1.The taxpayer is expected to lose billions of pounds from the increased risk of fraud and error in the Government’s COVID-19 schemes. Government acted quickly to provide vital support to vulnerable businesses and individuals in response to the pandemic but in doing so significantly increased its exposure to fraud and error. This is in part due to the need to work at pace, but also because departments decided to relax or modify controls in place to prevent or detect fraud and error, and to provide support to people and businesses that government did not have a prior relationship with. Launching multiple large-scale support programmes, such as the Bounce Back Loan Scheme, markedly changed the risks BEIS must manage leaving it reliant on banks that it admits lack incentives given it is not their money on the line. BEIS estimates it could lose up to £27 billion through fraud or credit issues on the Bounce Back Loan Scheme. Local authorities are responsible for delivering several government support schemes, but their services are already under pressure and their capability to take on additional counter fraud activities varies considerably. Universal Credit fraud and error rose by £3.8 billion to an all-time high of £5.5 billion between April 2020 and March 2021. Despite these challenges, we were pleased to hear that within DWP the need to adapt traditional controls (such as being unable to have face-to-face meetings with claimants) for remote working created the opportunity for innovation, such as its increased use of data matching and online checks.
Recommendation: HM Treasury and Cabinet Office should, within 3 months, set out:
2.Government’s focus on the long-standing fraud and error risks it understands, risks large amounts of fraud and error being unidentified or untackled elsewhere. Efforts to tackle fraud and error in the tax and benefits system come under regular scrutiny. While we regularly scrutinise and challenge HMRC and DWP on their approach, both departments have a well-established approach. However, fraud and error threaten many other areas of the public purse with fraud and error going unmeasured in around £503 billion of expenditure each year. Cabinet Office estimates that the rest of government was already losing between £2.5 billion and £25 billion a year as a result of fraud and error before the COVID-19 schemes were introduced. Part of the challenge government faces is the sheer diversity of risks, with fraud and error impacting everything from grants and procurement to income collection. As part of its Global Fraud Risk Assessment, the Cabinet Office Counter Fraud Function identified a large number of COVID-19 schemes as potentially at high risk of fraud but believes scheme owners need to do more work to fully quantify those risks. The Function recognises that it needs to do more work to understand the broader fraud and error picture outside the remit of DWP and HMRC.
Recommendation: HM Treasury and Cabinet Office should, within six months, work with all Departments to build on the existing Global Fraud Risk Assessment and identify and publish all the fraud and error risks to public money across government and commit to updating this publication annually.
3.Departments’ lack of urgency to robustly measure fraud and error hinders their ability to direct their counter fraud and error efforts. The robust measurement of fraud and error is a crucial aspect of any counter fraud response because it shows where controls need to be improved and effort directed. BEIS, DWP and HMRC have committed to producing an estimate of fraud and error for some of their COVID-19 schemes and publishing this in their annual report and accounts. But we are concerned that this work is not being given the priority it deserves and comes too late to direct efforts to minimise fraud and error in the schemes. HMRC does not expect to have a statistically valid estimate of fraud and error in the Coronavirus Job Retention Scheme until December 2021, around 22 months after it was first introduced. HMRC also does not intend to measure the rate of fraud and error in the Self-Employed Income Support Scheme and Eat Out To Help out schemes. DWP cannot say when it will set a target for reducing fraud, citing that COVID-19 has changed its traditional mix of cases within the benefits system. BEIS does not expect its fraud sampling exercise on the Bounce Back Loan Scheme to complete until the end of May 2021, 12 months after the scheme opened for applications. Other departments, that have not had as much scrutiny of their fraud and error risk, have not made public commitments to measure the extent of fraud and error in their COVID-19 schemes.
Recommendation: HM Treasury should, within three months, strengthen current reporting requirements and ensure that all departments measure and report on the risks of fraud and error within each of their COVID-19 support schemes. This should include:
HMRC and BEIS should write to the Committee within 3 months setting out how they will measure fraud and error in all their COVID-19 schemes and build prompt measuring of fraud and error into their future programmes from the outset. DWP should write to the Committee with its targets for reducing fraud and error.
4.Departments do not make enough use of counter fraud expertise when designing new initiatives to ensure they minimise losses to the taxpayer. One of the key lessons from government’s response to the pandemic is the need to balance speed of implementation and accessibility of support schemes with efforts to prevent fraud and protect taxpayers’ money. Despite it being two years since it was established, Cabinet Office’s work to increase the awareness of the new Counter Fraud Function is still at an early stage. Departments consulting it is still optional, meaning it lacks authority despite its expertise. BEIS, for example, did not consult the Counter Fraud Function when designing the Bounce Back Loan Scheme despite the increased risk of fraud and error compared to its usual operations. Designing schemes in a way that prevents fraud and error is essential if losses to the taxpayer are to be minimised. The Counter Fraud Function is working to introduce a minimum standard for fraud risk assessments across government. Transparency about these risk assessments is vital if decision makers, including Parliament, are to understand the implications of these design choices.
Recommendation: HM Treasury and Cabinet Office should, within six months, introduce mandatory fraud impact assessments that require formal sign off from the Counter Fraud Function for all Government Major Project Portfolio programmes and for all other schemes that departments identify as having a moderate to high risk of fraud or error. A summary of these assessments should be published.
5.HM Treasury and Cabinet Office do not know whether departments are adequately resourced to tackle fraud and error. There are currently 16,000 members of the Counter Fraud Function within the public sector, with 77% of counter fraud professionals working in DWP or HMRC. Although Cabinet Office understands where counter fraud resources are deployed across the rest of government, it admits it does not yet know whether the capabilities are all in the right place. Cabinet Office has begun work to strengthen departments’ capabilities in response to increased fraud and error risk from COVID-19 support schemes. Where departments have additional funding to build their counter fraud capacity, this has not been made available in a timely manner. For example, it is unacceptable that it took HM Treasury 12 months to approve the funding for HMRC’s Taxpayer Protection Taskforce despite knowing since March 2020 that the fraud risks for CJRS and SEISS were heightened. Though all the government professions have a role to play in minimising fraud it is imperative that government does more to ensure trained counter fraud professionals are deployed where they are most needed.
Recommendation: HM Treasury and Cabinet Office should write to the Committee within three months setting out how they will work with departments to build their counter fraud capacity and ensure that each Department’s resourcing is properly aligned with its risk exposure.
6.Gaps in transparency and information sharing between departments is hindering efforts to prevent, detect and correct fraud and error. Timely data sharing can be used to prevent fraud by data matching, improve detection of fraud by sharing intelligence, and enable recovery in cross-government schemes. Increasing the use of these methods is a priority for the Cabinet Office Counter Fraud Function, although such arrangements will take time and care to establish due to data protection requirements. We were pleased to hear examples of departments collaborating and sharing data during the pandemic to improve government’s overall response. For example, BEIS used data held by HMRC to retrospectively check applications for the Bounce Back Loan Scheme. However, other opportunities to prevent fraud in real time were missed, and well-established industry data sources were overlooked. Publishing business beneficiaries of COVID-19 support schemes provides transparency and the opportunity for whistle blowers and others to report suspicious claims. But the data HMRC published on employers claiming CJRS from December 2020 onwards has insufficient detail to allow proper public scrutiny and BEIS will not commit to publishing details of COVID-19 loan recipients. Going forward, increased data sharing could enable DWP to identify changes in claimant eligibility for benefits and enable changes to be applied across all benefits before a payment is made, preventing errors from occurring and reducing the need for recovery.
Recommendation: Cabinet Office should write to the Committee within six months detailing how it has worked with departments to identify and address gaps in real time data sharing.
HM Treasury should, within six months, set out the transparency principles it expects for government support schemes, including the presumption that the business beneficiaries of government support schemes will be published.
7.HMRC, DWP and BEIS are unable to justify the inconsistencies in their approaches to the consequences of fraud and error for different groups of debtors. Departments need to take steps to detect, pursue and recover the billions of pounds of fraud and error overpayments it has lost during the COVID-19 pandemic. However, we are concerned that Departments are taking different approaches to dealing with the consequences of fraud or errors of a similar nature, such as failing to disclose a change in circumstances. DWP applies a financial threshold when deciding whether to pursue criminal sanctions, whereas HMRC will only pursue criminal proceedings for the most serious crimes, focusing instead on disrupting criminal activity to make it unprofitable. Although BEIS is working with the police on criminal sanctions for loan scheme fraud, it maintains it is up to the bank to follow usual recovery procedures in the first instance. These differences in approaches results in penalties appearing unfair and inconsistent to the public. DWP is investing in making it easier for people inform it of changes in circumstances, for example through more online prompts in systems, rather than assuming fraudulent intent. We welcome the Cabinet Office’s commitment to, through the Counter Fraud Function, improving the consistency of sanctions applied for fraud and whether enforcement and recovery powers can be expanded across government.
Recommendation: HMRC and DWP should write to the Committee within three months setting out how they will identify and address inconsistencies of sanctions for frauds that are similar in nature.
BEIS should write to the Committee within three months setting out details of steps it will take to assess whether the recovery efforts of banks are reasonable, and the steps it will take to recover taxpayers’ money if deficiencies are identified.