Top 6 Interview Tips for Corporate Fraud Investigations

Top 6 Interview Tips for Corporate Fraud Investigations

In today’s economic climate, corporate fraud is rife on all levels, and though it often goes undetected, it can be catastrophically damaging to both individuals and corporations. PwC’s Global Economic Crime and Fraud Survey reports, internal perpetrators represent nearly half of all reported frauds.

Learn more about the different types of fraud in our 4-part series of corporate fraud where we cover:

Also, take a look at our blog: Top 6 Internal Investigations Pitfalls to Avoid in order to avoid making the same mistakes and to protect against risk.

A corporate fraud investigation is essential to gather evidence, identify defendants and trace misappropriated assets. When interviewing the suspect, an interviewer’s questions may lead directly to the truth or to a web of deception. A good interviewer applies a variety of techniques to ensure that the interview yields the most accurate and truthful answers.

This blog will cover Top 6 Interview Tips for Corporate Fraud Investigations.

Start with Background Questions

Every fraud interview should start as a simple conversation. The goal is to learn some background information while building rapport with the interviewee. After stating the purpose of the interview, start with questions regarding the interviewee’s background, including:

  • How long have you been at the company?
  • What job titles have you had, and what are the responsibilities of your current title?
  • What is your normal day like? Normal week? Normal month?

Once certain responsibilities of the interviewee have been established, ask for some detail on their tasks. Ask questions like:

  • How do you personally stay organised? What tasks do you prioritise?
  • When performing the month-end reconciliations, when are they due? Who reviews your work? Do they ever have review points? Do they sign off promptly?
  • Who covers your responsibilities if you’re out? Who do you interact with the most in the office on a daily basis? Who do you rely on to provide the data/documentation for you to be able to complete your tasks?

Spending the time to learn about the interviewee and the responsibilities of their position will set a nice tone for the interview. Encouraging the interviewee to talk about themselves helps earn some trust and develop rapport. Through this line of questioning, information can be learned about their position within the company and exposure to other employees, processes and controls. This can be valuable to the current interview and other interviews conducted throughout the investigation. It is important to start with background questions and to remain calm despite the stress that may come along with investigating a potential case of corporate fraud.

Set a Relaxed Tone

Sit across from the interviewee if possible, and assume a relaxed physical position. Use a smile and direct eye contact to begin the interview with a light and relaxed mood because dealing with a potential case of corporate fraud can be stressful for everyone involved. Use some summarised notes to keep you organised for the interview, but employ them as little as possible to keep from appearing disinterested or unengaged. Writing notes throughout the interview is typically necessary, but they should be written down quickly and in a summarised fashion, so as not to cause alarm or appear concealing to the interviewee.

Explain who you are and the purpose of the interview. Don’t lie about the reason you are talking, but keep it light. Examples might include:

  • “This is just a standard part of our internal control procedures for the audit”
  • “We just need to understand further details about a specific financial area, and you are one of the people we were told to speak to”
  • “These interviews are all just part of an improvement study for certain systems/processes”

It is unnecessary to explicitly state the possibility of corporate fraud, especially because none of this is confirmed. The purpose of a successful investigation, is to derive accurate information rather than pro/disprove a potential case of corporate fraud. Start the interview by asking the interviewee how long they’ve been with the company. Ask what their specific job responsibilities are, who they report to, what a typical day is like for them. Earn their trust by listening and asking open-ended questions to allow them to keep speaking. Interviewees inherently become more comfortable when asked to speak about themselves, as well as when someone takes an interest in what they do each day. Ask for more detail when they speak of certain forms, lists, software or interactions that they have throughout the day.

The first 5 minutes of any one-on-one interview is the most crucial phase. You can create trust or distrust within the interviewee within seconds, based on your demeanour, attitude, and physical appearance.

Ask the Right Questions

Many interviewers tend to follow a script when performing interviews. Typically this list of questions is universal to all interviews for the day and asks common questions about seeing or reporting corporate fraud, seeing or reporting strange or unusual behaviour, etc. Although straightforward in nature, these questions will rarely get an interviewee to divulge information that the interviewer may find useful or informative. An interviewer can ask more appropriate questions throughout an interview that fulfil the requirements of these questions, without asking them verbatim.

Using specific questions about unusual behaviour in each of the interviewee’s job responsibility areas may be much more effective than a general question of abnormal activity within the organisation. Instead of asking a payroll clerk whether she knows of or has seen any cases of corporate fraud within the organisation, it makes much more sense to ask whether she has seen any odd entries or deletions in the payroll system, whether she’s ever been asked to override the system in some manner, what weaknesses exist within the hiring/termination process and whether past errors in timekeeping and paychecks were handled appropriately.

Use the following tips and lines of questioning to strengthen your interviews:

  • Converse about an interviewee’s daily responsibilities using open-ended questions regarding atypical situations that might occur, and brainstorm with the interviewee about weaknesses in the process and how a corporate fraud or scheme could occur.
  • Identify specific interviewee responsibilities that are prone to fraud and ask about instances in which they struggled to complete their tasks or had issues related to abnormalities within the process.
  • Ask about areas that the interviewee used to be responsible for in the past that have since been taken away from them, and understand the reasoning behind the change.
  • Ask what changes the interviewee would make to the process if they were in charge, and why.
  • Ask the interviewee the main thing about their job that “keeps them up at night.” Typically, areas that concern or worry an employee the most may have levels of uncertainty that are indicative of risk, misstatement, or fraud.
  • Finally, begin asking whether they have seen corporate fraud or unusual behaviour within any of the areas they work in, or in other departments.

By empowering the interviewee throughout the interview, you not only develop a trusted rapport with them, but you initiate a thought process within them that is more likely to remember and report anomalies from the past.

Dive into Deeper Questions

Once deep into an interview for a potential case of corporate fraud, interviewers are in a good position to start asking the harder questions. If this is a general fraud interview with no suspicion of corporate fraud, it’s time to ask the direct questions, such as:

  • Have you participated in or witnessed fraudulent or questionable behaviour within the company?
  • Have you ever been asked to participate in or ignore a fraudulent act with the company?
  • Are there any activities of the company that you consider fraudulent, immoral or criminal?

If this is a corporate fraud investigation with specific allegations, now is the time to begin focusing on the known allegations, as well as any inconsistencies within the interview. Interviewers may want to begin to cross-reference their responsibilities with the information shared at the beginning of the interview, such as how they stay organised, who they report to, etc.

At the beginning of the interview, interviewees may exaggerate their responsibilities, motivated by a desire to tell the interviewer what they think they want to hear. But as the interviewer asks more questions and gets into more of the details of their responsibilities, shortcuts may be revealed, tasks they complete that aren’t reviewed, checks and balances that are being ignored or areas where their story just doesn’t add up. A good interviewer won’t let these items pass by. As these discrepancies are identified and real processes are clarified, interviewers should develop a clearer picture of the company, the likelihood of fraud and the potential involvement of the interviewee.

Remain Objective

With any investigation into allegations of corporate fraud or workplace misconduct, it is imperative that the investigator maintains a neutral and objective approach, and does not make “cut corners” in the investigation process. Following the proper procedurally fair process will not only ensure that your investigation is beyond unfounded criticism, it will also mean that you are being truly diligent in obtaining, collating, comparing and critically examining the evidence and making reliable conclusions on it.

Ensure Clarity

One major shortcoming in inexperienced fraud interviewers is their reluctance to reconfirm statements, revisit subjects and ask for more examples. Often, interviewers don’t like to give the impression that they don’t understand or need a second explanation, but this step is crucial to a successful interview. Revisiting a subject multiple times and asking for more examples not only provides clarity, but can also identify inconsistencies in the interviewee’s statements. Interviewers should regularly go back through the details of a certain procedure or process that the interviewee has already explained, asking for more detail and examples, with questions like:

  • I don’t understand this specific process. Can you explain to me what the senior accountant’s role is again?
  • It doesn’t make sense to me that the checks are signed without the supporting documentation present. Can you walk me through the process again so I can understand the timing of the review?

The least of an interviewer’s worries should be looking uninformed or foolish. Nothing should get in the way of gaining a full understanding of what the interviewee is explaining.

How Polonious can help you fight corporate fraud

Corporate fraud is a risk to all businesses regardless of size or industry. Being able to conduct an effective internal investigation is essential for the day-to-day operation of your organisation. There are countless tools you can use to run investigations more efficiently and effectively. 

A well-conducted internal investigation helps ensure that those who have engaged in improper conduct are identified as having done so, and are dealt with appropriately. It can also ensure that those who have been wrongly suspected or accused of having engaged in improper conduct have their circumstances clarified and the suspicion removed. Polonious provides an investigation workflow tool which creates consistent, procedurally fair investigations while minimising admin work through automation.

Polonious’ ISO27001 certified security ensures your evidence and case files are stored securely, while our detailed security configuration ensures you can keep employees fully anonymous, or known only to specific individuals, depending on the level of anonymity requested.

An effective internal investigation helps reinforce better workplaces and protects the company from large fines, damages, negative publicity, etc. As the fraud environment becomes increasingly complex, we can help you detect and prevent corporate fraud by ensuring effective corporate governance.

A corporate fraud investigation is essential to gather evidence, identify defendants and trace misappropriated assets. These Top 6 Interview Tips for Corporate Fraud Investigations will teach you a variety of techniques to ensure that the interview yields the most accurate and truthful answers.

A corporate fraud investigation is essential to gather evidence, identify defendants and trace misappropriated assets.

These Top 6 Interview Tips for Corporate Fraud Investigations will teach you a variety of techniques to ensure that the interview yields the most accurate and truthful answers.

With any investigation into allegations of workplace misconduct, it is imperative that the investigator maintains a neutral and objective approach, and does not make “cut corners” in the investigation process.

With any investigation into allegations of corporate fraud and/or workplace misconduct, it is imperative that the investigator maintains a neutral and objective approach, and does not make “cut corners” in the investigation process.

Book a Demo Now

Learn more on how Polonious helps clients run successful investigations

New General Insurance Code of Practice: The main points of compliance

New General Insurance Code of Practice: The main points of compliance

Access Polonious' free guide to GICoP compliance in investigations.

Australia’s insurance industry is undergoing the biggest regulatory and compliance changes in its history, and these changes will significantly impact investigation teams.

The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice, and all insurers were required to implement the changes by July 1, 2021. The changes are legally binding and, as of July 1, 2021, organisations can be fined for non-compliance. These fines can amount to hundreds of thousands of dollars.

To avoid penalties and compliance headaches, insurers will need to change their business to comply with the new regulations, which must be met in their entirety, as opposed to a piecemeal approach. The new Code is a result of a two-year review by the ICA, which invited input and recommendations from various organisations.

Australia’s insurance industry leaders must act now to bring their investigation teams, and the wider organisation, in line with the changes. Investigation teams will be pressured by the more detailed compliance requirements, but this does not mean there are no business imperatives.

Polonious’ report, New General Insurance Code of Practice: A reference guide to how changes will impact fraud investigations, gives insurance industry leaders an overview of the required changes, and details of how the impending requirements can go a long way to benefiting the business.

I this blog, we will look at the main points of compliance.

Regulatory and compliance requirements are often seen as a process and reporting burden by organisations already stretched by administrative overhead. However, contrary to this common belief, the new ICA Code will help insurance companies improve customer engagement. And there is already software available to help manage the new requirements in an automated way.

The benefits of meeting compliance

When it comes to dealing with customers, meeting compliance is good for business.

Insurance investigators need to remember that an investigation is also customer service. When dealing with a customer, including them in the process leads to a much more positive experience for them.

If customers are well informed, and have clear guidelines as to what is required, not only are they more likely to remain a customer, they will also be more likely to refer the insurer to their friends, family, and colleagues.

Moreover, a well-informed investigator can recommend a settlement sooner when evidence of a genuine claim is confirmed, rather than through the regular claims process. Building the ability to “green light” a genuine claim into the investigative process is critical.

The requirements of the new Code are an opportunity for insurers to improve their investigative processes. These improvements should be baked into their investigation methodology from the outset, with compliance monitored via the tracking of progress, timeframes and the investigation plan, ensuring that the claimant is included in regular communication.

With the new rules mostly relating to the claimant, they should be viewed from claimants’ perspective in terms of benefits. This is not to say the changes don’t also ultimately benefit the insurer — by making the claims process more transparent and less time consuming for the claimant, customer satisfaction and retention will increase.

The importance of compliance monitoring

Constant compliance monitoring is necessary to ensure that fairness and due process is followed, which impacts the relationship with the customer and how it is viewed.

For example, any evidence that is gathered under non-compliant circumstances loses its weight in court.

Another benefit of compliance monitoring is a reduction in turnaround times. Shorter investigation times lead to reduced cost of the investigation and increased customer satisfaction.

With a mature investigation methodology and system in place, turnaround time for genuine claims that undergo an investigation can be reduced by 50 per cent.

This, in combination with reduced administration, has the flow-on effect of reducing the total number of open cases also by 50 per cent. One Polonious customer had 1000 cases open at the time of go-live, and within 18 months had reduced that to 500 cases despite still investigating the same total number of cases per month.

By following well-defined processes, administration costs can also be reduced by some 30 per cent, which further reduces turnaround time. In one Polonious customer review, more than two hours of admin time was saved per case. This manifested itself in a reduction in the investigation work from 14 days to 12 days. In short, two hours less administration led to a two-day saving in turnaround time.

Calculating compliance ROI

Polonious has identified more than 40 key points of compliance required to be monitored during the course of an investigation to ensure ICA standards are being met by investigative teams.

In an effort to build consensus and an agreed best-practice approach, in late 2019 Polonious started a working group with a number of leading Australian insurers to discuss how a system could be used to track all of these points of compliance and make them part of the business process.

During the course of an investigation, all of the compliance points can be met as part of the process from beginning to end, with appropriate reminders.

Table 1: The main stages of investigation workflow

Polonious has analysed numerous client investigation processes to determine the efficiencies gained after implementing the SAME methodology.

On average, the ROI at 90 days after implementation was an approximate time saving of 33 per cent, with improvements at 15 out of the 18 stages of the investigation process.

Figure 1: How Polonious saves time during an investigation

Investigation insights: Get the best performance measurement factors

Investigation insights: Get the best performance measurement factors

Polonious_Investigation Insights Study Cover

During the International Association of Special Investigation Units (IASIU) conference held virtually on September 14 and 15, 2020, Polonious ran a panel discussion with some of the world’s leading investigation professionals. Investigation Insights contains new research into the performance, effectiveness and challenges of special investigation units, and communicates how better insights can drive improvements in productivity. You can download the full report here.

In this blog, we will look at the factors by which investigators measure the performance of their SIU and them impact they have.

To gather performance insights, we asked survey respondents to describe the factors by which they measure the performance of their SIU and found that they were largely as we would expect, though there were some concerns.

Referrals can mask real SIU performance

The overwhelming majority of respondents (80%) use number of referrals as a performance measure. When considered alongside the percentage of false positives, this is only a measure of how much work the SIU is doing clearing those cases — not a measure of how much value the SIU is providing.

For example, if you are an SIU with more than 40 per cent false referrals, as some of our respondents appear to be, then your true performance figure — the referrals that result in savings — is less than 60 per cent of your total referrals.

The next most commonly used metric is whether or not fraud is determined, which was used by 55 per cent of respondents. This is getting closer to reporting on actual value — cases where fraud was found and, we can assume, savings were made — but it is not quantifying those savings. This means you might be finding a lot of small fraud, which is good, but the ROI of your budget on those cases might not be there.

However, Figure 10 shows the range of individual measures employed, which we have itemised for illustrative purposes. Respondents could give multiple answers, and most, if not all, sensibly use a combination of measures.

There were also around 40 to 50 per cent of units using the percentage of claims investigated, and percentage referred to a department of investigations (DOI), and another 25 per cent reporting on recovered premiums and 40 per cent reported specifically measuring for ROI.

So, for example, measuring the total number of referrals combined with a percentage of investigations, and a percentage of referrals to DOI, would give a reasonable picture of SIU performance.

However, in terms of value provided to your organisation, the ROI — costs on investigations versus savings on claims — is an easily recognisable measure to claims executives.

Figure 10: Measures used by organisations to calculate the performance of the SIU

Figure 10: Measures used by organisations to calculate the performance of the SIU


Many respondents also report on indirect performance measures (see Figure 11) such as training and deterrent effects.

Figure 11: Performance activities not directly related to investigations


A bit more than half (53.33%) report on fraud deterrent effects, and 60 per cent report on training they provide for other staff on detecting and preventing fraud. Two thirds of respondents (66.67%) report on various other non-fraud related activities, but for this survey we did not go into further detail of what they were.

The contribution of these indirect activities to financial performance is harder to measure. However, it speaks to the proactive work that SIUs are doing to prevent fraud, which is very encouraging.

Comparison of 8 Major Companies’ Code of Ethics and Conduct

Comparison of 8 Major Companies’ Code of Ethics and Conduct

Good corporate governance incorporates a set of rules that define the relationship between stakeholders, management and the board of directors of a company and influence how the company is operating. The importance of corporate governance cannot be understated as it enables organisations to achieve their goals, make formal decisions, prevent fraud, control risks and assure compliance. 

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of code of conduct examples for businesses. 

This blog will help you understand:

  • Definition of Code of Ethics
  • Definition of Code of Conduct
  • Difference between Code of Ethics and Code of Conduct
  • Comparison of 8 Major Companies’ Codes of Ethics and Conduct 

Code of Ethics

A code of ethics is a set of guiding principles intended to ensure a business and its employees act with honesty and integrity in all facets of its day-to-day operations and to only engage in acts that promote a benefit to society. Sometimes referred to as a value statement, it behaves like the “Company’s Constitution” with general principles to help guide employee behaviour.

The document outlines a set of principles that affect decision-making. For example if an organization is committed to protecting the environment and “being green”, the code of ethics will state that there is an expectation for any employee faced with a problem, to choose the most “green” solution. It does not cover specific behaviour like a code of conduct, rather it outlines the principles that should guide that behaviour.

Typically, focus areas include:

  • Social Responsibility
  • Discrimination
  • Environmental issues

3 Types of Codes of Ethics

A code of ethics can take a variety of forms, but the general goal is to ensure that a business and its employees are following state and federal laws, conducting themselves with an ideal that can be exemplary, and ensuring that the business being conducted is beneficial for all stakeholders. The following are three types of codes of ethics found in business.

Compliance-based Code of Ethics

For all businesses, laws regulate issues such as hiring and safety standards. Compliance-based codes of ethics not only set guidelines for conduct but also determine penalties for violations.

In some industries, including banking, specific laws govern business conduct. These industries formulate compliance-based codes of ethics to enforce laws and regulations. Employees usually undergo formal training to learn the rules of conduct. Because noncompliance can create legal issues for the company as a whole, individual workers within a firm may face penalties for failing to follow guidelines.

To ensure that the aims and principles of the code of ethics are followed, some companies appoint a compliance officer. This individual is tasked with keeping up to date on changes in regulation codes and monitoring employee conduct to encourage conformity.

This type of code of ethics is based on clear-cut rules and well-defined consequences rather than individual monitoring of personal behavior. Despite strict adherence to the law, some compliance-based codes of conduct do not thus promote a climate of moral responsibility within the company.

Value-Based Code of Ethics

A value-based code of ethics addresses a company’s core value system. It may outline standards of responsible conduct as they relate to the larger public good and the environment. Value-based ethical codes may require a greater degree of self-regulation than compliance-based codes.

Some codes of conduct contain language that addresses both compliance and values. For example, a grocery store chain might create a code of conduct that espouses the company’s commitment to health and safety regulations above financial gain. That grocery chain might also include a statement about refusing to contract with suppliers that feed hormones to livestock or raise animals in inhumane living conditions.

Code of Ethics Among Professionals

Financial advisers registered with the Securities and Exchange Commission (SEC) or a state regulator are bound by a code of ethics known as a fiduciary duty. This is a legal requirement and also a code of loyalty that requires them to act in the best interest of their clients.

Certified public accountants, who are not typically considered fiduciaries to their clients, still are expected to follow similar ethical standards, such as integrity, objectivity, truthfulness, and avoidance of conflicts of interest, according to the American Institute of Certified Public Accountants (AICPA).

Code of Conduct

A company’s code of conduct covers major legal, ethical, and compliance risk areas to help employees make the right choices, even when they’re not easy. Your  code of conduct sets the  ethical standards and establishes expectations for employee behavior in the workplace. Employee adherence to your company’s code of conduct is essential to maintaining a reputation of integrity and preventing risk for your organization. Codes of conduct cover specific behavioural expectations in specific situations.

Topics may include:

  • Conflicts of Interest
  • Protecting Company Information
  • Financial and legal integrity
  • Reporting wrongdoing

Difference between Code of Ethics and Code of Conduct

A Code of Ethics governs decision-making, and a Code of Conduct governs actions. They both represent two common ways that companies self-regulate. They are often associated with large companies, and provide direction to employees and establish a public image of good behavior. 

A code of ethics is broader in its nature, outlining what is acceptable for the company in terms of integrity and how it operates. A code of conduct is more focused in nature and instructs how a business’ employees should act daily and in specific situations.

8 Examples of Major Companies’ Code of Conduct and Ethics

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of codes of conduct for the following major businesses.

Technology Companies


Google’s Code of Conduct emphasizes its values such as customer care, integrity and transparency. The document clearly states who must adhere to the standards set forth and how misconduct will be addressed.

It highlights the importance of speaking up and taking action against wrongdoing. Overall, their Code of Conduct is concise and well organized.


Microsoft’s Standards of Business Conduct revolves around one central theme: trust. Microsoft emphasizes that trust is an important aspect of its operations, including with customers, governments, fellow employees, investors and representatives.

The code of conduct also offers a process to help employees make difficult decisions that reflect Microsoft’s values and standards. Offering a process can be a useful way to simplify complex ethical decisions and ensure consistent behaviour. However, avoid getting too specific as this may result in legalistic responses, e.g. ‘Well, the code of conduct didn’t specifically say NOT to do that…’.

Read more on their website


Facebook’s Code of Conduct covers important topics such as conflicts of interest, harassment, confidentiality and protection of user data. Despite not using photos and visuals, it is simple, concise and easy to comprehend.

The company also highlights that employees can report violations anonymously to sources that they feel comfortable speaking to, including managers, HR and/or the Legal Department. The code of conduct also includes links to the company’s whistleblower and complaint policy.

Learn more about Facebook’s Code of Conduct on their investor relations website


IBM’s Code of Conduct revolves around their core values which are:

  • Dedication to every client’s success
  • Innovation that matters, for our company and for the world
  • Trust and personal responsibility in all relationships

The company further highlights environmental affairs, human rights principles, and workforce diversity in their business conduct and expectations of their employees. These achievements are highlighted in their Corporate Responsibility report

Overall, their Code of Conduct appears to be well organized and easy to understand. 

Financial Institutions


The ANZ Code of Conduct and their supporting policies set the expected standards of behaviour linked to their values.

Their guiding principles include:

  • Integrity
  • Collaboration
  • Accountability
  • Respect
  • Excellence

The company has two Codes of Conduct, which provide employees and Directors with a practical set of guiding principles to help them make fair, balanced and ethical decisions in their day to day work:

  • ANZ Non-Executive Directors Code of Conduct
  • Code of Conduct

The ANZ Non-Executive Directors Code of Conduct outlines their code guiding principles followed by the actions to be undertaken. This includes:

Act Ethically and Professionally

  • Act in the best interests of ANZ and create trust, confidence and goodwill with ANZ’s shareholders, customers and other stakeholders
  • Undertake our duties with appropriate care and diligence and in accordance with our legal obligations
  • Behave in a way that takes into account ANZ’s impact on the community and the environment in both the short and long term
  • Understand our authorities and any relevant limits and exercise any such authorities responsibly and within limits
  • Use all of ANZ’s systems and equipment appropriately and for proper purposes. This includes email, messaging, internet access, and technology and banking systems
  • Not engage in conduct (either in our capacity as a Director or otherwise) that may cause damage to ANZ’s reputation or is incompatible with our position as Directors of ANZ

Act with integrity

  • Act honestly and transparently in all our dealings with and for ANZ
  • Not knowingly mislead directly or indirectly, make false statements or mislead by omission
  • Not make promises or commitments we know ANZ does not intend, or would be unable, to honour
  • Use goods, services and facilities provided to us by ANZ in accordance with the terms on which they are provided

Treat all people with dignity and respect

  • Treat all people we deal with through our work with respect and dignity
  • Never harass, bully or unlawfully discriminate
  • Make appointment decisions based on merit

Manage conflicts of interest

  • Not improperly use the name of ANZ, our position or information obtained by us as a Director of ANZ for personal financial gain or to obtain any benefit for any other person or business
  • Fully disclose all relationships we have with ANZ in accordance with policies on independence that the Board may adopt from time to time
  • Ensure any personal dealings with ANZ must be in accordance with policies that the Board may adopt from time to time
  • Fully disclose any material personal interest, as well as any other interest which is appropriate to disclose in order to avoid an actual or perceived conflict of interest, in accordance with such policies that the Board may adopt from time to time
  • Never accept or offer any improper payment of benefits in connection with their role as an ANZ Director
  • Never accept any gift, reward or entertainment, including disclounter products, free travel or accommodation, if there is an expectation that could conflict with our role as an ANZ Director.

Protect privacy and confidentiality

  • Respect the privacy of others
  • Not improperly disclose any information about ANZ that is not already in the public domain
  • Ensure that confidential information relating to ANZ customers, staff or operations is not disclosed, inadvertently or deliberate, to third parties without the consent of ANZ

Comply with the code, law, policies and procedures

  • Be aware of and comply with all relevant laws and regulations applicable to use
  • Not take any action, or fail to take action, that may breach the law or applicable ANZ policies and procedures
  • Complete all induction and education programs required of us to build and maintain our awareness and understanding of relevant laws, policies and procedures

Furthermore, it encourages employees to contact the Group General Counsel or Company Secretary if they are unsure of their obligation or ANZ’s expectations.

These documents can be found on ANZ’s official website.


CommBank’s Code of Conduct articulates the standards of behaviour expected of their clients and stakeholders. The Code connects their purpose and values with a ‘Should We?’ test, to help deliver the right outcomes. Their ‘Should We?’ calls into question transparency, consistency with values and policy, as well as fairness which helps employees exercise good judgement.

The document specifically articulates the standards of behavior the company expects of their employees when engaging with, and balancing the interests of, the Bank’s stakeholders. The following outcomes have been outlined:

  • Fair customer outcomes are at the heart of our strategy, plans, decisions, judgements and actions.
  • Our products and services are fair, transparent, and meet customer needs, and our distribution approach is appropriate for customers. We are compassionate to the circumstances of customers, including those who are most vulnerable.
  • The potential for unfair outcomes is proactively identified, and complaints and issues are managed in a timely manner.
  • Market manipulation, insider trading, failure to manage conflicts of interest, and inappropriate sharing and use of confidential information are not tolerated.
  • We recognise that environmental and social risks can impact our business and communities and we are committed to ensuring that these risks are identified and managed appropriately

Westpac Banking Corporation

The Westpac Banking Corporation’s Code of Conduct defines four outcomes, each stronger aligned with the company’s values. This includes 1. Helping our customers and communities, 2. Being ethical, 3. Strengthening our corporate compliance, and 4. Supporting our people. Underneath each outcome, it outlines what this means for Westpac and their employees.

Helping our customers and communities

  • We are always helpful and do the right thing by our customers, suppliers and community
  • We always look for ways we can be better and simpler
  • We help our customers to make informed choices and our communications are clear
  • We lend responsibly and provide vulnerable customers with extra support and care
  • When designing, distributing and fulfilling our products we always consider their fairness and suitability for our customers
  • We handle customer complaints confidentially, with consideration and respect and take responsibility for proactively resolving complaints or referring them to the right person
  • We proactively identify potentially unfair customer outcomes, identifying the cause of the issue and if we make a mistake, immediately own it and fix it
  • We consider the long-term environmental and social impacts of our decisions

Being Ethical

  • We are trusted to do the right thing and act with honesty, integrity and due care and skill in all our dealings with the bank including as customers
  • We ensure that our actions, personally and professionally, do not put Westpac Group’s reputation at risk
  • We always ask ‘Should We?’ rather than just ‘Can We?’
  • We put the customer and bank ahead of personal interests and identify, declare, record and appropriately manage conflicts of interest
  • We uphold market integrity and protect against market misconduct, market manipulation and insider trading
  • We compete fairly to provide our customers with great products, service and innovation
  • We understand and comply with our offshore obligations when dealing with international customers or markets

Strengthening our corporate compliance

  • We protect our community and the integrity of the financial system. This includes meeting our anti-bribery and corruption, anti-money laundering and counter-terrorism financing and tax transparency obligations to mitigate the risk of fraud
  • We take accountability for identifying, managing and reporting all forms of risk, including compliance and conduct
  • We are open and transparent with regulators and report in a constructive, accurate and timely way
  • We use technology in a safe, secure and productive way
  • We keep customer, supplier and other third party information and our own confidential and sensitive information private and secure; protecting it from unauthorised use and not using it inappropriately for personal gain or sending it inappropriately to a third party

Supporting our people

  • We create a safe, diverse and inclusive place to work where we welcome diversity of thought and experience, prioritise our people and our customers’ safety and wellbeing and do not tolerate discrimination, bullying or harassment, including sexual harassment
  • We employ, promote and reward employees who live our purpose, values and behaviours and act in accordance with the expectations of our Code of Conduct
  • We work together as a team, support each other and are professional in our interactions
  • We take unlawful and unethical behaviour seriously – if we think something is not right, we speak up as soon as possible, and we listen and respond
  • We communicate with the public responsibly and only speak to the media when authorised

The document also highlights policies for topics such as conflict of interest, sexual harassment and anti-bribbery and corruption which help achieve the above outcomes. Managing such issues are critical to meet standards of responsibility and ethical conduct. Learn more about potential breaches in corporate compliance in our 4 part-series in Workplace Fraud.

This can be found on their website.

National Australia Bank

NAB’s Code of Conduct outlines the standards of behaviors expected of employees in order to better serve clients. The structure is fairly similar to Westpac’s Code of Conduct, as it outlines four major values and how they achieve it. The 4  include 1. Excellence for Customers, 2. Grow Together, 3. Be Respectful and 4. Own it. The code further elaborates on ways to achieve these targets such as practicing open communication and always putting clients first.

Furthermore, their policies are divided into the following sections:

  • Customers and Communities
  • Colleagues
  • Governance and Risk

Each section outlines the standards they expect to deliver.

Customers and Communities

  • Fair and ethical customer outcomes are at the heart of our plans, decisions and actions.
  • We only provide products and services that are right for our customers and match their needs and circumstances.
  • Our products and services are transparent and easy to understand.
  • Customer interactions are consistently high-quality experiences. All colleagues complete learning and competency requirements, and only operate in roles where they hold the required accreditations.
  • We take extra care of customers who are at a greater risk of harm or loss because they are experiencing vulnerability.
  • Concerns about unfair customer outcomes are proactively identified and owned or escalated.
  • Customer complaints, pain points and harm – including financial losses, distress and inconvenience – are promptly and appropriately addressed and, where appropriate, remediated.
  • We do not tolerate anti-competitive conduct, market manipulation, predatory market practices, insider trading, failure to manage conflicts of interest, bribery and corruption or inappropriate control and use of confidential or personal information.
  • We recognise that environmental and social risks can impact our communities and we are committed to ensuring these risks are identified and managed appropriately. 


  • Everyone feels safe and included in the workplace and health, safety and wellbeing are promoted. We take a zero tolerance approach so that no one experiences unlawful discrimination, bullying or harassment — including sexual harassment or racism.
  • Customers have confidence in NAB’s integrity and quality of service. This is why we’re only hired, promoted and recognised when we demonstrate the highest levels of professionalism and character.
  • Customers know they are in safe hands. This is because we only act within our authority and carefully consider what’s best for our customers. We always use access to technology and assets responsibly.
  • Customer interactions are consistent and high-quality experiences. We achieve this by ensuring everyone at NAB meets learning and competency requirements, and works in roles where they hold the applicable accreditations.
  • Colleagues do not compromise the integrity of NAB or its stakeholders. Any conflicts or perceived personal conflicts of interest, criminal convictions or charges are declared.
  • Colleagues are rewarded for driving long term, sustainable outcomes.

Governance and Risk

  • We meet our legal and regulatory obligations, voluntary commitments and internal standards.
  • Our customers’ personal information is respected and kept safe.
  • Our policies explain how we handle this information to keep it secure, protected from misuse, interference and loss, and from unauthorised access, modification or disclosure or personal gain.
  • Our customers and community and the integrity of the financial system are protected.
  • Our policies and standards explain how to identify, manage and control the risks of financial crime, bribery or sanctions breaches as well as commercial and personal conflicts of interest.
  • Customer interests and outcomes are a critical component of decision making and align with NAB’s risk appetite.
  • We use clear delegation frameworks for decision making to support our governance and risk management frameworks.

How Polonious Can Help

By setting out standards for behavior, a code of conduct helps minimize risks associated with employee misconduct. A well-written code of conduct makes it easier for employees to behave well because they set clear expectations, creating a positive work environment.

However, compliance is more than just checking the box. A well-managed, compliant, internal whistleblowing mechanism, ethics hotline and case management solution can help you detect problems early, address them and maintain a safe and ethical workplace, while minimizing risk.

The Polonious Case Management Software provides a consistent process that is procedurally fair for all parties, while recording all actions and decisions to ensure all evidence of the process is documented and auditable alongside any evidence gathered regarding the incident or investigation. 

Strong and effective corporate governance helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall. Essentially, it exists to increase the accountability of all individuals and teams within your company, working to avoid mistakes before they can even occur.

Strong and effective code of ethics and conduct helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall.

Strong and effective code of ethics and conduct helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall. 

Making your hotline confidential will ensure employees feel comfortable using it.

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of code of conduct examples for businesses.

Making your hotline confidential will ensure employees feel comfortable using it.

A Comparison of 8 Major Companies’ Codes of Ethics and Conduct can point you in the right direction.

Book a Demo Now

Learn more about how Polonious can help you practice stronger and more effective corporate governance

5 ways to dig deeper than a Web search for better investigation

5 ways to dig deeper than a Web search for better investigation

Whenever an investigation begins it is only natural to jump on the Internet and do a Web search for any relevant material that is publicly available.

The Web is an ideal starting point, but there are many more data sources available to intrepid investigators. In this blog we will look at five ways to garner more information for an investigation, and how the results will help you deliver a more comprehensive result.

1. Specialist Web search engines

When people search the Internet they think of Google, but there are many more specialist search engines which focus on certain niches, or verticals.

These include alternative general search engines and forums and portals which focus on specific topics. Your investigation might relate to the aviation sector, so log onto aviation forums and look (and ask) for information which might be helpful.

There are also many localised search engines which focus on particular geographies, which could help your investigation if there are elements relating to non-English speaking regions.

2. Social networks

Your investigative work is made easier if the people you are investigating are happy to share their private live with the world.

A person’s profile can be reviewed and information can be gathered from it, and from there it will depend on how it fits into the wider case and whether it can be used to bolster the investigative process.

Like search engines, the Web is awash with social networks of all shapes and sizes. Facebook won the war for the most popular social network, but again there are plenty of niche options to include in your investigative work.

Take the time to look at any niche social networks which might give new light to the investigation.

Some OSINT providers will perform detailed social media searches for you, and Polonious integrates with a number of leading providers.

3. Government databases

In addition to open data sources like search engines and social networks, there are more shielded information repositories, such as government-controlled databases which can be used during an investigation.

These databases house public records, but often require some form of application or payment to be searched.

Examples include company records; births, deaths and marriages; estates and wills; and other regulated industry data. If the case involves a criminal or civil court matter, then there will be records available for searching.

Such data can give your investigation the boost it needs by revealing interests and relationships not contained in public repositories.

4. Associates

The person you are investigating might be very private, but their associates might not be.

Today’s connected Web can reveal a lot about a person, even if they didn’t consent to having the information about them shared.

By using a combination of search, social and other data sources your investigation can easily reveal a lot about a person, or organisation, by proxy.

Including relations and associates is now an important factor in getting the most amount of information available.

5. Work history

Another source of information for your investigation is work history. Like government data, this might not be immediately available for free, but can be sourced specialist sources such as financial records.

LinkedIn is the go-to social network for professionals and from there someone’s work history can be investigated.

While looking into work history, don’t forget co-workers. People who have worked together know a lot about each other and this information can be readily shared online.

The amount of open source information available to investigation teams extends well beyond a regular Google search. Look at the numerous free and paid-for data sources which might give your investigation the edge.

There are also support services available which focus on the many different databases containing personal information.

Web search is useful but basic search engines like Google do not cover all bases for investigations
Health Insurance Code of Practice vs General Insurance Code of Practice – What are the differences?

Health Insurance Code of Practice vs General Insurance Code of Practice – What are the differences?

According to Safe Work Australia, a code of practice provides detailed information on how you can achieve the standards required under relevant health and safety laws. Codes of practice set standards of good industry practice in areas relating to:

  • Service provision
  • Standards of professional conduct
  • Practice standards
  • Ethical behaviour

These codes promote higher standards of business and personal ethics. Many companies subscribe to codes applicable to their practises for reasons such as:

  • Strengthening relationships with their customers
  • Improving complaints handling
  • Reducing the number of disputes through improved service delivery

Entities such as the Insurance Council of Australia (ICA) in Australia, the Financial Conduct Authority in the U.K., and the National Association of Insurance Commissioners in the United States set and maintain insurance standards across the globe.

The general insurance industry in Australia, an industry covering roughly $40bn in premiums, is going through large-scale regulatory and compliance changes with the introduction of the new General Insurance Code of Practice 2021. However the health insurance industry, covering roughly $26 billion in premiums is currently not subject to the same level of regulation.

While we have written extensively on the impacts of the GICOP changes to general insurance investigations, it is important to understand how these compare to other industry codes, and how these codes might be updated in the near future to replicate some of the changes from GICOP. This blog will compare the general insurance code and health insurance code in order to understand the overlaps as well as the differences.

This blog will cover:

  • What is the General Insurance Code of Practice
  • What is the Private Health Insurance Code of Conduct
  • Comparison of the General Insurance Code and Health Insurance Code

What is the General Insurance Code of Practice

The General Insurance Code of Practice is a voluntary Code of Practice maintained by the Insurance Council of Australia under which ICA members agree to follow certain principles and standards in providing general insurance services.

The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice, and all insurers were required to implement the changes by July 1, 2021. The industry is going through one of the largest regulatory and compliance changes in history. New General Insurance Code of Practice: What changes for investigation teams? can help you understand how it applies to your practice.

Purpose of the General Insurance Code of Practice

According to the ICA, the Code is intended to be a positive influence across all aspects of the general insurance industry including product disclosure, claims handling and investigations, relationships with people who are experiencing vulnerability, and reporting obligations. The code sets out standards such as openness, fairness and honesty when providing to customers. It also sets out timeframes for insurers to respond to claims, complaints and requests for information from customers.

A full copy of the Code is available at Insurance Council of Australia.

What is the Private Health Insurance Code of Conduct

The Private Health Insurance Code of Conduct is a self-regulatory and voluntary code to promote informed relationships between Private Health Insurers, consumers, agents, brokers and corporate brokers. 

Purpose of the Private Health Insurance Code of Conduct

The Code’s objective is to maintain and enhance regulatory compliance and service standards across the private health insurance industry. According to Private Healthcare Australia, the code is designed to help you by providing clear information and transparency in your relationships with health funds. 

Private Health Funds who are signatories to the Code agree to:

  • work towards improving the standards of practice and service in the private health insurance industry;
  • provide information to consumers in plain language;
  • promote better informed decisions about their private health insurance products and services by:
  • ensuring that policy documentation is full and complete;
  • providing clear explanations of the contents of their policy documentation when asked by a consumer; and
  • ensuring that persons providing information on health insurance are appropriately trained
  • ensure information between consumers and the fund is protected in accordance with privacy principle
  • provide information to consumers on their rights and obligations under their relationship with the consumer, including information on this Code of Conduct; an
  • provide consumers with easy access to the fund’s internal dispute resolution procedures, which will be undertaken in a fair and reasonable manner and to advise them of their rights to take an issue to an external body such as PHIO

A full copy of the Code is available at Private Healthcare Australia.

Comparison of the General Insurance Code and Health Insurance Code

Although both the General Insurance Code and Health Insurance Code aims to set higher standards of service and transparency in your relations with customers, there are a few notable differences.

Who Monitors the Code

The General Insurance Code Governance Committee (CGC) independently monitors the Code to ensure companies are meeting their obligations, and achieving service standards consumers can trust.

The Code of Conduct Compliance Committee established by Private Healthcare Australia ensures the Health Insurance Code is being adhered to.  

What the Code Covers

The General Insurance Code of Practice covers many aspects of a customer’s relationship with their insurer, from buying insurance to making a claim, to providing assistance to those experiencing financial difficulty including uninsured third parties. General insurance products covered by the Code include:

Personal Classes

  • Accident and sickness
  • Consumer credit
  • Home
  • Motor
  • Personal and domestic property
  • Residential strata
  • Travel

Commercial Classes

  • Business
  • Contractors all risks
  • Primary industries
  • Industrial special risks
  • Liability
  • Motor
  • Other commercial products 

However, the General Insurance Code of Practice does not cover life and health insurance products issued by life insurers or registered health insurers. In addition, the General Insurance Code of Practice is not applicable for things such as:

  • Workers compensation
  • Marine insurance
  • Medical indemnity insurance
  • Compulsory third-party insurance
  • Reinsurance

Meanwhile, the Private Health Insurance Code of Practice covers only Private Health Insurance, as well as some provisions covering intermediaries by extension – though they also have their own code, the Private Health Insurance Intermediaries Code of Conduct.

Requirements for Investigations under the General Insurance Code of Practice

One of the key differences between the codes are the requirements around investigations. The General Insurance Code of Practice outlines many requirements pertaining to investigations.

The COP has a quality assurance program to regularly monitor and review investigations. This may include reviews of:

  • recordings, statements, affidavits or transcripts of interviews
  • Investigators’ records of investigation activities
  • Complaints about investigations, including disputes referred to the Australian Financial Complaints Authority

The quality assurance program will include reviews of non-genuine claims indicators to make sure they remain relevant, appropriate and do not discriminate. These are reviewed at least once a year.

If an investigation has gone on for 4 months, the claim will be independently reviewed by an Employee with appropriate authority, knowledge or experience, according to COP. Complainants will be informed when this happens.

Some additional constraints are summarised below

  • Investigators are required to remain objective, honest, efficient, transparent and fair at all times.
  • A single interview sitting may only last for up to 90 minutes. 
  • If the total interview time required is over 4 hours, the Investigator must obtain written consent from the ICA.
  • The Investigator must record all offers of breaks, and the interviewee’s responses.
  • If another interview time is needed, it will not be organised without at least a 24 hour break, unless otherwise agreed.
  • If during the interview it becomes apparent that an interpreter is needed (even though one had not previously been requested or arranged), then the Investigator or Employee will: a. pause the interview; and b. restart it at a later time, or date, once an independent interpreter has been arranged.
  • If during the interview the employee requires additional support (example: lawyer, consumer representative or a friend), the Investigator will: a. pause the interview; b. advise you of the support person’s role in the interview process and c. restart the interview at a later time, or date, once the support person has been arranged.
  • There will be a 5 minute break in the interview every 30 minutes. However, if an employee claims to be experiencing vulnerability, then there will be a 5 minute break every 30 minutes.
  • Employees can request additional breaks and stop the interview early and reschedule if needed.

Requirements for Investigations under the Private Health Insurance Code of Practice

There are currently no requirements around investigations under the Private Health Insurance Code of Practice. The recent changes to the GICOP requirements may add pressure on the private health insurance industry to adopt similar measures. However, these changes are unlikely to affect investigations in this industry for several reasons. Firstly, fraud in this industry is more likely to be related to providers than claimants. Secondly, and relatedly, the majority of ombudsman complaints are about other aspects of policy or service – though benefit payment delays were a significant proportion of complaints, and this could be affected by a poorly managed investigation. If similar measured are adopted by Private Healthcare Australia, they are more likely to apply to policy conditions, communication, sales, and service.

Breaches to the Code

The Code Governance Committee prepares an annual compliance report. Significant Breaches to the code will be reported to the Code Governance Committee within 10 Business Days. The Code Governance Committee may impose additional sanctions for Significant Breaches of the Code, including requiring them to do any one or more of the following:

  • compensate an individual for any direct financial loss, or damage, we caused them arising from a Significant Breach;
  • publish the fact that we have committed a Significant Breach of the Code;
  • pay a community benefit payment for a Significant Breach up to a maximum of $100,000. The size of the community benefit payment must be in proportion to our gross written premium and number of customers.

The Code of Conduct Compliance Committee established by Private Healthcare Australia also publishes an annual report on the operation of the Code, including a summary of compliance. This report will be published on the websites of Private Healthcare Australia and the Members Health Fund Alliance.

If a health fund fails to comply with a sanction, the Committee may do one or more of the following:

  • Take action to enforce compliance with the code or sanction.
  • Disqualify and immediately ban the health fund from using the Code of Conduct tick logo.
  • Name the health fund in the annual report as having not complied with the Code and/or having not complied with a sanction.
  • Report the breach on the PHA and Members Health Fund Alliance website.
  • Request that the Health fund report the breach on their own website.
  • Request that any issued sanctions be published on the non-compliant Health Fund’s website.
  • In cases where the Committee considers the breach of the Code may constitute a breach of any regulatory or legislative obligation, report the health fund to the appropriate government agency.
  • Request the health fund publish corrective advertising within one month of the request

How Polonious Can Help

In the ever-changing regulatory and compliance environment, organizations need to continue to stay up-to-date in their knowledge and conduct to avoid costly risks such as reputational and financial damage.

Polonious is constantly adding new features with further configurability and can also deploy new code as required. Our experts can utilize our legal and technical expertise to help you adhere to industry codes, company policies and relevant laws, while enabling you to improve productivity and workflow. 


A comparison of the General Insurance Code and Health Insurance Code will help you understand the large-scale changes to the General Insurance Code as well as the health insurance code and how it applies to your practice.

A comparison of the General Insurance Code and Health Insurance Code will help you understand the large-scale changes to the General Insurance Code as well as the health insurance code and how it applies to your practice. 

However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

It is important for companies to subscribe to codes applicable to their practice in order to avoid any reputational harm.

Book a Demo Now

Learn more about how Polonious can help you improve workflow while complying with laws and regulations