INTRODUCTION

1 Fraud is a significant risk to the UK public sector. Losses to local government due to fraud results in less funding for public services. It is estimated that the cost of fraud against local authorities is as much as £7.8 billion annually.^{^[1]} An estimated 40% of all crime committed in the UK is categorised as fraud.^{^[2]}

2 To effectively combat fraud the council needs to have a counter fraud framework that helps it prevent, detect and deter fraud. And counter fraud work needs to continuously develop to address the ongoing emergence of new techniques being developed by fraudsters.

NATIONAL PICTURE

3 Local authorities have been responsible for the administration of a number of schemes designed to support businesses and the public during the pandemic. No reports into the level of loss found in local authority administered schemes have been published, but the Department for Business, Economy and Industrial Strategy (BEIS) conclude that as councils deal with fraud on a day to day basis that they will have been more equipped to deal with fraud arising from these schemes.^{^[3]}

4 The Covid-19 pandemic has created additional opportunities for fraudsters to attack public sector organisations, private businesses, and members of the public. In March 2021, the National Audit Office (NAO) reported a significant rise in the risk of fraud and error due Covid-19.^{^[4]}

5 The government has acknowledged the speed with which fraudsters adapt to exploit organisations’ weaknesses. To better tackle the evolving threat, an improved national fraud and cybercrime reporting system will be introduced to replace Action Fraud.^{^[5]} Cooperation and intelligence sharing between national and local agencies will help combat fraud.

6 Cybercrime remains a significant risk to all organisations, public and private. High profile attacks across the UK and worldwide have continued throughout the pandemic, and cybercriminals have shown disregard for the effects of their actions. An attack in the United States on the Colonial Pipeline Company in May 2021 stemmed from a single compromised password and account, and resulted in widespread fuel shortages. The company paid a ransom of over £3 million to recover their systems. This highlights the importance of cybersecurity awareness.

7 Supply chain attacks have also become prevalent in the last 12 months. These attacks occur when a software or IT supplier is targeted and criminals use the knowledge they gain to attack the end users of the company’s software. A successful attack on a supplier can create an impact on large numbers of organisations who use that supplier’s product. The EU Agency for Cybersecurity (ENISA) released a report that estimated that there would be a fourfold increase in supply chain attacks in 2021 versus the previous year. They analysed twenty-four attacks that occurred in 2020 and the first half of 2021 and concluded that the aim of the majority of attacks was to “gain access to data (predominantly customer data, including personal data and intellectual property).”[6] Councils hold significant amounts of personal data and are thus an attractive target for the criminal organisations that undertake these attacks. It’s essential that oversight of organisational ICT infrastructure is maintained to ensure controls remain up to date and able to reduce the impact of emerging threats.

LOCAL PICTURE

8 The council has been responsible for administering a range of support payments to business and residents during the Covid-19 pandemic. Robust application processes and verification checks were established to minimise the impact of fraudulent attempts to claim funds. Veritau have supported the council through investigation of suspected fraudulent claims. The counter fraud team also liaises with external agencies such as the National Anti-Fraud Network, and National Investigation Service to help identify potential fraud and contribute to central investigation of organised crime. This work has continued throughout 2021/22.

9 Raising fraud awareness with staff is key to identifying and tackling fraud. Veritau continue to engage staff and investigate reported allegations of fraud. The team has recently delivered training to staff in social care, and a number of sessions are planned for officers in housing. Work has also continued on raising awareness of the whistleblowing policy. In 2021, 189 officers accessed whistleblowing training via an online eLearning course. Wider activity to raise awareness of fraud issues has continued, for example recent campaigns to mark Cyber Security Awareness Month in October and International Fraud Awareness Week in November. International Anti-Corruption Day in December provided an opportunity to inform staff on how to identify and report bribery and money laundering concerns.

FRAUD RISK ASSESSMENT

10 Veritau completes an annual Fraud Risk Assessment, designed to identify the areas of fraud that present the greatest risk to the council. The risk assessment is informed by national and regional reports of fraud affecting local authorities, fraud reported to and investigated by the counter fraud team, and changes in process and the operating environment. The results of the assessment are used to:

• develop or strengthen existing fraud prevention and detection measures

• revise the counter fraud policy framework

• focus future counter fraud and audit work.

11 An updated fraud risk assessment is contained in appendix A, below.

12 Covid-19 related grant fraud has been downgraded following the end of higher value grant schemes seen in 2020/21. New grant funding is still being announced – for example grants to support hospitality and leisure businesses announced in December 2021 in response to the Omicron variant. However, resources made available by central government for pre-payment verification checks; and the council’s experience gathered from administering previous payments will help mitigate fraud risks. Work is also taking place as part of the National Fraud Initiative (NFI) which should help to identify grant fraud. The latest NFI exercise includes cross boundary data matches for grants, which have not been previously available to local authorities.

13 Theft of assets has also been downgraded from a high risk to a medium risk. This is a result of the easing of Covid-19 related restrictions and increased staff presence at council premises. Although we are continuing to review the situation as the council responds to increasing Covid-19 infections as a result of the Omicron variant of the virus.

14 The risk assessment will be kept under review so that any significant new or emerging risks can be assessed and addressed.

COUNTER FRAUD FRAMEWORK

15 The council has a robust counter fraud framework which includes a counter fraud strategy and associated action plan, a counter fraud policy, a fraud risk assessment, and a number of related policies (e.g. whistleblowing). A review of the framework is conducted annually.

16 A new counter fraud and corruption strategy was adopted last year. The strategy sets out the council’s aims for counter fraud work over the next few years. The strategy also includes actions needed to maintain and develop counter fraud arrangements at the council. The associated strategy action plan is reviewed and updated annually. This year’s update is contained in appendix B. It details progress made against last year’s plan and introduces new priorities for the counter fraud team for 2022/23. New objectives this year include:

· rolling out a new anti-bribery policy and raising awareness with officers

· implementing a new fraud case management system that will make it easier for officers to refer cases to the team and improve recording of fraud cases.

17 The Bribery Act 2010 created a number of offences for people who offer or accept bribes. In addition, organisations that fail to prevent these offences from occurring can be found to have broken the law as well – and could face unlimited fines. One of the criteria that a court would use to assess an organisation’s liability is whether it has anti-bribery policies in place which has been communicated to, and understood by, employees. The review of policies highlighted that the council did not have a specific anti-bribery policy (although issues relating to bribery are covered to some extent in the Employee Code of Conduct and guidance on gifts and hospitality). This has now been rectified; a proposed policy has been drafted and is included in this report for comment by the Audit and Governance Committee (see below).

18 A proposed revised version of the Counter Fraud and Corruption Policy is included at appendix C. This has been amended to incorporate a separate Anti-Bribery Policy (at annex B of the policy). Minor amendments have been made to the body of the Counter Fraud and Corruption Policy, to refer to the Anti-Bribery Policy. However, no further changes are proposed as a result of the current review. The committee’s views on the updated policy are being sought prior to approval by officers.

Appendix A: Fraud Risk Assessment (January 2022)

Risk Area	Risk Description	Risk Controls	Risk Category	Risk Mitigation
Adult Social Care Fraud	Fraud within the adult social care system is an area of concern for local authorities. CIPFA reported a 104% increase in the value of social care fraud detected in 2019 compared to the previous year. The average loss for individual cases of fraud detected in this area was £29k. Losses can occur through deprivation or non-declaration of capital which can involve the transfer or disguise of property in order to avoid paying for residential or domestic care provision. Further fraud occurs through the misuse of the Direct Payment scheme, where monies allocated to meet a customer’s assessed needs are not then used to procure these services. Residential homes could also continue to claim for customers who are no longer in residence (e.g. after they pass away). Services may have been impacted during the pandemic. Care payments may have had to be made prior to a full assessment taking place and this could heighten the risk of fraud.	Applications for care funding are carefully assessed to ensure that recipients meet the eligibility criteria and that any financial contribution for care by the customer is correctly calculated. Use of Direct Payments is monitored by council officers who check for possible false claims and overstated needs.	High	The Counter Fraud Team (CFT) has established relationships with officers responsible for assessments and payments; concerns are regularly reported to the CFT for investigation. The CFT will continue to deliver a rolling programme of fraud awareness to staff with responsibilities for assessment and payments. The CFT is currently undertaking a project with Income Services to provide additional verification of financial information provided as part of applications for care. These checks may help identify fraud and error that would not otherwise be detected.
Council Tax & Business Rates Frauds (discounts and exemptions)	Council Tax fraud is a common occurrence. CIPFA report that 66% of all local government related fraud, recorded as part of their annual survey, involved Council Tax or Business Rates payments. Single Person Discount fraud accounted for £28.9m of loss due to fraud in 2019/20 according to the CIPFA survey. Depending on the scheme, there are several ways in which fraud can occur. These include applicants providing false information and recipients failing to notify the council when they no longer qualify. Revenue from Council Tax and Business Rates is a key income stream. Fraud in this area threatens this source of funding.	The council employs a number of methods to help ensure only valid applications are accepted. This includes requiring relevant information be provided on application forms, and visits to properties be undertaken (where necessary). Controls including separation of duties between collection and administration, restriction of access to records, and management oversight of actions such as recovery suppressions help prevent internal fraud and error. Messages reminding residents and businesses to update their circumstances when necessary appear on annual bills issued by the council. The council routinely takes part in the National Fraud Initiative, and periodically undertakes reviews of single person discounts.	High	The CFT deliver periodic fraud awareness training to staff in revenues and customer services teams about frauds affecting Council Tax and Business Rates. The CFT has developed data matches to detect incorrectly received discounts and exemptions.
Council Tax Support Fraud	Council Tax Support (CTS) is a council funded reduction in liability introduced in 2013 to replace Council Tax Benefit. Unlike its predecessor, it is resourced entirely through council funds. CIPFA’s latest fraud tracker showed the value of CTS fraud detected in 2019 was £4.9m. Frauds in this area can involve applicants failing to declare their total assets, correct household composition or household income. Those receiving support are also required to notify relevant authorities when they have a change in circumstances that may affect their entitlement to support. The Department for Work and Pensions have reported an increase in fraud within the Universal Credit system during 2020/21 as a result of Covid-19. As CTS claims are generally linked to Universal Credit claims there is likely to be an associated increase in CTS fraud against the council. Fraudulently obtained CTS represents a direct loss of council funds.	The council undertakes eligibility checks on those who apply for support. There are established lines of communication with the Department for Work and Pensions (DWP) where claims for support are linked to externally funded benefits. The council is able to report Housing Benefit and other benefit frauds to the DWP but this does not necessarily allow the council control over resolving false claims for CTS.	High	The CFT routinely raise awareness of fraud with teams involved in processing claims for CTS. Concerns of fraud are reported to the CFT who determine if criminal investigation is required. The CFT can undertake joint working with the DWP where it is mutually beneficial (e.g. joint claims for benefit).
Creditor Fraud	A range of frauds can be committed against the council in this area, sometimes as a result of publically available creditor payment data. Criminals undertaking these types of fraud are often found to be operating from overseas. The most common issue is mandate fraud (aka payment diversion fraud) where fraudsters impersonate legitimate suppliers and attempt to divert payments by requesting changes in bank details. Other types of fraud in this area include whaling, where senior members of the council are targeted and impersonated in order to obtain fraudulent payments. In recent years there have been increased instances nationally of hackers gaining direct access to email accounts of suppliers and then attempting to perpetrate mandate frauds. These attempts are much more difficult to detect and prevent. With increased remote working due to Covid-19, there have been increased opportunities for fraudsters to impersonate budget holders or suppliers in electronic communications to divert funds.	The council has a number of controls in place to identify fraudulent attempts to divert payments from genuine suppliers and to validate any requests to change supplier details. Segregation of duties exist between the ordering, invoicing and payments processes.	High	The CFT undertake fraud awareness training for payments staff. Increased awareness provides a greater chance to stop fraudulent attempts before losses occur. All instances of whaling fraud reported to the CFT are reported to the relevant agencies, such as the National Cyber Security Centre, as well as directly to the email provider from which the false emails originated. The counter fraud team share intelligence on any attempted frauds occurring nationally to help prevent losses.
Cybercrime	Cybercrime is a constantly evolving area where criminals are continually refining their techniques in order to overcome controls put in place to protect organisations, to obtain unauthorised access and information, and to frustrate systems. Types of cybercrime experienced by local authorities in recent years include ransomware, phishing, whaling, hacking, and denial of service attacks. Attacks can lead to loss of funds or systems access/data which could impact service delivery to residents. There have been a number of high profile cyber-attacks on public and private sector organisations in recent years. Attacks stemming from the hacking of software or IT service providers have become more prevalent. These are known as supply chain attacks and are used by hackers to target the end users of the software created by the organisations targeted.	The council has a highly skilled ICT department which helps mitigate the threat of cybercrime. In 2021 the ICT department instituted new password requirements for staff which has strengthened cybersecurity within the council. The ICT department use filters to block communications from known fraudulent servers and they encourage staff to raise concerns about any communications they do receive that may be part of an attempt to circumvent cybersecurity controls.	High	Raising awareness with staff can be crucial in helping to prevent successful cyberattacks. The CFT works with ICT to support activities on raising fraud awareness. A fraud awareness campaign was undertaken in October 2021 as part of cybersecurity awareness month. Cybercrime awareness is also included as part of all other fraud awareness training provided by the CFT to specific teams.
Procurement Fraud	Procurement fraud has been perceived as a high risk by local authorities in the CIPFA fraud tracker for a number of years. Procurement fraud, by its nature, is difficult to detect but can result in large scale loss of public funds over long periods of time. The Competition and Markets Authority (CMA) estimates that having a cartel within a supply chain can raise prices by 30% or more. CIPFA reported losses of £1.5m in 2019/20 for local authorities, due to procurement fraud. It found that 8% of fraud detected in this area involved ‘insider fraud’.	The council has established Contract Procedure Rules. The rules are reviewed regularly and ensure the requirement for a competitive process (where required) through an e-tender system. A team of procurement professionals provide guidance and advice to ensure procurement processes are carried out correctly. A tendering and evaluation framework is in operation to help prevent fraud. It also sets out the requirements for declarations of interest to be made.	High	Continued vigilance by relevant staff is key to identifying and tackling procurement fraud. The CFT provide training to raise awareness of fraud risks, and investigate any suspicions of fraud referred. The CFT and internal audit monitor guidance on fraud detection issued by the Competition and Markets Authority and other relevant bodies. Internal audit regularly undertake procurement themed audits which help to ensure processes are up to date and being followed correctly.
COVID-19 related fraud	Throughout the Covid-19 pandemic local authorities have been responsible for providing support to businesses and residents. The council has had to respond quickly to deliver a number of support schemes in the past two years. New processes for verifying applications had to be implemented very quickly. These schemes have been subject to attempted fraud at a local, national and international level due to the significant amount of funding available. While funding was provided by central government, the council was charged with the responsibility of identifying genuine applicants and investigating and recovering incorrect payments.	Over the course of the past two years the council has developed robust processes to identify fraudulent applications for support. This included use of national data matching resources. Government mandated post-assurance activities have been undertaken to review the success of controls in place.	Medium (previously High)	Suspected fraud cases have been investigated by the CFT. Where payments were found to have been fraudulently or incorrectly made a recovery process was instigated. The CFT has shared details of all known frauds occurring regionally and nationally. Veritau conducted a post-event assurance exercise at the end of 2020/21 which reviewed payments to businesses made during the first lockdown period. The exercise concluded that the vast majority of payments sampled had been made correctly and in line with government guidance. The CFT still has a number of investigations ongoing and the results of a National Fraud Initiative data matching exercise are being reviewed. A further National Fraud Initiative exercise is being conducted in early 2022.
Internal Fraud	There are a range of potential employee frauds including falsifying timesheets and expense claims, abusing flexitime or annual leave systems, undertaking alternative work while sick, or working for a third party on council time. Some staff have access to equipment and material that may be misused for private purposes. Payroll related fraud can involve the setting up of 'ghost' employees in order to divert salary payments to others. Corruption and bribery is a significant risk to all public sector organisations, however only low levels have ever been detected.	The council introduced a new whistleblowing policy in 2020, which can be used to raise suspicions of fraud. Work has continued over the last year to raise awareness of the policy. A new anti-bribery policy is being introduced (a draft is included in this report). Controls are in place surrounding flexitime, annual leave and sickness absence. Participation in the National Fraud Initiative helps the council identify potential cases of internal fraud.	Medium	The CFT investigates any suspicions of fraud or corruption. Internal audit also undertake work to ensure that appropriate checks and balances are in place to help prevent and detect internal fraud and corruption. Work will be undertaken in 2022 to raise awareness of the new anti-bribery policy.
Recruitment Fraud	Recruitment fraud can affect all organisations. Applicants can provide false or misleading information in order to gain employment such as bogus employment history and qualifications or providing false identification documents to demonstrate the right to work in the UK.	The council has controls in place to mitigate the risk of fraud in this area. DBS checks are undertaken where necessary. Additional checks are made on applications for roles involving children and vulnerable adults.	Medium	Where there is a suspicion that someone has provided false information to gain employment, the CFT will be consulted on possible criminal action in tandem with any disciplinary action that may be taken.
Theft of Assets	The theft of assets can cause financial loss and reputational damage. It can also negatively impact on employee morale and disrupt the delivery of services. The council owns large numbers of physical items, such as IT equipment, vehicles and tools. The reduction of staff at council premises during the Covid-19 outbreak increased the risk of theft. This risk has started to reduce as restrictions lift and staff return to the office.	Specific registers of physical assets (e.g. capital items, property and ICT equipment) are maintained. The council's whistleblowing arrangements provide an outlet for reporting concerns of theft.	Medium (previously High)	Members of staff should also be vigilant and report all possible thefts promptly to the Police and CFT.
Blue Badge & Parking Fraud	Blue Badge fraud carries low financial risk to the authority but can affect the quality of life for disabled residents and visitors. There is a risk of reputational damage to the council if abuse of this scheme is not addressed. Other low level parking fraud is relatively common. For example misuse of permits to avoid parking charges.	Measures are in place to control the issue of blue badges. The council also participates in the National Fraud Initiative which flags badges issued to deceased users, and badge holders who have obtained a blue badge from more than one authority, enabling their recovery to prevent misuse. The CFT and Parking Enforcement work closely together to identify, deter and investigate parking fraud. Warnings are regularly issued to people who misuse parking permits and blue badges. Serious cases are considered for prosecution.	Low	Periodic proactive days of action between the CFT and the council’s enforcement team are used to raise awareness and act as a deterrent to blue badge misuse. Suspected fraud is reported to the CFT who can investigate any criminal misuse.
Fraudulent Insurance Claims	The council may receive exaggerated or fabricated insurance claims. CIPFA’s 2019/20 report estimated that insurance fraud cost local government £3.9m.	While insurance fraud is common, the burden of risk is currently shouldered by the council’s insurers who have established fraud investigation systems.	Low	n/a
Treasury Management	While the impact of losses in this area could be significant, the likelihood is low. There have been no recorded frauds at the council.	Treasury Management systems are well controlled and no fraud has been detected in this area.		Internal audit undertake periodic reviews of the controls in this area.

Ref	Action Required	Target Date	Responsibility	Notes
1	Introduce a new Anti-Bribery Policy; undertake work to raise awareness of the policy.	December 2022	Veritau	A new policy has been drafted, and is included as part of the current report for comment by the Audit and Governance Committee. Once approved, work will be undertaken by the Counter fraud Team to raise awareness of the policy.
2	Continue to work with council officers to ensure the council meets Government guidance on new Covid-19 grant payments as well as any checks relating to previously issued grants.	April 2022	Veritau	The council is currently preparing to issue new Omicron grants in January 2022. The counter fraud team will assist the council to ensure that funds are issued to business that meet the requirement of the scheme. The counter fraud team assisted the council last year in undertaking post-assurance checks on Covid-19 grants issued during the first lockdown. The government may require further post-assurance exercises in 2022/23.
3	Trial the use of financial checks to enhance the robustness of social care financial assessments.	October 2022	Veritau / Income Services	The counter fraud team is working with Income Services to trial the use of additional financial checks to detect and prevent fraud and error.
4	Implementation of a new counter fraud system.	May 2022	Veritau	The team is in the process of implementing a new IT system that will enhance recording of investigation work and streamline processes for fraud referrals. The system will improve management information on fraud and make it easier for officers to refer cases.

Ref	Action Required	Responsibility	Update
1	Undertake post assurance checks on grant applicants to the Small Business Grant Fund and Retail, Hospitality and Leisure Grant Fund Schemes.	Veritau / Revenues Team	Work was completed at the end of 2020/21. The checks found that the vast majority of grants issued by the council were applied for and administered correctly. New BEIS guidance has recently been produced on verification requirements for other Covid related grant schemes.
2	Develop communication strategy to publicise counter fraud and corruption news internally.	Veritau / Communications Team	The Counter Fraud Team worked with Communications to develop a regular programme of awareness material based around national and international campaigns (eg cybercrime awareness month and international fraud awareness week). Initial work is complete. Campaigns will continue to run in future years.
3	Ensure that up to date policies are in place to enable the council to undertake covert surveillance under the Regulation of Investigatory Powers Act and employee monitoring outside of the Act.	Veritau / Governance Team	The Governance Team has taken over responsibility for RIPA policy, which was updated in August 2021.
4	Participate in Fighting Fraud and Corruption Locally (FFCL) working groups and explore formation of regional social care network group.	Veritau	Since these actions were set, Veritau has taken on the role of chairing the national FFCL social care fraud working group. Veritau is also a leading member of the regional FFCL group that considers all types of fraud and contributes to the development of the FFCL strategy.

APPENDIX C: COUNTER FRAUD & CORRUPTION POLICY

COUNTER FRAUD AND CORRUPTION POLICY

1 Introduction

1.1 All organisations are at increasing risk of fraud and corruption. Some commentators estimate that annual fraud losses to local government in the UK could be £7.8 billion. It is therefore a risk that the council cannot and should not ignore.

1.2 Any fraud committed against the council effectively constitutes a theft of taxpayer’s money. It is unlawful and deprives the council of resources which should be available to provide services to the public. By putting in place effective measures to counter the risk of fraud and corruption the council can reduce losses which impact on service delivery as a contribution to the achievement of overall council priorities.

1.3 This document sets out the council’s policy in relation to fraud and corruption perpetrated against it, and its overall arrangements for preventing and detecting fraud. It includes the fraud and corruption prosecution policy contained in annex A, and anti-bribery policy in annex B. It forms part of the council’s overall policy framework for combating fraud and corruption and should be read in conjunction with the counter fraud strategy, constitution, the financial regulations, contract procedure rules, the whistleblowing policy, anti-money laundering policy, codes of conduct, and disciplinary procedures.

2 Definitions and Scope

2.1 For the purpose of this policy, the term fraud is used broadly to encompass:

· acts which would fall under the definition in the Fraud Act (2006)

· anything which may be deemed fraudulent in accordance with the generally held view of fraud as causing loss or making a gain at the expense of someone by deception and dishonest means

· any offences which fall under the Council Tax Reduction Schemes Regulations (2013) and the Prevention of Social Housing Fraud Act (2013)

· any act of bribery or corruption including specific offences covered by the Bribery Act (2010)

· acts of theft

· any other irregularity which is to the detriment of the council whether financially or otherwise, or by which someone gains benefit they are not entitled to.

2.2 This policy does not cover fraud or corruption against third parties, except where there may be an impact on the service provided by the council. In addition, it does not cover other acts – for example offences involving violence - which may affect the council, and which should in most cases be reported directly to the police.

3 Principles

3.1 The council will not tolerate fraud or corruption in the administration of its responsibilities, whether perpetrated by councillors, officers, customers of its services, third party organisations contracting with it to provide goods and/or services, or other agencies with which it has any business dealings. There is a basic expectation that councillors, employees, and contractors’ staff will act with integrity and with due regard to matters of probity and propriety, the requirement to act lawfully and comply with all rules, procedures and practices set out in legislation, the constitution, the council’s policy framework, and all relevant professional and other codes of practice.

3.2 The council will seek to assess its exposure to risks of fraud and corruption. It will prioritise resources available to prevent and deter fraud in order to minimise this risk.

3.3 The council will consider any allegation or suspicion of fraud seriously, from whatever source, and if appropriate will undertake an investigation to confirm whether fraud has occurred and determine the appropriate outcome. Any investigation will be proportionate. The council may refer any incident of suspected fraud to the police or other agencies for investigation, if appropriate.

3.4 To act as a deterrent, the council will take action in all cases where fraud (or an attempt to commit fraud) is proved, in proportion to the act committed. This may include prosecution, application of internal disciplinary procedures, or any other action deemed appropriate to the offence (for example referral to a professional body). Employees and councillors are not exempt from potential prosecution or other action if they are found to have committed fraud against the council. Prosecution decisions will be made in accordance with the fraud and corruption prosecution policy (Annex A).

3.5 As a further deterrent, and to minimise losses, the council will attempt to recover any losses incurred through civil or legal action. In addition, the council will seek to apply any appropriate fines or penalties, and recover any costs incurred in investigating and prosecuting cases.

3.6 The council will not tolerate any form of bribery to or by employees, members, or suppliers. Any act of bribery puts the council at risk of committing a criminal offence. Please see the council’s Anti-Bribery Policy which is contained in Annex B.

4 Responsibilities

4.1 Overall responsibility for counter fraud arrangements rests with the council’s Chief Finance Officer (The Corporate Finance & Commercial Procurement Manager), on behalf of the council. The CFO has a professional responsibility for ensuring the council has appropriate measures for the prevention and detection of fraud and corruption, which are reflected in legislation.

4.2 The Audit and Governance Committee has responsibility for assessing the effectiveness of the Council’s counter fraud arrangements including the Whistleblowing policy and other relevant counter fraud policies and plans.

4.3 The Council’s Management Team (CMT) are collectively responsible for ensuring that the council has effective counter fraud and corruption procedures embedded across the organisation that comply with best practice and good governance standards and requirements.

4.4 Veritau (who provide internal audit and counter fraud services to the council) is responsible for reviewing the council’s counter fraud and corruption policies on a regular basis and recommending any required changes to those policies. In addition, Veritau leads on fraud prevention and detection issues for the council and is responsible for investigating suspected cases of fraud or corruption. The internal audit team carries out audit work to ensure that systems of control are operating effectively, which contributes to the reduction in opportunities for committing fraud. The Head of Internal Audit is required to report their professional opinion on the council’s control environment to members of the Audit & Governance Committee on an annual basis in accordance with proper practice.

4.5 All senior managers have a responsibility for preventing and detecting fraud within their service areas. This includes maintenance of effective systems of internal control and ensuring that any weaknesses identified through the work of internal audit or by other means are addressed promptly.

4.6 The Monitoring Officer is the council’s nominated officer for the purposes of the Money Laundering Regulations (2007), and is responsible for reporting any issues referred to them, in this capacity.

4.7 All staff have a general responsibility to be aware of the possibility of fraud and corruption, and to report any suspicions that they may have to Veritau. Where appropriate, staff may use the whistleblowing policy to raise concerns anonymously.

4.8 Officers within human resources have a responsibility to support service departments in undertaking any necessary pre-disciplinary investigation and disciplinary process.

5 Overall Counter Fraud Arrangements

Introduction

5.1 The purpose of this section is to set out the council’s overall framework for countering the risk of fraud and corruption. While the council aims to follow best practice in relation to counter fraud activity^{^[7]}, it recognises that new and emerging fraud risks will require a dynamic approach to fraud prevention and detection.

Measurement

5.2 The council will assess the potential risks and losses due to fraud and corruption, and will use these to prioritise counter fraud activity, and review the resources available to counter those risks. The review will include an assessment of actual levels of fraud^{^[8]} and the effectiveness of counter fraud activity in reducing losses. The outcome of this review will be reported to the Audit & Governance Committee on an annual basis as part of the audit and fraud planning cycle.

Culture

5.3 The council will promote a culture whereby all staff, councillors, service users, and contractors are aware that fraud or corruption in any form is unacceptable. To do this, it will:

· ensure that there are clear arrangements in place for reporting suspicions about potential fraud or corruption, whether that be by staff, councillors, partners, stakeholders, contractors or members of the public

· investigate reported suspicions and where evidence of fraud or corruption is found will prosecute where appropriate and take any other action necessary in accordance with the financial regulations, contract procedure rules, fraud and corruption prosecution policy, disciplinary procedures, members code of conduct, or any relevant legislation or guidance

· ensure that the consequences of committing fraud and/or partaking in corrupt practices are widely publicised.

Prevention and Detection

Controls

5.4 As part of its ongoing operating procedures, the council seeks to ensure that proper systems of internal control are in place. This includes controls to directly prevent and detect fraud, such as separation of duties and management review, along with other procedures such as vetting as part of recruitment processes and systems for declaration of interests and gifts and hospitality. The effectiveness of systems of control are monitored and a formal report is made as part of the process for preparing the annual governance statement. The council maintains a system of internal audit to provide independent review of control systems on an ongoing basis, in accordance with a risk assessment.

5.5 Services will be encouraged to consider the risk of fraud as part of the council’s risk management process. Any information on risks identified will be used to inform the annual review of counter fraud activity.

Proactive Work

5.6 The council will carry out targeted project work (for example data matching exercises) to identify fraud and corruption in known high risk areas. This work will be carried out by Veritau as part of its annual workplan. Work will be prioritised based on a risk assessment as part of the annual review of counter fraud activity. Work may include joint exercises with other agencies, including other local councils.

5.7 The council will take part in projects led by other agencies such as the Cabinet Office and the DWP to identify potential fraud e.g. the National Fraud Initiative. Resources will be allocated to follow up all data matches, and will include support through the internal audit and counter fraud teams to review potential control issues and suspected fraud. Veritau will work with service departments to ensure that they are aware of the need to include notices to service users stating that any data held may be subject to use for data matching purposes.

Relationships

5.8 The council has established relationships with a number of other agencies. It will continue to develop these relationships and develop new ones to further the prevention and detection of fraud. Organisations which the council will work with include:

· the police

· the courts

· the Cabinet Office

· the Ministry of Housing, Communities and Local Government

· the Department for Works and Pensions

· other councils

· community groups.

5.9 Veritau will work with council departments to ensure that systems for reporting and investigating suspected fraud and corruption are robust.

Fraud Awareness Training

5.10 As part of its annual workplan, Veritau will provide targeted fraud awareness training to specific groups of staff, based on its annual risk assessment.

Investigation

5.11 All suspected cases of fraud, corruption, theft or other irregularity will be investigated. The nature of each investigation will depend on the circumstances of each case. Veritau will act as a first port of call for any suspected fraud and will provide advice on whether other agencies should be notified (eg the police). Veritau will determine the extent of the investigation to be carried out in consultation with the Chief Finance Officer, service departments and human resources. Where necessary, Veritau may refer cases to other agencies (for example the police) at the discretion of the Head of Internal Audit. Figure 1 overleaf outlines the fraud referral and investigation process.

5.12 All staff involved in the investigation of fraud will be appropriately trained. They will be required to comply with any relevant legislation and codes of practice. For example the Police and Criminal Evidence Act (PACE), Regulation of Investigatory Powers Act (RIPA), the Data Protection Act, the Criminal Procedures Investigations Act (CPIA) and any relevant guidance from the Attorney General. Investigators will take into account the individual circumstances of anyone involved in an investigation and adjustments to procedure will be made where necessary to ensure that all parties are treated equitably (where it is appropriate and reasonable to do so).

5.13 As part of the outcome of every investigation, a review of any weaknesses in control will be made and if necessary recommendations will be made to address any issues identified. These will be set out in a formal report to the managers of the service concerned, and will be followed up to ensure the issues are addressed.

5.14 The Head of Internal Audit will ensure that systems for investigating fraud are reviewed on an ongoing basis, to ensure that they remain up to date and comply with good practice.

Publicity

5.15 The council will publicise all successful prosecutions undertaken either by itself or by partner organisations, to act as a deterrent against future fraud.

5.16 In addition, where appropriate, targeted publicity will be used to raise the awareness of fraud to staff, councillors, the public, and other agencies. This will consist of both internal and external publicity and will aim to:

· raise awareness about potential fraud and ensure all stakeholders are alert to the possibilities of fraud;

· inform all stakeholders of the procedures to be followed if they have suspicions of fraud;

· ensure that all stakeholders are aware that the council will not tolerate fraud and the consequences of committing fraud against it.

Recovery of Monies

5.17 Where any loss has been incurred by the council or additional costs have been incurred as a result of fraud or corruption, the council will seek to recover these from the individual or organisation concerned. This will help to ensure that the financial impact of fraud on the council is minimised and act as a deterrent. As a further deterrent, the council will seek to levy any appropriate fines or penalties where it is possible and desirable to do so.

5.18 Methods of recovery may include (but are not limited to):

· recovery from assets held by the organisation or individual (using the Proceeds of Crime Act or any other relevant legislation)

· bankruptcy where appropriate

· recovery from future salary payments if an individual remains an employee of the council

· recovery of pension contributions from employees or councillors who are members of the North Yorkshire Pension Fund.

6 Monitoring & Review Arrangements

6.1 The arrangements set out in this policy document will be reviewed on an annual basis as part of the audit and fraud planning cycle and will include the fraud and corruption prosecution policy (annex A) , anti-bribery policy (annex B), and other related guidance. Veritau will work with other departments to ensure that other related guidance and policy (such as the whistleblowing policy) are reviewed on a regular basis and any amendments or necessary changes are approved.

LAST REVIEWED AND UPDATED: January 2022

Annex A

FRAUD AND CORRUPTION PROSECUTION POLICY

Scope and Purpose

1.1

The fraud and corruption prosecution policy forms part of the council’s overall counter fraud and corruption arrangements. The policy covers all acts, and/or attempted acts, of fraud or corruption committed by officers or councillors, or committed by members of the public, or other organisations or their employees, against the council.

1.2

The policy sets out the circumstances in which the council will take legal action against the perpetrators of fraud or corruption. It also sets out the circumstances when it is appropriate to consider alternative courses of action such as offering a caution. The policy does not cover internal disciplinary procedures which are the subject of the council’s separate disciplinary policy and procedures.

1.3

This policy should be read in conjunction with the council’s constitution, financial regulations, contract procedure rules, the counter fraud and corruption policy and the strategy, the whistleblowing policy and the council’s disciplinary policy and procedures.

1.4

The policy contains specific guidelines for determining the most appropriate course of action when fraud has been identified. Offences other than fraud and corruption (for example those relevant to the enforcement of regulations) are dealt with by the appropriate service departments under other policies and relying on specific legal powers.

Principles

2.1

The council is committed to deterring fraud and corruption. As part of its overall strategy to do this the council will seek to take appropriate action against anyone proven to have attempted and/or committed a fraudulent or corrupt act against it. The council considers that those guilty of serious fraud or corruption must take responsibility for their actions before the courts.

2.2

The policy is designed to ensure that the council acts fairly and consistently when determining what action to take against the perpetrators of fraud or corruption.

2.3

Staff and councillors who are found to have committed fraud or corruption may be prosecuted in addition to such other action(s) that the council may decide to take, including disciplinary proceedings in the case of staff and referral to the relevant officer or body in the case of members. Any decision not to prosecute a member of staff for fraud and corruption does not preclude remedial action being taken by the relevant director(s) in accordance with the council’s disciplinary procedures or other policies.

2.4

This policy is also designed to be consistent with council policies on equalities. The council will be sensitive to the circumstances of each case and the nature of the crime when considering whether to prosecute or not.

2.5

The consistent application of the policy will provide a means for ensuring that those who have perpetrated fraud and corruption are appropriately penalised. It will also act as a meaningful deterrent to those who are contemplating committing fraud or corruption. The council recognises the deterrent value of good publicity and therefore information regarding successful prosecutions and sanctions will be made public.

2.6

Any decision taken by an authorised officer to prosecute an individual or to offer a formal sanction will be recorded in writing. The reason for the decision being taken will also be recorded.

2.7

Irrespective of the action taken to prosecute the perpetrators of fraud and corruption, the council will take whatever steps necessary to recover any losses incurred, including taking action in the civil courts.

Prosecution

3.1

The policy is intended to ensure the successful prosecution of offenders in court. However, not every contravention of the law should be considered for prosecution. The council will weigh the seriousness of the offence (taking into account the harm done or the potential for harm arising from the offence) with other relevant factors, including the financial circumstances of the defendant, mitigating circumstances and other public interest criteria. All cases will be looked at individually and be considered on their own merit.

3.2

To consider a case for prosecution the council must be satisfied that two tests have been passed. Firstly, there must be sufficient evidence of guilt to ensure conviction. This is called the evidential test. Secondly, it must be in the public interest to proceed – the public interest test.

3.3

To pass the evidential test, authorised officers must be satisfied that there is a realistic prospect of conviction based on the available evidence (that is, there must be sufficient admissible, substantial and reliable evidence to secure a conviction).

3.4

To pass the public interest test, the authorised officer will balance, carefully and fairly, the public interest criteria against the seriousness of the offence. The public interest criteria include;

· the likely sentence (if convicted);

· any previous convictions and the conduct of the defendant;

· whether there are grounds for believing the offence is likely to be repeated;

· the prevalence of the offence in the area;

· whether the offence was committed as a result of a genuine mistake or misunderstanding;

· any undue delay between the offence taking place and/or being detected and the date of the trial;

· the likely effect that a prosecution will have on the defendant;

· whether the defendant has put right the loss or harm caused.

3.5

It will generally be in the public interest to prosecute if one or more of the following factors applies, subject to any mitigating circumstances;

· the actual or potential loss to the council was substantial;

· the fraud has continued over a long period of time;

· the fraud was calculated and deliberate;

· the person has previously committed fraud against the council (even if prosecution did not result) and/or there has been a history of fraudulent activity;

· the person was in a position of trust (for example, a member of staff);

· there has been an abuse of position or privilege;

· the person has declined the offer of a caution or financial penalty;

· the case has involved the use of false identities and/or false or forged documents.

3.6

Investigating officers and prosecutors will review the appropriateness of pre-charge engagement where prosecution is considered. This is likely to occur where such engagement may lead the defendant to volunteer additional information that may identify new lines of inquiry. Pre-charge engagement may be instigated by the investigating officer, the council prosecutor, the defendant’s representative or a defendant themselves (if unrepresented).

Mitigating Factors

4.1

The following mitigating factors will be taken into account when determining whether to prosecute;

4.2

Voluntary Disclosure

A voluntary disclosure occurs when an offender voluntarily reveals fraud about which the council is otherwise unaware. If this happens, then the fraud will be investigated but the offender will not be prosecuted unless in exceptional circumstances. However, any person colluding in the crime will still be prosecuted. A disclosure is not voluntary if the:-

· admission is not a complete disclosure of the fraud;

· admission of the fraud is made only because discovery of the fraud is likely, (for example, the offender knows the council is already undertaking an investigation in this area and/or other counter fraud activity);

· offender only admits the facts when challenged or questioned;

· offender supplies the correct facts when making a claim to Legal Aid.

4.3

Ill Health or Disability

Where the perpetrator (and/or their partner) is suffering from prolonged ill health or has a serious disability or other incapacity then the offender will not normally be prosecuted. Evidence from a GP or other doctor will be requested if the condition is claimed to exist, unless it is obvious to the investigator. It is also necessary to prove that the person understood the rules governing the type of fraud committed and was aware that their action is wrong. This may not be possible where, for instance, the offender has serious learning difficulties. However, simple ignorance of the law will not prevent prosecution.

4.4

Social Factors

A wide range of social factors may make a prosecution undesirable. The test is whether the court will consider the prosecution undesirable, and go on to reflect that in the sentence.

4.5

Exceptional Circumstances

In certain exceptional circumstances the council may decide not to prosecute an offender. Such circumstances include;

· the inability to complete the investigation within a reasonable period of time;

· the prosecution would not be in the interests of the council;

· circumstances beyond the control of the council make a prosecution unattainable.

Alternatives to Prosecution

5.1

If some cases are considered strong enough for prosecution but there are mitigating circumstances which cast a doubt as to whether a prosecution is appropriate then the council may consider the offer of a sanction instead. The two sanctions available are;

· a caution, or;

· financial penalty.

Simple Cautions

5.2

A simple caution is a warning given in certain circumstances as an alternative to prosecution, to a person who has committed an offence. All cautions are recorded internally and kept for a period of six years. Where a person offends again in the future then any previous cautions will influence the decision on whether to prosecute or not.

5.3

For less serious offences a simple caution will normally be considered where all of the following apply;

· there is sufficient evidence to justify instituting criminal proceedings;

· the person has admitted the offence;

· there is no significant public interest in prosecution;

· it was a first offence, and;

· a financial penalty is not considered to be appropriate.

Only in very exceptional circumstances will a further caution be offered for a second or subsequent offence of the same nature.

5.4

Cautions will be administered by the Head of Internal Audit (or deputy), Assistant Director – Corporate Fraud, Corporate Fraud Manager, or a Senior Corporate Fraud Investigator, on behalf of the council. If a caution is offered but not accepted then the council will usually consider the case for prosecution. In such cases the court will be informed that the defendant was offered a penalty but declined to accept it.

Financial Penalties

5.5

The Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013, permit a financial penalty to be offered to claimants as an alternative to prosecution. The penalty is set at 50% of the amount of the excess reduction, subject to a minimum of £100 and a maximum of £1000. Once a penalty is accepted, the claimant has 14 days to change their mind.

5.6

Subject to the criteria set out in the guidelines below, a financial penalty will normally be offered by the council in the following circumstances;

· the council believes that there is sufficient evidence to prosecute;

· it was a first offence or a previous offence was dealt with by way of a caution, and;

· in the opinion of the council, the circumstances of the case mean it is not overwhelmingly suitable for prosecution, and;

· the claimant has the means to repay both the overpayment and the penalty, and;

· there is a strong likelihood that both the excess reduction and the penalty will be repaid.

5.7

It is important to note that the claimant does not need to have admitted the offence for a financial penalty to be offered. Financial penalties will be administered by the Head of Internal Audit (or deputy), Assistant Director – Corporate Fraud, Corporate Fraud Manager or a Senior Corporate Fraud Investigator. If a financial penalty is not accepted or is withdrawn then the council will usually consider the case for prosecution. In such cases the court will be informed that the defendant was offered a penalty but declined to accept it.

Proceeds of Crime Act 2002 (POCA)

6.1

In addition to the actions set out in this policy, the council reserves the right to refer all suitable cases for financial investigation with a view to applying to the courts for restraint and/or confiscation of identified assets. A restraint order will prevent a person from dealing with specific assets. A confiscation order enables the council to recover its losses from assets which are found to be the proceeds of crime.

Implementation Date

7.1

This revised policy is effective from 21 February 2021 and covers all decisions relating to prosecutions and sanctions after this date.

POLICY LAST REVIEWED AND UPDATED: January 2022

Annex B

COYC%202%20colour

ANTI-BRIBERY POLICY

1 Introduction

1.1 The Bribery Act 2010 enables robust action to be taken against all forms of bribery. The council is committed to protecting the public purse and the services it provides from being abused. The council will not tolerate bribery and promotes the prevention, detection and deterrence of bribery.

1.2 Bribery is defined as the offering, giving, receiving or soliciting of any item of value to influence the actions of an official or other person in charge of a public or legal duty. The act of bribery is the intention to gain a personal, commercial, regulatory or contractual advantage.

1.3 Facilitation payments are unofficial payments made to public officials to secure or expedite actions. These are not tolerated and are illegal.

1.4 This policy should be read in conjunction with the Employee Code of Conduct which deals with gifts and hospitality.

2 Principles

2.1 The council is committed to the prevention, deterrence and detection of bribery.

2.2 The council commits to:

· making all employees and associated people (eg agency staff and volunteers) aware of their responsibilities to adhere strictly to this policy at all times

· training members of staff so that they are aware of the Bribery Act

· encouraging all employees to be vigilant and to report any suspicions of bribery, providing them with suitable channels of communication and ensuring sensitive information is treated appropriately

· rigorously investigating instances of alleged bribery and assist the police and other authorities in any investigations or prosecutions they undertake

· taking strong action against any individual(s) involved in bribery.

3 Scope

3.1 This policy applies to all of the council’s activities, members of staff (permanent and temporary), agency staff, volunteers, consultants, and councillors.

3.2 For partners, joint ventures, and suppliers, we will seek to promote the adoption of policies consistent with the principles set out in this policy.

3.3 All employees and councillors are required to:

· raise concerns as soon as possible if it is believed or suspected that this policy has been breached or may be breached in the future

· comply with the spirit, as well as the letter, of the laws and regulations of all jurisdictions in which the council operates, in respect of the lawful and responsible conduct of activities.

3.4 As well as the possibility of civil and criminal prosecution, employees breaching this policy will face disciplinary action, which could result in dismissal in cases of gross misconduct.

4 Offences

4.1 There are four key offences under the Bribery Act 2010.

Section 1 – Offence of bribing another person

4.2 This section makes it an offence when a person offers, promises or gives a financial or other advantage to another person and intends the advantage to induce a person to perform improperly a relevant function or activity or to reward a person for the improper performance of such a function or activity.

4.3 It is also an offence when a person offers, promises or gives a financial or other advantage to another person and knows or believes that the acceptance of the advantage would itself constitute the improper performance of a relevant function or activity.

Section 2 – Being bribed

4.4 This section makes it an offence when a person requests, agrees to receive or accepts a financial or other advantage intending that, in consequence, a relevant function or activity should be performed improperly.

4.5 It is an offence when a person requests, agrees to receive or accepts a financial or other advantage and the request, agreement or acceptance itself constitutes the improper performance of the person of a relevant function or activity.

4.6 It is an offence if a person requests, agrees to receive or accepts a financial or other advantage as a reward for the improper performance of a relevant function or activity.

4.7 It is also an offence if a person in anticipation of or in consequence of the person requesting, agreeing to receive or accepting a financial or other advantage, a relevant function or activity is performed improperly.

Section 6 – Bribery of foreign public officials

4.8 Under this section of the Act an offence is committed when a person intends to influence a foreign official in their official capacity and intends to obtain or retain business or an advantage in the conduct of business.

4.9 It is also an offence to offer, promise or give any financial or other advantage to a foreign public official.

Section 7 – Failure of a commercial organisation to prevent bribery

4.10 A relevant commercial organisation is guilty of an offence if a person associated with the organisation bribes another person intending to obtain or retain business for the organisation or to obtain or retain an advantage in the conduct of business for the organisation and the organisation fails to take reasonable steps to implement adequate procedures to prevent such activity.

Corporate Responsibility

4.11 City of York Council is considered to be a commercial organisation under the Bribery Act. It is therefore important that the council takes steps to prevent bribery from occurring within the organisation.

4.12 If an offence did occur then courts would consider six tests to determine whether the council was culpable.

· Does the council have proportionate procedures in place to prevent bribery by persons associated with it? Theses should be clear, practical and accessible.

· Is there top level commitment to preventing bribery? This includes members as well as officials.

· Is the council’s exposure to potential external and internal risks of bribery periodically assessed?

· Does the council take a proportionate and risk based approach to mitigate identified bribery risks.

· Are anti-bribery policies and procedures embedded and understood throughout the organisation? Are they communicated internally and externally?

· Are procedures monitored and reviewed regularly?

Penalties

4.13 A person guilty of an offence under sections 1, 2, or 6 of the Bribery Act may be sentenced to:

· a maximum imprisonment of 12 months and/or a fine not exceeding £5,000 (if convicted in a magistrates court)

· a maximum imprisonment of 10 years and/or an unlimited fine (if convicted at a crown court).

4.14 An organisation found guilty of allowing bribery offences to occur will be subject to an unlimited fine that is in part determined by the gain that was sought to be made through bribery offences and an assessment of an organisation’s culpability by the court.

5 How to raise a concern

5.1 We all have a responsibility to help detect, prevent and report instances of bribery. If a member of staff or councillor has a concern regarding a suspected instance of bribery or corruption then please speak up. The sooner you act, the sooner it can be resolved.

5.2 Employees who raise concerns or report wrongdoing may be concerned that there may be repercussions. The council is committed to ensuring nobody suffers detrimental treatment because they report a concern that they believe is true, or refuse to take part in bribery or corruption. The council aims to encourage openness and will support anyone who raises concerns under this policy, even if those concerns prove to be incorrect.

5.3 Members of staff should consult the council’s whistleblowing policy which sets out a number of routes for reporting concerns.

5.4 Concerns can be raised anonymously and the council may still take action. However, it is easier and quicker if concerns are not made anonymously. The council will take all possible precautions to ensure that the identities of people who raise concerns are protected.

6 What to do if someone reports a concern

6.1 All reports of potential bribery within the council should be reported to the council’s Director of Governance, Chief Finance Officer, and Veritau.

POLICY LAST REVIEWED AND UPDATED: January 2022

[1] Annual Fraud Indicator 2017, Crowe Clark Whitehill

[2] Public Accounts Committee Report – Fraud and Error, June 2021, HM Government

[3] Public Accounts Committee Report – Fraud and Error, June 2021, HM Government

[6] Threat Landscape for Supply Chain Attacks, ENISA, July 2021

[7] For example the CIPFA Code of Practice on Managing the Risk of Fraud and Corruption.

[8] All suspected fraud should be reported to Veritau. A record of all such information will be maintained on a confidential basis.

New development activity: