October

Another high-profile public figure is, unfortunately, in the news again for the wrong reasons.

Deputy Prime Minister Angela Rayner has admitted to underpaying stamp duty on an £800,000 flat earlier this year, and consequently resigned as her position became untenable.

When stories like these emerge, they leave a sour taste. Trust and faith in our public figures are essential and non-negotiable. These are individuals in positions of power and privilege, and with that comes the expectation that they will embody honesty and integrity at all times.

If politics demands accountability, then so too should every institution built on public trust.

To protect and serve?

Alongside government, another pillar of public confidence is law enforcement. The police exist to protect the public and keep them safe. It follows that the standards for those entrusted with this duty must be beyond reproach.

And yet, recent years have shown that even the police service is not immune to breaches of trust. Nick Adderley, for instance, was dismissed for gross misconduct from Northamptonshire Police in 2024 for misrepresenting his naval service. And, in one of the most horrific breaches imaginable, Wayne Couzens — then a serving Metropolitan Police officer — was convicted of the murder of Sarah Everard in 2021.

These cases shocked the nation. But within our own verifications room, another case recently brought this question of faith in policing sharply back into focus.

The thieving copper

We’ll call him James.

James was a serving police constable in the North West, with three years on the job. He’d been called out one summer afternoon to check on the welfare of a vulnerable man after neighbours raised concerns. During that visit, James noticed bank statements on the table showing the man had substantial savings.

Later, James returned alone. Not to check on the man’s wellbeing, but to steal £300 in cash from his home.

When the victim reported the missing money, James went a step further. He accessed internal police systems to view the case notes, checking what his colleagues had recorded about the theft and about him. It’s difficult to imagine a clearer abuse of power.

The public look to the police as beacons of proper conduct, people they can trust implicitly to act with honesty and care. For one of their own to exploit that trust so cynically is both shocking and deeply disheartening.

A check in progress

How James’s name came to appear on our radar was, ironically, through a routine screening order placed by a client in the financial sector. His application looked straightforward: three years of employment at the same police force, verified via standard reference. No mention of suspension, no obvious red flags.

Then the criminal record check result came back and revealed a conviction.

The timing was extraordinary. While we were actively processing the order, the conviction had been recorded. In fact, the entry was added to the Police National Computer on 29 August, right in the middle of our verification work. As we later learned, James had pleaded guilty to theft and was awaiting sentencing.

The irony wasn’t lost on anyone in the team. A police officer, caught stealing from the vulnerable, being screened for a new job in finance all while his conviction was being logged in real time.

It’s perhaps no surprise that he was looking to leave the force; his policing career, after all, was over the moment he chose to betray the badge.

Vetting, references, and responsibility

Police officers in the UK undergo vetting when they join the service and periodically thereafter. Typically every ten years, or sooner if their role changes. But there is no guarantee that misconduct will surface between those intervals, nor that information about internal suspension will be disclosed externally.

That limitation is precisely what makes independent verification so critical. Employment references, particularly from public bodies, are often basic, confirming only dates and job title. In James’s case, his reference stated he was “currently employed.” It did not mention that he was suspended, nor that internal investigations were underway.

This is not unusual; many organisations, bound by policy, issue neutral references. But it means that without comprehensive background screening, an employer could easily take such a statement at face value.

The value of screening

It’s something we say often, but cases like this show why it bears repeating: screening remains one of the most effective safeguards organisations have when hiring staff. In regulated sectors such as finance, compliance and due diligence aren’t just bureaucratic exercises — they’re vital risk controls.

If our client hadn’t carried out checks, they would have known James’s professional background but not his breach of trust. His conviction might have gone undiscovered until long after his start date.

We’re often asked whether we’re ever surprised anymore by what screening reveals. And the answer is still yes. Every so often, a case like this reminds us that no system, sector, or badge is immune from human frailty or from the need for verification.

Stories like James’s may leave us disheartened, but they also reaffirm why our work matters. Trust isn’t guaranteed; it’s earned, tested, and maintained through diligence.

Background screening, at its core, is about safeguarding that trust — one check at a time.

And as far as we’re concerned, that will always be worth doing.

Recent research from CIFAS paints a concerning picture of today’s workplace. Their Workplace Fraud Trends 2025 report shows that dishonest behaviours are becoming more common, and, in some cases, employees even consider them acceptable. Nearly a fifth of respondents admitted to secretly working for a competitor, 13% said they had sold company login credentials, and a similar proportion knew someone who had used company funds to gamble. Fake references and expense fraud also remain a significant problem.

These trends highlight a shift in workplace culture: insider risk is no longer just about “bad apples” but about systemic behaviours that can harm businesses, their employees, and their reputation. For organisations, the challenge is clear: detecting, preventing, and addressing fraud requires a mix of culture, policy, and technology.

If you want to dive deeper into insider fraud and see practical examples across different sectors, our “Unmasking Insider Fraud” 10-part series provides a comprehensive guide on prevention strategies, case studies, and monitoring techniques.

The insider risk landscape

Insider fraud is particularly insidious because it exploits trust. Employees have legitimate access to systems, sensitive data, and finances, which makes detection more complex than external fraud. CIFAS’ survey also shows that almost one in four employees think expenses fraud is justifiable, while a similar proportion feel moonlighting for competitors is acceptable.

This isn’t restricted to junior staff or a single sector. The report reveals these behaviours occur across industries and roles, including positions of seniority. It’s a stark reminder that organisations need to tackle the problem from multiple angles — starting with recruitment and onboarding, extending to ongoing monitoring, and reinforced through culture and training.

For more detail on the types of behaviours that drive insider risk, our “Unmasking Insider Fraud” series explores both subtle and high-impact fraud scenarios and the steps businesses can take to reduce exposure.

How Verifile helps mitigate these risks

At Verifile, we see first-hand how robust verification and screening processes reduce exposure to insider risks. Here’s how our services align with the key fraud trends highlighted by CIFAS:

1. Moonlighting and competitor work

Secret side jobs or working for competitors can lead to intellectual property leaks, reduced productivity, and conflicts of interest. CIFAS reports that 24% of employees think this is justifiable.

Verifile approach:

• Employment history verification at hiring establishes a clear baseline.
• Periodic checks for high-risk roles catch undisclosed changes.
• Structured reference checks ensure that prior employment aligns with candidate claims.
• Instant employment verifications via HMRC to uncover additional paid roles.
• CV comparison checks at hiring to spot discrepancies between the application form and claimed employment history.

2. Selling login credentials

Access credentials are currency in the digital workplace. CIFAS shows that 13% of employees admitted to selling or knowing someone who sold access.

Verifile approach:

• When combined with multi-factor authentication and privileged-access auditing, these processes significantly reduce insider threat vectors.
• Ongoing monitoring ensures that any changes to employee identity or access are flagged.

3. Fake references and CVs

False references and exaggerated CVs are surprisingly common. CIFAS reports that 19% of respondents or their colleagues have engaged in reference fraud.

Verifile approach:

• Structured verification of employment, qualifications, and professional memberships creates an auditable record.
• Seamless integrations with ATS platforms allow recruiters to complete checks without slowing down hiring.

4. Expense and financial fraud

Expense fraud remains widespread, and CIFAS shows it is often rationalised as acceptable. Fraud can include false claims, misuse of company funds, or unauthorised purchases.

Verifile approach:

• Credit checking and civil litigation screenings on roles with financial responsibility reduce exposure to employees who may be tempted to commit fraud.
• Clear policies, training, and regular auditing complement these checks.
• Ongoing monitoring ensures that high-risk employees remain compliant.
• Social media and internet checks may be used to flag online posts and lifestyle indicators.

Creating a fraud-aware culture

Verification and technology alone aren’t enough. Organisations must also cultivate a culture that discourages dishonest behaviour. Best practice includes:

• Transparent policies and clear consequences for breaches.
• Whistleblowing channels and anonymous reporting.
• Employee training on fraud risks, including real-world examples.
• Support programmes to reduce financial stress, a common driver of insider fraud.

Practical steps for HR and security leaders

1. Treat verification as continuous risk management, not a one-off at hire.
2. Prioritise high-risk roles with access to sensitive data or finances.
3. Integrate screening with HR and TA systems to close gaps.
4. Combine technical controls (access auditing, MFA) with human oversight.
5. Reinforce culture with training, transparent processes, and support mechanisms.

Final thoughts

CIFAS’ report highlights a clear shift in workplace behaviour: insider risks are rising, and some employees no longer see certain dishonest acts as unacceptable. Organisations that ignore these trends do so at their peril.

By combining robust screening, verification, technical controls, and a culture of accountability, businesses can reduce risk, protect their people, and safeguard their reputation. Verifile’s suite of services provides practical, scalable tools that make this achievable — and helps businesses stay one step ahead in an increasingly complex landscape.

Want to go deeper? Our recent Fraud Webinar walks through real-world insider fraud cases, demonstrating how Verifile tools and services — from employment verification to social media screening and media searches — work together to stay ahead of deceptive behaviour.

Overview

The UK Government has confirmed a state-issued digital ID that will become mandatory for Right to Work checks by the end of this Parliament. Ministers say a public consultation will open this year, with legislation to follow. The ID will be free, phone-based, and the Government says there will be inclusive alternatives for people without smartphones. The programme sits alongside the GOV.UK Wallet work to make official credentials available digitally (for example, a digital driving licence).

What’s proposed

The digital ID is expected to hold core identity and immigration-status data (name, date of birth, nationality or residency status, and a photograph). For employers, the key change is that proof of Right to Work will need to be provided using the digital ID by 2029. Officials have also indicated it is not an on-demand “show me your papers” system: the mandate is about the way Right to Work is proven, not about carrying ID.

Beyond Right to Work: DBS and wider background checking

Digital identity is already permitted for DBS checks via certified providers under the UK trust framework. As a government digital ID rolls out, expect convergence so a government-issued credential can satisfy the identity step across DBS levels where digital identity is permitted, while conviction content and barred-list decisions remain handled by DBS under existing law.

Other screening touchpoints are likely to follow similar patterns over time (for example, Right to Rent or age-based entitlements), but those depend on future policy decisions and published guidance. At present, the only confirmed mandate is Right to Work by 2029.

What doesn’t change for now

Until the new law and processes go live, employers must keep using the existing Right to Work routes to maintain a statutory excuse: manual document checks where permitted; the Home Office online share-code route for those with an eVisa or online status; and digital checks using a certified provider for British and Irish passport holders. Civil penalties remain up to £45,000 per illegal worker for a first breach and up to £60,000 for repeat breaches (in force since February 2024).

Where IDSPs fit

The UK Digital Identity and Attributes Trust Framework underpins certified providers and the public register of services. Current government messaging and technical work point toward interoperability with that framework rather than an overnight replacement. For employers and screening providers, the practical questions are how the new credential will be presented, verified and evidenced so that the statutory excuse (or DBS compliance) is preserved, and how inclusive fallbacks work for candidates who cannot use smartphones.

Timeline

• 2025 - Government says consultation opens this year; details such as user flows, evidence output, offline and assisted routes will be shaped here.
• 2026 (expected) - Legislation after consultation, subject to parliamentary time.
• By 2029 - Digital ID mandatory for Right to Work; transitional rules will manage the switch-over.

Sector angles worth watching

• Recruitment and staffing: high-volume onboarding stands to gain from standardised checks, but assisted and offline options will be critical to avoid excluding candidates during peak hiring.
• Health, education and regulated roles: digital ID needs to dovetail with DBS/PVG so identity, status and safeguarding checks remain seamless.
• Hospitality, agriculture and logistics: seasonal and shift-based workforces need low-friction flows plus reliable fallbacks to avoid delays.

Risks and the public debate

Ministers present digital ID as a way to curb illegal working, reduce forged documents and modernise services. Opposition has also grown: a petition has passed 2.8 million signatures; critics raise privacy and exclusion risks; industry warns digital ID alone is not a “silver bullet” without stronger enforcement. Devolved-nation dynamics matter too: Scotland is scaling ScotAccount and its First Minister has opposed a mandatory UK-wide scheme, so interoperability and policy alignment will be live issues through consultation.

Open questions to watch

• What is the “evidence of a valid check” under the new model (and how is it stored)?
• How will offline/assisted routes work for people without smartphones, and who can provide them?
• How will devolved services (e.g., ScotAccount) interoperate with a UK-wide Right to Work requirement?
• Will Government preserve open participation by private-sector IDSPs, or centralise checks entirely? (Industry groups caution against a single-channel model.)

Global perspective: how other digital ID systems compare

What tends to work

Countries that get digital ID right usually combine a single, authoritative credential with real-world convenience (multiple ways to prove identity, not just a smartphone), clear and limited data sharing, and an open ecosystem so government and trusted private providers can both participate. Inclusive design and assisted, offline routes are essential to prevent exclusion.

Snapshot examples

Estonia
A long-running model built on a state e-ID card with mobile options (Mobile-ID, Smart-ID). It underpins everyday services and legally robust digital signatures. Choice of channels and strong public trust have produced high adoption. The UK proposal is initially phone-centric for Right to Work, but the Government has promised inclusive alternatives; Estonia shows why those alternatives matter.

Singapore
Singpass is deeply embedded across government and business services, with high usage and a wide relying-party network. The lesson is clarity of use cases and tight integration with both public and private sectors.

European Union
The EU is rolling out an EU Digital Identity Wallet under the updated eIDAS Regulation. It emphasises cross-border acceptance and privacy-preserving credential sharing (e.g., showing only what’s necessary). Compared with the UK, the EU model focuses on a wallet standard used across many countries, not a single national credential.

Switzerland
After rejecting a privately run scheme in 2021, voters narrowly approved a voluntary, state-run e-ID in 2025. Switzerland’s emphasis is on public trust and voluntariness, whereas the UK intends to mandate digital ID specifically for proving Right to Work by 2029. eid.admin.ch

Belgium and the Netherlands
Belgium’s “itsme” app (operated under national trust rules) and the Netherlands’ DigiD show how strong adoption follows when digital ID becomes the simplest way to reach many services, without forcing a single technology path. These also illustrate the value of keeping private-sector participation open.

Germany
Germany’s national eID has existed for years but activation has lagged, with research citing complex setup and limited everyday use. The main takeaway is that user experience and breadth of services determine whether people actually switch.

India
Aadhaar is the world’s largest digital ID. It delivers massive volumes of authentication for public and private services, but court rulings set limits (especially for private-sector mandating), and civil-society groups continue to highlight risks of exclusion and the need for redress. The UK can borrow the scale lessons while avoiding the pitfalls by designing strong safeguards and assisted routes.

United Arab Emirates
Emirates ID is a mandatory, universal card used across government and private services. It shows the efficiency of a single, authoritative credential but it’s a different policy choice from the UK’s “mandatory for Right to Work, with alternatives and no on-demand carry requirement.”

What this means for the UK proposal

• Mandate scope: the UK is proposing a mandate for Right to Work by 2029, not a general “show on demand” ID.
• Inclusion: successful programmes keep assisted and offline channels first-class; UK policy says alternatives will exist but these must be designed well.
• Ecosystem: the trust-framework/IDSP world you use today should interoperate with a government credential; countries with open ecosystems see faster adoption.
• Privacy by design: selective disclosure and clear evidence outputs help employers stay compliant while minimising data handling.
• User experience: activation and day-one usefulness drive uptake. Germany’s experience shows the cost of friction, while Singapore/Estonia show the benefit of convenience.

Practical actions for employers now

1. Map your current Right to Work journey (manual, online/share-code, IDSP) and note pain points and fraud controls; this will inform your consultation response and transition plan.
2. Speak to your IDSP about integration with a government digital ID, assurance levels, evidence outputs (to retain a statutory excuse), and inclusive fallback routes.
3. Build inclusion into your process. Plan assisted channels and non-smartphone flows to avoid discrimination and unintended exclusion as the system phases in.
4. Align your DBS identity-check procedures to the 2025 guidance and track how a government credential could satisfy the identity step where permitted.
5. Refresh DPIAs and retention schedules. Even if wallet-based credentials reduce the documents you hold, robust audit trails of checks remain essential.

Naming note

Government material refers to a “digital ID” and to GOV.UK Wallet; “BritCard” is a media nickname in current reporting rather than an official product name.