CFA CEO says that community is at the heart of fighting NHS fraud

Alex Rothwell discusses the NHSCFA's future in these rapidly changing times in conversation with the Financial Crime Digest.

Published: 04/05/2022

Image of NHSCFA CEO Alex Rothwell

Last month our CEO Alex Rothwell, as part of his 100 Day Plan, met with a journalist (Roger Hamilton-Martin) from Aperio Intelligence Ltd to discuss the NHSCFA, it’s future in these rapidly changing times, and what Alex’s thoughts are after his initial first months in the role. This article is a republication of a piece published in the March 2022 issue of the Financial Crime Digest.

In Autumn 2021, the NHS Counter Fraud Authority (NHSCFA) appointed a new Chief Executive. Alex Rothwell spent 30 years with the Metropolitan and City of London Police, culminating in the role of Detective Chief Superintendent. Financial Crime Digest conducted an interview with him on his plans for the NHSCFA, fraud prevention, and the pandemic.

You joined the NHS in November 2021 following a long career with the Metropolitan Police and City of London Police. Could you talk about the challenge of going from a job tackling financial crime in society to dealing with risks faced within an institution?

Interesting question. Both the police and the NHS deal with a huge cross-section of society. The NHS is one of the biggest employers in the world and just about every UK citizen is an NHS patient. So there is a lot of similarity with police work in that sense. I should point out that fraud against the NHS is not only an internal problem but includes outside players, who may even be in another country in some cases.

Having said that, it has been a big change for me to get to grips with a whole new institution, in some senses a collection of institutions. And that is the nub: how do we all work together across the NHS and with outside agencies in an efficient way to tackle fraud, with so many variations at the local level? There are two sides to the coin: on the one hand the NHS is vast and therefore challenging. On the other hand, if we get something right and we share it well, the economies of scale are tremendous. The NHSCFA can lead in some cases, guide in others, and above all collaborate. The NHS is faced with over a hundred different kinds of fraud, some being unique to the healthcare environment. Clearly some frauds are directly against an individual and the kind of fraud I deal with now is against a large organisation. But at the end of the day, it damages individuals because money meant for patient care ends up elsewhere.

I see a strong commercial element to this role, in that there is a contract between the NHSCFA and Department of Health and Social Care (DHSC) to deliver services, while also it is akin to being a regulator at times. We need to reduce losses to the NHS, and we need to demonstrate the return on investment. We play a key role in enabling the NHS to meet its audit requirements. A bit like the police, we have to manage and support the victims of the crime, but less so. That being said, it is true that the victim of fraud against the NHS is all of us. I really notice the benefit of having a dedicated function – there are fewer distractions compared to being in the police.

One thing reminds me very much of police work, being the power of the community. We need to develop a strong counter fraud community who are empowered to act, so relationships and building trust are critical. Maintaining and raising our profile is also something I care about, that also mattered in the police. Naturally the media is more interested when things go wrong, so the onus is on us to attract their interest to what may not seem obviously newsworthy, but matters. Making hay while the sun shines! We need people to see the value in our work – a clear strategic vision helps and of course, must be shared.

Preventative work will always return a better result than a reactive response. So I partly agree with the sentiment that we “can’t investigate our way out of the fraud problem”. But there will always be a role to play for the investigation and detection of NHS fraud. It a) helps us to identify enabling factors, b) curbs those who are already engaging in fraud and have become skilled at it, and c) is a powerful deterrent to people who might be contemplating having a go. Collaboration is critical – I won’t try to list all of our stakeholders here but there are thousands of allies across the NHS and beyond we need to engage with.

What are the most concerning problem areas for NHS fraud, bribery and corruption in 2022?

Every year my organisation produces our SIA, or Strategic Intelligence Assessment. Unfortunately we believe there is a financial vulnerability of over £1 billion a year, which is roughly one percent of the NHS budget (of over £100 billion a year). Nobody knows for sure exactly what percentage is defrauded, but my intelligence teams spend all day, every day, keeping as close track of it as they can. How that ‘global’ or total annual NHS fraud figure breaks down is in the SIA.

Among the variety of vulnerabilities to fraud that the NHS faces are some that will be recognised across the wider public and private sectors. One example being in procurement, the vulnerability of which is in both the pre- and post-contract stages. In the NHS there are set processes that we continually need to assess to ensure that they are adequate to mitigate against the threats faced but equally important is encouraging the key stakeholders in the NHS to actively employ the measures that are available to them. In the past year we have promoted, through the issue of fraud prevention guidance, how best the NHS can reduce the window of opportunity that criminals may want to exploit and we have successfully reduced that vulnerability in partnership with the NHS. In relation to post-contract vulnerability one area that we are actively looking at addressing is in payment diversion fraud, or mandate fraud. We need to be innovative in our consideration of technology as just one of a range of measures that can again narrow the window of opportunity for criminals.

One area that may not be shared across sectors and relates directly to the NHS is where patients claim exemption for paid NHS services to which they are not entitled. Whilst the individual sums may be small, we assess the extent of the potential losses to fraud as running into the hundreds of millions - in the case of prescription charge evasion, £193 million. We are working with partners across the NHS to ensure that real-time checking of claims for exemption can be undertaken and where potential fraud has been committed, appropriate action is taken to deter others from doing the same. Without wanting to get too technical, we produce strategic intelligence, threat and vulnerability assessments. They all play their part. I see these assessments evolving with more of a focus on the “so what?” or the “what next?”. Data is only as useful as the effectiveness of the resulting action taken. We can probably do more to interpret that data, to draw conclusions.

Our key priority areas at the moment are: Community Pharmaceutical contractor fraud, patient exemption fraud, procurement fraud, commissioning of services fraud, staff fraud, General Practice fraud, optical contractor fraud, dental contractor fraud, and PBR and National Tariff fraud. The Fraud Reference Guide on our main website is perhaps the best place to drill down into the detail of these fraud types. And of course, the media coverage of successful prosecutions makes it a lot less theoretical for the public and a lot more real. The Fraud Squad TV programme on BBC1 is a case in point. My team worked closely on that project, both the investigators in front of the camera and the communications team assisting behind it.

Have there been recent technological changes - for instance, increased remote consultations - that are affecting how fraud is perpetrated against the NHS?

In general, the digitalisation of services has presented new opportunities for fraud (though it has also presented new opportunities for detection as well). When we talk of cyber-enabled criminality this in reality can be anything which requires an internet connection and a computer. It is difficult to hide the electronic footprint created when committing fraud of this nature but there have to be systems in place to find it, otherwise it will go unnoticed. Perhaps the hardest issues to detect are where those with access to and authority over data undertake fraudulent activity which cannot be detected through standard data analysis, as the behaviour does not overtly break any ‘data rules’. In other words, the person concerned is using their position and/or authority to commit fraud. That might for example be a payroll fraud.

What efforts is the NHSCFA making to prevent fraud and spread awareness of the fraud risks?

This is the most important question. Prevention is by far better than attempts to 'cure' fraud after it has occurred. We have continual programmes running to close any gaps in the fence that are known and to find new ones. We have a Fraud Prevention Unit, but it is not only their job to prevent fraud, it is a job for the entire NHS. Our Quality and Compliance Teamwork with health bodies across the country to flag up risks and ensure actions are being taken to mitigate them. We put out many forms of guidance and alerts. Our media relations team, social media team and corporate communications people share news and knowledge every week.

Your question is about the entirety of the service we offer. It’s a five-fold function: Firstly, Standard Setting and Assurance – we monitor and report on how Trusts and Health bodies are meeting the Counter Fraud Standards which we set in line with government standards. We support those trusts to meet those standards. Good compliance = a good response to fraud. Secondly, we identify and promote fraud prevention opportunities. Thirdly, we provide a central intelligence capability so we gather information, record it and use it to identify both specific cases and also thematic issues which can be addressed throughout the system. Fourthly, we have analytical capability which (providing we have the information in the first place) allows us to identify fraud and error in data sets and; and fifthly we have an enforcement and digital forensic capability which consists of skilled investigators who conduct criminal investigations with a view to criminal justice outcomes.

What is your approach to encouraging NHS staff and the public to speak up when they see fraud?

We want people to tell us about financial mismanagement and fraud in the NHS. We have three key routes for reporting. Firstly, a dedicated portal – that can be used by NHS staff, or the public. We get lots of reports coming to the portal. I would add that Action Fraud is focussed on fraud against individuals and private businesses, not the private sector – although if the public do report NHS fraud to Action Fraud, it gets forwarded to us. The second thing we have is a partnership with Crimestoppers. We have a dedicated phone line and Crimestoppers call handlers have been trained to record fraud relating to the NHS budget. That budget is then passed to us. And then thirdly we have local counter fraud specialists (LCFS), employed by the trusts across England.

We actively encourage LCFSs to develop a close relationship with the community within each of the trusts or commissioning groups so they can be available to record and discuss local issues relating to their trust area. A lot of our reporting comes through that LCFS community, they do a good job. We always accept that there is attrition in terms of the number of reports we receive, but all of that paints a picture and tells us what is happening across the system – it helps us to identify weaknesses and opportunities for preventative messaging, or understanding of the threat in general. We’re in a good position in having multiple reporting routes for the public and staff.

How has the pandemic affected the NHSCFA's work, and are you seeing an uptick in fraud reports and investigations?

While our investigative remit is limited to the NHS budget we nonetheless sit at the table with other budget holders and do all we can to pass on our expertise about fraud prevention and intelligence gathering. The majority of the immediate additional funding was administered directly by the DHSC for the central procurement of PPE and vital equipment. That being said, we have in the last year undertaken a post event assurance exercise to assess Covid specific spend across the NHS and we are currently analysing the data that has been returned to us. I think it’s important to be clear on what our remit is here and whilst there are some very high-profile concerns about procurement of PPE during the pandemic the underlying risk of fraud continues.

The pandemic also had an effect on our operating methodology. At times the entire service was operating in crisis mode. Of necessity we had to curtail many of the face-to-face visits we were doing and at times normal fraud controls were relaxed to ensure services could continue to operate. By working in partnership with other NHS departments, however, we have been able to tackle vulnerabilities, for example: when the NHSCFA became aware of a cyber enabled fraud exploiting a vulnerability in salary payment systems, intelligence was disseminated to law enforcement and partners in the NHS managing the systems to support a criminal investigation and close the vulnerability. This collaborative approach prevented an estimated £732,000 of fraud losses. Fraud continues to be underreported.

Chancellor Rishi Sunak has announced an "efficiency crackdown" to cut £5.5 billion of wasteful spending, doubling the NHS efficiency target to 2.2 percent. To what extent are you hearing from the government to redouble efforts to crackdown on fraud and abuse given the squeeze on public finances?

Yes - many of us within the fraud community, particularly those who have been here for some time, have been making the case for many years that an investment either in time, effort or money in fraud is money well spent. Generally, you get a return on your investment. To your point, we very much consider it to be a contemporary issue for public finances.

We accept that there are a lot of other challenges that government must manage at any one time. The fact that the current administration is clearly paying attention to the risks of fraud, we welcome – and I welcome personally. It incentivises us to make the case to our stakeholders of the value in taking fraud seriously.

What are the lessons learned from the past couple of years for the NHS and NHSCFA regarding fraud?

I think it’s broader than specific fraud issues. For all the reasons I’m sure you’re well aware of, whilst frontline services have been delivered, we’ve seen more digitalisation of services, a lot more remote working, all of which create challenges when you’re considering things like governance and assurance and so on. These will be issues which will affect your readership across the board, not just in the NHS.

You’re probably aware that there is a government sponsored Covid-19 inquiry that has been launched. The terms of reference for the inquiry were published quite recently. My understanding is that part of the remit of the inquiry is to look at how finances were managed. We’ll be contributing to the inquiry absolutely. We’ve undertaken a number of exercises to look at how the organisation managed during the Covid-19 period. For example, we look at standard procurement – I'm not talking about PPE. Actually, we did find many examples of good practice, despite the inevitable relaxation and the need to be flexible when the pandemic was taking place in terms of good governance.