Counter Fraud, Bribery and Corruption Policy

NHS Digital has a zero-tolerance approach to fraud, bribery and corruption and will take all appropriate measures to prevent and detect it. NHS Digital is committed to:

• developing an anti-fraud culture across the organisation
• having effective systems, processes and controls in place to prevent fraud, bribery and corruption
• taking all reports of fraud, bribery and corruption seriously and investigating them proportionally and appropriately 
• seeking the appropriate disciplinary, regulatory, civil and criminal sanctions against those who commit fraud and, where applicable, recovering losses.

All staff have a responsibility to assist in preventing fraud, bribery and corruption and expected staff behaviours are contained in the Code of Business Conduct and the Seven Principles of Public Life.

The primary purpose of this policy is to provide direction and guidance for managing the risk of fraud, bribery or corruption. It also sets out NHS Digital’s approach for responding to such suspicions and is in accordance with the Government Functional Standard GovS 013: Counter Fraud. It is not intended to provide a comprehensive approach to preventing and detecting fraud.

This policy relates to all forms of fraud, bribery, corruption and other economic crimes, such as theft. It applies to all NHS Digital staff, regardless of position held and employment type, including non-executive directors, permanent and interim staff (temps and contractors) and secondees, as well as consultants, vendors and any other party who has a professional or business relationship with NHS Digital.

Fraud

For the purpose of this policy, fraud is defined as the intentional use of deception to gain a financial advantage or to deprive, disadvantage or cause loss to another. This can include the misuse of funds or other resources and/or the supply of false information.

The Fraud Act 2006 sets out three principal fraud offences:

Section 2: fraud by false representation

Example exaggerating amounts on claim forms or timesheets.

Section 3: fraud by failing to disclose

Example not declaring unspent criminal convictions in order to gain employment.

Section 4: fraud by abuse of position

Example a senior manager uses their position to siphon off funds.

The focus is on the dishonest behaviour of the subject and their intent to make a financial gain or cause a financial loss. The gain or loss does not have to succeed if the intent is there.

Other examples of fraud that might occur at NHS Digital are:

• working for another employer whilst on sickness absence or when not working in one of our offices
• contractors or suppliers collaborating together during a tender process (bid rigging)
• suppliers submitting payment claims for goods or services that were not delivered or inferior to what was specified in the order (invoice fraud)
• requesting a change to staff or supplier payment details to their own (mandate fraud)
• misappropriating confidential data or selling it to third parties

The NHS Digital Management Statement on Corruption makes clear NHS Digital’s zero-tolerance to bribery.

The Bribery Act 2010 sets out four offences

• offering a bribe  Offering, promising or giving of a financial reward or other inducement to another person to perform a relevant function or activity improperly.
• accepting a bribe Requesting, agreeing to receive, or accepting a financial reward or other inducement to perform a function or activity improperly, directly or indirectly, and irrespective of whether it is for the recipient’s benefit.
• bribing a foreign public official
• failure of a commercial organisation to prevent bribery

NHS Digital and its staff may also be liable if appropriate measures are not put in place prevent bribery.

There is no specific definition of corruption but it is an ‘umbrella’ term that covers various crimes, such as bribery, kickbacks, cronyism, theft, and embezzlement.

Theft is broadly included in the definition of fraud. The three main offences in the Theft Act 1968 are

• Section 1: theft  Dishonestly taking property of another with the intention of permanently depriving it for example retaining laptops after leaving NHS Digital
• Section 17: false accounting Dishonestly destroys, conceals or falsifies any accounting record or produces a misleading accounting record with a view to making a gain or loss for another for example exaggerating financial performance
• Section 24a: retaining wrongful credit Dishonestly fails to take reasonable steps to ensure that a wrongful credit is cancelled for example taking no action to cancel incorrect salary enhancements.

An equality impact assessment has been carried out in accordance with NHS Digital’s Equality and Diversity Policy and Procedure. No detriment has been identified.

Chief Executive Officer

The Chief Executive Officer, as the Accounting Officer, has overall responsibility for the funds, assets and resources entrusted to NHS Digital and must ensure that adequate policies and procedures are in place to protect NHS Digital and its funds from fraud, bribery and corruption.

NHS Digital Board

The Board has a duty to provide governance and oversight of NHS Digital to ensure that its funds, assets and resources are adequately protected against criminal activity, including fraud, bribery and corruption. The Board also provides support and strategic direction for counter fraud work.

Chief Financial Officer

The Chief Financial Officer (CFO), as Executive Lead, has overall responsibility for counter fraud measures at NHS Digital. This includes reviewing and providing assurance of counter fraud measures and championing counter fraud at a senior level.

The CFO also gives authority to undertake investigations and is responsible for monitoring them. Depending on the outcome of initial investigations, the CFO will inform relevant senior management of suspected cases of fraud, bribery and corruption, where appropriate.

Internal and External Audit

The role of internal and external audit includes reviewing controls and systems and ensuring compliance with financial instructions. They will inform the Head of Corporate Security and Fraud of any relevant weaknesses in controls and suspicions of fraud, bribery and corruption.

Head of Corporate Security and Fraud

The Head of Corporate Security and Fraud leads the Counter Fraud team and works with the CFO to promote counter fraud work, effectively respond to system weaknesses and investigate allegations of fraud and corruption, in line with the government functional standard for counter fraud. They will:

• oversee an appropriate anti-fraud culture at NHS Digital
• undertake proactive exercises to prevent and detect fraud, such as the government National Fraud Initiative
• undertake regular risk assessments to identify threats, weaknesses and mitigation plans
• investigate actual or suspected fraud in accordance with the requirements of all applicable legislation. This might include taking witness statements and interviewing potential suspects under caution when appropriate, and referring cases to the Crown Prosecution Service should the investigation indicate that a crime has been committed
• ensure that the DHSC Anti-Fraud Unit (DHSC AFU) and CFO are kept appraised of all referrals/cases
• liaise with the DHSC AFU on a regular basis to ensure alignment to wider health group objectives to tackle fraud, bribery and corruption

HR liaises closely with the Head of Corporate Security and Fraud where an employee is suspected of being involved in fraud. HR advises those involved in the investigation in matters of employment law and in procedural matters, such as disciplinary and grievance procedures. Close liaison between HR and the Head of Corporate Security and Fraud is essential to ensure that any disciplinary or appropriate NHS Digital policies are applied effectively and in a co-ordinated manner.

HR ensures that recruitment policy and guidance effectively address requirements for appropriate pre-employment checks, including those necessary to establish, identity and confirm relevant employment history, qualifications and membership of professional bodies.

HR will also maintain effective control over Electronic Staff Records and will work with Finance and NHS Digital’s payroll provider to monitor pay records to identify and address any anomalies.

Staff who have been appointed as Freedom to Speak-Up Guardians will report any allegations that they receive relating to fraud, bribery and corruption to the Head of Corporate Security and Fraud (whilst protecting the identity of the referrer, if necessary).

DHSC AFU provides strategic direction and ensures alignment of counter fraud work within health arms-length bodies to wider government. It also provides assistance with serious and complex fraud investigations. 

Managers must ensure NHS Digital’s policies and procedures that safeguard it against fraud, bribery and corruption are adhered to. They should also be alert to the possibility that unusual events, transactions or behaviours could be symptoms of fraud. Where they have any doubt, they must seek advice from the Head of Corporate Security and Fraud.

They must also ensure that an adequate system of internal control exists within their areas of responsibility and that controls operate effectively. They must instil among their team a zero tolerance culture towards fraud, bribery and corruption.

Managers must bring this policy to the attention of their staff, make them aware of where they can obtain further information and how they can report suspicions of fraud, bribery and corruption.

As part of that responsibility, managers need to

• liaise with the Head of Corporate Security and Fraud to understand the risks within their areas of operation and how they might assess and mitigate these risks
• understand the Counter Fraud, Bribery and Corruption Policy and the rules and guidance covering the control of specific items of expenditure and receipts
• ensure travel and expenses claims are accurate, valid and for work purposes before authorisation 
• check agency workers’ and contractors’ timesheets have been correctly completed prior to authorisation
• ensure adequate controls are in place and regularly reviewed to minimise fraud risks, such as having defined roles and responsibilities, regular checks, staff rotation (with consultation), separation of duties, and control of a key function is not invested in one individual
• ensure controls are being complied with 
• identify high-risk or financially sensitive posts
• regularly monitor staff access to sensitive or confidential information
• inform staff of NHS Digital’s Code of Business Conduct and Counter Fraud, Bribery and Corruption Policy as part of their induction process, paying particular attention to the need for accurate completion of personal records and forms

All staff must ensure that NHS Digital’s policies and procedures that safeguard against fraud, bribery and corruption are followed. They will lead by example in acting with utmost integrity and ensuring adherence to all relevant regulations, policies and procedures.

All staff have a personal responsibility to protect the assets of NHS Digital, including buildings, equipment and funds from fraud, theft and bribery. They will carry out due diligence, appropriate scrutiny and undertake proportionate risk assessments to prevent fraud.

Bribery is absolutely prohibited. This means that anyone associated with NHS Digital will neither offer/give nor request/receive a bribe. All gifts, non-salary payments, hospitality and other contributions should be recorded in accordance with the Hospitality and the Receipt of Gifts Policy. Staff must also disclose their business interests or close association to anyone with a business interest in accordance with the Registers of Interest Policy.

Reporting Fraud, Bribery and Corruption

Staff members who suspect fraud, bribery or corruption may be taking place should report it to NHS Digital’s Counter Fraud team by emailing [email protected] or by calling 07920 232745. Referrals can be made anonymously and further information is available through the NHS Digital intranet via the Apps menu and is also contained in the Whistleblowing Policy.

Alternatively, NHS Digital has developed a Safe to Challenge initiative which provides a confidential, anonymous, safe and secure “one stop shop” for raising any concerns. For further information, go to the Safe to Challenge intranet page or contact [email protected].

If staff do not feel confident in reporting concerns through the sources listed above, they can also report suspicions directly to

Department of Health and Social Care Anti-Fraud Unit

DHSC Anti-Fraud Unit has responsibility for the investigation of fraud, bribery and within the Department of Health and Health Social Care and its arms-length bodies where it does not affect the health service. [email protected] 07769 926 626 or 020 7972 6547.

NHS Counter Fraud Authority

The Counter Fraud Authority is a special health authority charged with identifying, investigating and preventing fraud and economic crime within the NHS.

Whistleblowing is defined in the Public Services Reform Healthcare Whistleblowing Order 2020 as “when a person raises a concern that relates to speaking up, in the public interest, about an NHS service, where an act or omission has created, or may create, a risk of harm or wrongdoing.”

This includes an issue that:

• has happened, is happening or is likely to happen
• affects the public, other staff or the NHS organisation itself

Examples include fraud, bribery, unlawful conduct, financial malpractice, breaches of codes of conduct, disregard for health and safety rules and dangers to the public or environment.

Anyone who is concerned about a wrongdoing that threatens public interest should raise the matter through the most appropriate route. Further details can be found in the Whistleblowing Policy. Under this policy, we are committed to making sure that you are not penalised for revealing your concerns and we will protect you if you report anything that you reasonably believe to be in the public interest.

Independent and external advice can be obtained from the charity Protect or calling 0800 055 7072

See Annex 1. All referrals will be dealt with confidentially and seriously. The same investigation process will apply irrespective of reporting route, including intelligence items generated from partner organisations or proactive exercises undertaken by the Counter Fraud team.

The Counter Fraud team will acknowledge receipt of referrals, in writing, within 5 working days. They will undertake an initial triage and may consult with the Head of HR, the CFO and the DHSC AFU to agree the most appropriate course of action. All referrals will be logged on a central case management system (CLUE) and access to this will be restricted to the investigating officers.

When appropriate, an investigation will be conducted by the Counter Fraud team to establish the facts, which may involve obtaining written statements. The Head of Corporate Security and Fraud and/or the CFO may designate suitably trained and qualified staff to undertake or assist with the investigation.

In order to minimise the risk of evidence being challenged and to ensure the investigation is being conducted fairly, members of staff must not try to investigate themselves. In parallel, a disciplinary procedure may be followed where the subject is an employee and will be conducted independently. If the allegations are found to be malicious, they will also be considered for further investigation and possible disciplinary action.

Serious and complex allegations of fraud, bribery and corruption may be referred to the DHSC AFU. Where necessary, the Head of Corporate Security and Fraud will decide if a case should be referred to the police.

Progress on investigations will be reported to the CFO and DHSC AFU. Dependent on the outcome of the investigation, cases may be referred to the Crown Prosecution Service (CPS) for prosecution. Not all cases result in a referral to CPS and nor do the CPS always decide to prosecute. This will not prohibit action being undertaken under disciplinary procedures.

NHS Digital will also consider all other sanctions, including civil action, financial redress, disciplinary procedures and management action.

During and after the investigation, a lessons-learned exercise will be undertaken to prevent future re-occurrence. A summary of this information will be reported to the Audit and Risk Committee.

Where possible, the Head of Corporate Security and Fraud will provide regular updates to the referrer and they will be informed of the outcome of the case. This may not be appropriate if it could prejudice legal action.

If the referrer is not happy with the way in which an investigation has been conducted, the matter can be raised directly with CFO

This policy must be reviewed and accepted by all NHS Digital staff annually via the Policy Toolkit. Compliance is reported to the Audit and Risk Committee every quarter.

Monitoring is essential to ensuring that controls are appropriate and robust to prevent fraud. The effectiveness of the policy will be measured by the amount of contact with the Head of Corporate Counter Fraud, Bribery and Corruption Policy v3.2 Final Copyright © 2022 NHS Digital Page 13 of 14 Security and Fraud and the number and type of concerns raised through this policy. The Head of Corporate Security and Fraud will determine whether further work to promote or revise this policy is needed.

This policy may also be reviewed following incidents of fraud or identification of control weaknesses to establish its effectiveness