Anti-Fraud, Bribery and Corruption Policy

Last updated V1.5 – 2nd December 2022


Arwen AI Limited’s (Arwen) Anti-Fraud, Bribery and Corruption Policy is designed to promote an anti-fraud culture and consistent organisational behaviour across the company when dealing with cases of suspected fraud, bribery or corruption. It sets out responsibilities for fraud prevention and detection and provides clear guidelines and procedures for reporting cases of suspected fraud and corruption and for the conduct of investigations.



The Fraud Act 2006 established three main offences of fraud, all of which carry a maximum sentence of 10 years and/or an unlimited fine. The offences are:

  • fraud by false representation
  • fraud by failing to disclose information or
  • fraud by abuse of position.

The following actions are among those which fall within the definition of fraud:

  • theft of company property, including information
  • misappropriation or use of company assets for personal gain
  • false accounting – dishonestly destroying , defacing, concealing or falsifying any account, record or document required for any accounting purpose
  • forgery or alteration of company documents
  • wilful destruction or removal of company records
  • any computer- related activity involving the alteration, destruction, forgery or manipulation of data for fraudulent purposes or misappropriation of Arwen owned software
  • falsification of travel and subsistence claims
  • knowingly generating or paying false claims or invoices
  • unauthorised disclosure of confidential information to third parties e.g. confidential details of current business activities or of bids or activities that the company is contemplating.


Bribery is the offer, promise, giving, demanding or acceptance of an advantage as an inducement for action which is illegal, unethical or a breach of trust.

Bribes can take many different forms, but typically they involve corrupt intent. A bribe could be:

  • the direct or indirect promise of anything of value
  • the offer of a fee, reward or other advantage
  • the giving of a donation.


Corruption is the misuse of power for private gain.

The Bribery Act 2010 makes bribery and corruption a criminal offence and holds companies liable for failing to prevent acts of bribery or corruption by those working for or on its behalf, no matter where the act takes place.

Policy Scope

This policy applies to all Arwen’s directors and staff, whether permanent, fixed term, or temporary and to any consultants and sub-contractors working on Arwen’s behalf.

Policy Statement 

Arwen expects high standards of conduct and probity from all of its directors and staff and requires them at all times to act honestly, with integrity and to safeguard the resources for which they are responsible. The company also expects its suppliers, delivery partners and sub-contractors to maintain the same high standards of conduct and probity.  

Arwen is committed to developing an anti-fraud culture and actively seeks to deter and prevent fraud and corruption by ensuring that risks are identified and managed effectively. The company will not accept any level of fraud, bribery or corruption and will investigate thoroughly all suspected cases. Staff involved in an impropriety of any kind will be subject to the company’s disciplinary procedures and legal action will be taken where appropriate.

To ensure that this policy is implemented effectively, Arwen will:

  • identify and include fraud and corruption risks within its risk management processes
  • develop and maintain appropriate control systems to reduce the risk of fraud and corruption
  • encourage a culture of prevention and deterrence
  • ensure that responsibilities are clearly defined and communicated at all levels
  • encourage staff and others to be vigilant and report any genuine suspicions of fraudulent activity
  • ensure that if a fraud occurs, a prompt and thorough investigation takes place, without regard to position held or length of service of employees concerned
  • take appropriate disciplinary and legal action in all cases, where justified
  • review systems and procedures to prevent similar fraud should a fraud occur
  • ensure that anti-fraud considerations are built into tendering and sub-contracting processes.

Roles and Responsibilities

The CEO hold overall responsibility for Arwen’s corporate anti-fraud policy and procedures. They are responsible for establishing and maintaining a sound system of internal control to manage the whole range of risks that Arwen faces. An Audit Committee, made up of at least 3 non-executive directors appointed by the Board, is responsible for reviewing the effectiveness of the company’s internal controls and risk management systems and company procedures for detecting fraud.

CEO Responsibilities

In addition to the roles and responsibilities defined within Annex 1, the Chief Executive Officer is responsible for:

  • identification and evaluation of risks and risk management
  • notifying supply–chain partners/sub-contractors of the nature of any investigation relating to a case of suspected fraud involving one or more of their employees.
  • reporting significant incidents of fraud to the Arwen’s Board (for example, where a significant sum of money is involved or if there is likely to be public interest because of the nature of fraud).
  • identification and evaluation of risks and risk management
  • developing and implementing fraud prevention and detection measures
  • the regular review of the company’s financial regulations and accounting procedures
  • arranging for the internal audit of the company’s financial regulations and accounting procedures to ensure compliance
  • providing advice and assistance to managers on control issues.
  • development and regular review of the Anti-fraud, Bribery and Corruption policy
  • ensuring that all managers and staff are aware of Arwen’s Anti-fraud, Bribery and Corruption Policy through the dissemination of information and provision of relevant training
  • providing advice and assistance to managers in the application of the policy should a case of suspected fraud occur
  • heading up an investigation team in response to a report of suspected fraud, when required to do so by the Risk Management Incident Group.
  • reporting to the Risk Management Incident Group on the progress of any investigation.

Operations Directors/Managers & Other Contract Manager Responsibilities

  • ensuring that all staff are familiar with the Anti-fraud, Bribery and Corruption Policy
  • identifying the risks involved in the contracts for which they are responsible
  • developing the local control systems necessary to prevent and detect fraud
  • reviewing and testing regularly the control systems for which they are responsible to ensure they are operating effectively
  • ensuring that staff have received appropriate training on control systems and that controls are complied with
  • notifying the Company Risk Officer when any case of suspected fraud is reported to them
  • ensuring that delivery partners and sub-contractors have an anti-fraud policy and procedures in place and meet the contractual requirements relating to the prevention of fraud and dealing with suspected incidents of fraud
  • assist sub-contractors in developing appropriate controls systems to prevent and detect fraud if appropriate
  • ensuring that the staff of any sub-contractors involved in the delivery of a Arwen’s contract, are aware of anti-fraud policies and procedures
  • ensuring that audits of contracts with sub-contractors include compliance with anti-fraud policies and procedures.
  • responding to media enquiries which may arise from a case of fraud or corruption.
  • taking appropriate legal action against perpetrators of fraud
  • seeking the repayment of losses to the company and the recovery of any costs.
  • ensuring that disciplinary action is taken against perpetrators of fraud
  • preparing the response to requests for references for any member (or former member) of staff who has been disciplined or prosecuted for fraud. 

All Staff Members are responsible for:

  • being alert to the possibility of fraud and taking special care if unusual events or transactions occur
  • reporting details immediately if they suspect that fraud is taking/has taken place or if they see any suspicious acts or events (see procedure below)
  • co-operating fully with any internal checks, reviews or investigations
  • co-operating fully with audit or investigation by external bodies such as HM Revenue and Customs and contracting bodies who may invoke their right to conduct audits as set out in the contract between the contracting body and

Conflicts of Interest

Employees are required to fully disclose any situation in which his or her personal interests may conflict with those of the company.

Any employee who is, or might be influenced by personal considerations which may hinder objective decision-making must seek advice from an appropriate senior manager.

Gifts and Hospitality

Employees and their families must not accept, directly or indirectly, any money, gifts or hospitality which could influence or appear to influence decisions they make on behalf of the company. Staff responsible for the purchase of supplies, equipment or services must take particular care to ensure that there can be no criticism that unequal treatment has been given to suppliers involved in tendering processes, through the acceptance of gifts or other benefits.

Employees who are offered a gift as an inducement for preferential treatment must decline or return it as appropriate, with a suitably courteous letter explaining company policy.

Employees should not give any gift or hospitality with the expectation that they and/or the company will benefit from it, since this may constitute a bribe. 

The acceptance and/or offer of small gifts and/or casual hospitality such as business lunches, dinners or invitations to events, is acceptable within reasonable grounds, as long as it is a normal and appropriate expression of business courtesy and that the recipient is not placed under any obligation.

If a member of staff is in any doubt as to the propriety of giving or receiving any gift or hospitality then he/she must consult his/her line manager.

Corruption and National or Local Government Officials

Contacts with and/or gifts to or from national or local government officials can be particularly sensitive. Employees must not offer or provide, either directly or indirectly, any pecuniary or other advantage to or for a public or corporate official in order to obtain or retain business or secure any improper business advantage. Any employee who is asked by a government or corporate official to circumvent these rules must immediately report the matter to the Managing Director.

Political Contributions  

Employees should not make any contributions to either individual politicians or political parties in order to secure political or commercial influence on behalf of the company. (This does not preclude private donations to political parties made by individual employees which otherwise would be lawful).

Anti - Fraud Arrangements with Sub-Contractors/ Delivery Partners

Arwen expects its sub-contractors and delivery partners to maintain high standards of conduct and probity and to have in place anti-fraud processes similar to those of Arwen. All of Arwen’s sub-contractors should therefore be required to:

  • have in place anti-fraud and confidential disclosure (‘whistleblowing’) policies and procedures
  • immediately report any case of suspected fraudulent activity by its employees to the Arwen’s Operations Manager responsible for the contract, who will then initiate an investigation following the procedures outlined in this policy
  • immediately suspend any member of staff who is suspected of fraud
  • ensure that all its employees are informed about and have access to its anti-fraud and confidential disclosure (‘whistleblowing’) policies.

Where necessary, Arwen will assist providers in developing appropriate control systems to prevent and detect fraud when appropriate. Where a potential sub-contractor is judged to have inadequate processes and is unwilling to commit to Arwen standards, Arwen will not proceed to contract with that provider.

Reporting a Suspicion of Fraud

Fraud may be discovered in a number of ways, including the following:

  • Through planned audit work
  • Through the operation of management and control procedures
  • A concern may be raised by a member of the public
  • A concern may be raised by an employee. 

Staff are encouraged to report any suspicion of fraud, bribery or corruption or any other form of malpractice. The Confidential Disclosure (‘Whistleblowing’) Policy makes clear that staff can report suspicions confidentially and without fear of victimisation or subsequent discrimination or disadvantage, whatever the outcome of an investigation.

Procedure – Reporting a Suspicion of Fraud

Please see Annex 1

Communication and Training 

This policy is communicated to all staff via the normal company channels, including Prospectus and the company intranet and is introduced to all new staff at induction.

Internal Controls and Audit

Internal control systems are subject to regular audits to provide assurance that they are effective in countering fraud, bribery and corruption.

The company’s external auditors review the internal financial control systems on an annual basis as part of their statutory audit. Any control issues arising or recommendations for improvement are set out in the Key Issues Memorandum which is presented by the external auditors to the Audit Committee.

Internal audits of the company’s financial controls are carried out periodically by senior members of the finance team and the Company Risk Officer who are not directly involved in the area being reviewed.


This policy is reviewed every year or in the event of any change in related government policy.


Annex 1

Risk Management Response Plan

Initial Response


Any suspicion of fraud, bribery and corruption (whether perpetrated by a member of Arwen staff or by a third party) must be reported without delay to a manager who without delay should escalate to the Company Risk Officer. No investigations should be undertaken at a local level by managers or other staff. Internal investigations could be counterproductive to the investigative process and hamper efforts to promote an independent and transparent process.  

The Operations Manager in discussion with senior managers will make an initial assessment as to the level of seriousness and apply a RAG status. The RAG status will dictate immediate actions.








Serious incident that requires escalation to the Risk Management Incident Group.





Has the potential to be serious incident but requires further investigation prior to possible escalation and notification to the Risk Management Incident Group.





Is not deemed serious or time sensitive.   Expected outcome poses no risk to staff, property or company reputation. Does not require notification to the Risk Management Incident Group.



Risk Escalation

At any time during an investigation the initial risk status may escalate (or deescalate) at which time the Company Risk Officer will notify, in liaison with senior managers, the Chief Executive Officer.

Risk Management Incident Group

All amber and red incidents will be reported to the Chief Executive Officer. The Chief Executive Officer will convene the group and lead meetings as appropriate.

The Risk Management Incident Group comprises key company stakeholders best placed to advise, direct and manage serious incidents. All members or a combination of representatives may be called upon.












The Risk Management Incident Group will determine what immediate action should be taken, for example, whether the matter should be immediately reported to the police and how the investigation will proceed.

The Investigation Process

The investigation process will vary according to the circumstances of the case. In cases judged to be fairly minor (RAG status Green), the Operations Manager will undertake an investigation and present a report along with recommendations, to a nominated senior manager.

In more serious cases (RAG status Amber or Red), the Risk Management Incident group will appoint a team, led by the Company Risk Officer, which may include external specialists as deemed appropriate. Any member of staff who is asked to join an investigation team will be required to do so with immediate effect. All staff are expected to cooperate with any investigation, where required.

Duties of the Operations Manager

  • With senior managers undertake an initial risk assessment to establish the RAG status of the incident
  • Undertake an initial report to the Chief Executive Officer and incident group as appropriate
  • Gather relevant evidence and maintain detailed records, including a chronological record detailing all telephone conversations, discussions, meetings and interviews
  • In collaboration with the Risk Management Incident Group, report the incident to the police where appropriate and maintain contact with the police as necessary. 
  • Liaise with the Company Solicitor to obtain legal advice where necessary on the recovery of losses.
  • Report regularly to the Risk Management Incident Group on the progress of the investigation (at least monthly for ongoing investigations) The reports should include the following:

  • Value of the company’s losses
  • Estimated resources required and timescale to conclude the investigation

  • Recommended actions to be taken to prevent and detect similar incidents.

  • on completion of an investigation, submit a Incident Investigation Report to the Risk Management Incident group, including a full description of the incident (including the value of any loss, the people involved and the means of perpetrating the fraud) and the measures taken to prevent a recurrence
  • Provide recommendations for any further action needed to strengthen future responses to incidents of a similar nature.
  • Report to the company audit committee 

Duties of the Risk Management Incident Group 

  • Liaise with the relevant Operations Manager in respect of notifying the funder as required by the contract (see ‘Notifying the funder’ below).
  • Identify any disciplinary action required

  • Identify any criminal proceedings to be taken

Gathering and Securing Evidence

The Company Risk Officer should maintain a chronological record of events, giving a full explanation of each action and event during the course of the investigation. As considerable time may elapse between the start and conclusion of the investigation, it is important that a detailed record is maintained to aid recall to all relevant events. A successful criminal prosecution may also depend on these details. The following should be logged:

  • Details of all telephone calls, faxes, e-mail and any other forms of communication
  • A formal record of all interviews and meetings
  • A clear record of where and how documents and other evidence were obtained.
  • All evidence should be stored with consideration to Home Office Guidance and Data Protection Act

Where there is a possibility of subsequent criminal proceedings, the Risk Management Incident Group will nominate the Company Risk Officer to refer the matter to the police and seek advice from them on the conduct of internal enquiries, to ensure that any potential criminal case is not prejudiced.

Guidelines for Conducting Investigation Interviews

As part of an Amber or Red Status risk investigation, the Operation Director will need to interview member(s) of staff under investigation and other members of staff who may be witnesses to or able to help establish the facts. During interviews the investigating officer should adopt the following best practice:

  • Have an interview plan before the meeting to ensure the key issues are covered.
  • Arrange for an appropriately trained member to attend the interview and ask them to take detailed notes.

  • Conduct interviews in an independent and professional manner.
  • Ask only questions relevant to the investigation.

  • Do not ask leading questions or subject the interviewee to harassment or intimidation.
  • Prepare a type written statement of the interview, recording all salient points and wherever possible record direct speech by the investigator and the person making the statement.
  • Ask the interviewee to read the statement, to make any corrections or additions to the statement and to sign the statement at the end to say it is a true and correct record of the interview.

  • Treat reports and statements as ‘Restricted’ documents and share them only with members of the Incident Group and the police, where appropriate and where directed. The Chief Executive Officer and/or the Incident Group may decide the appropriateness of sharing these documents with other company employees i.e. HR managers. 

Suspending Staff under Investigation

Where initial investigation provides reasonable grounds for suspecting a member of staff of fraud, theft, bribery or corruption, the Risk Management Incident Group will take steps to prevent any further loss. It may be appropriate to suspend the suspect(s) pending the outcome of the investigation.

In these circumstances, the suspect(s) should be:

  • Approached sensitively (unannounced) in a confidential space
  • Supervised at all times by a member of the Senior Management Team before leaving company or sub-contractor premises, to prevent them from destroying or removing any evidence.
  • Allowed to collect personal property under supervision, but should not be able to remove any property or records belonging to the company, sub-contractor or programme.
  • Required to immediately return any keys to premises, security passes, laptop computers, memory sticks, mobile devices and files including diaries and address books in their possession.
  • Denied any unsupervised access to the company’s premises whilst they remain suspended.

  • Denied access to the company’s ICT systems whilst they remain suspended.
  • Required not to make contact with other staff in relation to the investigation.

Notifying the Funder

Post consultation with the Risk Management Incident Group, notification to the funding organisation about actual or suspected fraud should commence where necessary. Arwen contractual obligations with regards to reporting are detailed within the various contracts and guidelines. The relevant Operations Managers hold copies of these and must follow the required protocol, liaising with contract managers throughout the process. If there are any doubts, the Operations Manager should seek advice from the Company Solicitor and the Managing Director. The Executive Board and/or Chief Executive Officer may wish to seek external legal advice.  

Media Enquiries

Any media response plan should be agreed by the Incident Group.

Enquiries from the media in respect of any case of fraud, theft, bribery or corruption should be referred to the Director of Marketing and Communications (and in their absence the Chief Executive Officer or somebody nominated by the Executive Board who has undertaken company media training) who will make any statement to the media.