obligation to report (8%, versus 3% overall)

Beyond these differences, the subgroup sample sizes (for example, by sector) were too small to undertake further analysis.

2.5 Impact of the frauds experienced (including the financial impact)

This section again looks exclusively at the 27% of businesses that had experienced fraud in the 12 months prior to the survey. However, for questions about impact, businesses were asked to reflect on all frauds they had experienced in the last 12 months, not just the most recent ones.

2.5.1 Whether frauds resulted in a financial loss

Among the businesses that had experienced fraud, 7 in 10 (71%) had incurred a financial loss of some kind, either directly (for example, money being taken by the fraudsters) or indirectly (for example, in terms of the value of the staff time spent dealing with any incidents).

While the majority of businesses incurring fraud had lost money, this does not mean that most fraud attempts led to money being lost. This is because these businesses typically experienced multiple fraud attempts, both successful and unsuccessful. We estimate that 22% of all the 6.04 million frauds experienced in the last 12 months resulted in a financial loss, encompassing all the direct and indirect costs covered in the next section (2.5.2), even where some or all those costs were later recovered.

We do not have a specific estimate for the proportion of frauds that resulted specifically in a direct loss (that is, where money was taken by the fraudsters). Future iterations of the survey may look to include this.

2.5.2 The cost of fraud incidents

The survey looked at 4 areas of potential costs incurred by the businesses experiencing fraud, in order to produce a more comprehensive and granular picture of the cost of fraud incidents:

immediate direct costs – the value of any external payments made to the fraudsters, or any money they stole
wider direct costs – the value of any external payments made in the aftermath of the frauds; this could have included any payments to third parties (for example, to investigate the fraud, run audits, or run training), the cost of new or upgraded software or systems needed after the fraud, recruitment costs if the business had to hire someone new, and any other spending related to the fraud (for example, legal fees, insurance excesses, fines, compensation or PR costs)
indirect staff time costs – the cost of the staff time dealing with the frauds
wider indirect costs – the cost of any wider impacts as a result of the frauds; this could have included loss of share value or investors, the value of lost assets or intellectual property, or the value the business might have expected to get from any lost customers or suppliers; to note, the responses at this question were likely to have been more speculative, given that these kinds of losses are often more challenging for businesses to accurately value; however, they are still an important part of the overall economic cost of fraud

It is also important to note that some of the costs of fraud may be longer-term, emerging or continuing beyond the more short-term and medium-term costs measured in this study.

Table 2.1 summarises the cost data, in terms of the mean and median costs faced by the businesses that experienced fraud. It also presents a total cost figure, which combines responses for the 4 categories noted above.^{[footnote 6]} These figures represent the costs of all the frauds faced by businesses in the last 12 months, not just their most recent frauds.

However, the costs in Table 2.1 are not able to depict the counterfactual, that is, what the costs would have been if businesses took no or fewer precautions to mitigate the risk of fraud. It is also important to note that the consequences of these financial costs (both costs as a consequence of fraud and anticipatory costs) depended largely on other characteristics of the affected businesses – such as their assets, profitability and resilience.

The mean and median costs mask the considerably higher costs faced by some of the businesses experiencing fraud. In order to provide greater insight into the businesses at this end of the scale, Table 2.1 also shows the mean costs gathered from the top 10% of responses.

Table 2.1: Summary statistics on the cost of fraud incidents, among the businesses experiencing any frauds in the last 12 months

	Percentage with a cost above £0	Mean cost	Median cost	Mean cost from top 10% of responses*	Base size of those giving an amount
Immediate direct costs	31%	£1,250	£0	£13,100	527
Wider direct costs	15%	£291	£0	£3,220	525
Indirect staff time costs	63%	£432	£50	£3,920	512
Wider indirect costs	5%	£144	£0	£1,750	525
Combined total costs	71%	£2,090	£120	£19,800	533

Notes:

The base size only includes the businesses that provided a numeric or banded response to the question, that is, it excludes those saying “don’t know” or “prefer not to say”. This accounted for under 5% of the respondents asked about each cost category. The base size is approximately half the available sample fitting these descriptions, which was chosen at random to answer this question.
* The base sizes for these results are 10% of the overall base size (varying from 51 to 53).

Again, it is worth noting that the mean results can be strongly influenced by outliers in the data (which could reflect the true distribution of values in the population). This is reflected in the relatively wide margins of error (covered in more detail in the Technical report). The Technical report also shows what the results would be if statistical outliers were removed.

Nonetheless, the costs in Table 2.1 provide several insights:

the highest single cost category was the amount taken by the fraudsters (a mean of £1,250); however, the mean total cost figure (£2,090) shows that the costs beyond this immediate direct cost were non-negligible
3 in 10 of the businesses experiencing fraud (31%) had money taken by the fraudsters; this was not the most common area of costs; it was more common for staff time to be used dealing with the frauds, and for this to incur costs for the business; given how widespread cyber-facilitated fraud, and specifically phishing-facilitated fraud was (see Section 2.3.3), it is worth highlighting the findings of the Cyber Security Breaches Survey 2025, which found that phishing attacks could result in a heavy time burden for businesses, even if they had no direct costs
the median amounts were lower than the mean amounts, and were £0 outside of staff time costs; moreover, the top 10% of responses indicate that there were certain businesses facing very high costs in each of these categories (which would raise the overall mean result above the median); it also highlights that the typical (median) business did not see themselves as incurring any costs from fraud beyond staff time costs; this suggests that there were a large number of nuisance fraud attempts, that businesses did not lose money, or spend any extra money on, but had to divert their staff to deal with

2.5.3 Extrapolation of cost data

It is possible to extrapolate from these costs to estimate the total cost as a result of fraud incidents experienced by businesses with employees. Within these businesses, accounting for all frauds from the last 12 months, we estimate that:

approximately £486 million was lost to fraudsters in terms of the immediate direct costs (with a lower bound of £278 million and upper bound of £693 million, within the margin of error)
approximately £812 million was the total cost as measured across all 4 cost categories (with a lower bound of £567 million and upper bound of £1.06 billion, within the margin of error)

However, it is important to consider these cost figures, collected for the first time, in a wider context. They are likely underestimates of the total economic and social cost of fraud to UK businesses. This is due to the exclusion of zero-employee businesses from the sample which represents approximately three-quarters of businesses, the cumulative effect of which could be substantial. Additionally, the survey by its very nature is unlikely to capture rare, high-impact fraud incidents affecting a very small proportion of businesses, with those larger businesses who experienced higher costs making up a smaller part of the sample (as they do in the business population). The sampling strategy mitigated this to a degree by oversampling medium and large businesses.

Additionally, as described previously, this only covers frauds that businesses had detected, meaning the cost of undetected frauds has not been captured. Lastly, businesses have a tendency to undervalue staff time dealing with frauds. Further details can be found in the Technical report.

In addition, this section only deals with the cost of fraud incidents. The total economic cost of fraud also includes anticipatory costs – the amount that businesses spend attempting to prevent and manage fraud risks. This has been covered later in this report (see Section 2.7.4). Extrapolating the key data from that later section:

the total cost of spending on fraud prevention and management was approximately £2.57 billion, across all the spending categories covered in the survey apart from insurance (with a lower bound of £1.42 billion and an upper bound of £3.73 billion, within the margin of error)
insurance was excluded from this extrapolated amount, because spending on insurance is viewed as a transfer of funds within the economy, rather than an economic loss

2.5.4 Differences by size band

Tables 2.2 and 2.3 show that the costs across 3 of the 4 cost categories were higher for medium and large businesses as a combined group than they were for micro and small businesses. The mean total cost of all the frauds experienced was, for example, more than double for medium and large businesses (£4,890, versus £1,960 for micro and small businesses). Medium and large businesses were also more likely than micro and small ones to identify any costs from frauds (86% versus 70%).

Table 2.2: Summary statistics on the cost of fraud incidents, among the micro/small businesses experiencing any frauds in the last 12 months

	Percentage with a cost above £0	Mean cost	Median cost	Base size of those giving an amount
Immediate direct costs	31%	£1,180*	£0	408
Wider direct costs	15%	£249*	£0	408
Indirect staff time costs	62%	£406*	£50	397
Wider indirect costs	5%	£141	£0	405
Combined total costs	70%	£1,960*	£100	410

Notes:

* Asterisks indicate statistically significant differences between the mean costs in this table and the equivalent mean costs across medium/large businesses experiencing fraud (from Table 2.3).

Table 2.3: Summary statistics on the cost of fraud incidents, among the medium/large businesses experiencing any frauds in the last 12 months

	Percentage with a cost above £0	Mean cost	Median cost	Base size of those giving an amount
Immediate direct costs	40%	£2,660*	£0	119
Wider direct costs	17%	£1,190*	£0	117
Indirect staff time costs	81%	£981*	£250	115
Wider indirect costs	6%	£220	£0	120
Combined total costs	86%	£4,890*	£530	123

Notes:

* Asterisks indicate statistically significant differences between the mean costs in this table and the equivalent mean costs across micro/small businesses experiencing fraud (from Table 2.2).

2.5.5 Recovered costs

Among the businesses that had money taken directly by fraudsters, 48% of businesses had managed to recover all of it, for example by being refunded by their bank, or as an insurance payout. A further 8% had recovered part of it.

The survey also recorded the specific amounts of money that were taken by fraudsters (that is, the immediate direct costs) across all cases of fraud, as well as the amounts recovered across all cases. In total, considering all the money taken across the affected businesses, across all frauds experienced, we estimate that 58% of this was recovered.

When looking solely at the unrecovered element, the mean total cost of fraud that ended up being borne by affected businesses was £1,380 (compared with £2,090 from Table 2.1). The median was £100 (compared with £120 in Table 2.1). However, it is important to note that in terms of cost to the economy, this recovered value was still being paid for elsewhere – for example by banks or insurance providers – and the fraudster still benefited from the fraud.

2.5.6 Non-financial impacts of fraud

The impacts of fraud were not only financial. More than half of the businesses experiencing fraud in the last 12 months (56%) identified at least one of the impacts listed in Figure 2.8. Most commonly, almost two-fifths (37%) said the incident had taken up additional staff time in some way, while a third (32%) said they had to put new measures in place to protect against future fraud incidents.

The other categories were more rarely mentioned, but suggest there were a range of impacts beyond the short-term and medium-term costs captured in Section 2.5.2. This includes aspects such as a longer-term loss of revenue (10%), damage to staff morale (9%), and withdrawal from envisaged future business activities (8%). When combining all the response categories beyond the top 2 – that is, beyond additional staff time and new measures to prevent or protect against future frauds – these combined categories accounted for 26% of the responses at this question.

Figure 2.8: Wider impacts of all the frauds experienced, among the businesses experiencing any frauds in the last 12 months

Base: 533 businesses that experienced fraud in the last 12 months (approximately half the available sample fitting this description, which was chosen at random to answer this question)

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

Medium and large businesses were more likely than average to say they had been impacted in any of the ways listed in the chart (71% for medium and large businesses combined, versus 56% overall). Specifically, medium and large businesses were more likely to mention:

additional staff time being taken up dealing with the incident (48%, versus 37% overall)
new measures being put in place (47%, versus 32% overall)
damage to staff morale (17%, versus 9% overall)
staff dismissal or resignation (6%, versus 2% overall)

By contrast, small businesses were the most likely size band to mention goodwill compensation or discounts to customers (10%, versus 5% overall).

While the above figures indicate correlations between the size of the business and impact, business turnover was not notably linked to impact. There was no significant difference, for example, in the levels or types of actions taken by low-turnover SMEs (with under £1 million in annual turnover) and high-turnover SMEs (with £1 million or more).

In terms of sector, administration businesses were more likely to have faced any of the impacts in Figure 2.7 (74%, versus 56% overall) – which is potentially linked to the higher incidence of fraud in the administration sector (see Section 2.2.3). Retail and wholesale businesses were specifically more likely to have received complaints from customers or investors in response to frauds (13%, versus 5% overall).

2.6 Perceived risk of fraud

The rest of the chapter from this section onwards covers statistics that were, for the most part, based on all businesses, not just the 27% of businesses that experienced any frauds. The exception to this is the fraud spending estimates in Section 2.7.4, based on the businesses that had undertaken certain fraud prevention or risk management measures.

2.6.1 Perceptions overall, by size and by turnover

Regardless of whether they had experienced fraud or not, 15% of businesses considered themselves to be very or fairly at risk from fraud. Most of this group considered themselves to be fairly at risk (13%), rather than very at risk (1%), as Figure 2.9 indicates.

Also shown in Figure 2.9, perceptions of risk differed by business size and turnover. For example, 26% of medium businesses, 37% of large businesses and 22% of high-turnover SMEs (with £1 million or more in annual turnover) considered themselves to be at risk (versus 15% overall).

Figure 2.9: Perceived risk of fraud, overall and by business size and turnover groupings

Bases (approximately half the available samples for all groups, which was chosen at random to answer this question): 1,765 businesses; 1,056 micro businesses; 408 small businesses; 217 medium businesses; 84 large businesses; 1,015 low-turnover SMEs with annual turnover under £1 million; 482 high-turnover SMEs with annual turnover of £1 million or more

2.6.2 Other subgroup differences (sector, international trading status and those experiencing fraud incidents)

Finance and insurance businesses were more likely than average to see themselves as being at risk from fraud (24%, versus 15% overall), and were the most likely to say they were very at risk (8%, versus 1% overall). Agriculture, forestry and fishing businesses were also more likely than average to say they were very at risk (5%, versus 1% overall).

On the other hand, food and hospitality businesses (39%), and service and membership businesses (43%) were more likely than average (28%) to perceive themselves to be not at all at risk from fraud.

International traders were also more likely than average to feel at risk from fraud (20%, versus 15% overall). More specifically, those trading with Asia-Pacific countries beyond Japan (that is, East Asia, South Asia, Southeast Asia, Australia and New Zealand) were most likely to say this (25%), although it is unclear if this was linked to a particular country.

Finally, the businesses that had experienced fraud incidents in the 12 months prior to the survey were generally more likely to feel at risk from fraud than those that had not experienced any (26% versus 11%). It is important to note that the direction of this relationship is not clear. It could be that when businesses experience fraud, it heightens their awareness of the risks. Alternatively, it could be that businesses that feel they are at risk put more measures in place to identify frauds, so are better at identifying them. Moreover, the finance and insurance sector went against this correlation and registered a lower-than-average prevalence of fraud (see Section 2.1.2), but businesses in this sector was still more likely than others to feel at risk.

2.7 Preparedness for fraud risks and incidents

2.7.1 Measures in place to manage fraud risks

Around two-thirds (64%) of businesses had in place at least one of the fraud prevention or risk management measures covered in the survey (in Figure 2.10) over the last 12 months. That left just over a third (36%) that had none of these measures in place.

The most common measures, each mentioned by around 3 in 10 businesses, were to have in place an insurance policy covering fraud (32%), a written anti-fraud Code of Conduct for staff (29%), and digital identity checks (29%). Fraud training directed at staff was much more commonplace than training or awareness raising directed at customers (26% versus 6%). Another relatively uncommon measure was to have data sharing or collaboration in place with other organisations, in order to prevent fraud (10%).

Figure 2.10: Measures businesses took or had in place to manage fraud risks across the last 12 months

Base: 1,765 businesses (approximately half the available sample, which was chosen at random to answer this question)

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

Among the 64% with any measures in place, the typical (median) business had 3 of the listed measures in place, that is, they had undertaken a range of actions to protect themselves. For instance, those that had relevant insurance were also more likely than average to have in place each of the other 9 measures asked about.

2.7.2 Sector subgroup differences

Various sectors were more likely than average to have any measures in place, including:

the finance and insurance sector (86%, versus 64% overall)
real estate (85%)
health, social care and social work (80%)
professional, scientific and technical (79%)
information and communications (78%)

Specifically, businesses in the finance and insurance sector, and real estate sector, were more likely to have put each of the individual listed measures in place, which Figure 2.11 displays.

Figure 2.11: Measures businesses took or had in place to manage fraud risks across the last 12 months, overall and for specific sectors

Bases (approximately half the available sample for all groups, which was chosen at random to answer this question): 1,765 businesses; 66 finance and insurance businesses; 104 real estate businesses

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

Alongside these 2 standout sectors, the health, social care and social work sector was the only other sector more likely than average to have implemented data sharing or collaboration with other organisations to prevent fraud (28%, versus 10% overall). And the information and communications sector was the only other sector more likely than average to have undertaken customer-focused training or awareness raising (13%, versus 6% overall).

In contrast, businesses in the following sectors were among the least likely to have put any measures in place:

agriculture, forestry and fishing businesses (55% had none of the measures listed, versus 36% overall)
food and hospitality (47%)
construction (47%)
transport and storage (45%)
retail and wholesale (42%)

2.7.3 Other subgroup differences (size, turnover, international trading status and those experiencing fraud incidents)

With the exception of training activities being delivered to customers, all the measures in Figure 2.11 were linked to the size of the business, being least likely to be enacted by micro businesses and most likely to be done by large businesses. A total of 93% of medium businesses and the same proportion of large businesses had any of the listed measures in place, compared with 76% of small businesses and 60% of micro businesses.

High-turnover SMEs (with £1 million or more in annual turnover) were more likely than low-turnover SMEs (with under £1 million) to have taken each one of these measures, with the exception of hiring a staff member to monitor or investigate fraud risks, and data sharing or collaboration. For these latter 2 measures, there was no significant difference between high and low-turnover SMEs.

International traders were also more likely than average to have any digital identity checks (40%, versus 29% overall) and to have undertaken staff training or awareness raising (34%, versus 26% overall).

Finally, businesses that had experienced fraud in the last 12 months (72%), and businesses that considered themselves to be at risk from fraud (81%), were each more likely than average (64%) to have had measures in place in this time period. The correlation between having fraud prevention measures in place and incurring fraud does not mean that these measures were not successful – it could be that businesses put these measures in place after falling victim to fraud. Or it could be that the businesses most at risk of fraud were both more likely to have measures in place, and more likely to experience fraud (because of their pre-existing risk profile).

2.7.4 Spending on fraud prevention and risk management

The survey explored 5 areas of spending on fraud prevention and risk management over the last 12 months, taken from the list of measures laid out earlier in Figure 2.10:

insurance policies that covered fraud
training or awareness raising activities for staff or customers (including the cost of delivering the training, as well as of any staff attending)
digital software to prevent or detect fraud (including installation and licencing costs)
staff members to monitor or investigate fraud risks. this spending estimate aimed to account for the proportion of the staff members’ time spent on fraud
fraud risk assessments

Table 2.4 summarises this spending data, in terms of the proportions of businesses that had invested in these specific areas, and the mean and median amounts being spent. It also includes a combined total spending figure, which merges together the spending amounts collected across the 5 categories. This provides us with the percentage of businesses that have spent anything on fraud prevention in the last 12 months – as well as the mean and median amounts. To note, the average combined total spending figure is lower than the average spending on insurance, which reflects the relatively high amount of spending on insurance by a few businesses, and the fact that some businesses were spending £0 on insurance even though they were spending in the other areas mentioned.

In compiling this wider estimate, spending on insurance is viewed as a transfer of funds within the economy, rather than an economic loss. In light of this, we have also presented a total combined spending figure excluding spending on insurance.

Table 2.4: Summary statistics on spending on fraud prevention and risk management, among the businesses investing in each of the following areas

	Percentage investing in these areas	Mean spending	Median spending	Base size of those giving an amount
Insurance policies	32%	£71,600	£800	106*
Training or awareness raising activities	26%	£2,550	£250	486
Digital software	23%	£2,590	£300	373
Staff members	17%	£10,300	£500	158*
Fraud risk assessments	17%	£1,360	£250	272
Total combined spending	36%	£13,500	£400	730
Total combined spending excluding insurance	35%	£5,150	£350	719

Notes:

The base size only includes approximately half the available sample, which was chosen at random to answer this question. It includes the businesses that provided a numeric or banded response to the question, that is, it excludes those saying “don’t know” or “prefer not to say”.
* The base sizes are lower for these 2 categories due to a script issue. Therefore, these figures should be treated more cautiously, having higher margins of error.

Again, it is worth noting that the mean results can be strongly influenced by any outliers in the data (which could reflect the true distribution of values in the population). The Technical report shows what the results would be if statistical outliers were removed.

As per the cost data in Section 2.5, these spending estimates offer various insights:

the highest area of spending from this list was on insurance policies that covered fraud (a mean of £71,600); this was also the most common area of spending (by 32% of businesses) from the list
the mean amount spent on staff to monitor or investigate fraud risks was lower than the amount a full-time employee would earn if on the National Living Wage; this indicates that, across many businesses, the employees in this role were likely to have had other responsibilities as well as fraud, such that work on fraud only took up a small proportion of their time (at a lower mean cost)
as per the data on costs, the median amounts were considerably lower than the mean amounts; this indicates that there were certain businesses spending at a relatively high level in each of these categories (thereby raising the mean result); it also highlights that the typical (median) business did not necessarily spend substantial amounts on fraud prevention and risk management; for instance, the typical (median) business that had business fraud insurance in place, had spent around £800 on their policy

2.7.5 Differences by size band

As with the costs of fraud, spending on fraud prevention and risk management tended to be significantly higher for medium and large businesses than for micro and small ones. Tables 2.2 and 2.3 shows this breakdown of results (where the base size allows for this, that is, where it was above 30).

Table 2.5: Summary statistics on spending on fraud prevention and risk management, among the micro/small businesses investing in each of the following areas

	Mean spending	Median spending	Base size of those giving an amount
Insurance policies	£61,800	£800	72*
Training or awareness raising activities	£1,270**	£250	340
Digital software	£1,640**	£250	291
Staff members	£3,210**	£500	102*
Fraud risk assessments	£1,030**	£250	195
Total combined spending	£9,480**	£380	546
Total combined spending excluding insurance	£2,520**	£300	536

Notes:

The base size only includes approximately half the available sample, which was chosen at random to answer this question. It includes the businesses that provided a numeric or banded response to the question, that is, it excludes those saying “don’t know” or “prefer not to say”.
* The base sizes are lower for these 2 categories due to a script issue. Therefore, these figures should be treated more cautiously, having higher margins of error.
** Double asterisks indicate statistically significant differences between the mean spending amounts in this table and the equivalent mean spending amounts for the average medium/large business investing in any of these areas (from Table 2.6).

Table 2.6: Summary statistics on spending on fraud prevention and risk management, among the medium/large businesses investing in each of the following areas

	Mean spending	Median spending	Base size of those giving an amount
Insurance policies	Low base	Low base	Low base
Training or awareness raising activities	£20,600**	£1,000	146
Digital software	£23,200**	£5,000	82
Staff members	£83,600**	£3,000	56*
Fraud risk assessments	£6,190**	£1,000	77
Total combined spending	£87,600**	£5,000	184
Total combined spending excluding insurance	£53,400**	£4,790	183

Notes:

The base size only includes approximately half the available sample, which was chosen at random to answer this question. It includes the businesses that provided a numeric or banded response to the question, that is, it excludes those saying “don’t know” or “prefer not to say”.
* The base sizes are lower for this category due to a script issue. Therefore, these figures should be treated more cautiously, having higher margins of error.
** Double asterisks indicate statistically significant differences between the mean spending amounts in this table and the equivalent mean spending amounts for the average micro/small business investing in any of these areas (from Table 2.5).

2.8 Chapter conclusions

Fraud was a widespread problem for businesses with employees, affecting approximately 389,000 such businesses in the last 12 months (the total prevalence), or approximately one out of every 4 businesses (27%) in this population. Between them, these businesses incurred approximately 6.04 million fraud incidents (the total incidence). It is worth noting this is considerably higher than the estimated 4.1 million fraud incidents against members of the general public recorded in the most recent Crime Survey for England and Wales (year ending December 2024). They also suggest a high number of repeat victims, with the average (mean) business victim experiencing 16 fraud incidents within the past year.

The statistics also point to the proliferation of cyber-facilitated fraud targeted at these businesses, with 40% saying their most recent fraud was cyber-facilitated, most likely through a phishing attack (mirroring the findings of the latest Cyber Security Breaches Survey). The most common type of fraud, experienced by 11% of all businesses, was fake invoice fraud, followed by mandate fraud (fraudsters tricking the business to divert payments) at 7% and investment fraud at 6%.

While businesses in all size and turnover bands, and from all sectors, experienced fraud, this study shows that it was more common in medium and large businesses as a combined group, and SMEs with higher turnover. Additionally, medium and large businesses had substantially higher average fraud costs than micro and small businesses (see further discussion on costs, below).

It was also not a uniform issue across sectors. Fraud was more prevalent in the information and communications sector and the utilities and production sector than the average business. The information and communications sector also had a higher incidence rate, alongside the agriculture, forestry and fishing, and administration sectors. While the experience of fraud and the perceived risk of fraud were generally linked, we cannot say whether falling victim to fraud made businesses feel more at risk, or whether the businesses that felt at risk were better at detecting fraud (or both). Notably, the finance and insurance sector were the most likely to see themselves at risk despite recording a lower than average prevalence of fraud.

Fraud frequently had financial impacts on businesses, with around 7 in 10 affected businesses (71%) incurring a direct or indirect financial loss from fraud, and 22% of all the fraud incidents experienced resulting in a direct or indirect loss. This study has estimated costs as a consequence of, and in response to fraud, totalling approximately £812 million in the last 12 months, across all businesses with employees. While we estimate that 58% of the money directly taken by fraudsters was ultimately recovered, the cost of these recovered amounts was still borne elsewhere in the economy (for example, in banks or insurance providers), and the fraudsters still benefited from these frauds. Furthermore, the anticipatory costs of fraud measured in the study – that is, spending to prevent or manage fraud risks – were approximately estimated to total a further £2.57 billion.

However, it is important to consider these cost figures, collected for the first time, in a wider context. They are likely underestimates of the total economic and social cost of fraud to UK businesses. This is due to the exclusion of zero-employee businesses from the sample which represents approximately three-quarters of businesses, the cumulative effect of which could be substantial. Additionally, the survey by its very nature is unlikely to capture rare, high-impact fraud incidents affecting a very small proportion of businesses, with those larger businesses who experienced higher costs making up a smaller part of the sample (as they do in the business population). Lastly, businesses have a tendency to undervalue staff time dealing with frauds.

Moreover, it is worth noting that there were impacts from fraud beyond the financial costs businesses provided. Over half (56%) of affected businesses faced wider impacts, that while not quantified as part of the above estimate, would suggest further impacts of fraud on business spend and growth, ultimately affecting the economy. These impacts include the time to implement new measures to prevent further incidents, lost sales or revenue, damage to staff morale, and being discouraged from future business activities.

Most businesses had undertaken some form of fraud risk management. Around two-thirds of businesses (64%) had in place one or more of the fraud prevention or risk management measures covered in the survey such as insurance, Codes of Conduct, and digital identity checks. This rose to 93% among both medium and large businesses, despite them experiencing more fraud, and incurring greater costs. Experience of fraud also prompted action, with 31% of the businesses incurring fraud saying they made changes to their internal processes following their most recent fraud incident from the last 12 months. Nevertheless, this indicates the existence of a range of businesses that had not protected themselves from the risks, or did not perceive a risk. Businesses from the agriculture, forestry and fishing, food and hospitality, construction, transport and storage, and retail and wholesale sectors were less likely to have fraud prevention measures in place.

This study highlights the key role that financial institutions play. 14% of businesses experiencing fraud detected it via direct communication from their bank, and 12% by checking bank statements or invoices. Banks were also the main recipients of fraud reporting (in 41% of cases where the most recent fraud was reported).

However, more work may be needed to encourage businesses to report fraud, with just 32% reporting their most recent fraud from the last 12 months externally. Among those that did report, only a fifth (22%) had reported to police or other law enforcement agencies, including 8% who had reported to Action Fraud. There was a widespread perception that some frauds were not significant enough to report because of their perceived minimal impact on the business. Businesses may also benefit from a clearer rationale for reporting, since other common reasons for not reporting included the apparent lack of benefit from doing so and reporting not making a difference.

Question 4

3. Corruption

Accepted Answer

3.1 How businesses understood corruption)

3.2 Prevalence of bribery

3.3 Incidence of bribery

3.4 Characteristics of the most recent bribery incidents occurring in a domestic, private sector context

3.5 Business response to the most recent bribery incidents

3.6 Impact of bribery and corruption

3.7 Perceived risk and drivers of corruption

3.8 Preparedness for corruption risks and incidents

3.9 Chapter conclusions

Corruption among businesses is a challenging subject area to research, given the varying definitions of the term, and the secrecy that often accompanies instances of corruption. There were several efforts made in the survey development to overcome these challenges in this study. These included:

reviewing the United Nations Office on Drugs and Crime’s (UNODC) Manual on Corruption Surveys and other literature to ensure we took a best-practice approach
workshops with government, industry and academic stakeholders to discuss what information businesses would be willing to divulge, and what data would be reliable and credible to collect
cognitive testing of survey questions to ensure a consistent understanding of terms, and ability to respond, across sampled businesses

This chapter discusses corruption among UK businesses with employees, in terms of the UK government’s definition – the abuse of entrusted power for private benefit that usually breaches laws, regulations, standards of integrity and/or standards of professional behaviour. The qualitative interviews explored how businesses defined and perceived corruption, the factors that were believed to have led to or increased the risks of corruption, and the range of impacts that it had on these businesses. These interviews covered both businesses that had experienced corruption incidents and those that had not, but considered themselves to be at risk.

The quantitative survey had, for many of the questions asked, a consciously narrower focus on a specific type of corruption, namely bribery – which was expressed as being offered or being asked to give “gifts, favours, or extra money, other than an official fee, to secure a business transaction, or acquire a service”. It covered the prevalence and incidence of bribery, and experience of bribery incidents. The latter set of questions explored the type, purpose and value of bribes, how the bribes were detected by the business, and how they were discussed between the involved parties. A small number of questions also asked about preparedness for and perceived risks from corruption as a whole (not just bribery), providing sampled businesses with the government definition as above.

The focus on bribery in the survey reflected the survey development work, where bribery was considered to be the most readily and reliably measurable type of corruption. This was different from the previous Economic Crime Survey (2020) , which asked about various types of corruption. For this reason, as well as the wider differences in methodology covered in the introduction to this report, the responses should not be directly compared between surveys.

3.1 How businesses understood corruption

The qualitative research suggested there were challenges for businesses when it came to defining corruption in a business context. Some interviewees struggled to define corruption in concrete terms, often relying on “gut feelings”, or a sense that that certain transactions or activities simply did not feel right.

Interviewees largely focused on bribery, which was the most widely understood and accepted example of corruption. Businesses described this in various ways, with the “bribery” term used alongside others, such as “kickbacks” and “backhanders”. In the examples provided of the incidents that businesses had directly experienced, this was done for a range of reasons, including to secure contracts while bypassing the usual tender processes, ensure continued business relationships and referrals, speed up transactions, and get discounted products or services. Sometimes, kickbacks involved collusion between 2 parties at the expense of a third. For instance, one interviewee discussed an example from a hotel and restaurant chain, in which a head office employee conspired with their distributor to overcharge individual sites for supplies, then channelled back the additional fees to the head office.

It is worth noting that, in some cases, businesses found it difficult to know when corporate gifts and hospitality should be considered as attempted bribes. While one business provided an example where holidays were offered to a senior executive to secure preferential pricing, other examples appeared to be more ambiguous, where the expected benefit for those offering hospitality was less explicit, but it was nonetheless assumed to be offered with the expectation of securing more work further down the line.

To a lesser extent, another type of corruption mentioned in interviews was nepotism. A detailed example came from an estate agent taking over the management of a block of flats. The previous managing agent had employed their family member as the cleaner, despite him not performing the job well. When the new management tried to replace him, it created a range of problems, including a spiteful online review and significant stress for the agency owner. This incident highlighted how nepotism could lead to conflicts of interest, poor service, and reputational damage.

Beyond the concrete examples focusing on bribery, kickbacks, collusion and nepotism, businesses sometimes had difficulty distinguishing corruption from other illegal activity. Across interviews, we heard examples of wider economic crimes, which interviewees described as corruption, but would not fit the UK government’s definition (outlined at the start of this chapter). These included multiple types of fraud (for example, VAT fraud, or accepting deposits from customers before declaring insolvency), knowingly accepting money from illicit sources (that is, facilitating money laundering) and tax evasion.

More generally, some businesses did not separate corrupt activity from supposedly unfair or unethical – but not necessarily illegal – business practices. Examples included businesses operating subscription models that ended up resulting in high per-product charges for customers, retailers demanding high fees for advertising space in their stairwells, and introductory fees (where an individual received a percentage of a deal for bringing in new business or clients).

These issues highlighted the significant challenge faced both by policymakers in getting businesses to address the specific issue of corruption, and by businesses themselves in terms of staff being able to spot corruption and take appropriate action when they see it.

3.2 Prevalence of bribery

As noted at the start of the chapter, the quantitative survey focused mainly on measuring bribery, a type of corruption. A bribe was expressed in the survey as being offered or being asked to give “gifts, favours, or extra money, other than an official fee, to secure a business transaction, or acquire a service”.

We estimate that 3% of UK businesses with employees had experienced at least one bribery incident in the 12 months prior to the survey (the prevalence rate of bribery). This equates to approximately 40,500 businesses (the total prevalence). As with all the figures in this report, these extrapolated estimates are subject to a margin of error. In this case, we calculate a lower bound of 31,500 and an upper bound of 49,400 for the total prevalence, accounting for this margin of error.

The survey broke this down into 4 distinct scenarios (all covering the same 12-month period):

about 1% of businesses said they had been offered a bribe from another UK business or individual
about 1% of businesses had to give or were asked to give a bribe to another UK business
a smaller proportion (less than 0.5%) of businesses had to give or were asked to give a bribe to a UK public official
similarly, a small proportion (less than 0.5%) of businesses had to give or were asked to give a bribe to an overseas business or public official; this amounts to 1% of all the businesses that traded internationally

The rest of this chapter will regularly refer back to one or more of these 4 scenarios.

3.2.1 Subgroup differences (size, turnover and sector)

There were no significant differences by size or turnover. The sector differences that were present for prevalence were as follows:

compared to the overall prevalence rate of 3% (across all 4 scenarios noted above), businesses in the construction sector were more likely to have experienced bribery (5%), while retail and wholesale businesses were less likely (1%)
being offered bribes by other UK businesses or individuals was more likely in the real estate sector (5%, versus 1% overall)
having to, or being asked to give bribes in any context (to other UK or overseas private businesses or public officials) was more common among construction businesses (3%) and administration businesses (3%), than the average (1%)

3.2.2 Perception of bribery within business sectors

The survey also asked all businesses about wider perceptions of bribery within specific sectors. Bribery was considered to be rare overall. Just 4% of businesses overall considered it to be very prevalent (1%) or fairly prevalent (4%, rounded to the nearest whole percentage) in their own sectors. Just under two-thirds (64%) said it was not at all prevalent.

As Figure 3.1 shows, there was some confluence between these results and our actual prevalence measures covered above. For example, businesses in the construction sector were more likely than others to have encountered bribery incidents in the last 12 months (as per Section 3.2.1), and more likely to consider bribery as prevalent in their sector (9%, versus 4% overall saying very or fairly prevalent). More generally, businesses that had experienced any bribery incidents in the last 12 months were more likely to believe that bribery was prevalent in their sector (16%, versus 4% overall). Thus, perceptions corresponded broadly to experience of bribery, though 80% of those who had encountered any bribery in the last 12 months still thought it was not very, or not at all prevalent in their sector.

In addition, the chart highlights that real estate businesses were among the most likely to perceive bribery as widespread in their sector (14%).

Figure 3.1: Percentage saying the offering of gifts, favours or extra money in their business sector was very or fairly prevalent, compared to actual prevalence rates, overall and by sector

Base for perceived prevalence (approximately two-thirds of the available sample for all groups, which was chosen at random to answer this question): 2,271 businesses

Base for actual prevalence rate: 3,477 businesses

Notes:

There were too few businesses (under 30) sampled in the education sector to report.

Businesses in the following sectors were among the least likely to perceive bribery as being at all prevalent in their industry:

health, social care and social work (79%, versus 64% overall saying it was not at all prevalent)
service and membership organisations (77%)
retail and wholesale (71%)

3.2.3 Suspected bribery incidents

It was feasible that our bribery prevalence estimate would be lower than the true prevalence, because of suspected incidents being overlooked, potentially because they could not be formally detected or proven. Therefore, the survey also asked businesses if they had investigated or had had concerns about an employee receiving an undeclared gift, favour or extra money from an external business to secure a transaction.

Under half a percent of businesses said yes to this. This was higher (at 3%) among large businesses. This suggests that, overall, our prevalence estimate has not missed a high number of suspected incidents. Nonetheless, the higher result for large businesses may indicate more suspected incidents among this subgroup, and the associated challenges that these larger businesses faced in detecting or proving such incidents.

The qualitative research indicated several challenges around detecting or proving bribery incidents, or corruption more generally. Often the offers of bribes were verbal, so there was no written evidence to act on. One example came from an architecture business, where one of the staff had witnessed a verbal deal between a builder and their mutual end client (for both the architects and builders). The builder had attempted to bypass a competitive tendering process and secure future work with the client, by verbally offering a discounted rate on the current contract. The fact that the bribe was only offered verbally, even though it was explicit and unambiguous in the intent, meant that the staff member opted not to report it.

“We know it’s not acceptable and we wouldn’t partake in it. It’s just when it’s of a verbal nature and non-recorded, it’s hard to report, or make an incident of it, because it’s word of mouth effectively.”

Micro business in the professional, scientific and technical sector

Sometimes, incidents were ambiguous. This could involve one party in a business deal simply asking what was in it for them. There were also instances where offers were made seemingly as goodwill gestures, without an explicit request in return. For example, we interviewed a chartered surveyor where a staff member had been offered tickets worth £5,000 to a major sporting event by a contractor. This offer was not explicitly tied to future work, but the business’s senior management considered the gift to have been offered in the hope of securing more work from the business later down the line.

In addition, suspicion was sometimes based on hearsay. In Section 3.1 we covered the example from one business, which had heard about an intermediary taking commission from both the company they represented and their clients, for the same transaction, unbeknownst to both parties. However, the interviewee did not have sight of any invoices to prove this was happening.

In other instances, there was indirect evidence of corrupt practices but no direct proof. One estate agent talked about instances they had witnessed of houses being sold as soon as they were listed as being for sale. This activity suggested insider information was potentially being shared in exchange for bribes, but they had no proof. Similarly, in the following example, making assertions with a lack of proof was considered to harm future business prospects:

“I can think of one hotel where I’m very much aware that some sort of kickback situation is in existence. If we were to challenge that, it would be us as an outsider trying to prove something that’s a suspicion… I don’t think we’d get very far. And we certainly would guarantee not to get any orders for our brand going forwards if we were to do that.”

Micro business in the manufacturing sector

3.3 Incidence of bribery

The survey allows us to look at the number of bribery incidents identified in various ways.

We can consider the number of bribes being offered to businesses with employees, by another UK business or individual. For the 1% of businesses that were offered at least one bribe in this way in the last 12 months, this happened 6 times on average (the mean result). The typical (median) business in this scenario was offered a bribe on 2 occasions.

As a mirror to this, we can look at the number of bribes that businesses with employees said they had to give or were asked to give to other UK businesses. For the 1% of businesses facing this situation in the last 12 months, the mean number of bribes was 4. The median was 2. The lower mean result here could indicate that businesses were less willing to disclose having to give, or being asked to give bribes, than they were to disclose being offered bribes.

Because of the extremely small number of cases in the survey of bribery involving UK public officials, or overseas businesses or public officials, we have not reported separate means, medians or incidence results for these specific scenarios.

It is possible to extrapolate from the above results to derive 2 potential estimates for the total incidence and incidence rate of bribery across businesses with employees, covered across Sections 3.3.1 and 3.3.2. We have not combined bribes being offered and bribes being given in any extrapolated incidence estimates, because that would involve double-counting instances (it would first count all the bribes being offered and then count for a second time the same bribes being given, or asked to be given).

3.3.1 Incidence of bribes offered to businesses by other UK businesses or individuals (estimate 1)

For this first estimate, the total incidence represents the total number of bribes that were offered to businesses with employees in the last 12 months, by another UK business or individual. This was approximately 117,000. Within the margin of error, this estimate had a lower bound of 22,700 and an upper bound of 211,000. The relatively wide margin of error takes into account the small number of cases in the sample, as well as some outlier cases at the top end of the distribution – for example, one business in the sample said they had experienced 200 bribery incidents in the last 12 months.

The incidence rate tells us the number of bribes per every thousand businesses with employees that were offered in this scenario in the last 12 months. This was estimated at 82, with a lower bound of 16 and upper bound of 148, within the margin of error.

3.3.2 Incidence of bribes given or asked to be given to other UK businesses (estimate 2)

For this second estimate, the total incidence represents the total number of bribes that businesses with employees said they had to give or were asked to give to other UK businesses in the last 12 months. This was approximately 64,900. Once again, the small number of cases in the sample, as well as some outlier cases at the top end of the distribution mean there is a relatively wide margin of error around this estimate. The lower bound was 31,400 and the upper bound was 98,400, within this margin of error.

Here, the incidence rate tells us the number of bribes per every thousand businesses with employees that businesses had to give or were asked to give to other UK businesses in the last 12 months. This was estimated at 45, with a lower bound of 22 and upper bound of 69 within the margin of error.

The difference between the 2 sets of incidence estimates provides insight in and of itself. It may indicate that businesses were more willing to talk about being offered bribes than they were about giving, or being asked to give them, since the first set of estimates (for bribes offered) are higher.

3.3.3 Sector subgroup differences

Comparing incidence rates across sectors allows us to examine where bribery was more concentrated in the business population. The results indicate that this was different for the businesses that were offered bribes, compared to the businesses that had to give, or were asked to give bribes.

Firstly, looking at the businesses that were offered bribes by other UK businesses or individuals, the incidence rates were highest among:

the real estate sector (846, versus 82 overall)
the retail and wholesale sector (128)
the finance and insurance sector (114)

These statistics highlight the similarities and differences between perceptions of bribery, and how widespread it is within sectors (from Section 3.2.2). Real estate businesses perceived bribery to be widespread in their sector, whereas retail and wholesale businesses were among the least likely to perceive this, suggesting it may have been more of a hidden or unspoken issue in the retail and wholesale sector. As an alternative or additional possible explanation, bribery incidents could have been more concentrated among specific subsets of businesses within the retail and wholesale sector. It could be that this subset of businesses had a high number of repeat encounters with bribery, which may be why the incidence rate for this sector was on the higher end but the prevalence rate (in Section 3.2.1) was among the lowest.

On the other hand, the sectors recording an above-average incidence rate in terms of having to give, or being asked to give bribes to other UK businesses were:

service and membership businesses (192, versus 45 overall)
administration (130)
utilities and production (106)
transport and storage (90)
manufacturing (53)

The full data across sectors is shown in Figure 3.2.

Figure 3.2: Incidence rates overall and by sector, either for businesses being offered a bribe by another UK business or individual, or for businesses having to, or being asked to give a bribe to another UK business in the last 12 months

Bases: 3,477 businesses; 110 agriculture, forestry and fishing businesses; 128 utilities and production businesses; 279 manufacturing businesses; 396 construction businesses; 556 retail and wholesale businesses; 122 transport and storage businesses; 287 food and hospitality businesses; 156 info and comms businesses; 140 finance and insurance businesses; 171 real estate businesses; 467 professional, scientific and technical businesses; 294 administration businesses; 147 health, social care and social work businesses; 64 arts, entertainment and recreation businesses; 127 service and membership businesses

Notes:

There were too few businesses (under 30) sampled in the education sector to report.

As with the equivalent data in the fraud chapter, the results here are reported without any removal of the outliers in the data (which could reflect the true distribution of values in the population). In this instance, outliers were very likely to have strongly impacted the incidence estimates. The Technical report shows what the results would be (overall, and by size and sector) if statistical outliers were removed.

3.4 Characteristics of the most recent bribery incidents occurring in a domestic, private sector context

Section 3.4 primarily explores the nature of the most recent bribery incidents that businesses had experienced in the last 12 months, with qualitative insights added where relevant. In order to increase sample sizes where feasible, the results mainly merge together the responses from businesses that were offered bribes from other UK businesses and individuals, as well as those who had to give, or were asked to give bribes to other UK businesses (rounding up to 3% of all businesses with employees). We refer to this group in this section as the businesses experiencing bribery in a domestic, private sector context.

Due to low sample sizes – there were very few cases of bribery recorded in the survey – subgroup analysis was not possible for these questions.

3.4.1 Types of bribes

Among the 3% of businesses that experienced bribery in a domestic, private sector context, the exchange of money was the most common type of bribe (accounting for 41% of the most recent cases across the last 12 months), as Figure 3.3 shows. There were diverse private and public sector examples of this in the qualitative interviews, including, for example, mentions of an envelope of cash being handed to an estate agent alongside an offer for a house purchase, “kickback” payments in exchange for referring new clients, or a case where government staff working at a UK port would request under-the-table cash payment from docking ships (known euphemistically as port facilitation payments).

Figure 3:3: Types of bribes offered, asked for or given, from the most recent bribery incident in the last 12 months in a domestic, private sector context

Base: 98 bribery incidents across 96 businesses that either were offered a bribe from another UK business or individual, or had to give or were asked to give a bribe to another UK business in the last 12 months

Notes:

The proportions have been rebased on the number of incidents, since businesses could have been both offered a bribe and had to, or be asked to give a bribe. Multiple responses were allowed, so the proportions in this chart do not add to 100%.

The grouped categories in Figure 3.3 were split out more specifically in the survey. About 3 in 10 (28%) businesses said the bribes they experienced involved some sort of gift or hospitality. This included 16% who mentioned food and drink, 6% saying hospitality in hotels or restaurants, and 3% saying entertainment or sports tickets. The 15% mentioning another type of bribe gave a range of answers, including gift cards, vouchers, charity donations and offers to reduce tax payments (for example, waiving VAT). In qualitative interviews, businesses mentioned there being a grey area regarding what was an acceptable gift to give or receive from another business. Interviewees provided examples of gifts or hospitality that could be interpreted as bribes, since the business or individual making the offer may have expected to benefit in response, but this expectation was often ambiguous or implicit. These included:

buying drinks or expensive bottles of wine
providing all-inclusive or VIP tickets to major sporting events
taking executives and spouses on luxury holidays (including paying for flights and accommodation)

One in 5 affected businesses (19%) said they had been offered or had been asked to give favours. Specific categories included discounts, or charges to be waived (9%), and an exchange with another service or favour (8%). In the qualitative interviews, businesses experiencing these types of bribes highlighted that they were common behaviours in their sector. These included the following examples:

forcing or manipulating clients into buying more services with a particular business (described by one interviewee as “racketeering”)
offering discounts to shirk formal commissioning or competitive tendering processes in favour of a preferred business
ambiguous scenarios where one party received a seemingly unfair commission, or received a commission from multiple sides of a deal

Businesses in the qualitative interviews also noted that bribes were not always explicitly defined. Some described scenarios where offers were implied rather than stated outright. In these cases, one party in the transaction sometimes hinted at the possibility of a bribe, without specifying its nature – for instance simply by asking what was in it for them to facilitate the deal. This may also account for the relatively high proportion saying “another type of bribe” (15%) in Figure 3.3.

3.4.2 How the bribe was initially detected

Unlike the other parts of Section 3.4, here we focus exclusively on the 1% of businesses that were offered a bribe by another UK business or individual in the last 12 months. This was the only group asked about how they first detected the bribe. The sample size is therefore lower, and the results should be treated with appropriate caution, given the higher margin of error.

Reflecting on their most recent incident, 7 in 10 (70%) said it was first raised by someone directly involved (that is, the respondent or another staff member being offered the bribe). Under 1 in 5 (16%) said it was detected by someone else not directly involved (that is, a supplier, another staff member or a customer). Finding out through administrative processes, such as via risk assessments, or internal or external audits, reviews or investigations, was the least common way to have found out (5%). This is broken down in Figure 3.4.

Figure 3.4: How businesses initially detected their most recent bribery incident, among the businesses offered a bribe by another UK business or individual in the last 12 months

Base: 54 businesses that either were offered a bribe from another UK business or individual in the last 12 months

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. The list of categories in the chart merge together various specific response options from the survey. A further 1% said “don’t know” (not included in the chart).

A key insight from the qualitative interviews was that businesses typically relied on staff awareness and honesty to detect and escalate incidents. An example of this was the previously mentioned case with the chartered surveyor, where a staff member had been offered tickets to a major sporting event by a contractor, implied to be to curry favour in future work opportunities (see Section 3.2.3). The incident came to light when the individual recipient of the offer, a less experienced staff member, sent an email to other employees, asking if anyone was interested in the tickets. This email was quickly noticed by senior staff and human resources (HR) colleagues. Instead of reprimanding the employee, the business used the incident as an opportunity to conduct further staff training around bribery and corruption, and used this example as a cautionary tale.

There were also bribery incidents that staff had been complicit in (that is, where they had instigated or knowingly accepted bribes), and businesses considered these to be trickier to detect. In these businesses, instances of bribery had sometimes only been detected by coincidence, or due to an individual’s ability to recognise subtle behavioural changes in staff.

For example, a senior director of a manufacturing business recalled how one of their executives received an offer of a bribe from a foreign agent and chose not to accept it, whereas previous executives had accepted similar offers. The executive flagged the incident to the senior director due to having good working relationship with him. The senior director highlighted in the qualitative interview that, since they are a small company, they rely on staff honesty to root out any bribery incidents.

3.4.3 Purposes of bribes

The rest of Section 3.4 reverts back to focusing on both the businesses that were offered bribes by another UK business or individual, as well as those that had to give or were asked to give a bribe to another UK business in the last 12 months.

As shown in Figure 3.5, the most cited purpose of the bribe among these businesses was to maintain good relationships (33%, in the case of the most recent bribery incident). Nevertheless, there were various other responses where there was a clearly defined benefit – in the form of better prices, contracts, orders, deals or funding – which when combined covered a further 38% of the most recent bribery incidents.

The proportion mentioning another purpose (18%) gave a very diverse set of reasons (not included on the chart due to the very low number of individual mentions), including to speed up an application process (sometimes referred to as “speed money” or “facilitation payments”, where one party pays another to expedite a bureaucratic process), to turn a blind eye to other acts, to avoid VAT, and to say thank you.

Figure 3.5: The purpose of the most recent bribe offered, asked for or given in the last 12 months in a domestic, private sector context

Base: 98 bribery incidents across 96 businesses that either were offered a bribe from another UK business or individual, or had to give or were asked to give a bribe to another UK business in the last 12 months

Notes:

The proportions have been rebased on the number of incidents, since businesses could have been both offered a bribe and had to, or be asked to give a bribe. Multiple responses were allowed, so the proportions in this chart do not add to 100%.

The qualitative interviews provided a very nuanced view of bribes given to maintain good relationships. Businesses described such bribes as helping to ingratiate and gesture goodwill to business partners (such as suppliers, clients or distributors) in environments where building strong relationships was deemed essential for business. However, there were blurred lines between what businesses felt might constitute a genuine gesture of goodwill, versus a perceived attempt to exert undue influence. Thus, the purpose of a bribe was often considered to be subjective, with some interviewees not viewing their cases as instances of undue influence.

The distinction between acceptable and unacceptable behaviour was often defined by a business’s internal protocols and culture. One example – originally covered in Section 3.1 – came from the insurance executive who had declared tickets to a sporting event and a hotel stay from a prospective supplier in their company’s gift and hospitality register. This declaration of the gift was felt to be an acceptable level of transparency and integrity. However, they acknowledged that repeated incidents might raise suspicions.

“If we have multiple similar incidents from the same supplier, we might be able to take action, such as questioning the relationship, or wondering why they’re investing so much time and energy.”

Medium business in the finance and insurance sector

In certain cases discussed in the qualitative interviews, the party that was offering the bribe was trying to ensure that certain business decisions went in their favour. In the corruption literature (see Reisman, 1979), these have been referred to as “transactional bribes”, when a business makes a payment to expedite or ensure the other party does what they are already supposed to be doing, or “variance bribes”, when a business makes a payment to get another party to deviate from the law or their duties. We encountered examples of where they intended to secure discounted prices, bypass commissioning processes, push through an application process (for example, for a bank account) or secure a contract as a supplier. On the other side, where a business was being offered a bribe, some businesses had accepted it not only for its face value (that is, the material value of any gift, favour or money), but also did so to build or maintain business relationships.

For some incidents, the motivation behind bribes was focused on individuals rather than the organisation as a whole. For example, we interviewed a wholesaler who had attempted to supply goods to a local council, but encountered an individual within the council who was looking for a personal incentive before they would proceed with the deal.

“I did approach a council department for supplying them with goods. And the guy I was speaking to was only interested in what I could do for him, not what I could do for [the council].”

Medium business in the retail and wholesale sector

3.4.4 How bribes were discussed

Among affected businesses, in their most recent experience of bribery, the bribe was most commonly offered in person (41%). It was also common for bribes to be mentioned over the phone (32%). This indicates that such offers were most typically verbal in nature (68% of the most recent instances, when accounting for the businesses giving more than one answer), and not written down.

The bribe was offered in writing in around 3 in 10 of the most recent instances (31% saying it was either by email, post, a messaging app or SMS text). The full set of responses is shown in Figure 3.6. Businesses could give more than one response at this question, to highlight all the ways in which their most recent bribery incidents were discussed beforehand.

Figure 3.6: How the most recent bribe offered, asked for or given in the last 12 months in a domestic, private sector context was discussed

Base: 98 bribery incidents across 96 businesses that either were offered a bribe from another UK business or individual, or had to give or were asked to give a bribe to another UK business in the last 12 months

Notes:

The proportions have been rebased on the number of incidents, since businesses could have been both offered a bribe and had to, or be asked to give a bribe. Multiple responses were allowed, so the proportions in this chart do not add to 100%.

The qualitative interviews highlighted how verbal exchanges could often feel highly aggressive. One interviewee described a face-to-face meeting with an energy broker, who they felt was pressuring them to sign to a new contract on behalf of their employer. When the interviewee refused, the broker twice offered to buy them a drink in exchange for an immediate signature.

3.4.5 The value of bribes

Accounting for all the most recent cases (from the last 12 months) where businesses were offered a bribe by a UK business or individual, or had to give or were asked to give a bribe to another UK business, the mean value of the bribes was £2,640 (with a lower bound of £608 and an upper bound of £4,670, according to the margin of error). The median was £184. These figures are based on 89 bribery incidents, across 87 businesses in the sample.

The mean (£2,640) is a representative estimate for the value of a bribe in a domestic, private sector context. As such, it can be extrapolated to produce a population-level estimate, for the total value of all the bribes being offered to UK businesses with employees. We calculate this to be £309 million. As with all estimates, it should be remembered that this is subject to a margin of error. In this case, particular caution is required, as there were very few cases of bribery in the sample, and the total population figure has been calculated from 2 different estimates, each with their own lower and upper bounds.

As the qualitative interviews showed, the value depended greatly on the context and type of bribe offered. For instance, corporate hospitality gifts ranged from the price of a couple of drinks to several thousands of pounds for all expenses-paid flights or entertainment tickets. If the bribe involved securing new business in some form (for example, securing a contract or referrals), the value of the bribe was typically proportionate to the size of the opportunity. For instance, the architecture business initially mentioned in Section 3.2.3 stated that the bribery incident they had witnessed – where a construction business offered a significant discount to a client, if the client promised to use them again in future contracts, bypassing a competitive tendering process – amounted to roughly 5% to 15% of the total contract value, worth “hundreds of thousands of pounds”.

While such a discount would reduce the profit margin of the business making the offer, the interviewee said it could be beneficial in the short term to help ensure continued work while the housing market was less buoyant, and there was less demand to go around.

3.5 Business response to the most recent bribery incidents

In this section, we compare the actions taken by businesses that were offered bribes by other UK businesses or individuals, and those taken by businesses that had to give or were asked to give bribes to other UK businesses. This comparison allows us to explore if businesses that found themselves involved in either side of the exchange in a bribery incident took different actions.

Bribery incidents involving UK public officials, or overseas businesses or public officials, were not included in this analysis, as there were too few cases in the sample.

Once again, subgroup analysis was not possible for these survey questions due to low sample sizes.

3.5.1 Actions taken in response

Figure 3.7 shows that the most common action (in response to their most recent incident) by both the businesses offered bribes (34%), and the ones that had to give, or were asked to give bribes (36%), was to cancel a related business transaction or activity. However, it is worth noting that half the businesses in each case took no action at all (53% of those offered bribes, and 50% of those that had to give, or were asked to give bribes).

The pattern of responses in the chart might suggest that businesses being offered bribes were more likely to have initiated staff training or changed internal business processes, compared with those having to, or being asked to give bribes. However, these differences were not statistically significant, so may have occurred by chance.

Figure 3.7: Actions taken in response to the most recent bribery incidents in a domestic, private sector context in the last 12 months

Bases: 54 businesses that had been offered a bribe by another UK business or individual in the last 12 months; 44 businesses that had to give, or had been asked to give a bribe to another UK business in the last 12 months

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

In the qualitative interviews, business responses to bribery were typically reflective of how normalised they perceived bribery to be in their sector. In some cases, businesses had opted not to take any follow-up actions because the bribe in question was viewed as standard practice, or because the incidents were not seen as strictly illegal.

Nevertheless, the interviews did also highlight several responses taken to bribery incidents, including:

termination of deals or partnerships
policy reviews to simplify anti-bribery policies and feedback mechanisms, to make it easier for staff to comply and do the right thing
staff training, with the incident in question often being used as a case study in the training
increasing the number of checks carried out on suspicious or high-risk external partners
centralising of operations to regain control – for example, one business had relocated the management of a foreign branch to their UK office
seeking out certifications (for example, the ISO 9001 international quality management standard)

3.5.2 Reporting of bribery

As Figure 3.7 previously showed, only a small proportion (5%) of the businesses that were offered a bribe by another UK business or individual had reported their most recent instance externally, and only 8% of those that had to, or had been asked to give a bribe had reported it externally. Therefore, the sample sizes were too low to analyse where businesses had reported to.

Businesses’ limited reporting of bribery incidents externally was also reflected in the number of incidents recorded by police and brought to justice in recent years. For example, the Crime in England and Wales statistical bulletin (year ending December 2024) recorded 19 bribery offences in 2024, and in the same year the Ministry of Justice’s Criminal Justice System statistics recorded only 14 prosecutions. The gap between the incidence of bribery recorded in this survey (for example, 117,000 bribes offered to UK businesses from another UK business or individual in the last 12 months) and these figures underscores that the vast majority of bribes go unreported.

Figure 3.8 shows the reasons given for not reporting (among those not reporting). Among this subgroup, the most common reason was that the impact of the bribe was not significant enough to warrant action (cited by 31% of those offered bribes and 26% of those having to, or being asked to give bribes within the domestic private sector). In just over 1 in 10 cases, the businesses either offered a bribe (14%), or having to give or being asked to give a bribe (13%) opted not to report because they did not know who to report to.

It is worth noting that the businesses that were offered a bribe, were more likely than those having to, or asked to give a bribe, to say their reason for not reporting was that they did not think the offer amounted to something illegal (15% versus 2%).

Figure 3.8: Most common reasons why businesses did not report their most recent bribery incidents in a domestic, private sector context in the last 12 months (showing only responses at 5% or higher)

Bases: 50 businesses that had been offered a bribe by another UK business or individual, and did not report the incident; 40 businesses that had to give, or had been asked to give a bribe to another UK business, and did not report the incident.

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. Only responses rounding to 5% or higher for either group are shown, and multiple responses were allowed, so the proportions in this chart do not add to 100%.

The qualitative interviews suggest 3 underlying themes as to why businesses chose not to report bribery incidents, all of which reflected the survey responses:

Perceived seriousness and impact There were instances where the bribe was not accepted, and no harm was perceived. Sometimes businesses deemed the value of the bribe as not significant enough to warrant external reporting. Businesses also attempted to pre-empt how many reports might be received by the relevant authorities. Some believed that only the most extreme or flagrant cases of corruption would be investigated by the authorities, and that reporting gifts or hospitality that may or may not be considered as bribes could be seen as a nuisance. The threshold for what counted as a serious incident varied across interviews, often reflecting sector norms. For example, one insurance business believed that the Financial Conduct Authority (FCA), their regulator, would not be interested in hearing about corporate hospitality.

A lack of clarity on what to report There were examples raised where interviewees considered actions or activities to be corrupt, or to constitute bribery, but were unclear about the legality of the situation and whether the case would stand up in court. Moreover, some bribes were only offered verbally, leaving no written evidence. There were also cases where the account of the incident was felt to be hazy or incomplete. For example, one business that witnessed a bribe being offered to a third party did not know if any exchange ended up taking place. In these instances, businesses were often unsure what, if anything, they could legitimately report.

A desire to avoid scrutiny For example, interviewees recounted situations where they felt reporting could jeopardise lucrative work. This desire to avoid external scrutiny was not limited to those offering or receiving bribes but was also present for third parties that suspected or witnessed incidents, but did not directly engage. For instance, some felt that reporting could lead to them becoming embroiled in a potentially costly criminal or legal case, without the certainty that any parties would be convicted or punished.

3.6 Impact of bribery and corruption

3.6.1 Perceived impact of the most recent bribery incidents

In this section, we look at the perceived impacts of bribery, both positive and negative. We continue to compare businesses that were offered bribes by other UK businesses or individuals, and businesses that had to give or were asked to give bribes to other UK businesses.

As per the previous section, bribery incidents involving UK public officials, or overseas businesses or public officials, were not included in this analysis, as there were too few cases in the sample. Again, subgroup analysis was not possible for these survey questions due to low sample sizes.

Three-fifths of the businesses that were offered bribes (61%), and of the businesses that had to give or were asked to give bribes (59%), felt that their most recent experience had made no impact on their business, positive or negative. In each case, relatively similar proportions highlighted positive impacts as much as negative impacts (Figure 3.9).

Figure 3.9: Impact of the most recent bribery incidents in a domestic, private sector context in the last 12 months

Bases: 54 businesses that had been offered a bribe by another UK business or individual in the last 12 months; 44 businesses that had to give, or had been asked to give a bribe to another UK business in the last 12 months

Notes:

Multiple responses were allowed, so the proportions in this chart do not add to 100%.

There were a wide variety of positive and negative responses mentioned:

among the businesses that were offered bribes in this context, the most commonly mentioned positive impact was improved relationships with suppliers (7%); the most common negative impact was damaged relationships with customers (8%)
among the businesses that had to give or were asked to give bribes in this context, the most commonly mentioned positive impact was gaining new contracts or business (13%); however, mirroring this, the most common negative impact was loss of current or future contracts or business (also 13%)

The high proportions that did not perceive any impact suggest that there was often a great deal of ambivalence towards bribery incidents. It reflects the qualitative feedback suggesting that some businesses had normalised these incidents as standard business practice for their sectors.

The qualitative interviews added further insights on this topic. Firstly, there were substantial impacts, positive and negative, when businesses opted not to engage with bribery, or based on the actions they took in response to bribery incidents:

There were instances of substantial direct losses where businesses had walked away from opportunities that involved bribes One real estate business thus described turning away from an international broker who had requested an additional fee to guarantee winning a tendering process:

“It would have been the biggest single bit of revenue my company would have seen.”

Micro business in the real estate sector

Some businesses that had been offered bribes talked about the benefits of not engaging with them These included a sense of moral satisfaction and peace of mind for businesses and individuals knowing they had acted correctly. In one business, for example, an employee had been praised by their colleagues for escalating a bribe attempt. These cases also helped the business confirm that the policies and processes they had in place were working, and had encouraged some businesses to implement additional measures. And finally, the business responses to these incidents were felt to have helped establish trust between senior staff and other employees.

Interviewees also noted indirect costs from bribery incidents:

Such incidents could, in their view, damage a business’s reputation, lower share prices, and disrupt operations

In one case, bribery by an executive in an overseas branch had resulted in negative perceptions of the company brand, which had led to a drop in the share price. As a result, the business had considered closing the overseas branch entirely, but ultimately decided to bring it under the control of the UK office.

There was also considerable time and effort spent dealing with bribery incidents This included executive time spent on HR and disciplinary issues, policy reviews, increased due diligence checks on suppliers and seeking legal support. A chartered surveyor business had, as an example, used around 20 hours of staff time between their Chief Executive, compliance manager and partners to respond to 2 bribery incidents in the last 12 months.

A further, unique example of time costs came from an architecture business, where the interviewee said they had spent additional time detailing their drawings and specifications, to mitigate the risk of construction businesses cutting corners in their work. This came after witnessing a potentially corrupt offer between a builder and their (the architect’s and builder’s) mutual end client, to complete the build at a highly discounted rate to avoid a competitive tender. However, this time burden was often not considered as part of the direct impact of a bribery incident, as these sorts of tasks were seen to be part of some interviewees’ job descriptions anyway.

3.6.2 Secondary impacts of bribery and corruption

Across all businesses, the survey also explored the extent to which businesses felt they had been affected by the corrupt activity of others. At the overall level, these perceptions were relatively rare, but indicated a non-negligible proportion of businesses losing both domestic and overseas business due to bribery:

1% of businesses said they had put on hold or cancelled potential business activities in the last 12 months due to concerns about corruption (in terms of the UK government definition provided at the start of this chapter)
5% of businesses believed it was very or fairly likely that they had lost a business opportunity in the UK to a competitor who offered a bribe in the last 12 months
7% of internationally trading businesses believed it was very or fairly likely that they had lost a non-UK business opportunity to a competitor who offered a bribe in the last 12 months – this is broken down by trading regions below

At the subgroup level, there were some further differences. Businesses in transport and storage (12%) and construction (9%) were more likely than average (5%) to feel they had lost UK business to competitors that offered a bribe. Internationally trading transport and storage businesses were also more likely than average to think they had lost overseas business to competitors that offered a bribe (17%, versus 7% overall). Businesses in the information and communications sector were more likely to say that potential business had been put on hold or cancelled due to concerns about corruption (4%, versus 1% overall).

Turnover was also linked to perceived potential losses from corruption. High-turnover SMEs (with revenues of £1 million or more) were more likely than low-turnover ones (with under £1 million) to say they had lost UK business to competitors that offered a bribe (9% versus 4%). By contrast, there was no clear link between the size of the business (in terms of number of employees) and these perceptions of lost opportunities.

Among international traders, businesses trading in the following global regions were more likely to think they had lost non-UK business opportunities to competitors who offered a bribe:

Japan (20% of the businesses specifically trading with Japan believed it was very or fairly likely, versus 7% of all international traders)
Africa (16%)
the Gulf States (15%)
Central and South America (15%)
the wider Asia-Pacific region (14%)
Central Asia (13%)
wider Europe outside the European Union (12%)
North America (11%)

Among businesses trading with the European Union (EU), the proportion of businesses that perceived a loss to an overseas competitor who offered a bribe was 7%, on par with the overall proportion of international traders reporting this.

3.7 Perceived risk and drivers of corruption

3.7.1 Perceptions overall and by subgroup (sector, turnover and those experiencing bribery incidents)

At the overall level, 97% of businesses considered themselves either not very at risk or not at all at risk from corruption (in terms of the UK government definition, provided in the survey, and at the start of this chapter). A total of 2% considered themselves to be very or fairly at risk. This is shown in Figure 3.10.

Figure 3.10: Perceived risk of corruption

Base: 2,271 businesses (approximately two-thirds of the available sample, which was chosen at random to answer this question)

Notes:

The percentage of unregulated businesses saying “very at risk” was under 0.5% (not labelled on the chart).

Perceptions of risk were more acute among:

businesses that had experienced bribery in the last 12 months (in any of the 4 scenarios described in Section 3.2 (11% saying they were very or fairly at risk, versus 2% overall)
real estate businesses (10%)
finance and insurance businesses (7%)
businesses with an annual turnover of £10 million or more (7%) – all lower turnover bands were relatively close to the average.

3.7.2 The factors that were seen to increase or decrease risk

In the qualitative interviews, multiple factors were felt to increase or decrease the risk of corruption. These included beliefs about the pervasiveness of corruption in certain sectors or in light of certain business practices, the adoption of anti-corruption policies and measures to lower the risk, and the actions of individuals within the business. In light of this, the findings below are split into factors that impacted whole sectors, factors that linked to specific business practices, and finally factors linked to the behaviours of individuals in the business.

The following factors were felt to underpin the risks at a sector level:

Adherence to regulations and standards Some businesses operating within industries with a strong regulatory presence mentioned feeling less prone to corruption, as they thought the strong regulations and frequent audits promoted transparency and accountability. For example, one financial advisory business and one firm of solicitors both mentioned that because they abided by rigorous compliance requirements, the risks from corruption had been greatly reduced.

Vertical fragmentation in labour supply chains In the construction sector, interviewees mentioned that projects could feature multiple layers of contractors, subcontractors and specialists (including from adjacent sectors such as architecture, engineering and surveying). This vertical fragmentation was perceived as making it easier for corrupt practices to be concealed.

Concentration of power within sectors In certain sectors such as construction, finance and insurance, and administration, businesses noted that the awarding of contracts sometimes rested with a small number of decision makers, or that the same businesses tended to bid for contracts each time. This was felt to make the bidding processes more vulnerable to corruption and bribery.

“If there’s a decision maker deciding which companies get which contracts, then I think it is open to abuse. Incentives can be offered in order to get the bits of work that you do. And by the same token, there are certain niche areas where if you know who else is tendering for the same piece of business, you can almost agree between yourselves whose turn it is to win that contract.”

Micro business in the finance and insurance sector

Large or overseas business transactions In sectors that handled significant amounts of cash or facilitated large transactions outside the UK (for example, some parts of the finance and insurance, and real estate sectors), there was perceived to be less transparency than for UK-only transactions, which was felt to tempt some businesses into corrupt practices such as bribery. This was also considered to go hand-in-hand with money laundering in some cases.

“When working in a B2B situation, it can involve some very large numbers – hundreds of thousands of pounds. If they are able to exert some influence unduly, the temptation is there.”

Medium business in the finance and insurance sector

“The financial services sector is a high-risk sector, because criminals need to launder their money. And a lot of times to do that, they’re willing to pay big bribes to make that happen.”

Small business in the finance and insurance sector

Ingrained ways of working and sector norms We encountered businesses that felt that some forms of corruption and bribery were common ways of doing business in their sector. For example, one interviewee discussed bribery occurring via port-facilitation payments in the international shipping industry. Another business in the manufacturing sector mentioned that “backhanders” were a common way to make a sale. By contrast, one finance business remarked how, over time, their sector norms had shifted, alongside a tightening of their corporate hospitality policy. They noted that ever since all gifts and hospitality had to be declared, no matter how small, the culture of corporate hospitality had disappeared across their industry.

“We have to declare [gifts and hospitality] to such an extent that even corporate entertainment, for instance, has disappeared from our industry because it can be seen to be a potentially corrupting incentive. So whereas many years ago you could be taken to sporting events and all that sort of thing, that has kind of disappeared from our industry.”

Micro business in the finance and insurance sector

In addition, interviewees highlighted several features of how businesses were run (for example, business models, countries of operation and internal culture) that impacted the risk of corruption:

Concentration of power within businesses Businesses that granted excessive power to individuals, and did not clearly separate duties between individuals, were seen as more vulnerable. By contrast, one business suggested that their internal structure or culture made corruption less likely. For example, by distributing decision-making power among multiple individuals instead of concentrating it in the hands of a few, it was felt to be harder to conceal corrupt activities. They felt their actions had encouraged open dialogue, and reduced the likelihood of a single dominant voice suppressing dissent.

“We’ve engaged and employed a greater number of professionals in key management positions and promoted internally to key management positions, rather than just having a single individual having managerial or direct executive responsibility. [There are now] more people to scrutinise things, so it makes it a lot harder to hide something that is possibly corrupt.”

Medium business in the manufacturing sector

Sales-driven business culture We spoke to one business that said that their competitors tended to prioritise growing their topline revenue over their bottom-line profits. They felt this was driven by factors such as the commission-based pay models for staff (which incentivised making the next sale) and the indebtedness of competitor businesses (which meant they needed to grow revenue in order to borrow, to be able to service their debt). In this sales-driven culture, they felt competitors were more willing to accept unscrupulous business practices, such as kickbacks, in order to secure sales.

Reputable business partners Some businesses mentioned that the clients and partners they worked with were considered reputable, and could be counted on to uphold the same standards and ethical conduct as them. This degree of trust in, and perceived credibility of, business partners was seen as a deterrent to corruption incidents.

International trade We previously noted that sectors that engaged more in large, overseas transactions were seen to be more at risk from corruption. More generally, conducting business internationally was viewed as a risk factor in its own right. Businesses with overseas operations or clients highlighted the complexities of navigating different cultural norms and legal frameworks. They noted that standard practice in one country might be considered corrupt in another.

“We live in a world that has many different cultures, and we have to appreciate that what we may see as corruption or bribery is not the same definition as seen in other countries.”

Micro business in the finance and insurance sector

Finally, there was also a recognition of the importance of individuals within businesses, and how they could personally affect the risk of corruption:

The leadership, tone and vigilance from senior managers Interviewees mentioned that a lack of strong ethical leadership, where leaders operate with a sense of complacency or opacity, could trickle down and normalise unethical behaviour. In some smaller businesses, interviewees in senior roles (for example, business owners or senior managers) said that they as individuals often set the tone for the entire organisation. In these environments, taking into account the smaller size of their business, they felt it would be difficult for corrupt activities to remain hidden for long, due to employees being close-knit and the owners maintaining a high level of visibility.

Self-motivated individuals Interviewees noted that corruption was not limited to large scale schemes but could manifest in subtle, individual actions. This included, for example, self-motivated individuals who accepted small gifts, claimed excessive expenses, or abused power for minor incentives or advantages, without the knowledge of the wider business. There were also mentions of personal circumstances that made employees more vulnerable, such as having debts or addictions. One interviewee believed that corruption was most likely to manifest at the mid-level management level in their business, as they had enough influence to assert power within certain situations, but a low enough salary that they were still seeking a financial incentive.

“I’d say mid-level management. Those who don’t necessarily have the salary or the moral obligation to run a company. They’re a lower level but use their influence for personal gain.”

Medium business in the retail or wholesale sector

“It can be quite minute; it can be personal; it can be on a one-to-one or individual basis. It doesn’t necessarily need to be a holistic, organisational practice.”

Medium business in the professional, scientific and technical sector

3.8 Preparedness for corruption risks and incidents

3.8.1 Measures in place to manage corruption risks

Over two-fifths (45%) of businesses had in place at least one of the measures from Figure 3.11 to manage the risks of corruption over the last 12 months. Just over half (55%) had none of these measures in place.

The most common anti-corruption measures were a Code of Conduct for staff which specifically prohibited bribery (30% of all businesses), a written anti-corruption or anti-bribery policy (24%), and a whistleblowing policy (23%). The least common measures from the list were accreditation (4%), and any anti-bribery, corruption training or awareness raising for business partners or contractors (6%). More had training for their own staff (16%) than for partners or contractors.

Figure 3.11: Measures businesses took or had in place to manage corruption risks across the last 12 months

Base: 2,271 businesses (approximately two-thirds of the available sample, which was chosen at random to answer this question)

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

Among the 45% with any measures in place, the typical (median) business had 3 of the listed measures in place, that is, they had undertaken a range of actions to protect themselves. For example, those that had a Code of Conduct in place were also more likely than average to have undertaken each of the other 10 measures asked about (that is, this top measure was positively correlated with each other measure individually).

3.8.2 Business perceptions of their own preparedness

Overall, almost 9 in 10 businesses (87%) thought they had adequate processes in place to minimise the risk of corruption. Even among those that had none of the measures mentioned in Figure 3.11 above, over 8 in 10 (83%) felt they were adequately protected.

In the qualitative interviews, various businesses exhibited a degree of optimism bias. They expressed confidence in their ability to identify and mitigate potential corruption incidents, even without formal policies or procedures in place.

3.8.3 Size subgroup differences

As Figure 3.12 shows, medium and large businesses were significantly more likely to have each of the listed anti-corruption measures in place. Compared to the 45% of businesses overall that had at least one of these measures in place, 83% of medium businesses and 95% of large businesses had at least one. However, even among medium businesses, only a minority had preventative clauses in contracts, specific staff members responsible, or any kind of training or awareness raising activities on this topic. Among both medium and large businesses, it was still relatively uncommon to have accreditation, or training for partners and contractors.

Figure 3.12: Measures businesses took or had in place to manage corruption risks across the last 12 months, overall and for specific size bands

Bases (approximately two-thirds of the available sample for all groups, which was chosen at random to answer this question): 2,271 businesses; 294 medium businesses; 108 large businesses

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

3.8.4 Sector subgroup differences

Businesses in the following sectors were more likely to have at least one of the anti-corruption measures from Figure 3.11 in place:

finance and insurance (85%, versus 45% overall)
health, social care or social work (73%)
professional, scientific or technical (63%)
real estate (59%)

Specifically, for each measure in Figure 3.13, businesses in the finance and insurance sector, and professional, scientific and technical sector, were more likely than average to have put that measure in place. The real estate sector was also more likely than average to have undertaken each of the individual measures shown here, with the exception of having a written anti-corruption or anti-bribery policy, and internal gift or hospitality registers (where the differences from the average were not statistically significant).

Across all these sectors, it was still relatively uncommon for businesses to have any kind of relevant accreditation, or training or awareness raising specifically for partners or contractors.

Figure 3.13: Measures businesses took or had in place to manage corruption risks across the last 12 months, overall and for specific sectors

Bases (approximately two-thirds of the available sample for all groups, which was chosen at random to answer this question): 2,271 businesses; 103 finance and insurance businesses; 308 professional, scientific and technical businesses

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

3.8.5 Other subgroup differences (turnover, international trading status, those perceiving themselves at risk from corruption, and those experiencing bribery incidents)

As well as business size, business turnover was also linked to having anti-corruption measures in place. A total of 64% of high-turnover SMEs (with annual turnovers of £1 million or more) had at least one of the measures covered above in place, versus 41% of SMEs with lower turnovers. Focusing on where the gap between these 2 subgroups was largest, roughly twice as many high-turnover SMEs versus low-turnover SMEs had:

a relevant Code of Conduct (46% versus 26%)
a written anti-bribery or anti-corruption policy (44% versus 19%)
a whistleblowing policy (40% versus 19%)
anti-bribery or anti-corruption clauses in contracts (34% versus 15%)

Businesses that traded internationally were also more likely than average to have had at least one of these measures in place (53%, versus 45% overall).

In addition, businesses that perceived themselves to be very or fairly at risk from corruption were more likely than average to have one or more of the listed anti-corruption measures in place (62%, versus 45% overall). Perhaps reflecting the relationship between corruption and money laundering mentioned in the qualitative interviews, those that perceived themselves to be at risk from money laundering (covered in Chapter 4) were also more likely than average to have at least one of these anti-corruption measures (72%).

Finally, business that had experienced bribery incidents in the last 12 months were also more likely to say they had one or more of these measures in place (61%). As shown earlier in Section 3.5.1, around a fifth of businesses (20%) had implemented new policies or processes after being offered a bribe, and roughly 1 in 10 (11%) had done so after having to, or being asked to give a bribe. The qualitative interviews also uncovered cases of businesses learning from past experiences of bribery. For instance, one shipping business that experienced an overseas bribery incident implemented significant changes in their processes and procedures, including introducing ISO 9001 certification.

3.8.6 Reasons for having measures in place

The qualitative research highlighted various underlying reasons for businesses opting to have formal anti-corruption or anti-bribery measures in place. The reasons varied depending on a business’s size, industry, regulatory environment, and the values of its leadership. However, the common thread was a desire to protect the business from financial, legal, and reputational damage, as well as to promote ethical conduct.

regulatory requirements – in the finance and law sectors, various businesses highlighted the need to comply with regulations from a legal perspective, maintain a good relationship with their regulator (including specific mentions of the FCA, the Law Society and Solicitors Regulation Authority), and avoid losing their licenses to do business
protecting reputation and brand – businesses recognised that a corruption incident had the power to severely damage a business’s image; this was particularly the case for businesses that relied strongly on the trust of customers or communities; for example, one interviewee from a credit union mentioned that a corruption incident could be very damaging to the reputation of their business, impacting members’ trust and loyalty
avoiding financial losses and legal consequences – businesses discussed the significant direct losses that could result from prosecutions and fines, as well as indirect losses from damaged business relationships or opportunity costs (from lost business activities); one business owner discussed the topic as if the future of their entire business was at stake

“If I ever got caught in a corruption scandal, I’d have to walk away from the company I’ve been building.”

Micro business in the real estate sector

ethical considerations – some interviewees emphasised their desire to do the right thing, and avoid engaging in unethical practices, as a key driver of their actions

3.8.7 Reasons for not having measures in place

In the survey, the most common reasons provided for not having the measures in place from Figure 3.11 centred around the perceived relevance of these measures. Over half of those with none of the listed measures said this was because they were too small (55%), while over two-fifths (44%) said they were not the kind of business affected by corruption.

The next most common reasons provided were that businesses had not thought about this issue before (7%) or that it was not a priority for them (5%). All other specific reasons were given by under 5% of the businesses that had no measures in place. To note, this question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey.

As a rationale for why they did not have such measures in place, businesses in the agriculture, forestry and fishing sector (11%), and those in the construction sector (7%), were more likely than the average business (3%) to say that they were a family business. Beyond this, there were no notable sectoral differences in the reasons provided.

The qualitative interviews suggested more overarching, thematic reasons for why businesses did not feel the needs to have specific risk management measures for corruption:

prioritisation of other risks – businesses had often focused on what they saw as more immediate concerns, such as financial stability, operational efficiency, or health and safety, relegating corruption to a lower priority
a lack of resources – smaller businesses, in particular, cited limited time, staff, and financial resources as barriers to developing and implementing formal policies
reliance on informal measures – some businesses said they took a commonsense approach, for example trying to be “naturally suspicious” of potentially corrupt activities; others mentioned sticking with trusted, potentially local, clients or suppliers

The reasons were often interconnected. For instance, businesses with limited resources often gave this as a reason for prioritising other business risks, or relying more on informal measures.

3.9 Chapter conclusions

This study has collected various new and important statistics and insights about corruption across UK businesses with employees. Many of the survey results, including prevalence and incidence estimates, focus exclusively on bribery. The qualitative research within the business population illustrated that bribery was the behaviour best understood and recognised as corruption. Nevertheless, bribery was also perceived to have grey areas. Gifts and hospitality were identified in the survey as the second most common type of bribe (after money), and a theme across the qualitative interviews was the difficulty of setting appropriate boundaries for gift-giving and hospitality when doing business.

This aligned with the survey finding that “building a good business relationship” was the most common purpose for bribes received in a domestic, private sector context – this was seen as an area which could include standard and accepted business practices, but also veer into corrupt activities. As well as bribery, some businesses offered a broader perspective and recognised other behaviours – such as collusion and nepotism – which they would consider as corruption.

A total of 3% of all businesses with employees, equating to an estimated 40,500 such businesses across the UK, experienced some form of bribery in the 12 months prior to the survey (the total prevalence). In this period, about 1% of UK businesses had been offered a bribe from another UK business or individual, with a similar proportion reporting that they had to give or were asked to give a bribe to another UK business. A much smaller proportion of businesses (less than 0.5%) had to give or were asked to give a bribe to a UK public official. In addition, around 1% of all businesses that traded internationally had to give or were asked to give a bribe to an overseas business or public official in the past 12 months.

Among the businesses that were specifically offered bribes by other UK businesses or individuals, this occurred on an average (mean) of 6 occasions in the past 12 months. This resulted in an estimated 117,000 incidents in which businesses with employees were offered bribes by other UK businesses or individuals in the past 12 months (the total incidence). With an average (mean) bribe value of £2,640 across the most recent incidents in a domestic, private sector context, these findings indicate that businesses with employees were offered an estimated £309 million in bribes in the previous 12 months.

The survey illustrates the clandestine nature of bribery between UK businesses. In 68% of the most recent incidents, bribes were offered or requested verbally. In addition, 70% of incidents in which businesses were offered a bribe were identified because the individual who was offered a bribe flagged it themselves. Only 5% of the incidents were identified through internal administrative processes such as risk assessments, audits or reviews, and only 5% were reported externally. These findings indicate substantial barriers to the ability of businesses and law enforcement agencies to discover and respond to incidents.

Businesses were largely ambivalent about the impacts of involvement in bribery within the domestic private sector. In 61% of such incidents where they were offered bribes, and 59% of such incidents where they had to give or were asked to pay bribes, businesses said there was no impact on them. For the remainder of incidents, similar proportions encountered positive impacts, such as new contracts or business, as identified negative ones, such as the loss of contracts or business opportunities. Such findings may therefore present challenges in terms of persuading businesses of the need to take action.

However, when businesses were asked how they had been affected by the corrupt activity of others, as opposed to directly participating in bribery incidents, there were clear examples of harms experienced, albeit by a relatively small proportion of businesses. For example, across the previous 12 months, 1% of businesses had put on hold or cancelled business activities due to concerns about corruption, 5% said it was likely that they had lost a business opportunity in the UK to a competitor who offered a bribe and 7% of internationally trading businesses believed they had lost a business opportunity overseas to competitors offering a bribe. Further consideration is needed regarding how these kinds of potential harms can be best communicated to businesses.

The regularity of bribery incidents, and the perceived risks of corruption more broadly to businesses, varied substantially by sector. The construction, service and membership, administration, utilities and production, and transport and storage sectors had the highest prevalence or incidence rates for businesses having to, or being asked to give bribes. By contrast, incidence rates for businesses being offered bribes were highest in the real estate, retail and wholesale, and finance and insurance sectors. Beyond direct experiences, real estate businesses (14%) and construction businesses (9%) were more likely than average (4%) to believe that bribery was very or fairly prevalent in their sectors.

The qualitative findings helped to illustrate why specific sectors may be more adversely affected by bribery, and by corruption issues generally. Businesses highlighted key sector-level risk factors including layering within supply chains, concentration of power in the awarding of contracts, the extent of large or overseas business transactions, sectoral norms and ingrained ways of working, and differential sectoral regulations and standards. Factors such as the nature of leadership and vigilance from senior managers, opportunities for unsupervised decision-making power, and sales-driven work cultures were seen to affect the risk between individual businesses.

The most common anti-corruption measures in place in businesses were a Code of Conduct for staff which specifically prohibited bribery (30%), a written anti-corruption or anti-bribery policy (24%) and a whistleblowing policy (23%). Yet over half of businesses (55%) did not have any of the of the anti-corruption measures asked about in the survey in place. Business size, turnover and sector heavily influenced the likelihood that businesses had measures in place – larger and higher-turnover businesses were much more likely to have taken action. The qualitative interviews offered further insights as to why businesses may not have adopted anti-corruption measures, with some opting to prioritise other business risks, some lacking the resources to focus on corruption, or choosing to rely mostly on informal measures and common sense.

The qualitative findings suggested an overall lack of awareness and an inconsistent understanding of corruption among businesses. While bribery was felt to be a well-understood and consistently recognised form of corruption, businesses also conflated corruption with other economic crimes such as fraud and money laundering, or more broadly with business practices they considered to be unfair, but which were not necessarily illegal. The findings highlighted the significant challenges faced by policymakers in getting businesses to address the specific issue of corruption, and by businesses themselves in terms of staff being able to spot corruption and take action when they see it.

Question 5

4. Money laundering

Accepted Answer

4.1 How businesses understood money laundering

4.2 Prevalence of money laundering

4.3 Incidence of money laundering

4.4 How certain were businesses that money laundering was taking place

4.5 Characteristics of the most recent money laundering incidents

4.6 Business response to the most recent money laundering incidents experienced

4.7 Impact of money laundering

4.8 Perceived risk and drivers of money laundering

4.9 Preparedness for money laundering risks and incidents

4.10 Chapter conclusions

This is the first UK government study to explore experiences of money laundering quantitatively (and was not included in the previous Economic Crime Survey), providing considerable new insight into this type of economic crime.

The first part of this chapter focuses on the businesses with employees that experienced any money laundering incidents in the 12 months prior to being surveyed. This includes the types of incidents experienced, how businesses identified and evidenced money laundering, their knowledge of the perpetrators, reporting of incidents and the broader business response, and the business impacts associated with money laundering. As part of this, we provide extrapolated estimates of the prevalence and incidence of money laundering. The quantitative findings are interspersed with data from the qualitative interviews, covering the same topic areas, as well as awareness of money laundering.

The rest of the chapter covers all businesses with employees, not just those experiencing money laundering incidents, in terms of their perceived risk from, and preparedness for, money laundering incidents. These sections also combine data from the quantitative survey and the qualitative interviews.

As part of the survey development work, it was established that businesses often had a low awareness and understanding of money laundering. As such, the survey did not use this term specifically, and instead referred to instances where the respondent business “knew or suspected that the money [involved] was derived from criminal activity” – these instances identified in the survey are referred to as money laundering experiences throughout the rest of this report. These capture both direct experiences as well as activity observed among staff, customers, suppliers or other businesses that the respondent business worked with. Cases where activity was prevented are included within these figures.

In this chapter, we refer to the subgroups of “regulated” and “unregulated” businesses, with the former being those with anti-money laundering obligations. Under the Money Laundering Regulations 2017, businesses in various sectors, including accountants, financial service businesses, estate agents and solicitors, must register to have their activities monitored by a relevant supervisory authority – to stop criminals using UK businesses to launder money. We asked businesses to self-identify as regulated businesses (in the context of anti-money laundering obligations) in the survey, by asking whether they were registered with a relevant anti-money laundering scheme and monitored by a relevant supervisory authority. A total of 513 businesses in our sample were regulated businesses. The remaining 2,964 were considered to be unregulated, including those that did not know if they were registered with a relevant scheme (with the rationale that those that were registered would know that they were).

4.1 How businesses understood money laundering

In the qualitative interviews, participants generally understood that money laundering involved an element of concealing criminal proceeds or converting them into “clean” funds. Money laundering was commonly linked to other serious crimes, with frequent mentions of drugs trafficking, people trafficking, smuggling and cyber crime. However, while there was a strong sense across all interviews that money laundering incidents were serious crimes, the issue did not feel relevant to all the businesses we spoke to. Some smaller, unregulated businesses felt that money laundering was predominantly an issue with physical money, rather than digital money. As a result, they thought that businesses that did not deal in physical cash were inherently protected from risk or legal obligation.

The deepest understanding tended to be among regulated businesses, who were typically familiar with anti-money laundering regulations, reporting obligations, and the complexities of tracing illicit funds. They also recognised the diverse methods through which money could be laundered, beyond physical cash transactions. There were also a range of unregulated businesses with more moderate understanding, in that they were less familiar with regulations and reporting mechanisms, but were aware of common red flags, such as large cash payments or suspicious customer behaviour (which we cover in more detail in Section 4.5.2). These latter businesses came from a range of unregulated sectors such as retail, hospitality and construction.

Businesses sometimes had difficulty in determining if an activity was money laundering or not, and described several perceived grey areas, such as:

Differentiating money laundering from legal activity Certain activities that may be used for money laundering can also be used for legitimate purposes (for example, legal tax minimisation). Determining between the 2 relies on understanding the source of funds, and this can be tricky. Businesses described the challenge of identifying whether money was derived from criminal activity based on the information they had available to them. This resulted in situations where businesses could neither evidence that the funds originated from crime, nor verify the source of the funds to a satisfactory standard. Certainty around money laundering suspicions is discussed further in Section 4.4.

Differentiating money laundering from other economic crimes This challenge arose for one of 2 reasons. Firstly, there was the potential co-occurrence of money laundering activities alongside other economic crimes – for example, we heard examples of businesses being asked to agree to a purchase or transaction based on fraudulent earnings. As such, businesses were unsure whether to treat the incident as money laundering, or fraud, or both.

Secondly, there was broader uncertainty in the type of crime being committed – for example, a charity shop described individuals using £50 notes for low-value purchases and asking for the change. While these individuals were known as being associated with criminal activity, it was unclear whether the money was from the proceeds of crime, counterfeit money, or both, making it difficult to confirm whether it was money laundering specifically. This example is covered in more detail in Section 4.7.1 as a full case study.

These difficulties in categorisation reflected the nature of money laundering as a less overt economic crime. Furthermore, businesses’ uncertainty around what behaviours constitute money laundering affects whether it is identified and how businesses respond to the suspicious activity in question.

4.2 Prevalence of money laundering

Around 2% of businesses with employees experienced at least one known or suspected money laundering incident in the 12 months prior to the survey. This equates to approximately 33,500 businesses in the population. As with the other extrapolated figures in this report, this has a margin of error. We calculate a lower bound estimate of 25,300 businesses and an upper bound estimate of 41,700 businesses within the margin of error.

The prevalence rate of 2% made money laundering a very rare crime, unevenly distributed within the business population. This aligns with the findings from qualitative interviews. For instance, certain businesses did not consider themselves as targets for money laundering due to their lack of cash dealings, lack of high-value transactions, or domestic-only operations – these themes are discussed more in Section 4.8.4. As such, a relatively small subset of businesses considered themselves to be viable vehicles for money laundering. However, as mentioned previously, social desirability bias and businesses’ unwillingness to disclose information which could implicate themselves could also have affected these results.

It is important to note that money laundering incidents recorded within this survey only cover those that businesses were able to identify and willing to disclose (see Section 1.3 in the Technical report for further details on the strengths and limitations of this study). Furthermore, the survey development work indicated that money laundering was extremely difficult for businesses to confidently identify, both due to its hidden nature, and because it often takes place separately from the original crime that had generated the money (similar challenges regarding what constituted as money laundering were identified during the qualitative interviews, as discussed in Section 4.1). To avoid underestimating the levels of money laundering occurring across businesses in cases where proof was not available, the survey recorded suspected as well as known incidents of money laundering.

4.2.1 Subgroup differences (size, turnover, sector and international trading status)

Due to the low overall prevalence of money laundering incidents, any subgroup differences were inherently small, even when statistically significant.

Money laundering was significantly more prevalent among medium and large businesses as a combined group (4%) compared to micro and small businesses (2%). High-turnover SMEs also had a higher prevalence of money laundering (4% among those with annual turnovers of £1 million or more) than low-turnover SMEs (2% among those with annual turnovers under £1 million).

Transport and storage was the only industry sector with a significantly higher prevalence rate (6%) compared to that of all businesses (2%).

Regulated businesses were also significantly more likely than unregulated businesses to have experienced and identified at least one money laundering incident (6% versus 2%).

International traders as an overall group were no more likely than average to experience money laundering incidents. However, those that conducted business with the Gulf states had a higher prevalence rate (6%) compared to that of all businesses (2%).

Collectively, these findings suggest that certain groups of businesses – larger businesses, those with higher revenues, and regulated businesses – were more prone to encountering money laundering. This again reflects the qualitative discussion around the drivers of money laundering, covered later in Section 4.8.4. It could also reflect the fact that certain businesses, for example, regulated businesses, were better equipped and trained to identify money laundering (covered in Section 4.9.3).

However, it is worth noting that higher prevalence rates do not always mean higher total prevalence. Large businesses and regulated businesses had relatively high prevalence rates but accounted for a relatively small proportion of the total prevalence of money laundering, since both groups only constitute a small proportion of the wider business population. For example, while regulated businesses had a greater prevalence rate than unregulated businesses, when extrapolating to the wider population of businesses with employees,^{[footnote 7]} most businesses who experienced money laundering were unregulated (approximately 23,300 unregulated businesses versus 10,200 regulated businesses affected). These figures are also subject to a margin of error. For the total prevalence among unregulated businesses, the lower bound estimate is 16,400 and the upper bound estimate 30,200. For regulated businesses, these lower and upper bounds were estimated as 6,180 and 14,200.

4.2.2 Categories of money laundering

Figure 4.1 shows the most to least common categories of money laundering incidents experienced. Due to the very low number of cases experienced across our survey sample, we have only displayed these results based on the businesses that experienced any incidents, rather than based on all businesses (as these proportions would range from under half a percent of to 1% of businesses). Further quantitative data to break down this information has been published alongside this report.

The most common types of incidents experienced among businesses – in each case where the money was known or suspected to be derived from criminal activity – were observing businesses paying employees in cash to avoid scrutiny (26% of those who experienced money laundering), manipulation of invoices, receipts or credit notes to hide the true source of payments (20%), receiving offers to invest suspected criminal funds in the business (17%), and witnessing the movement of money in and out of companies, trusts or partnerships with no clear business purpose (16%).

The least common category of incident witnessed was the use of offshore accounts to hide income or assets (1%).

Figure 4.1: Specific types of money laundering incidents experienced in the last 12 months, among the businesses that experienced money laundering

Base: 100 businesses that experienced money laundering in the last 12 months

Notes:

Multiple responses were allowed, so the proportions in this chart do not add to 100%.

4.3 Incidence of money laundering

Among the 2% of businesses experiencing any money laundering incidents in the last 12 months, 6 in 10 (59%) experienced more than one incident in this period. In other words, for the businesses that encountered money laundering, these were not typically one-off occurrences. The mean number of incidents per business was 7, while the median was 2. The discrepancy between mean and median values highlights that a small number of businesses experienced a large volume of incidents, while most businesses experienced fewer incidents.

As with overall prevalence, we can extrapolate from these results to look across the population of businesses with employees:

we estimate that there were approximately 225,000 money laundering incidents experienced by businesses with employees in the past year; this figure is subject to a margin of error, with a lower bound estimate of 120,000 incidents and an upper bound estimate of 329,000 incidents
the incidence rate – the number of money laundering incidents per every 1,000 businesses with employees – was approximately 157; this figure has a lower bound estimate of 84 and an upper bound of estimate of 231, within the margin of error

The total number of estimated money laundering incidents across the business population (225,000) was substantially lower than the total number of SARs submitted in the previous year. According to the National Crime Agency’s (NCA’s) SARs Annual Report, the UK Financial Intelligence Unit (UKFIU) received 872,048 SARs in the financial year 2023/24. There are several possible reasons for this disconnect, including:

the fact that multiple SARs can be submitted for one incident
SARs being designed to capture suspicions related to terrorist financing in addition to money laundering, and also sometimes picking up instances of other crimes (for example, fraud) due to businesses’ uncertainty of reporting requirements
the greater incentive for “defensive reporting” (that is, a precautionary approach to reporting to mitigate the risk of breaching regulatory obligations) via SARs than was present in the survey

4.3.1 Subgroup differences (size and regulated businesses)

In terms of business size, the incidence rate was highest among medium businesses (1,290 incidents per 1,000 businesses with employees), with lower incidence rates experienced by small (293), large (239) and micro (96) business.

Among regulated businesses, the incidence rate was also higher than for unregulated businesses (289 versus 140 incidents per 1,000 businesses).

It may be that money laundering incidents were more concentrated within these subgroups. Alternatively, these differences could indicate that regulated businesses were simply better at identifying money laundering incidents, and had more formal processes for handling and recording suspicions. It is unclear what might be driving the difference for medium businesses specifically.

High incidence rates among small subgroups of the population did not necessarily equate to greater total incidence (see the similar discussion on prevalence in Section 4.2.1). For instance, when extrapolating to the wider population of businesses with employees – our best estimates indicate that unregulated businesses experienced over 3 times more incidents than regulated businesses (approximately 176,000 versus 49,200 incidents).^{[footnote 8]} For the total incidence among unregulated businesses, there is a lower bound estimate of 76,000 and an upper bound estimate of 275,000. For regulated businesses, these lower and upper bounds were estimated as 17,600 and 80,800. It is important to note that there is a small overlap between the confidence intervals for unregulated and regulated businesses. Consequentially, if the true total incidence for unregulated businesses was more aligned with its lower bound, while the total incidence for regulated businesses was more towards its higher bound, the figures may be similar.

Due to the very small number of cases on which to base the incidence rates, we have not reported the incidence rates by sectors in this chapter. However, these have been included in the Technical report. It is important to note that these kinds of results are strongly influenced by any outliers in the data (which could reflect the true distribution of values in the population). The Technical report also shows what the results would be (overall, and by size and sector) if statistical outliers were removed.

4.4 How certain were businesses that money laundering was taking place

In the survey, we asked the 2% of businesses that had experienced any money laundering incidents in the last 12 months to focus on their most recent incident, and to assess how certain they were in these cases that the money being exchanged was derived from criminal activity.

Figure 4.2 highlights the high level of uncertainty surrounding money laundering incidents. Only 14% of affected businesses said they had indisputable evidence proving criminal activity. In two-thirds of cases, for the most recent incident, businesses were not able to specifically evidence that the money was derived from criminal activity.

It is important to note that according to the NCA, the submission of a SAR does not require businesses to have any specific evidence that money laundering has occurred, only suspicion or knowledge. See Section 4.6.4 for further detail on businesses experiences of submitting a SAR.

Figure 4.2: How certain businesses were that money was derived from criminal activity in their most recent money laundering incident

Base: 96 businesses that could recall their most recent money laundering incident

In the qualitative interviews, businesses were more certain about the criminal origin of money when the police were involved. Several businesses mentioned police investigations that confirmed their suspicions. This was irrespective of the outcome of any investigation, of which businesses were not typically aware. One mortgage broker described a case where discrepancies between a prospective buyer’s bank statement and tax return led to a police investigation, including interviews and laptop seizures, confirming the business’s initial suspicions.

In the absence of police investigations or reports, businesses expressed difficulty in knowing whether funds were from an illicit source. As previously covered in Section 4.1, they also had difficulty in distinguishing money laundering from other economic crime, given perceived overlaps with crimes such as invoice fraud, tax evasion or counterfeiting of money. Nevertheless, there were several red flags identified in the qualitative interviews that gave rise to suspicions of money laundering, and the accumulation of red flags also made businesses more certain in their outlook. These red flags are covered in Section 4.5.2.

4.5 Characteristics of the most recent money laundering incidents

This section focuses on the 2% of businesses that experienced money laundering in the last 12 months. They were asked follow-up questions about the nature of their most recent incident, including how it was detected and knowledge of the perpetrators. We also cover the qualitative insights around the detection of money laundering incidents and the red flags that led businesses to be suspicious.

Due to the small base sizes, it is not possible to look at subgroup differences for the survey results.

4.5.1 How the business detected the money laundering incident

Money laundering detection methods can generally be considered within 3 overarching categories. Two-fifths (40%) of affected businesses detected their most recent incident in an ad hoc manner via the owner or staff. The second most common category for detection was via an internal business process or paperwork (21%). Finally, the third category covered those businesses (a total of 12%) that were alerted to their most recent incidents from someone outside their business.

A further 23% identified their most recent incident in another way, with 11% unsure about how the incident was identified.

The latter 2 overarching categories have been created by combining several more specific answers that businesses gave in the survey. The specific internal processes or paperwork included the following (where the overlapping responses summed to 21%):

routine manual transaction monitoring (10% of the businesses experiencing money laundering)
vetting or identity checks of customers or suppliers (6%)
internal audits, reviews or investigations (4%)
monitoring via software or automated means (under 0.5%)
reviewing bank statements (under 0.5%)

The higher proportion of businesses detecting incidents via manual monitoring than by automated monitoring is likely to reflect that relatively few businesses had automated software-driven monitoring tools in place – which we cover later in Section 4.9.

There were also a range of more specific answers for where businesses were alerted by someone outside the business (where the overlapping responses summed to 12%). The top specific response was via a bank or insurance provider (5% of the businesses experiencing money laundering). Businesses were less likely to be alerted to a potential incident by customers (2%) or suppliers (2%).

Figure 4.3 summarises the specific sources or methods mentioned most often.

Figure 4.3: How businesses detected their most recent money laundering incidents, among the businesses experiencing any incidents in the last 12 months (showing only responses at 5% or higher)

Base: 96 businesses that could recall their most recent money laundering incident

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. Only responses rounding to 5% or higher are shown, and multiple responses were allowed, so the proportions in this chart do not add to 100%.

Three quarters of businesses (75%) detected their most recent incident through just one source or method. One in 10 (11%) detected it through more than one source or method. Nevertheless, as the qualitative evidence in the next section (4.5.2) covers, a single review or investigation could herald multiple elements of explicit or implicit evidence to raise suspicions.

The qualitative research also suggested that formal methods of detection were more predominant among larger businesses and regulated businesses, where there was a level of consistency across employees in the way they dealt with suspicious activity. These typically involved written procedures or automated systems, such as payment checks.

Informal methods were more common in smaller, unregulated businesses, who lacked written processes. Interviewees from these businesses described relying on common sense and “gut feeling”, or a vague sense that something was not right, rather than clearly defined indicators of potential money laundering. These methods often depended on the experience of the people involved, with some interviewees suggesting that their years of experience had helped them distinguish between normal and unusual patterns of activity.

Nonetheless, interviewees from regulated firms also highlighted the importance of experience in identifying potential money laundering, even where processes were more formal.

“It’s not very scientific. You can look at stuff and it feels wrong. That’s just experience – the pattern is wrong.”

Regulated micro business in the professional, scientific and technical sector

4.5.2 Red flags that raised suspicion of money laundering

The qualitative interviewees mentioned various red flags that helped to expose or evidence money laundering. It is important to note that these were seen by businesses as warning signs that raised their suspicions, rather than guaranteed indicators of money laundering.

Firstly, there were explicit red flags, based on verifiable errors or failed formal checks. Businesses that described encountering these explicit red flags had strong convictions about the suspiciousness of these errors. Among these errors and failed checks, there were some that were more conspicuous, such as individuals or goods that did not exist, and others that were less immediately noticeable, or inconspicuous, such as some of the details of partner organisations being wrong or incomplete. Across the examples provided, these kinds of red flags often appeared in tandem:

Prospective clients not providing required information This could include refusing or not responding to requests, as well as cases where incomplete or unclear information was provided which did not suitably answer the original queries. This led businesses to suspect something was being hidden, especially for large purchases, such as property. A chartered surveyor gave an example of the sale of a property holding priced at £1.2 million. Several buyers showed interest, with most having verifiable sources of funds such as businesses or shares. However, one buyer proposed a cash purchase. They then failed to provide evidence of having the funds, or the origin of the funds, despite repeated requests over several weeks.

Prospective clients providing false, inaccurate or conflicting information These kinds of discrepancies were often identified via verification processes and due diligence checks. For example, a small accountancy business reported seeing regular inconsistencies in one client’s accounts. In one instance, the interviewee found an invoice for the delivery of 25 tons of goods 200 miles away. However, on searching the delivery address online, they found that it was less than 15 minutes away from the client. The client also could not produce a record of the goods themselves.

Secondly, there were implicit red flags. These were where businesses noticed unusual behaviour, offers that were out of the ordinary, or a more subtle lack of cooperation from prospective clients, but there were no overt errors in documentation or information, or failed formal checks. Multiple elements of implicit red flags led businesses to become more suspicious, as the following cases illustrate:

Unusual payment offers These included instances where businesses were offered a much higher price to get them to agree to a purchase, or where the proposed payment methods were unusual. For example, a small holiday lets business flagged frequent attempts to book their homes for extended periods; around 40 nights in some instances. Prospective clients would offer to pay over the odds for these stays – typically a few thousand pounds more than the listed price – and then ask for the difference to be reimbursed by the business into a separate bank account. The interviewee assumed these buyers were always trying to pay with criminal money. In another interview, a flooring supplier discussed an incident where the prospective client intended to pay £2,500 in cash, which was highly unusual, as clients in the construction industry typically tended not to have high cashflows.

“People were trying to convince us to take the cash. They were almost willing to pay over the odds a bit to be able to get rid of the cash and turn it into product… If it’s too good to be true, it’s too good to be true. That’s my philosophy.”

Unregulated small business in the retail and wholesale sector

In a different example, a small electrical company was approached by a prospective investor offering to buy a percentage of their business. The prospective investor referenced figures that were in the filed accounts on Companies House, showing that the business was in financial difficulties. The company owner found the investment offer suspicious, because they did not know what the investor did for a living or where the money came from, and because the offer included an extra sum of money to be given directly to the owner free of charge on top of the invested amount.

Overseas clients with complex circumstances In some cases, such clients were felt to be inherently more suspicious. This was linked to perceptions of higher rates of crime in some countries, the idea of money potentially being moved out of a jurisdiction to separate it from a crime, and the challenge of getting the necessary information from these clients. Businesses that did not work with overseas clients often were more likely to be suspicious when approached. In one example, an interviewee was approached by a lawyer in the US to act for a client purchasing a high-value property. The client claimed the funds were from her and her spouse’s earnings. The funds were held by a company registered in Belize. The business insisted on compliance with anti-money laundering regulations, which led to tension with the US lawyer, who insisted the enquiries were irrelevant for the transaction at hand. It was later discovered that the client’s husband was originally Russian, adding to the business’s concerns, as the transaction now had multiple international elements. Due to insufficient information and the client’s lack of cooperation, the business decided not to act for the client.

Unexplained wealth This reflects cases where available funds appear to be disproportionate to a client’s age, job or wider circumstances, or where the funds emanated from a holding company. The red flag was raised by a real estate business but could have applied to other high-value purchases in other sectors. The business highlighted an example of a buyer under 40 with no mortgage, with access to between £500,000 and over £1 million in their bank account. In some instances, this money had been deposited from several companies from different countries that had no relation to the individual. In the example from the previous point, the estate agent in the high-value property purchase was asked to deal with a holding company in Belize, and they could not establish the relationship between this company and the supposed end client.

Moreover, some examples we heard included multiple explicit and implicit red flags, which cumulatively raised suspicions. For instance, we spoke to a solicitor, who was approached by a Chinese national wanting to buy property in the UK with cryptocurrency. The solicitor refused to proceed with the sale based on their suspicions. For one, basic details of the cryptocurrency account were provided, but the account was not in the client’s name and could not be proven to belong to them. There was also another challenge given the international element. The account documentation translated from Chinese appeared vague and did not establish a clear connection to the individual. This case also involved a relatively unusual payment method (cryptocurrency), which in itself would have been an implicit red flag, but this became a much stronger concern after formal checks revealed explicit false information.

4.5.3 The perpetrators of the money laundering

Current, former or prospective customers were most likely to be flagged by businesses as being involved in money laundering (in 43% of the most recent cases). Only a small number of businesses reported a contractor (5%) or employee (3%) being involved.

The qualitative interviews did not flag any specific examples of “professional enablers” (that is, an individual or organisation who provide professional services that enables criminality in a deliberate, reckless, improper, dishonest and/or negligent manner, as defined by the government’s Economic Crime Plan 2: 2023-26) being involved in money laundering incidents. This may be indicative of businesses being less willing to discuss employees or “professional enablers” involvement with money laundering than that of clients or suppliers. However, the interviews did highlight the important role of third parties, such as accountants, in either legitimising transactions or raising suspicions. One small real estate business spoke about how they reached out to the accountants and solicitors that worked with prospective clients, to validate sources of funding.

4.6 Business response to the most recent money laundering incidents experienced

This section covers a range of statistics relating to the most recent money laundering incidents that businesses experienced within the last 12 months, including how they responded, where incidents were reported, and reasons for reporting or not. A specific topic covered in qualitative interviews was the submission of SARs among regulated businesses (see Section 4.6.4).

Preceding this, we introduce qualitative insights as to why some businesses may engage with money laundering – that is, why they may opt to proceed with or turn a blind eye to potential money laundering activity – and the perceived incentives and challenges around reporting of incidents.

4.6.1 Reasons to engage or not engage with money laundering

Businesses can choose whether to engage with suspicious transactions or activities (that is, to proceed with or turn a blind eye to these transactions or activities and potentially facilitate money laundering), or not. The qualitative interviews revealed a mix of financial and cultural influences in either direction. Financial influences were the financial gains or losses the business or its employees might receive from money laundering. Cultural influences were the attitudes or behaviours that typically drove businesses to engage or not engage.

It is important to note that some of the influences discussed below reflect the direct experiences and considerations of respondent businesses, but many were businesses’ more general reflections of why a business may or may not choose to engage in money laundering. This was also the case when discussing businesses incentives for engaging – most businesses that we spoke to had not engaged in money laundering activity, therefore limiting the opportunity for direct reflections.

Examples of financial influences included:

Businesses struggling financially Interviewees assumed that other businesses in a poor financial situation would be more inclined to engage with suspicious transactions. Some suggested, therefore, that the number of businesses willing to engage would increase when the economy was doing less well.

The value of the transaction relative to the business’s revenue Where values were small in relation to broader revenue or profits, interviewees did not feel the risk of engaging was worth the reward. For example, one business turned down a transaction with a value of £2,500, on the basis it had minimal financial impact on their £1 million turnover business.

The costs associated with maintaining anti-money laundering measures There was a recognition that, for smaller regulated businesses, these measures could be costly to maintain. One business revealed that their solicitors spent significant time and resources on compliance, for which the fees could sometimes be difficult to justify internally. This business was keen to minimise the checks and balances, and consequently were comfortable being less stringent about the transactions and customers they engaged with.

Examples of cultural influences included:

The fear of reprisal The risk of law enforcement or regulators taking action against businesses involved in money laundering was one reason not to engage. This was especially the case among regulated businesses, who are subject to additional obligations. These businesses considered a wide range of repercussions that could arise from law enforcement or regulatory activity, both against the business as a whole, and key individuals within regulated businesses who would be personally liable if money laundering were to occur.

On the other hand, where there was an immediate safety concern for those involved, businesses felt the best course of action was to go along with potential money laundering transactions. For example, one business described a situation where employees at a charity shop felt that they had to comply with suspected money laundering incidents (full case study detailed in Section 4.7.1) due to employees feeling intimidated by the perpetrators and fearful of potential danger or violence.

The need to protect business reputation There was a belief that the potential reputational damage resulting from engaging in a money laundering incident far outweighed any short-term financial gains. For example, one business, a small family furniture and carpets firm, emphasised the business’s more than 100-year history when considering whether to engage in suspected illicit activity. Likewise, a regulated real estate business also stressed preserving and protecting its history as a reason to adhere to anti-money laundering policies.

“You have people in the industry that make a lot of money by turning a blind eye to these sort of things. And I suppose it’s frustrating… There have been opportunities where I could have made a lot of money for myself. But the repercussions of running a business, it’s not worth the risk.”

Unregulated small business in the real estate sector

The desire to uphold ethical or moral standards Some interviewees said they chose not to engage in a potential money laundering incident, in part because they believed it was ethically and morally the wrong thing to do. These attitudes differed from those of businesses who did not want to engage with money laundering in order to not breach regulatory or legal requirements, and instead, reflected the interviewee’s personal morals. For instance, one interviewee said that taking a moral position also contributed to their peace of mind after the incident.

“I think [not engaging] is moral… I think if the money’s ill gotten, then I wouldn’t be interested in trading with that person.”

Unregulated micro business in the retail and wholesale sector

Sense of social responsibility Interviewees also mentioned a sense of social responsibility, acknowledging that receiving money from the proceeds of crime would reward and encourage wider criminal activity, like drug trafficking, or undermine the industry they worked in.

“Part of the reason there are anti-money laundering controls in this sector is the negative impact it has. It undermines confidence, it undermines the financial system for the UK, which is one of our key industries.”

Regulated large business in the finance and insurance sector

Among businesses that opted not to engage, they typically cited a combination of some of the above financial and cultural reasons, including the ethical and moral considerations, fear of the consequences, practical considerations, and industry culture.

4.6.2 Actions taken in response

Among the 2% of businesses that experienced money laundering, more than 8 in 10 (85%) took at least one of the actions listed in Figure 4.4 in response, while 15% took no such actions. The most common actions were reporting the incident internally within the business (52%), stopping work with the specific customers or suppliers (50%), or cancelling a related business activity (48%). Around a quarter (27%) of businesses reported the incident outside of the business (covered more in Section 4.6.3).

Figure 4.4: Actions taken in response to the most recent money laundering incidents, among the businesses experiencing any incidents in the last 12 months

Base: 96 businesses that could recall their most recent money laundering incident

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

Responses to money laundering incidents were typically multi-faceted. The typical (median) business had undertaken 3 of the listed actions.

Certain actions were more commonly done in combination. For example:

those that reported the money laundering incident internally were also more likely than average to have instigated new or additional staff training (43%, versus 32% overall), changed internal business processes (40%, versus 28% overall), conducted internal audits, reviews or investigations (37%, versus 25% overall), reviewed relationships with specific customers or suppliers (32%, versus 22% overall); in other words, alerting staff internally may have initiated further action
those that fully stopped working with specific customers or suppliers were also more likely than average to have cancelled business transactions or activities (73%, versus 48% overall), or sought legal advice or taken legal action (24%, versus 14% overall); this highlights the opportunity cost businesses faced when relationships with customers or suppliers were damaged

Due to the limited number of responses to this question, it is not possible to present any sub-group differences such as breakdowns by regulated and unregulated businesses.

4.6.3 External reporting of money laundering

Around a quarter (27%) of businesses reported their most recent money laundering incident from the last 12 months outside of the business (previously shown in Figure 4.4). Among this 27%, the most common organisations or groups that were reported to were police or other law enforcement agencies (52%), followed by banks or building societies (27%). The sample size for this question was very small (a base size of 37), meaning we cannot look at subgroup differences (for example, regulated versus unregulated businesses). For the same reason, these results should be also treated with caution due to their relatively high margin of error.

The qualitative interviews suggested that one of the drivers for businesses to report externally was to mitigate any detrimental impact from having unknowingly facilitated laundered money. Businesses said they might report suspicious activities as a pre-emptive measure to protect themselves from potential legal repercussions, even when they lacked concrete evidence of money laundering.

Another reason raised for externally reporting incidents was to feed into information sharing about potential money laundering. One large real estate business highlighted that any information they submitted, for example as a SAR, might be corroborated by a bank or another third party, better enabling identification or prosecution of illicit activity.

4.6.4 Business experiences of submitting Suspicious Activity Reports (SARs)

One specific type of external reporting involves the submission of a SAR. SARs alert law enforcement to potential instances of money laundering or terrorist financing and provide support to subsequent investigations and outcomes, including asset denial (as outlined within the Economic Crime Plan 2: outcomes progress report). Persons working in the regulated sector are legally required to submit a SAR in respect of information that comes to them in the course of their business if they know, or suspect or have reasonable grounds for knowing or suspecting, that a person is engaged in, or attempting, money laundering or terrorist financing. SARs may also be submitted by unregulated businesses and private individuals where they have suspicion or knowledge of money laundering or terrorist financing. SARs are submitted to the UKFIU which is housed within the NCA.

The following insights are derived from qualitative interviews that took place between July and September 2024, with business reflections encompassing views on submitting SARs via both the previous SAR Online reporting mechanism (closed in March 2024) and the new SAR Portal reporting mechanism (launched in September 2023).

In the qualitative interviews, businesses in the regulated sector largely understood their legal obligation to submit SARs based on suspicions of money laundering. The legal requirement was generally the main driver for reporting. In some interviews a wider range of reasons was apparent, including the ethical and moral considerations around reporting money laundering, and attempts to seek a decision from the NCA on how to proceed with suspicious transactions. This latter rationale most likely related to Defence Against Money Laundering (DAML) SARs – a specific type of SAR that requests a legal defence for a business to proceed with a transaction if they think they are at risk of committing a money laundering offence.

The experiences of submitting SARs (of any kind) were very mixed, and businesses suggested that improvements could be made around the submission process. Some regulated businesses found the process straightforward, and the time burden was considered reasonable relative to the seriousness of the incidents faced. However, some businesses, including those in the regulated sector, noted how they found the process unreasonably time-consuming and difficult. For instance, one mentioned having to spend hours compiling bank statements and third-party details.

A lack of clarity around what should or should not be reported was also mentioned by some businesses. In response to this uncertainty, some businesses took a precautionary approach to reporting and would submit SARs “just for safety” (as quoted by one interviewee) to mitigate the risk of breaching their regulatory obligations.

“I referred them to the National Crime Agency as a Suspicious Activity Report, and in it I said, ‘I’m not suspicious, but I’ve got no way of verifying it’.”

Regulated micro business in the professional, scientific or technical sector

However, defensive reporting can present its own challenges. One interviewee highlighted a negative experience in their previous role in the banking sector when they had submitted a SAR. In their view, they felt that the SAR had been criticised by their regulatory supervisor as being unimportant and uncorroborated. The interviewee in this example remained unclear about what the acceptable threshold for suspicion was.

The NCA was also considered to be unresponsive in some cases. Businesses mentioned not receiving notifications that their SARs had been received, or read, or not receiving feedback on the outcomes of their submissions. This was the case for DAMLs as well as regular SAR submissions. With DAML SARs, the reporter automatically receives a defence if they have not received a formal decision within 7 days. However, one real estate business who had submitted various DAML SARs in the past suggested they would have preferred to have a response rather than be granted an automatic defence.

“If they don’t hear within 7 days, it’s fine, you can proceed. But I think lots of firms would like the certainty that, okay, someone has read it.”

Regulated medium business in the real estate sector

Some businesses noted that the need for the NCA to maintain confidentiality potentially limited the feedback that could be given regarding subsequent operational activity. However, they were still interested in general feedback on their submission, even if details of any investigation could not be shared.

Overall, the interviews suggested that businesses were keen to have more specific guidance on reporting thresholds, a less bureaucratic submissions process, and better responsiveness and feedback for submissions and outcomes from the NCA. One interviewee acknowledged that some of the issues faced may be historic, and that the NCA’s reporting processes and systems had recently undergone a refresh. Another interviewee remarked that the new reporting portal felt less clunky and more straightforward to use than the previous system.

4.6.5 Reasons for not reporting externally

In the survey, the businesses that did not externally report their most recent money laundering incident from the last 12 months were asked what drove this decision. Figure 4.5 illustrates that the primary reasons were having insufficient evidence (29%) and that the impact of the incident was not seen as significant enough to necessitate reporting (26%). This reflects the earlier findings about low certainty or evidence of money laundering.

Figure 4.5: Most common reasons given for not reporting the most recent money laundering incident, among the businesses experiencing any incidents in the last 12 months (showing only responses at 5% or higher)

Base: 56 businesses that did not externally report the most recent money laundering incident

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. Only responses rounding to 5% or higher for either group are shown on the chart, and multiple responses were allowed, so the proportions in this chart do not add to 100%.

As previously mentioned, internal reporting of incidents (to someone within the business in a compliance or risk-related role) was more common than external reporting (52% versus 27% of affected businesses, shown in Figure 4.4). The qualitative interviews highlighted the great deal of internal information gathering and deliberation that occurred when incidents were reported within the business, covering legal obligations, reputational risks, financial implications and the potential operational disruption that could result. Following this internal deliberation, not all incidents were deemed to meet the business’s threshold to report externally.

The disincentives to report identified in the qualitative interviews included:

A lack of response or feedback from the authorities Some businesses felt they would send off information and hear nothing back, which led to some assuming that there had been no tangible outcome from their reporting. This lack of communication was seen as an issue for a number of organisations, including the NCA and the Police. These instances had led some businesses to feel discouraged from reporting future incidents.

Time and effort required to report SARs Some businesses felt that reporting would take time away from more important business activities. This feeling was compounded by the perceived lack of communications following a submission. Interviewees felt it was not worth putting in this time if communication about the outcome was unlikely.

“It’s quite long-winded. Any form that the government is involved in is incomprehensibly long and difficult. It’s just time that it takes. Everything else takes over and it gets put on the backburner.”

Regulated micro business in the professional, scientific and technical sector

Insufficient evidence or lack of certainty Some interviewees felt their lack of evidence reduced their incentive to report. Proving or evidencing money laundering, especially without external support, could be very difficult, and some interviewees did not want to report externally without strong evidence. Some felt that weak evidence would be unlikely to result in action, making reporting a waste of time and money.

“We’ve never gone to the police because… to prove the origin is from illicit funds – is from a criminal activity – is really, really difficult a lot of the time. Because it’s not as if somebody would send somebody money and put the tag saying that this money is for drugs on the transaction.”

Unregulated small business in the real state sector

4.7 Impact of money laundering

This section explores the perceived impacts of money laundering based on the qualitative interviews. It is again worth noting that the majority of the businesses we spoke to said they had not engaged in money laundering activity, that is, willingly proceeded with or turned a blind eye to suspicious transactions or activities and potentially facilitated money laundering. Therefore, the reflections related mainly to the impact of identifying money laundering, or the potential, hypothetical impacts if a business did engage with it. Businesses discussed both business-related and individual-related impacts across 4 broad categories – financial impact, time burden, the risk of legal repercussions, and emotional harm following the identification of a money laundering incident:

Financial impact Businesses noted that engaging in activity that facilitated money laundering could potentially be very lucrative. In challenging and competitive markets, turning down these opportunities was felt to be damaging to a business’s financial stability and equivalent to sending revenue directly to competitors. One real estate agency suggested that they could have doubled their revenues if they did not turn down suspicious attempted purchases.

Time burden Some businesses discussed the time burden associated with dealing with a money laundering incident. Larger, more complex incidents tended to take up more time, particularly when incidents were reported externally and led to investigations from the police or other organisations. Where the business’s engagement with the suspected party was minimal or where they did not externally report the incident, the time burden was felt to be more negligible – some businesses simply turned down the proposed transaction and went about their business as normal. Some saw this simply as the cost of doing business. For example, the owner of a carpet and flooring retailer mentioned that the time they had spent on preparing a quote for a suspicious job, which the business ultimately turned down, was seen as a routine part of their business operations.

Risk of legal repercussions Businesses mentioned that being involved in potential money laundering could result in the business facing fines, going to court, or even some individuals going to prison. In particular, one interviewee serving as their business’s Money Laundering Reporting Officer (MLRO) – a role within regulated businesses responsible for overseeing compliance with anti-money laundering regulations – discussed feeling personally vulnerable to legal ramifications if their business was involved in money laundering.

Emotional harm These incidents could result in significant stress, worry and guilt, especially among junior staff members who feared they had made a mistake or were at fault for an incident. Some businesses, especially smaller businesses or those in the retail sector, were also worried about physical threats. One business, approached by someone suspicious who wanted to buy a large item for £2,500 in cash, said they worried about potential vandalism in retaliation for turning down the transaction. A detailed case study of these kinds of indirect impacts is presented below.

Whilst there could be these kinds of negative impacts, some businesses had been able to use their experience positively, to validate the effectiveness of policies or procedures. Some also noted that these incidents improved staff awareness of the risks of money laundering, and increased vigilance for future threats. One interviewee noted that the time between each incident tended to increase, after they put new measures in place. This reflected findings from the survey covered earlier (Figure 4.4), showing that 28% of affected businesses had changed their internal processes following their most recent money laundering incident from the last 12 months, and 32% had implemented additional staff training.

4.7.1 Case study – threat of harm to a charity shop

We spoke to the manager of a high-street charity shop that raised money for a children’s hospice. The interviewee was responsible for the day-to-day running of the shop, volunteer engagement and safety, and community engagement.

The charity shop has experienced multiple instances of suspected money laundering. Individuals believed to be involved in criminal activities such as drug dealing had used £50 notes to purchase low-value items like £1 birthday cards, in order to collect the change. It was unclear to the shop manager whether this was a case of counterfeit money or money laundering, highlighting the challenge for some businesses to distinguish between these 2 crime types. These incidents typically occurred once a week, raising suspicions about the origin of the money. The shop’s lack of CCTV cameras made it difficult to identify the individuals, who were different people on each occasion.

The shop’s volunteers – mainly older, retired individuals – found these encounters intimidating, and often complied with the requests to avoid confrontation and potential violence. The shop manager, with a background in retail, was surprised to find that charity shops were targeted for apparent money laundering. They suggested this could be due to their lack of security measures and the perceived vulnerability of their volunteers.

“It’s not just because we’re a cash business, but also the nature of having volunteers on the till. Some of those volunteers are quite vulnerable themselves – quite easily intimidated.”

Unregulated medium business in the health, social care or social work sector

The money laundering incidents had had a significant negative impact on the charity shop, causing considerable stress and leading to the loss of 8 volunteers, who left due to safety concerns and a decrease in confidence. This loss of volunteers made it harder to run the shop’s daily operations. Furthermore, the manager was concerned that the reputational damage caused by the suspicious activities and police presence near the shop might deter customers, leading to a decline in sales. The incidents were also thought to have led to a greater sense of unease in the wider local community.

4.8 Perceived risk and drivers of money laundering

The rest of the chapter from this section onwards covers statistics that were based on all businesses, not just the 2% of businesses that experienced any money laundering incidents.

4.8.1 Overall perceptions

Over 9 in 10 businesses (95%) felt they were either not very at risk or not at all at risk from money laundering. Only a small number of businesses (3%) felt either very or fairly at risk. As Figure 4.6 shows, and as might be expected, perceptions of risk were greater among regulated businesses than unregulated businesses (18% versus 1% feeling either very or fairly at risk), although even among this subgroup, a substantial majority did not feel at risk.

Figure 4.6: Perceived risk of money laundering, overall and for regulated and unregulated businesses

Bases (approximately two-thirds of the available sample for all groups, which was chosen at random to answer this question): 2,378 businesses; 359 regulated businesses; 2,019 unregulated businesses.

Notes:

The percentage of unregulated businesses saying “very at risk” was under 0.5% (not labelled on the chart).

4.8.2 Subgroup differences (size, sector, regulated businesses and those experiencing money laundering incidents)

The subgroups that perceived a higher risk from money laundering, compared to the average business (3% saying very or fairly at risk) were:

regulated businesses (18%, versus 1% of unregulated businesses, versus 3% overall)
medium businesses (8%) and large businesses (12%)
finance and insurance businesses (23%)
real estate businesses (22%)
professional, scientific and technical businesses (10%)

Those that had experienced money laundering incidents in the last 12 months were also more likely to consider themselves at risk (21%). It is worth noting that the direction of this relationship is not clear. A business might have started feeling more at risk after experiencing a money laundering incident. Alternatively, businesses that already considered themselves to be at risk could have had more measures in place to identify money laundering.

4.8.3 Why businesses did not feel at risk of money laundering

Among the 95% of businesses that felt they were not very at risk or not at all at risk, the most common reasons given for this attitude were that their business was too small to be targeted (28% overall – although only 12% of medium businesses and 2% of large businesses said this), that their business did not deal in cash (27%), or that they considered their customers to be trustworthy (25%). Figure 4.7 shows responses with a value greater than 5%.

Figure 4.7: Most common reasons all businesses gave for considering themselves to be not very at risk, or not at all at risk, from money laundering (showing only responses at 5% or higher)

Base: 2,123 businesses that felt not very at risk or not at all at risk from money laundering (approximately two-thirds of the available sample fitting this description, which was chosen at random to answer this question)

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. Only responses rounding to 5% or higher are shown.

Only a fifth (21%) of businesses overall said that they did not feel at risk due to having strong processes or controls in place. This suggests that most businesses felt inherently not at risk of money laundering, rather than considering themselves to have mitigated the risks.

This was not the case for all businesses. Each of the following subgroups was more likely than average to say they were not at risk because they had strong processes or controls in place – it was also the most common response from the above list among these types of businesses:

medium businesses (37%) and large businesses (49%)
finance and insurance businesses (60%)
real estate businesses (42%)
regulated businesses (48%, versus 18% of unregulated businesses giving this reason)

Even among regulated businesses, there were a wider set of commonly mentioned reasons for not considering themselves to be at risk, beyond having strong processes in place, which Figure 4.8 shows. For example, a quarter of regulated businesses said they did not feel at risk because they had low-risk customers (26%), and a similar proportion said it was because they did not deal in large amounts of cash (25%) – proportions that were very similar to the average business.

Figure 4.8: Most common reasons regulated businesses gave for considering themselves to be not very at risk, or not at all at risk, from money laundering (showing only responses at 5% or higher)

Base: 254 regulated businesses that felt not very at risk or not at all at risk from money laundering (approximately two-thirds of the available sample fitting this description, which was chosen at random to answer this question)

Notes:

This question was administered without prompting respondents in the telephone survey, but as a prompted list in the online survey. Only responses rounding to 5% or higher are shown.

4.8.4 The business characteristics that were seen to increase risk

The qualitative interviews explored how businesses were assessing the risk from money laundering. Risk can be framed both in terms of the likelihood of incidents occurring and in terms of their impact. In the interviews, smaller businesses in non-regulated sectors tended to focus on the likelihood of a money laundering incident occurring, rather than the impact of any such incident on them.

Meanwhile, regulated businesses were more inclined to consider both the likelihood and potential impact of an incident when reflecting on the level of risk to the business. These potential impacts of money laundering are discussed in Section 4.7. However, it is important to remember that the majority of businesses that we spoke to said they had not engaged in money laundering incidents (that is, they had not willingly proceeded with or turned a blind eye to suspicious transactions or activities). Therefore, interviewees from regulated businesses were considering these impacts more hypothetically than based on experience.

The rest of this section focuses on the perceived likelihood of money laundering incidents, having already discussed the perceived impact of money laundering earlier.

Businesses saw the likelihood of money laundering as being linked to the following factors:

The nature of the product High-value items, such as houses, cars, or holidays were felt to be key targets for laundered money. Therefore, across all interviews, the sectors that were associated with these items, such as the real estate sector, were considered as inherently more at risk.

The nature of the transactions Businesses that processed large lump-sum payments were felt to be more at risk of money laundering. Secondly, the option of cash purchases added to the risk.

Operating internationally In the survey there was no difference in the prevalence of money laundering based on international trading status (see Section 4.2.1). However, in the qualitative interviews, the perceptions around operating internationally still played a part when considering risk. Businesses dealing with perceived high-risk countries (with China and Nigeria mentioned in interviews), felt a heightened exposure to money laundering. The interviewees considered these countries to have relatively high levels of corruption, making it more likely that large funds emanating from them had a criminal origin. In addition, the overseas nature of the transaction made it harder to verify their legitimacy in the UK. One interviewee noted that, since the 2008 financial crisis, they had witnessed an increasing proportion of overseas purchases being made on behalf of individuals other than the direct buyer (for example, a parent or other family member).

Related to these points, interviewees highlighted potential vulnerabilities in both smaller and larger businesses. Some interviewees felt that smaller businesses were more vulnerable to money laundering, because they were more likely accept cash, and less likely to have significant preventative measures in place. On the other hand, some interviewees thought that large businesses would be more attractive targets for money laundering, because they dealt with higher-value transactions, and illicit activities could be hidden within complex corporate structures.

A substantial previous experience with wider economic crime – not just money laundering – was also felt to influence perceptions of the risks from money laundering itself. For instance, one business we spoke to was involved in a significant fraud case 8 years ago, which involved a court case, and led to tightened procedures. They were under scrutiny by their professional association for around 5 years following the incident. As a result of this experience, they implemented a zero-tolerance policy to economic crime, and were willing to forgo transactions even with longstanding clients. They introduced stricter due diligence checks, such as enhanced checks on politically exposed persons (PEPs), and ongoing risk assessment monitoring of other prospective clients, for instance previous PEPs. They also began a more proactive reporting regime for SARs. The business felt that, because of this experience, they were now more alert to becoming involved in any type of economic crime. Moreover, despite increased controls, they felt there was more they could do, with their attitude to risk driving their actions.

4.9 Preparedness for money laundering risks and incidents

4.9.1 Measures in place to manage money laundering risks

Across the last 12 months, around two-thirds of businesses (68%) had in place or undertook at least one of the anti-money laundering measures listed in Figure 4.9, while a third (32%) had none of these measures in place. The typical (median) business had undertaken just one of the listed actions. The most common measures were having regular financial audits or review processes (51%) and having a formal process to verify the identity of customers, suppliers or contractors and the nature of their business (41%).

Data sharing measures (10%) and digital monitoring software (10%) were the most uncommon of all the measures listed. Looking at the qualitative research, this was potentially linked to the cost of, and relative unfamiliarity with, these measures (see the end of Section 4.9.1).

Figure 4.9: Measures businesses took or had in place to manage money laundering risks across the last 12 months

Base: 2,378 businesses (approximately two-thirds of the available sample, which was chosen at random to answer this question)

The businesses that had undertaken either of the top 2 actions on the chart (regular audits or review processes, as well as identification checks on customers, suppliers or contractors) were also more likely to have carried out every single one of the remaining 8 actions on the list.

In the qualitative interviews, businesses highlighted a balance between having measures in place and the cost of doing so. Digital software, for example, could have a significant cost running into the tens or hundreds of thousands of pounds. This was not just about monetary costs – smaller businesses reported a lack of time and resources to implement or maintain measures. The perceived cost, combined with a perception of low risk from money laundering, limited the willingness of businesses to implement more formal measures, with a greater reliance on informal, commonsense approaches.

4.9.2 Size subgroup differences

Small, medium and large businesses were more likely to implement protective measures than the average business. This was particularly evident among medium and large businesses - more than 9 in 10 medium businesses (93%) and almost all large businesses (97%) had at least one of the risk management measures in place, compared to 68% among all businesses. The median number of actions undertaken was higher than average among both medium businesses (3) and large businesses (5) than across businesses overall (one), highlighting that they tended to take a greater range of actions than smaller businesses.

As Figure 4.10 shows, medium and large businesses were significantly more likely than average to have each of the listed measures in place.

Figure 4.10: Measures businesses took or had in place to manage money laundering risks across the last 12 months, overall and for specific size bands

Bases (approximately two-thirds of the available sample for all groups, which was chosen at random to answer this question): 2,285 businesses; 293 medium businesses; 108 large businesses

4.9.3 Regulated business subgroup differences

Almost all regulated businesses (96%) had at least one measure in place, and the typical (median) regulated business had 8 of the 10 listed measures in place. They were considerably more likely than unregulated businesses to have each individual measure in place, as Figure 4.11 illustrates.

However, it is worth noting that, even among regulated businesses, who are subject to strict regulation to prevent money laundering, preventative data sharing (37%, versus 7% of unregulated businesses) and digital risk monitoring (23%, versus 8% of unregulated businesses) were still relatively uncommon measures, undertaken by a minority.

Moreover, there were still 4% of regulated businesses that claimed not to have any of these measures in place.

Figure 4.11: Measures businesses took or had in place to manage money laundering risks across the last 12 months, for regulated and unregulated businesses

Bases (approximately two-thirds of the available sample for all groups, which was chosen at random to answer this question): 348 regulated businesses; 1,937 unregulated businesses

In the qualitative interviews, businesses from regulated sectors like real estate and finance stressed that many of the listed measures were required by their industry professional associations or regulators, and that this regulatory requirement was a major driver of action. This applied even to smaller businesses that were regulated.

Some regulated and non-regulated businesses referred to the peace of mind gained from having strong measures in place. Some also mentioned that these measures were a value-add for their clients, and part of their sales pitch to client.

4.9.4 Other subgroup differences (sector and those experiencing money laundering incidents)

Reflecting their strong presence within the wider regulated businesses subgroup, businesses in the following industry sectors were more likely than average to have taken at least one of the measures on the chart:

finance and insurance (97%, versus 68% overall)
real estate (96%)
professional, scientific and technical (83%)

On the other hand, the survey showed that there were several sectors that were more likely than average to have no measures in place. These included:

retail and wholesale (44%, versus 32% overall)
agriculture, forestry and fishing (46%)
food and hospitality (50%)

The businesses that considered themselves to be at risk from money laundering tended to have more measures in place than average (a median of 8, versus a median of one across all businesses), as did the businesses that had experienced money laundering incidents in the last 12 months (a median of 2). These relationships are complicated. It may be that perceptions of risk, or encountering money laundering, lead to action (as discussed elsewhere in this report, and supported by the qualitative research). It may also be true that those with more comprehensive measures are better at spotting money laundering, and therefore see themselves as being at risk. Furthermore, it could be that the obligations for regulated businesses signal to these businesses that they are more at risk, and encourage them to have formal measures in place.

4.10 Chapter conclusions

This study provides the first comprehensive assessment of money laundering experiences across UK businesses with employees, including the prevalence, incidence, nature, and impact of this area of crime. The qualitative strand also provides important evidence around how businesses identified and detected money laundering, and the challenges they faced when externally reporting incidents.

It was rare for businesses to encounter money laundering, regardless of their size, sector or regulation status – 2% of businesses with employees, equating to around 33,500, experienced known or suspected money laundering incidents in the 12 months preceding the survey. These businesses experienced an average of 7 incidents each, amounting to approximately 225,000 incidents across the population of businesses with employees. Therefore, a large number of incidents affected a relatively small number of businesses.

The low prevalence rate aligns with other findings from across the survey. First, businesses did not consider themselves to be at risk from money laundering (95% reported being not very, or not at all at risk). Many businesses considered it an irrelevant issue, claiming that they were too small to be targeted, did not deal in physical cash, or that they considered their customers to be trustworthy. Separately, the qualitative research highlighted that businesses often had challenges in identifying money laundering and distinguishing it from other legal and illegal activity. This was reflected by the lack of certainty surrounding money laundering suspicions, with two-thirds of businesses with experience lacking evidence that their most recent incident involved money derived from criminal activity.

Regulated businesses are perceived to be at a higher risk from money laundering and are subsequently subject to a range of anti-money laundering obligations, as per the Money Laundering Regulations 2017. These research findings support that this sub-set of businesses has a different understanding and experience of, and attitude towards, the money laundering threat than their unregulated counterparts. For example, regulated businesses had a higher prevalence rate and incidence rate than unregulated businesses. This group also tended to be more deeply informed about money laundering and more prepared to prevent, detect and manage money laundering incidents.

However, experience of money laundering was not limited to the regulated sector, with the examples in this chapter demonstrating that money laundering can affect a wide range of businesses. Moreover, in terms of the absolute number of businesses affected and incidents experienced, estimates indicate that exposure was greater among unregulated businesses (23,300 businesses affected, 176,000 incidents experienced) than regulated ones (10,200 businesses affected, 49,200 incidents experienced) due to unregulated businesses making up a large proportion of the business population.

The relatively high volumes of incidents within the unregulated sector, coupled with the challenges in identifying money laundering mentioned above, suggests that additional educational inputs may be beneficial. This could include efforts to improve understanding of money laundering within the unregulated sector and support them to better identify and respond to future incidents. The relative importance of internal reporting in businesses’ response to money laundering incidents indicates that this may be especially relevant for individuals working in compliance or risk related roles. However, low risk perceptions may present challenges with encouraging unregulated businesses to invest time and money into an area that they do not typically see as relevant or warranting of a more considered response.

Similar educational activity may also be relevant when considering business size. Larger businesses – in particular, the ‘medium’ size band – experienced greater prevalence rates for money laundering, and there was a common perception across the research that some businesses were too small to be targeted.

When considering how to respond to money laundering incidents, regulatory obligations were a key reason for businesses to take action. Beyond these regulations, it may be useful to consider the wider reasons that businesses opted not to proceed with transactions or activities where they had suspicions of money laundering. These included, from the qualitative research, ethical and moral considerations from businesses, a sense of social responsibility not to fund serious crime and pride in their respective sectors, fear of the long-term consequences and potential reputational damage over and above any short-term gains, and peace of mind from having taken action.

In our survey, 27% of affected businesses had externally reported their most recent money laundering incident. However, reporting was not always straightforward for businesses. The qualitative interviews suggested that businesses were keen to have more specific guidance as to when their suspicions became worthy of reporting to law enforcement authorities. More generally, the survey data showed that 29% of those that did not report the incident to any agency or organisation outside of the business were concerned about having insufficient evidence. Businesses also desired a less bureaucratic SAR submission process, and better responsiveness and feedback for submissions and outcomes. Any improvements in the reporting experience may help to encourage more regular and proactive reporting regimes among businesses. Given that the NCA and other agencies are restricted on the types of feedback they can provide on SARs, there may also be a need to manage business expectations.

Money laundering, by its very nature, aims to evade detection, meaning that the insights in this chapter tend to be broad. Additionally, given that businesses may have been less likely to speak about incidents that would implicate them, we were not able to speak to many businesses that willingly engaged with the money laundering attempts they encountered. Further iterations or variations on themes arising from this study may therefore help to explore some of the issues established here in greater depth.

Question 6

5. Financial sanctions

Accepted Answer

5.1 Awareness of financial sanctions

5.2 Perceived risk of breaching sanctions

5.3 Preparedness to manage the risks of a breach of financial sanctions

5.4 Experience of the financial sanction regime

5.5 Chapter conclusions

This chapter covers awareness of financial sanctions and their perceived relevance to business operations, among businesses with employees. It also looks at perceived risk of breaching sanctions, and the measures businesses had in place to prevent breaches.

In the survey and qualitative interviews, we defined financial sanctions as measures that limit the provision of financial services, and restrict access to financial markets, funds and economic resources, to the sanctioned person or business. This definition aligns to the UK government’s general guidance on financial sanctions.

5.1 Awareness of financial sanctions

Just over two-fifths of businesses with employees (45%) were aware of the UK’s financial sanctions regime. This combines those who said they knew how it affected their business (17%) and those who had heard of it but did not know how it affected their business (28%). As Figure 5.1 shows, this awareness increased alongside the size of the business, with 63% of large businesses being aware.

Figure 5.1: Levels of awareness of the financial sanctions regime implemented by the UK government, overall and by business size

Bases: 3,477 businesses; 2,090 micro businesses; 776 small businesses; 450 medium businesses; 161 large businesses

Other subgroups more likely than average to be aware of the UK’s financial sanctions regime and how it affects their business were:

finance and insurance businesses (73% versus 17% overall)
real estate businesses (42%)
professional, scientific and technical businesses (40%)
international traders (25%)
high-turnover SMEs with over £1 million in annual turnover (22%)
regulated businesses (57% versus 12% of unregulated businesses)

Qualitative interviewees were broadly clear on the definition of financial sanctions that they were presented with in the survey, understanding that financial sanctions involved restricting access to finance, and to financial markets, and that these measures targeted specific individuals and countries. Some interviewees also noted that financial sanctions were in place to prevent funding terrorism or in light of geopolitical events, such as the Russian invasions of Ukraine.

However, we often came across a limited knowledge of the specifics. Those we spoke to were not able to detail the constituent parts of financial sanctions, such as asset freezes. In addition, the terms “sanctions” and “financial sanctions” were largely used interchangeably, and there was some conflation of financial sanctions with the wider UK sanctions regime. For instance, one business referred to transport sanctions that would restrict cargo movements to certain countries.

5.2 Perceived risk of breaching sanctions

The remainder of this chapter takes survey findings only from the 17% of businesses that had heard of financial sanctions and knew how sanctions affected them.

Around three-quarters of these businesses (77%) did not perceive themselves as being at risk (either not very at risk or not at all at risk) of breaching financial sanctions. A further 1 in 5 (18%) noted that financial sanctions were not, in their view, applicable to their business. As Figure 5.2 implies, large businesses were more likely to consider themselves as being very or fairly at risk.

Figure 5.2: Perceived risk from a breach of financial sanctions, overall and by business size groupings

Bases (among the groups that were aware of how financial sanctions affected them): 738 businesses; 394 micro businesses; 164 small businesses; 127 medium businesses; 53 large businesses

Other subgroups more likely to feel very or fairly at risk compared to the average were:

finance and insurance businesses (11%, versus 5% overall)
professional, scientific and technical businesses (8%)

At this question, there was notably no significant difference between international traders and non-traders.

Expanding on these survey findings, financial sanctions were not viewed as a relevant day-to-day issue for many of the businesses we spoke to in the qualitative interviews. This included businesses with primarily domestic clients, or those operating in sectors not typically associated with sanctioned individuals or organisations. They felt financial sanctions were only applicable to larger businesses, international traders, specific industries where there were typically more global operations such as mining, and businesses associated with financial markets. Businesses therefore assumed they were not at risk of breaching financial sanctions, especially if they only operated in the UK – although in practice the financial sanctions regime applies to domestic as well as internationally trading businesses.

On the other hand, businesses with more international exposure, through clients or suppliers, were more conscious of the potential impact of financial sanctions. They recognised that sanctions against countries where their suppliers were based, or restrictions on financial activities, could significantly impact their operations. They acknowledged the potentially severe consequences of non-compliance, including substantial fines, reputational damage, and operational disruption.

5.3 Preparedness to manage the risks of a breach of financial sanctions

5.3.1 Measures in place to manage the risks of breaching financial sanctions

This next set of measures specifically excluded the 18% of businesses mentioned in Figure 5.2, which considered the risks of breaching financial sanctions not to be applicable to their business.

Among the businesses that were aware of how financial sanctions affected them and considered financial sanctions risks to be applicable to their business, three-quarters (77%) had implemented at least one of the measures specified in Figure 5.3. The most common measure undertaken was having a formal process to verify the identity of customers, suppliers or contractors and the nature of their business (70%). Around half of businesses (49%) consulted the UK sanctions list when onboarding new customers and suppliers, or had carried out staff training or awareness raising on financial sanctions (also 49%).

Figure 5.3: Measures businesses took or had in place to manage the risk of breaching financial sanctions, among those that considered the risk of breaches as applicable to their business

Base: 624 businesses that were aware of how financial sanctions affected them and considered the risk of breaching financial sanctions to be applicable to their business

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

5.3.2 Subgroup differences (size and turnover)

Medium and large businesses were more likely than average to have each of these measures in place, as Figure 5.4 shows.

Figure 5.4: Measures businesses took or had in place to manage the risk of breaching financial sanctions, among those that considered the risk of breaches as applicable to their business, overall and for specific size bands

Bases (among the businesses that were aware of how financial sanctions affected them and considered the risk of breaching financial sanctions to be applicable to their business): 624 businesses; 108 medium businesses; 49 large businesses

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

These kinds of differences were not present between high-turnover and low-turnover SMEs (with above or below £1 million in annual turnover respectively), suggesting that action on financial sanctions was not strongly linked to turnover.

5.3.3 Regulated business subgroup differences

Figure 5.5 shows that regulated businesses were also more likely than unregulated businesses to have undertaken each of the financial sanctions preparedness measures asked about.

Figure 5.5: Measures businesses took or had in place to manage the risk of breaching financial sanctions, among those that considered the risk of breaches as applicable to their business, for regulated and unregulated businesses

Bases (among the businesses that were aware of how financial sanctions affected them and considered the risk of breaching financial sanctions to be applicable to their business): 283 regulated businesses; 341 unregulated businesses

Notes:

Multiple responses were allowed, and businesses could also have chosen none of the above responses, so the proportions in this chart do not add to 100%.

5.3.4 Use of third parties to manage the risk

For some businesses, banks were considered to play an important role in preventing breaches of financial sanctions. Among the businesses that were aware of how sanctions affected them and considered financial sanctions risks to be applicable to their business, a third (33%) agreed that their business “typically relied on others, such as banks, doing their own due diligence checks to ensure their customers were suitable for doing business with”.

Nevertheless, 45% disagreed with this statement, and a further 19% neither agreed nor disagreed (with the remaining 3% saying they did not know). In other words, most businesses were not relying mainly on third parties for their due diligence around financial sanctions.

5.3.5 Confidence in measures

Nearly all the businesses asked about the measures they had in place (99%) felt at least fairly confident that these measures were effective. Six in 10 (59%) felt very confident.

5.4 Experience of the financial sanction regime

Financial sanctions were not considered as high a compliance priority as other measures. As such, businesses in the qualitative strand sometimes struggled to reflect on them, and the qualitative insights in this section are, consequently, less detailed.

Among the businesses that did discuss financial sanctions, the complexity of sanctions regimes was raised as a challenge. The ever-changing landscape of sanctions, particularly in response to geopolitical events, was seen to make it difficult for businesses to stay informed and ensure ongoing compliance. Some businesses found the guidance provided by regulatory bodies helpful, but others struggled with the technical language, and a perceived lack of practical, sector-specific advice.

Interviewees outlined a range of systems, processes and guidance they used to ensure compliance with the financial sanctions regime. These included the following sources, gathered from a relatively small number of interviews among the more knowledgeable businesses we spoke to:

third-party software and services such as Landmark (used for electronic verification checks, facial recognition checks, and other advanced methods beyond traditional ID verification), Thirdfort and Genieo (used to screen against sanctions lists for entities), and Dilisense (an open-source sanctions screening tool that screened all international and local lists, including sanctions and Politically Exposed Persons screening)
UK government resources and lists, including financial sanctions lists for the Office of Financial Sanctions Implementation (OFSI), as well as spreadsheets and email updates from HMRC
international resources and lists – some businesses also mentioned guidance from other jurisdictions or international bodies, including United Nations (UN) sanctions (which have been incorporated into the UK’s financial sanctions regime), the US Office of Foreign Assets Control (OFAC) and the European Union (EU)
professional organisations and industry publications such as The Property Ombudsman, The Negotiator and other training providers
internal processes and checks such as Know Your Customer (KYC) checks on vessels and companies, encompassing a risk assessment with a Red-Amber-Green (RAG) rating to determine the level of due diligence required, investigating the trading patterns and ownership structures of entities, using Electronic Identification Verification (EIDV) to check ID and other forms of identification to ensure they were not fake, consulting the land registry to verify property ownership and identity, “liveness” checks to verify the existence of purchasing parties, and checks on Politically Exposed Persons (which involved more regular audits and verifications)
open-source research and due diligence such as checking the social media profiles of entities and individuals, visiting offices to determine the true nature of the entities they dealt with, and conducting internet and Google searches to verify identities and gather information

There was a relatively small amount of feedback provided on the guidance available for financial sanctions, which suggested mixed experiences across businesses. In some cases, where businesses had only had to consult guidance for one-off incidents, they had found the guidance from sources such as HMRC to be helpful and clear. However, some businesses were frustrated with the available guidance, suggesting it was too complex, too heavy with jargon and not available in summary formats. One mortgage business suggested that the current government guidance was highly complex, and they presumed that that many businesses in their industry would need to engage third party consultants to help them interpret the guidance. Another interviewee, a solicitor, suggested it would be useful to have a summary guide to alert them to the most important points they needed to take on board.

5.4.1 Case study – the impact of financial and wider sanctions on a maritime services company

We spoke to the Head of Compliance at a large company operating in the maritime sector, which offered a wide range of services, including ship broking, port agency services, a technology division, and a financial services division. In this interview, the interviewee discussed their broad approach to UK sanctions, covering both financial sanctions and the broader sanctions regime (for example, transport sanctions).

The company viewed sanctions (both financial and wider sanctions) as highly relevant to their operations, given the global nature of their business and the broader economic crime risks associated with the shipping industry. The company had to navigate complex sanctions regimes across multiple jurisdictions (including the UK, EU, and US).

To manage sanctions risks, they employed a team of specialised lawyers who conduct extensive due diligence on vessels, companies and individuals. They used a risk assessment framework that incorporated country and industry-specific factors, resulting in a red-amber-green (RAG) rating that dictated the level of due diligence required. This framework was extremely expensive to operate, as some checks conducted by these lawyers could be as thorough as visiting named residences or attempting to track down named individuals. The interviewee estimated the staff costs alone to amount to up to £4 million a year.

The business emphasised that strong compliance procedures were part of their brand identity. They were not only incentivised by the severity of consequences from sanctions breaches, but also by using their sanctions management measures to provide an element of security for their clients.

“It has become a value-add – which is what it should be – because it’s costing us.”

Large business in the transport and storage sector

5.5 Chapter conclusions

There was a lack of detailed knowledge and a perceived low relevance of financial sanctions across businesses. The qualitative findings pointed to businesses not necessarily distinguishing between financial sanctions and the wider UK sanctions regime, and incorrect assumptions that financial sanctions were only relevant to international traders. In the survey, under a fifth of businesses with employees (17%) were specifically aware of the financial sanctions regime and how it affected them. Of these businesses, three-quarters (77%) did not consider themselves at risk of breaching sanctions. This suggests businesses may require more general guidance to help explain financial sanctions, and how widely they might apply across the business population.

In addition, there were valuable insights as to how businesses were actively managing the risks of financial sanctions breaches, and the external systems or guidance they were using in their approaches. After excluding the businesses that did not consider financial sanctions to be applicable to themselves, around three-quarters (77%) of the remaining businesses had at least one of the risk management measures asked about in the survey in place. This included 70% that had a formal process to verify the identity of customers, suppliers or contractors and the nature of their business, 49% that consulted the UK sanctions list when onboarding new customers and suppliers, and 49% that had undertaken staff training or awareness raising on financial sanctions in the last 12 months.

In the qualitative interviews, businesses attempting to abide by current financial sanctions regime spoke of the challenges of understanding the requirements, given the complex, changing landscape and the different sanctions regimes across countries. Those we spoke to had used a range of third-party services, government resources, professional guidance, internal processes, and open-source research into prospective clients or suppliers, to ensure compliance. However, there was a sense among some that the government guidance could be refined, for example by offering more summaries, or attempting to simplify the more complex language or terms.

Question 7

6. Comparative insights and implications across economic crime

Accepted Answer

6.1 Prevalence and scale comparisons

6.2 Actions taken in response

6.3 Understanding of corruption and money laundering

6.4 Perceived risk

6.5 Preparedness to prevent or manage the risks

6.6 Chapter and overall report conclusions

The previous chapters discuss each crime type in isolation. This final chapter covers the differences and similarities between crime types (fraud, corruption and money laundering). This is based primarily on the survey findings, since fraud was not included in the qualitative research. However, more qualitative commentary on themes across crime types not explicitly linked to the survey questions is also included.

Financial sanctions are not included in this chapter, as the survey questions on this topic were mainly asked of a subgroup of businesses that were both aware of how financial sanctions affected them and who considered the risk of breaching sanctions to be applicable to their business. Therefore, they are not directly comparable to the questions for fraud, corruption and money laundering.

6.1 Prevalence and scale comparisons

Around 3 in 10 businesses with employees (29%) experienced any of the 3 economic crimes measured in this study (fraud, bribery or money laundering). Fraud was the most prevalent (27%). Bribery (3%, across all the bribery scenarios covered in the survey) and money laundering (2%) were similar in terms of their relative rarity.

There was variance among what types of businesses were more likely to experience each crime type. Fraud was more prevalent in medium and large businesses, and within the information and communications sector and utilities and production sector. Similar to fraud, money laundering was much more prevalent among medium and large businesses. Moreover, regulated businesses were more likely to have experienced an incident of money laundering, as well as the transport and storage sector. For bribery, there were no significant differences in prevalence by business size.

However, businesses in the construction sector were more likely to have experienced any type of bribery, while real estate businesses were more likely to have been offered bribes by other UK businesses or individuals. Section 6.4 outlines other business characteristics which were correlated with the likelihood and perceived risk of experiencing corruption and money laundering.

Businesses did not typically experience economic crime as a one-off event, with the median number of incidents among affected businesses being 2 (for both bribery, where offered bribes by other UK businesses or individuals, and money laundering) or 3 (for fraud).

While these repeat incidents were relatively low in number for the typical affected business, some businesses experienced high volumes of incidents, especially for fraud. This was demonstrated by the mean number of incidents experienced by affected businesses – 16 fraud incidents, 6 bribery incidents (again, where offered bribes by other UK businesses or individuals), and 7 money laundering incidents.

This could indicate that a small proportion of businesses face particularly high repeated fraud victimisation when compared to other crime types. However, it could also indicate that businesses were more adept at identifying and reporting fraud compared to the other 2 crime types. External reporting is discussed further in Section 6.2.

As mentioned throughout this report, these figures are likely to be underestimations due to challenges with businesses detecting, identifying and reporting these crimes. This was a particular issue for corruption and money laundering, where the crimes were by their nature often more clandestine. These challenges were well-documented in the qualitative interviews, where businesses often relied on “gut feelings” when weighing up suspicion. Businesses also struggled with gathering what they deemed as suitable evidence to report, especially when interactions were only verbal, or they only had suspicions about the incident, or those involved. This suggests a need for better support for businesses in the identifying and reporting of suspected economic crime, including clearer thresholds for reporting.

6.2 Actions taken in response

Money laundering incidents were considered to warrant a more substantive or wide-ranging response from businesses than fraud or bribery incidents. In total, 85% of affected businesses took any of the actions covered in the survey in response to their most recent money laundering incident from the last 12 months, compared to 71% of businesses in response to their most recent fraud in this period. The typical (median) business took 3 of the specific actions measured in response to money laundering incidents, compared to just one action in response to the most recent fraud.

By contrast, around half (47%) of the businesses that were offered a bribe from another UK business or individual, and 50% of the businesses that had to give or were asked to give a bribe to another UK business, took any action following their most recent incident in this period. This reflects the qualitative evidence covered in Chapter 3, which suggested a great deal of ambivalence towards bribery incidents, linked to their perceived low impact on the business, and ambiguity surrounding their legality in some cases.

As might be expected, businesses reported undertaking different actions following incidents of each of the 3 crime types. Specific actions taken in response to fraud tended to focus more on processes, whereas actions in response to bribery (in the domestic contexts noted above) were more focused on individuals or groups (for example, ceasing to work with particular suppliers or customers). For money laundering, businesses reported having undertaken a wider range of actions related to both processes and individuals (or groups of individuals), compared to the other crime types – perhaps due in part to the regulatory regime and its corresponding duties.

Fraud (32%) and money laundering incidents (28%) were more likely to be reported outside the business than crimes related to being asked to or having to give bribes (8%) or being offered bribes (5%). This reflected the qualitative findings in Chapter 3 which discussed some businesses’ perceived ambivalence about the seriousness and impact of bribery incidents. Likewise, the quantitative findings found the most common reason (41%) for not reporting the most recent fraud incidents was that the impact was not significant enough. Across corruption and money laundering, businesses not only felt that there was a lack of clarity and certainty about what to report, but also doubt that authorities (such as the FCA, NCA or the police) would do anything in response to reports.

In qualitative interviews, businesses also discussed further disincentives against involving themselves in the reporting of corruption or money laundering incidents. For bribery, this included avoiding external scrutiny or involvement in a potentially costly criminal or legal case. Businesses who experienced suspected money laundering also cited the time-consuming SAR reporting process, which was perceived as burdensome, especially when a response was not guaranteed.

Yet, qualitative interviewees also mentioned considerable potential incentives to report corruption and money laundering, such as fulfilling ethical and moral obligations to clients, other businesses, and to society (in addition to regulatory ones under the anti-money laundering regulations). For example, one business suggested that reporting money laundering could be part of a wider knowledge sharing initiative to detect illicit activity across the business population. As such, approaches aimed at increasing external reporting should underscore businesses’ social responsibility and the value of reporting not only to their business and their clients, but also to bolster prevention and awareness raising measures across all UK businesses.

6.3 Understanding of corruption and money laundering

Given the similar, relatively elusive nature of both corruption and money laundering, it is helpful to point out the commonalities in businesses’ awareness and understanding of them. In qualitative interviews, businesses presented a relatively good understanding of the basic principles of both crime types – for instance, by acknowledging that fundamentally, money laundering involved the concealing of criminal proceeds or converting them into “clean” funds, and by describing bribery as a key type of corruption.

However, beyond these fundamental principles, some businesses struggled to define either crime type in detail. For corruption, there was a limited understanding of how it could manifest in a business context beyond bribery, although some businesses mentioned nepotism and collusion as other examples. For money laundering, differences in understanding were seen between regulated and unregulated businesses, with the former typically having a more profound awareness and understanding of anti-money laundering regulations, reporting obligations, and the various ways money can be laundered.

Among both crime types, businesses reported there being “grey areas” in understanding which behaviours were deemed criminal or illegal, and which behaviours were legitimate. For example, tax minimisation was conflated with money laundering, however, such activity could be legitimate, depending on the outcomes of checks on the source of funds, which are often complex. For corruption, some businesses also found it difficult to know when corporate gifts and hospitality should be considered as attempted bribes.

This led to businesses relying on “gut feelings” to identify and detect incidents of both crime types. For corruption, this was described as a sense that certain transactions or activities simply did not feel right. For money laundering, smaller, unregulated businesses described using common sense in lieu of having clearly defined indicators of potential money laundering, while larger, regulated businesses utilised staff experience and “gut feeling” in addition to wider formalised detection processes.

Businesses also displayed a tendency to confuse corruption and money laundering with other types of economic crime. This appeared to be primarily driven by uncertainty among businesses on what crime was actually being committed. For instance, in interviews, businesses conflated corruption with both fraud and money laundering, (for example, VAT fraud and knowingly accepting money from illicit sources). For money laundering, the confusion was also caused by the potential co-occurrence of money laundering activities alongside other economic crimes.

The difficulties in defining and categorising corruption and money laundering reflect the less overt nature of these types of economic crime. They also underline the significant challenge faced both by businesses and policymakers in being able to identify and appropriately respond to incidents when they arise.

6.4 Perceived risk

Corruption and money laundering were simply not conceivable risks for many businesses, which perhaps links to the lesser awareness and understanding of these crime types across some businesses, as uncovered in the qualitative research. The perceived low risk for these crime types was also closely tied to some businesses’ indifference towards the impacts of incidents, particularly in the case of corruption. This could reflect that, by comparison, the perceived impacts and harm from fraud were seen as more tangible to businesses.

As such, businesses’ perceived levels of risk across the 3 crime types mirrored the differences for prevalence. Businesses were more likely to consider themselves very or fairly at risk from fraud (15%) than from corruption (2%) or money laundering (3%).

There were also differences in the proportions considering themselves to be “not at all at risk” compared to “not very at risk” for each of the crime types. Roughly twice as many businesses considered themselves to be not very at risk rather than not at all at risk from fraud (57% not very at risk versus 28% not at all at risk). This was markedly different for corruption (25%, versus 71%) and money laundering (21% versus 75%).

For corruption and money laundering, specific business characteristics were seen to increase the perceived risk of experiencing these crimes. For instance, trading or operating internationally and handling large or cash-based transactions were seen to increase the perceived likelihood of both these crimes occurring.

Furthermore, micro and small businesses were more likely to consider themselves to be not very or not at all at risk of fraud and money laundering – compared to medium and large businesses. This was a sentiment echoed across both the quantitative and qualitative findings, where businesses discussed feeling too small to be targeted. Similarly, for money laundering, unregulated businesses saw themselves as less at risk compared to regulated businesses.

Looking at how perceptions of risk are interconnected across the 3 types of economic crime, the following can be observed, demonstrating some intersectionality, especially for money laundering:

businesses that felt at risk from money laundering were also more likely to feel at risk from corruption, and vice versa
businesses that felt at risk from fraud were more likely to feel at risk from money laundering, but this relationship did not go the other way (that is, money laundering risk perceptions had no bearing on fraud risk perceptions)
there was no link between fraud and corruption risk perceptions in either direction

Despite this interconnectedness, a large proportion of businesses reported an ambivalence to risk of the 3 types of economic crime – particularly for corruption and money laundering. This presents a significant challenge in persuading businesses to better educate and upskill themselves on these types of crimes or to engage with guidance on implementing preventative measures. However, it also presents an opportunity to challenge businesses’ – especially small businesses’ – misconceptions about economic crime and emphasise the realities of their prevalence.

6.5 Preparedness to prevent or manage the risks

About two-thirds of businesses reported having any measures in place to prevent or manage the risks of money laundering (68%) and fraud (64%). This was higher than the just over 2 in 5 of businesses that had any measures in place for corruption (45%). Among businesses that had any measures in place for each crime type - the typical (median) business had 3 of the listed measures in place for fraud, 3 for corruption, and 2 for money laundering.

Many of the preparedness measures covered in the survey were unique to each crime type, so not all the measures can be directly compared across crime types. However, we can note that it was less common to have any measures in place for corruption risks (45%) than it was for money laundering risks (68%) or fraud risks (65%), across all the measures asked about. Medium and large businesses were more likely to implement protective measures than the average business across all 3 crime types, as well as high turnover SMEs for fraud and corruption.

Moreover, we can directly compare the questions on staff training, having staff members in dedicated risk management roles, and risk assessments. In this comparison, it is important to note that, where the business is in a regulated sector, their answers at these questions may also have been driven by the demands of regulators. The following specific differences were noted:

staff training or awareness raising activities were more common for fraud (26%) than for money laundering (20%); they were least common, across the 3 crime types, for corruption (16%)
it was more common for businesses to have a staff member whose job description included monitoring or investigating money laundering risks (20%) than fraud risks (17%), or who was responsible for anti-corruption or anti-bribery measures (17%); the higher figure for money laundering comes despite a greater proportion of businesses considering fraud to be a business risk; it potentially reflects that there are more specific regulatory requirements on certain businesses with regards to money laundering than there are for fraud (see the start of Chapter 4)
finally, a broadly similar proportion of businesses undertook risk assessments for each of the 3 crime types (18% for money laundering, 17% for fraud, and 15% for bribery)

Again, there was evidence that money laundering was considered to be intertwined with other economic crimes such as corruption. Those that perceived themselves to be very or fairly at risk from money laundering were also more likely than average to have at least one of the anti-corruption measures asked about in the survey (72%, versus 45% overall). There was a similar pattern between perceived risk from money laundering and measures in place to manage or prevent fraud, but the sample sizes were too low for statistical significance testing. With that said, there was broader qualitative evidence to suggest that experience of one type of economic crime, such as fraud, heightened a business’s alertness to economic crime more generally. This suggests businesses could be encouraged to implement preparedness measures across crime types by tapping into their greater awareness of fraud.

6.6 Chapter and overall report conclusions

Fraud, corruption and money laundering are complex crimes borne from secrecy, and often, a reliance on concealment to be committed successfully. This is further complicated by elements of suspicion and perceived “grey areas” when differentiating criminal activities from legal business practices (in the case of corruption and money laundering). This not only makes it difficult to measure the prevalence and incidence of these types of crimes – but also poses a significant challenge for UK businesses in understanding and identifying them and recognising the risks of economic crime. Ultimately, this can inhibit businesses’ ability to take appropriate action in prevention and response.

Of the 3 crime types explored in this study, fraud was the most prevalent and occurred on a much larger scale for some businesses than bribery or money laundering. It was relatively rare for businesses to have experienced bribery or money laundering incidents. This matched businesses’ risk perceptions of these different crime types – corruption and money laundering were simply not conceivable risks for many businesses. Nevertheless, it is noteworthy that 27% of businesses experienced fraud in the last 12 months, but only 15% considered themselves to be at risk of fraud. This suggests that a proportion of businesses were underestimating the risk, or that they perceived the risk of a significant impact from fraud to be low, given that low-level fraud is perhaps seen more as a nuisance, than a risk.

A key area of insight across crime types is in subgroup differences. The overall findings mask considerable variation between sectors, with especially big differences between regulated and unregulated businesses when it came to experiencing and reporting money laundering. Furthermore, across all crime types, medium and large businesses, as well as high-turnover SMEs, had more formal and comprehensive measures in place to manage the risks. This aligned with the higher prevalence of fraud and money laundering among large and medium businesses. Ultimately, more work may be needed with smaller, unregulated businesses, who were less likely to see these crimes as priority areas, and were consequently less likely to have prepared for them.

Despite the relatively low prevalence of money laundering incidents, these were considered to warrant a more substantive or wide-ranging response from businesses than fraud or bribery incidents, perhaps in part due to the expected regulatory penalties for regulated businesses. For the latter 2 crime types, the action taken was often more concentrated in certain areas. Actions in response to fraud tended to focus more on improvements to business processes, whereas actions in response to bribery were more targeted towards the individuals or groups (employees, suppliers or customers) that may have been involved.

External reporting of bribery incidents was also less common than for fraud or money laundering, which was potentially linked to the perceived low impact of bribery incidents on the business, and ambiguity surrounding their legality in some cases. However, given that no more than one-third of instances of each crime type were reported, there are wider challenges with encouraging external reporting of economic crime.

The study also suggests that businesses faced challenges distinguishing between economic crimes, sometimes misidentifying crimes between fraud, corruption and money laundering. However, these crimes were often interconnected, with money laundering sometimes occurring after fraud or corruption. This interconnectedness could be useful in prevention techniques, as businesses that increase their awareness of one type of economic crime may implement measures that heighten their alertness to others. Emphasising this interconnectedness could also provide a way to make businesses more aware of and more capable of handling the rarer crime types.

The broader response to money laundering potentially speaks to its interconnectedness with both fraud and corruption, presenting opportunities for more effective intervention. The businesses that encountered money laundering were often aware that it could have come about in the aftermath of these other economic crimes. As such, the businesses that felt themselves to be at risk of money laundering may have been keen to undertake measures against economic crime more generally, not just anti-money laundering measures.

Ultimately, this study represents an important leap forward in understanding business experience, awareness of, and approaches to these areas of economic crime. It suggests a range of challenges related to low awareness and understanding of the rarer crime types, potential blind spots in terms of the risks and impacts, and a policy challenge in getting businesses to report incidents externally. Any future studies also covering these areas or economic crime will look to build on these insights.

Question 8

Glossary

Accepted Answer

This glossary defines the specific use of words or phrases in this study. Some of these may have a broader use in everyday language but were defined more precisely for this research.


Bribery	Bribery is a type of corruption. In the survey, several questions do not explicitly mention bribes, but refer to “a gift, favour or extra money, other than the official fee, in order to secure a business transaction, or to get the respondent business to perform a service”. Within this definition, survey respondents were explicitly told to exclude free samples or trials given for marketing purposes.
Businesses	This study covered businesses with employees only (that is, it excluded businesses with zero employees). Where the report refers to ‘businesses’, this is implicitly referring to businesses with employees.
Corruption	Corruption is the abuse of entrusted power for private benefit that usually breaches laws, regulations, standards of integrity and/or standards of professional behaviour. Gifts, favours, or extra money other than an official fee, exchanged in order to secure a business transaction, or acquire a service, would be examples of corruption. Survey respondents were provided with this definition of corruption at the relevant questions.
Cyber-facilitated fraud	Cyber-facilitated fraud is a subset of all fraud, which uses data or access obtained through electronic means such as malware, hacking (of files, user accounts or bank accounts) or phishing attacks.
Economic crime	Economic crime refers to a broad category of activity involving money, finance or assets, the purpose of which is to unlawfully obtain a profit or advantage for the perpetrator or cause loss to others. In the context of this report, the 3 economic crimes covered were fraud, corruption and money laundering.
Financial sanctions	Financial sanctions commonly include measures that restrict access to financial markets, funds and economic resources, and limit the provision of financial services, to a sanctioned person or business (known as a designated person). Financial sanctions restrictions can also be applied more broadly against specific groups or entire sectors. They can be applied on a geographic basis or in relation to a particular issue, such as terrorism, human rights or anti-corruption.
Fraud	To avoid any potential confusion caused by legal definitions, such as the definition set out by the Fraud Act 2006, the term fraud is not specifically defined in the survey. However, the survey questions give examples of what constitutes fraud in a business context. These include staff or fraudsters attempting to use business payment information without permission, trying to access a business’s online bank account to move money without permission, or tricking a business into changing bank transfers to divert funds to fraudsters. Also included are fake invoices or investment opportunities where there is a specific intended victim, or that elicit a response from the targeted business. Finally, there are frauds emanating from legitimate suppliers or customers, including suppliers claiming for undelivered goods or services, or falsifying expenses, as well as customers dishonestly claiming refunds. The frauds measured in the survey includes incidents where fraudsters successfully defrauded the business, as well as attempted, but unsuccessful, frauds.
High-turnover and low-turnover small and medium enterprises (SMEs)	In the context of this study, high-turnover SMEs are defined as enterprises with one to 249 employees, with £1 million or more in annual turnover. Low-turnover SMEs are enterprises with one to 249 employees, with under £1 million in annual turnover.
Incidence rate	The incidence rate, in the context of this study, is the total number of cases of economic crime among every thousand businesses (with employees). For example, the incidence rate of fraud among UK businesses represents the number of frauds that are estimated to have been perpetrated in the last 12 months, for every thousand UK businesses. The value of this statistic is in allowing comparisons across subgroups such as the size of business, as it accounts for the fact that there are far more micro and small businesses than medium and large ones.
Margin of error	The margin of error is a statistical measure of the uncertainty associated with the survey results. It indicates the range – a lower bound and upper bound – within which the true result for the business population is likely to fall, given the responses collected from our survey sample. There is a further guide to margins of error in an annex at the end of this report.
Money laundering	Money laundering occurs when money derived from crime is spent, hidden from view, transferred between individuals or business entities, or moved outside of the country. In order to reduced confusion about what it covered, the survey did not explicitly refer to money laundering, but instead asked about specific instances where respondents knew or suspected that money was derived from criminal activity.
Prevalence rate	The prevalence rate is the proportion of UK businesses (with employees) in the population that have experienced economic crime (for example, the proportion, or percentage, of businesses that have experienced fraud in the last 12 months).
Regulated business	Within this survey, “regulated businesses” refers to those with anti-money laundering obligations. Under the Money Laundering Regulations 2017, businesses in different sectors, including accountants, gambling firms, financial service businesses, estate agents and solicitors, must register to be monitored by a relevant supervisory authority. This is sometimes called Anti-Money Laundering (AML) supervision. Supervisory authorities could include public bodies such as the Financial Conduct Authority or Gambling Commission, government departments such as HM Revenue & Customs, and professional bodies such as the Law Society.
Suspicious Activity Report (SAR)	Suspicious Activity Reports (SARs) alert law enforcement to potential instances of money laundering or terrorist financing. Persons working in the regulated sector are legally required to submit a SAR in respect of information that comes to them in the course of their business if they know, suspect, or have reasonable grounds for knowing or suspecting that a person is engaged in, or attempting, money laundering or terrorist financing. SARs may also be submitted by unregulated businesses and private individuals where they have suspicion or knowledge of money laundering or terrorist financing, though they are not legally required to do this. SARs are submitted to the UK’s Financial Intelligence Unit (UKFIU) which is housed within the National Crime Agency (NCA).
Small and medium enterprise (SME)	SMEs are a grouping of the business population that includes businesses with one to 249 employees (that is, micro businesses, small businesses and medium businesses).
Subgroup difference	Subgroup differences are differences between particular groups within the overall business population (such as specific size or turnover bands, or industry sectors), or between a particular group and the overall result for all businesses.
Total incidence	The total incidence shows the total number of cases of economic crime across UK businesses (with employees). For example, the total incidence of fraud among UK businesses represents the number of frauds that are estimated to have been perpetrated against all UK businesses in the last 12 months.
Total prevalence	The total prevalence accounts for the total number of UK businesses (with employees) in the population that have experienced economic crime (for example, the total number of businesses that have experienced fraud in the last 12 months).

Question 9

Bibliography

Accepted Answer

Aziani, A. (2023). Illicit financial flows: A contested concept and a challenging measurement. CrimRxiv. https://www.crimrxiv.com/pub/8u6vn718

Caulkins, J. P., & Reuter, P. (2022). How much demand for money laundering services does drug selling create? Identifying the key parameters. International Journal of Drug Policy, 103, 103652. https://doi.org/10.1016/j.drugpo.2022.103652

Cobham, A., & Janský, P. (2020). Estimating illicit financial flows: A critical guide to the data, methodologies, and findings. Oxford University Press.

Collin, M. (2020). Illicit financial flows: Concepts, measurement, and evidence. The World Bank Research Observer, 35(1), 44-86. https://doi.org/10.1093/wbro/lkz007

Department for Science, Innovation and Technology. (2025). Cyber security breaches survey 2025. GOV.UK. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025

EY. (2024). EY Global Integrity Report 2024. https://www.ey.com/en_uk/insights/forensic-integrity-services/global-integrity-report

Ferwerda, J., & Reuter, P. (2024). National assessments of money laundering risks: Stumbling at the start. Risk Analysis, 44(9), 2001-2007. https://doi.org/10.1111/risa.14302

HM Treasury & Home Office. (2023, March 30). Economic Crime Plan 2, 2023-2026. GOV.UK. https://assets.publishing.service.gov.uk/media/642561b02fa8480013ec0f97/6.8300_HO_Economic_Crime_Plan_2_v6_Web.pdf

Home Office. (2020). Economic crime survey 2020. GOV.UK. https://www.gov.uk/government/publications/economic-crime-survey-2020/economic-crime-survey-2020

Home Office. (2025). Commercial Victimisation Survey, 2023. GOV.UK. https://www.gov.uk/government/statistics/crime-against-businesses-findings-from-the-2023-commercial-victimisation-survey

Home Office. (2025). Economic Crime Plan 2. Outcomes progress report. GOV.UK. https://www.gov.uk/government/publications/economic-crime-plan-2-outcomes-progress-report/economic-crime-plan-2-outcomes-progress-report

Levi, M., & Reuter, P. (2006). Money laundering. Crime and Justice, 34(1), 289-375. https://doi.org/10.1086/501508

Ministry of Justice. (2025). All-Offences prosecutions and convictions data tool: 2017 to 2024. https://www.gov.uk/government/statistics/criminal-justice-system-statistics-quarterly-december-2024

National Crime Agency. (2024). SARs annual report 2024. https://www.nationalcrimeagency.gov.uk/who-we-are/publications/747-sars-annual-report-2024/file

Office for National Statistics. (2024). Crime in England and Wales: Year ending March 2024. https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/datasets/natureofcrimefraudandcomputermisuse

Office for National Statistics. (2025). Crime in England and Wales: Year ending December 2024. https://www.ons.gov.uk/releases/crimeinenglandandwalesyearendingdecember2024

Office of Financial Sanctions Implementation, HM Treasury. (2024, April 26). UK financial sanctions: General guidance. GOV.UK. https://www.gov.uk/government/publications/financial-sanctions-general-guidance/uk-financial-sanctions-general-guidance

PwC. (2024). Global Economic Crime Survey 2024. https://www.pwc.com/gx/en/services/forensics/economic-crime-survey.html

Reisman, W. M. (1979). Folded lies: Bribery, crusades, and reforms. Free Press.

Reuter, P. (2013). Are estimates of the volume of money laundering either feasible or useful? In B. Unger & D. van der Linde (Eds.), Research handbook on money laundering (pp. 224-231). Edward Elgar Publishing.

Reuter, P. (2017). Illicit financial flows and governance: The importance of disaggregation. World Bank.

Transparency International. (2021). Global Corruption Barometer. https://www.transparency.org/en/gcb

United Nations Office on Drugs and Crime, United Nations Development Programme, & UNODC-INEGI Center of Excellence in Statistical Information on Government, Crime, Victimization and Justice. (2018). Manual on corruption surveys. https://www.unodc.org/unodc/data-and-analysis/corruption-manuals.html

This is evidenced in ONS data published in 2022. ↩
The business population data is taken from the DBT business population estimates 2024. These were the latest estimates as of the publication of this report, identifying a business population of 1,427,165 (for businesses with one or more employees). For the extrapolated figures presented here and later in this report, we have rounded to 3 significant figures if over 1,000, and to the nearest whole number if under 1,000. These figures are subject to a margin of error, as with all the results from the survey. For example, the margin of error for businesses on this result is ±1.7 percentage points. All margins of error discussed in this report have been calculated at the 95% level of confidence. ↩
By specific intended victim, we mean that the business was either mentioned by name on the fake invoice, or that they responded in some way to the fake invoice. This filters out instances of largescale spam, where a generic fake invoice might be sent by email to thousands of email addresses. A similar approach was taken with the measurement of investment fraud. This was done in both cases to align with the Home Office Counting Rules for crime. ↩
Across this report, we have extrapolated to the wider population using the mean rather than the median. This was done to produce a representative population-level estimate. The mean best incorporates the relatively small number of businesses in the population that had a very high number of incidents. The median does not capture these sorts of businesses and risks delivering too low an estimate if extrapolated. ↩
For example, the 2020 study allowed respondents to answer with “any other types of fraud not mentioned”, whereas this latest study stuck exclusively to a wider set of predefined categories of fraud. ↩
The combined total cost was calculated by adding the amounts in the 4 response categories for each sampled business, then creating a weighted average of this sum across businesses. This is different from simply summing the averages for each category, and is why the figures for the individual categories do not sum to the total. ↩
Findings were not weighted specifically by regulated status, the reasons for this are outlined in the Technical report. The calculation extrapolated the self-reported regulated status within the ECS across the wider population of UK businesses with employees. The regulated sector was well-represented in the final survey sample. ↩
Findings were not weighted specifically by regulated status, the reasons for this are outlined in the Technical report. The calculation extrapolated the self-reported regulated status within the ECS across the wider population of UK businesses with employees. The regulated sector was well-represented in the final survey sample. ↩

Cookies on GOV.UK

Authors

Acknowledgements

Summary

Methodology

Key findings – fraud

Key findings – corruption

Key findings – money laundering

Key findings – financial sanctions

1. Introduction

1.1 Background

1.2 Research objectives

1.3 Summary of methodology

1.4 Interpretation of the data

1.4.1 Strengths and limitations of the study

1.4.2 Margins of error and statistical significance

1.4.3 Reporting of means and medians

1.4.4 Rounding of survey estimates

1.4.5 Subgroup definitions and conventions

1.4.6 Chart base sizes

1.4.7 How to interpret the qualitative data

2. Fraud

2.1 Prevalence of fraud

2.1.1 Categories of fraud

Figure 2.1: Specific types of fraud experienced in the last 12 months (proportions and total prevalences)

2.1.2 Subgroup differences (size, turnover, sector and international trading status)

2.2 Incidence of fraud

2.2.1 Incidences for the specific types of fraud

Figure 2.2: Total incidences and incidence rates for the specific types of frauds experienced in the last 12 months

2.2.2 Frauds succeeding or being stopped by third parties

2.2.3 Subgroup differences (size, turnover and sector)

2.3 Characteristics of the most recent frauds experienced

2.3.1 How the fraud was initially detected

Figure 2.3: How businesses initially detected their most recent fraud, among the businesses experiencing any frauds in the last 12 months

2.3.2 The perpetrators of the fraud

Figure 2.4: How businesses were initially contacted by the perpetrator in their most recent fraud, among the businesses experiencing any frauds in the last 12 months and who had any direct contact with the perpetrators

2.3.3 Cyber-facilitated fraud

Figure 2.5: Proportion of most recent frauds that were cyber-facilitated in the following ways, among the businesses experiencing any frauds in the last 12 months

2.4 Business response to the most recent frauds experienced

2.4.1 Actions taken in response

Figure 2.6: Actions taken in response to the most recent fraud, among the businesses experiencing any frauds in the last 12 months

2.4.2 Reporting of fraud

Figure 2.7: Most common reasons given for not reporting the most recent fraud, among the businesses experiencing any frauds in the last 12 months (showing only responses at 5% or higher)

2.5 Impact of the frauds experienced (including the financial impact)

2.5.1 Whether frauds resulted in a financial loss

2.5.2 The cost of fraud incidents

Table 2.1: Summary statistics on the cost of fraud incidents, among the businesses experiencing any frauds in the last 12 months

2.5.3 Extrapolation of cost data

2.5.4 Differences by size band

Table 2.2: Summary statistics on the cost of fraud incidents, among the micro/small businesses experiencing any frauds in the last 12 months

Table 2.3: Summary statistics on the cost of fraud incidents, among the medium/large businesses experiencing any frauds in the last 12 months

2.5.5 Recovered costs

2.5.6 Non-financial impacts of fraud

Figure 2.8: Wider impacts of all the frauds experienced, among the businesses experiencing any frauds in the last 12 months

2.6 Perceived risk of fraud

2.6.1 Perceptions overall, by size and by turnover

Figure 2.9: Perceived risk of fraud, overall and by business size and turnover groupings

2.6.2 Other subgroup differences (sector, international trading status and those experiencing fraud incidents)

2.7 Preparedness for fraud risks and incidents

2.7.1 Measures in place to manage fraud risks

Figure 2.10: Measures businesses took or had in place to manage fraud risks across the last 12 months

2.7.2 Sector subgroup differences

Figure 2.11: Measures businesses took or had in place to manage fraud risks across the last 12 months, overall and for specific sectors

2.7.3 Other subgroup differences (size, turnover, international trading status and those experiencing fraud incidents)

2.7.4 Spending on fraud prevention and risk management

Table 2.4: Summary statistics on spending on fraud prevention and risk management, among the businesses investing in each of the following areas

2.7.5 Differences by size band

Table 2.5: Summary statistics on spending on fraud prevention and risk management, among the micro/small businesses investing in each of the following areas

Table 2.6: Summary statistics on spending on fraud prevention and risk management, among the medium/large businesses investing in each of the following areas

2.8 Chapter conclusions

3. Corruption

3.1 How businesses understood corruption

3.2 Prevalence of bribery

3.2.1 Subgroup differences (size, turnover and sector)

3.2.2 Perception of bribery within business sectors

Figure 3.1: Percentage saying the offering of gifts, favours or extra money in their business sector was very or fairly prevalent, compared to actual prevalence rates, overall and by sector

3.2.3 Suspected bribery incidents

3.3 Incidence of bribery

3.3.1 Incidence of bribes offered to businesses by other UK businesses or individuals (estimate 1)

3.3.2 Incidence of bribes given or asked to be given to other UK businesses (estimate 2)