See Annex 1. All referrals will be dealt with confidentially and seriously. The same investigation process will apply irrespective of reporting route, including intelligence items generated from partner organisations or proactive exercises undertaken by the Counter Fraud team.
The Counter Fraud team will acknowledge receipt of referrals, in writing, within 5 working days. They will undertake an initial triage and may consult with the Head of HR, the CFO and the DHSC AFU to agree the most appropriate course of action. All referrals will be logged on a central case management system (CLUE) and access to this will be restricted to the investigating officers.
When appropriate, an investigation will be conducted by the Counter Fraud team to establish the facts, which may involve obtaining written statements. The Head of Corporate Security and Fraud and/or the CFO may designate suitably trained and qualified staff to undertake or assist with the investigation.
In order to minimise the risk of evidence being challenged and to ensure the investigation is being conducted fairly, members of staff must not try to investigate themselves. In parallel, a disciplinary procedure may be followed where the subject is an employee and will be conducted independently. If the allegations are found to be malicious, they will also be considered for further investigation and possible disciplinary action.
Serious and complex allegations of fraud, bribery and corruption may be referred to the DHSC AFU. Where necessary, the Head of Corporate Security and Fraud will decide if a case should be referred to the police.
Progress on investigations will be reported to the CFO and DHSC AFU. Dependent on the outcome of the investigation, cases may be referred to the Crown Prosecution Service (CPS) for prosecution. Not all cases result in a referral to CPS and nor do the CPS always decide to prosecute. This will not prohibit action being undertaken under disciplinary procedures.
NHS Digital will also consider all other sanctions, including civil action, financial redress, disciplinary procedures and management action.
During and after the investigation, a lessons-learned exercise will be undertaken to prevent future re-occurrence. A summary of this information will be reported to the Audit and Risk Committee.
Where possible, the Head of Corporate Security and Fraud will provide regular updates to the referrer and they will be informed of the outcome of the case. This may not be appropriate if it could prejudice legal action.
If the referrer is not happy with the way in which an investigation has been conducted, the matter can be raised directly with CFO