Public Authorities (Fraud, Error and Recovery) Bill (First sitting) Debate
Full Debate: Read Full DebateDepartment: Cabinet Office
Mike Wood
Main Page: Mike Wood (Conservative - Kingswinford and South Staffordshire)Department Debates - View all Mike Wood's debates with the Cabinet Office
Public Authorities (Fraud, Error and Recovery) Bill (First sitting)
Mike Wood ExcerptsTuesday 25th February 2025
(1 day, 21 hours ago)
Public Bill CommitteesRead Full debate Public Authorities (Fraud, Error and Recovery) Bill 2024-26 View all Public Authorities (Fraud, Error and Recovery) Bill 2024-26 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 25 February 2025 - (25 Feb 2025)
The Chair
Q
Professor Button: Good morning, everybody. My name is Professor Mark Button. I am co-director of the Centre for Cybercrime and Economic Crime at the University of Portsmouth and I have been researching fraud-related issues for nearly 20 years.
Dr Kassem: Good morning, everyone. I am Dr Rasha Kassem, senior lecturer and leader of the fraud research group at Aston University. Like Mark, but probably for fewer years, I have been researching all aspects of fraud.
Professor Levi: I am Michael Levi. I am professor of criminology at Cardiff University and I have been researching fraud for 53 years, so I think I win on that score, although that may mean I am very out of date.
Mike Wood (Kingswinford and South Staffordshire) (Con)
Q
I will start by asking the panel a reasonably general question. What, in your experience, are the main limiting factors in investigating public sector fraud?
Professor Button: There is a number of factors. Obviously, the first challenge with dealing with social security fraud and a lot of the rest of public sector fraud is that you have no choice but to deal with those people. It is not like a bank or a private company, which have the opportunity to decide whether to do business with that particular person. In the case of someone making a claim for a benefit, the public sector body has to deal with that person.
You are obviously dealing with increasingly highly organised fraudsters that often operate across borders. That poses significant challenges, particularly for many public sector fraud agencies, particularly when the police themselves have very limited resources. Fewer than 2,000 officers are dedicated to economic crime. They simply do not have the time to help public sector bodies deal with these things. When you look at those particular challenges, having professional capacity within government to investigate fraud with the appropriate powers is a sound basis for dealing with these problems.
Dr Kassem: The capabilities and skills of public authority staff would be a main challenge for me. Do they have the same understanding about what fraud means, its impact, the methodologies and typologies of fraud and the limitations of each type? I ask that because when you talk about fraud, you are talking about fraud committed against the public sector by individuals as well as organisations. The procedures cannot be the same in each case, and the motivations and the resources will not be the same in each case, so they have to have this understanding.
Equally, there has to be an understanding about the differentiation between fraud and error; the element of intent to deceive is the main differentiating factor. Do we have criteria that tell staff in the public sector how to differentiate between fraud and error? Is that agreed upon criteria to ensure that errors are not happening? Are they trained and do they have the proper skills to enable them to investigate without accusing, for example, innocent people and impacting adversely vulnerable individuals? That would be the main challenge, in my view.
Professor Levi: I have one final, quick point, because I know that there are a lot of questions. At one extreme, there is the point that Mark made about organised crime groups and so on, but it is a question of identifying when something is an organised crime activity, which you can only do easily either by getting intelligence or by correlating claimants’ data to build up a pattern, as in covid-19 fraud schemes. At the other extreme, there is what is probably the majority—failure to notify a change in circumstance. This has always been the most common part of the area covered by the Department for Work and Pensions. As far as the Public Sector Fraud Authority goes, I think it is a question of identifying a lot of internal cases from people that you would not ordinarily suspect.
Mike Wood
Q
Professor Button: One of the key things is always resources. If you look at the size of the PSFA at the moment, in terms of the scale of fraud, and look at some of its estimates, you see that this is substantially more than the estimates of fraud in the DWP, so having a relatively small unit, as proposed, is, I think, a limitation. For me, the key thing is having the appropriate resources within that unit to have a real impact on fraud. That question, “Is there enough there at the moment?”, is a key one.
Dr Kassem: Although I believe that this is a very positive step and definitely will enhance accountability, several things need to be considered. To start with, the definition of fraud can be a bit limiting in the current Bill, because, first, it assumes that fraud is happening for financial reasons when that is not necessarily the case. There are non-financial motives. Let us consider insider fraud—fraud committed by insiders, people working for the public authorities—which is one of the most common threats not just in the public sector, but across other sectors. A disgruntled employee can be as dangerous as someone with a financial motive. So I would stick with the Fraud Act 2006 definition of fraud, because it mentions personal gain full stop. It can be financial and it can be non-financial. That has to be clarified.
There is also the difference between fraud and error. I know that intent is mentioned—rightly so—as the main differentiating factor between fraud and error. Again, however, we have to be very clear about the criteria that would enable public sector staff to differentiate between fraud and error, because you do not want them to make mistakes and accuse innocent individuals of committing fraud, just like what happened in the Post aOffice scandal. That would cause further reputational damage to the Public Sector Fraud Authority and the public sector in general, so they have to be very careful about the criteria, which have to be agreed upon.
This is the second area that I want to talk about: because there is a difference between fraud and error, the recovery and the procedures, in terms of perpetrators committing fraud versus those committing an error, need to be clarified in the Bill. I do not think that that is clear enough at the moment.
The third point is about understanding the very nature of fraud—the fact that fraud can be committed by individuals and organisations. The policies and procedures that will be followed when you deal with fraud committed by individuals should not be the same as those that are followed when you deal with organisations. For example, if you were to take preventive measures, the procedures would be different for organisations versus individuals. With organisations, you are talking about controls, compliance measures and so on. That has to be clarified in the Bill—how fraud committed by organisations will be dealt with versus fraud committed by individuals.
Lastly, I would like to raise the possibility of abuse of power. Again, although the PSFA has greater intentions of preventing fraud, you want it to appear to the public that there is less risk of abuse of position. The oversight board will be very important there as an independent body, and perhaps it could be a board independent from the PSFA staff who oversee the work. For this to work, there have to be proper governance structures, including independent board members who have proper fraud expertise and understand the limitations and the mission of the public authorities. It will be very important for public authorities to report on their operational performance to enable that independent board to oversee properly.
Professor Levi: I do not quite agree with all those comments. Some of those measures do not need to be in the Bill, but they obviously need to be part of the structure. The Bill will hopefully last for a long time, and I am sure that you are all familiar with changes.
I think the point about the resource is important, but you also need to allow time for bedding in. There is the issue of where they will recruit staff from, and how experienced they are in actually dealing with stuff. I remember the Assets Recovery Agency, which was a stand-alone body. It was closed down because it did not recover as much as it cost at that time, as there were so many appeals. This is not quite analogous with that agency, but one needs to remember that it takes years to develop skills in actually handling cases. I do not think that is so much a question of the limitations of the Bill but a warning about not expecting too rapid results. Obviously, the practitioners and policymakers may offer a different view from mine, but I think it takes quite a long time. When I reviewed the Serious Fraud Office for the royal commission in 1992, I saw that gaining expertise in actually dealing with stuff takes quite a while, and some would argue that it has not yet done that.
Mike Wood
Q
Professor Button: With any kind of initiative like this, you will always get a degree of displacement. The clever fraudsters will find new means to get around the rules. Obviously, a lot of these measures are directed at the more opportunistic individuals who are not as well organised and probably do not invest as much time in looking for means to get around some of those measures. For that client group of offenders, the Bill will be quite effective. However, for the more organised offenders, particularly the more organised crime elements, they will find ways to get around some of these measures.
Professor Levi: I am not clear about the provisions for international linkages in the Bill. Perhaps that is something that just needs to be sorted out afterwards, but people need to be able to chase money overseas. The question about who does that, and what they need to do before they are able to do that, is pretty important. This is not so much in covid-19 frauds, because that has already happened, but a lot of these things are time critical. The asset-freezing orders that were granted to the police in 2017 have proven very effective, so we need to think about what processes there are for dealing with stuff rapidly.
Dr Kassem: I have one final point. I raised the issue of differentiating between fraud committed by individuals and by organisations. I think that needs to be sorted in the Bill, not afterwards. For example, from a governance perspective, the Bill says that you can access banks accounts and freeze assets, but whose? Are you going to take the assets from the organisation, the directors running the organisation or the fraud perpetrators inside the organisation? This has to be sorted, because you will face another issue, at least in courts, about who is the controlling mind in the organisation. The organisation has a mind of its own legally, and therefore cannot be treated in the same way as when you deal directly with individuals. If that is sorted, there will hopefully be a higher probability of recovery and fewer loopholes in the Bill.
Professor Levi: There is also the question of legal aid for those suspected or accused who have to take some measures to appeal. I was not clear about that, although it may be my fault.
Neil Coyle
Q
Professor Levi: I am not sure that it needs to be in the Bill. Definitions of what we mean by “organised” are typically vague. An act committed by three or more people for the pursuit of profit is a very low bar for organised crime. A fraud by one person can be perfectly well organised, but they are not part of an organised crime group. In policing, we talk about organised crime activity and people normally think about organised crime groups. That is a definitional problem that may be too much for the Bill in its present form, and indeed for Governments. They certainly need to think about what conditions apply to which people, and I am sure they have. I am not sure whether that constraint needs to be in the Bill, but Dr Rasha may have a different view.
Dr Kassem: For me, when I talk about fraud committed by organisations, it does not have to be organised crime. It could be a legitimate organisation defrauding the public sector. Again, the Bill mentions things around recovery, such as accessing bank accounts and seizing assets—how would they apply in cases of organisation versus individual? That needs to be thought about carefully in the Bill. Again, when you think about the nature of fraud and who is committing it, you are talking about different powers and different motives for individuals versus organisations. There are different assets and different ways of recovery. They are not the same, and therefore that has to be clarified in the Bill.
The Chair
We will now hear evidence from Helena Wood, director of public policy and strategic engagement at Cifas and a fellow of the Royal United Services Institute.
Mike Wood
Q
Helena Wood: I find it quite difficult to comment on that, given that we are yet to see the code of practice. A lot of burden has been placed on that code of practice as it stands to build in some of that proportionality. I know the Government have committed to consulting on that code of practice forthwith, but without seeing that, a lot hinges on how those powers will be used in practice. Without that being known to me at present, I would quite like to see something pulled up on to the face of the Bill to build in proportionality by design.
Both on the PSFA side and the DWP eligibility verification powers, the Bill is a very blunt instrument, as it stands, and I think the law would do well to pull up those proportionality measures on to the face of the Bill. We have to look at this Bill in its broader context: very much unintentionally, it stands at that ideological debate between the rights of the individual to privacy and the rights of society as a whole to benefit from the funds that are available to fund essential public services. We have to deal with both of those arguments with due caution and due respect. As it stands, the Bill tends to be quite blunt in the way things are proposed on its face, and I would like to see a lot more from that code of practice and how it will be built in.
Beyond that, I would like to see a lot more about the people who will be using these powers. Again, we trust the police to use their coercive and intrusive powers based on their skills, experience and training. At the moment, there is a reasonably low bar set in the legislation, which is merely to be a higher executive officer or senior executive officer—a very entry-grade civil service officer. Other coercive powers that we can see across areas I have studied over the course of a 20-year career, particularly the Proceeds of Crime Act 2002, require some professional skills: where one is not a police officer, one must be a trained financial investigator. It is a trained and accredited role that is overseen by statute. Here, the competence of the individuals using that power, and the trust we can thus place in them to use those powers proportionately, is quite limited.
Mike Wood
Q
Helena Wood: It depends which part of the Bill we are talking about. This is a game of two halves: some of the PSFA powers, for example, mirror powers that are used almost as standard across the landscape of counter-financial crime, and I think we can be more comfortable about the use of those powers. The power I have more concerns about is something that is very new and incredibly intrusive, and without limitation to it being a civil or criminal investigation: the DWP eligibility verification powers. There, we need to proceed with more caution about how they are used, given that this is very much at risk of being a blanket, phishing-style power without any recourse to the limitations and the bars that others have to reach to use other powers that would be either a civil or criminal investigation. I think that part of the Bill requires a little more thought and proportionality pulling up front, unless the Government can bring forward that code of practice to allow those of you around the room judging this Bill to see what will be in the code to limit the use of those powers to the highest risk of high-end investigations, rather than making it a blanket power.
Mike Wood
Q
Helena Wood: Absolutely. The concerns I have around those powers are about collateral intrusion. We can all agree that the quality of data both on the DWP side and on the part of financial institutions is not always as good as it could be. I completely agree with the need to minimise the level of information that those institutions give back to the DWP, to caution against unnecessary intrusions upon privacy, but I would like to see a minimum standard of data match that would be required to take action on that data. If the banks are only giving a minimum amount of information back into the DWP, how do we know that that is an absolute specific match on the individuals they have on their system? Without seeing information about how that will be acted upon in the code of practice, I am slightly cautious. We need to see that detail earlier rather than later, for you to be able to make that judgment about the risk of unintended consequences of this legislation.
Let us again look at this in its broader context. This is a very intrusive power, but it sits in a suite of other measures and powers available to investigators across the system. What we do not want to do with this power is to bring those other powers into disrepute. We have to apply it with due caution, making sure that a match is a match. I would like to see which specific data points will be available to the DWP investigator to ensure this is a match and to minimise the risk of collateral intrusion.
Andrew Western
Q
Helena Wood: That is a very good question. It goes back to the balance between individual rights to privacy and society’s rights as a whole. Only you can make the decision about where that balance falls. Going back to the previous question, I would like to see built into the oversight of the use of the power a specific requirement for the independent reviewer to look at instances of collateral intrusion and where mistakes have been made, and to report on those to Parliament. If we can build that into the code of practice—forgive me for keeping on going back to that code, but I think a lot of the use of this power hinges on how it will be used in practice and by whom. We need to build some significant guardrails against that.
The second point I would make is that to my knowledge, this is an unprecedented power internationally, so how can we be sure it is going to be effective in practice? We know, for example, that individuals rarely have one bank account in one institution any more. In fact, numerous pieces of research—forgive me; I do not have the figures in my head, but I can refer those back to the Committee—show that individuals now have masses of bank accounts across five, six, seven and up to 10 or 20 institutions. By targeting one institution, are you really going to get a full picture anyway? If this is to be proportionate, we have to be clear that intrusion is proportionate and is going to be effective in practice. I am yet to see the evidence that it is, if it is used in a scattergun way. That is why it would be great to build into the code of practice something much more targeted around risk. For example, high-risk postcodes coming through in intelligence around organised crime attacks on the benefits system might be one way to look at this.
The Chair
We will now hear evidence from Kristin Jones, formerly of the Serious Fraud Office and the Crown Prosecution Service, and from Alex Rothwell, chief executive of the NHS Counter Fraud Authority. For this panel, we have until 11 o’clock.
Mike Wood
Q
Kristin Jones: I am sure I have the same answer as Helena. Until we see the codes of practice and the operational guidance, it is difficult to tell. Obviously, I have operated in very regulated situations where there has been accountability, but without that extra information, I cannot really say at the moment. But I think it is important that when you interfere with the rights of the individual, decisions are taken at a sufficiently high level by people with sufficient experience.
Mike Wood
Is that your view as well, Alex?
Alex Rothwell: I would echo Kristin’s thoughts. I suppose there is not necessarily anything novel in the Bill. Those powers exist elsewhere, so we have seen them in operation. The ability to test and learn, which is baked into the proposals, is very helpful. Importantly, it addresses a need.
Mike Wood
Q
Kristin Jones: Not on the face of the legislation necessarily, but I would perhaps expect certain commitments in debate that the code of practice will cover certain areas.
Mike Wood
Q
Kristin Jones: I do have some reservations about dealing with corporate organisations, as was expressed earlier, because a corporate cannot speak itself; it can speak only through its officers. The Bill only talks about notices; it does not talk about answering questions. It is quite difficult if you are not able to ask an officer of a corporate questions and you have just written answers through notices. I wonder whether there are sufficient powers for dealing with the more serious, top end of public sector fraud.
Mike Wood
Q
Alex Rothwell: Perhaps a good example is that although we believe we are losing something in the region of £1.3 billion a year to fraud, the amount of fraud that is actually identified is relatively low, because a lot of the value we get is from future prevention. For example, in 2023-24, the figure was something like £5.2 million, but we only recovered 12% of that figure. There is a lot more value to be had. The Bill will be incredibly helpful for us to recover more money from people who have been suspected of fraud. When it comes to pursuing criminal justice outcomes in relatively low value cases—perhaps individuals who have taken £5,000 or £10,000, who have been exited through human resources processes or who have simply left the organisation—the Bill gives us an incredible opportunity to recover more funds, and I think we would use it extensively.
Mike Wood
Q
Kristin Jones: My career has been dealing with fraud in the public and private sector, and I think it is important that when fraud is investigated and you discover something that is not in your scope, you are able to communicate it so that fraudsters are tackled, whether that is in the private or public sector. That is my only concern.
Alex Rothwell: The Bill seems pretty comprehensive in terms of our requirements. There are things that I have concerns around, including training—not just of individuals who are exercising the powers, but of those who manage them and set the culture and tone of an organisation and how it is built in. I echo Kristin’s comments about private sector providers. For example, we are increasingly seeing private sector providers providing NHS services, so how would that be exercised? From my point of view it is more about the exercise of the powers than the extent of the powers.
Kristin Jones: The other thing I think is missing compared to when other organisations have been established is that we only talk about investigators. I am a great believer in a multidisciplinary team, with early legal advice, accountancy advice as necessary and financial investigators, but we have an organisation at the moment in which we only define the role of the investigators.
Andrew Western
Q
Alex Rothwell: I certainly echo your thoughts in terms of attitude. We have seen that expressed in a number of different ways through surveys and transparency—the international transparency index, for example. In terms of statistics, we have seen our fraud prevalence rate remain fairly steady over the last five to seven years, but it is a complex picture because I think that we have been increasing our fraud protection measures as well. What we have seen across the board are bitter pay disputes and a sense that contracts do not pay enough. We have extensive provider assurance programmes that are recovering funds through what we classify as error. I do not see any change in that climate necessarily. Opportunities to strengthen prevention, for us, are the most important factor to influence people’s decision making before they commit fraud. So it is a huge concern to me, but not necessarily in terms of statistics.
Kristin Jones: During my career, I have seen sentences for fraud increase dramatically and that sends a clear message but, over my career, instead of only a few people being exposed to fraud, when you answer your telephone, there is a good chance you have a scammer at the other end; it could happen once a week, if not several times a day. If you are being targeted, it could be every mealtime, with the scammer hoping that while you are distracted you will fall for some con. The worry is that the public are exposed so much to fraud that its seriousness gets watered down in their mind. You have these forums where you can recommend how to claim various things from the Government and how to hit sweet spots to get that benefit or grant. So it has changed and perhaps people are not as shocked by fraud as they used to be.