Procurement fraud risks: staying vigilant

Advice and guidance for the NHS on how to mitigate the risk of procurement fraud during the COVID-19 pandemic.

Who is this guidance for?

The guidance on this page is for leaders, Local Counter Fraud Specialists, and staff working in NHS procurement, finance and payroll teams. The guidance provides awareness to senior managers and staff of the most prominent procurement fraud risks during the COVID-19 pandemic.

What are the risks?

Whilst the NHS and government’s response to the COVID-19 pandemic is evolving, we know that criminals will take advantage during times of crisis. The NHSCFA’s immediate concern is the relaxation of procurement rules and practices to allow NHS bodies to procure goods, services and works with extreme urgency. It is important that managers and staff remain vigilant as ever when:

  • onboarding new suppliers
  • procuring goods, services and works with existing suppliers
  • managing contracts / performance;
  • paying suppliers.

What should you do?

Leaders and fraud experts in the NHS administering emergency programmes should review the Government guidance on ‘Fraud Control in Emergency Management: COVID-19 UK Government Guidance’ which details imminent threats to the public sector and the various principles for effective fraud control such as:

  • The importance of fraud risk assessments and continually scanning for new threats and risks.
  • The collection of consistent data on who is applying and who you are paying and robust clawback arrangements where feasible.
  • The use of controls such as electronic checks to identify and verify the applicant and/or business.
  • Developing a post-event assurance process to ensure funding is used for its intended purpose.

It is important to remember that maintenance of financial controls remains critical during the NHS response to COVID-19. NHS bodies and staff must continue to comply with legal responsibilities and related guidance on financial governance. Financial mismanagement, where identified, will be managed in line with that guidance. It is therefore essential during the NHS response to the COVID-19 pandemic, that all staff maintain financial records and decision logs – as per usual - so that audit trails are preserved.

Procurement, finance, and payroll staff – as well as those who requisition or authorise the purchase of goods, services and works should familiarise themselves with the controls set out below to prevent fraud.

Onboarding new suppliers and procuring goods, services and works with existing suppliers

When onboarding new suppliers and procuring goods, services and works with existing suppliers:

  • Take a proportionate and risk-based approach to due diligence
  • Due diligence should not be considered a one-off task or a tick-box exercise. Due diligence exercises should be continued throughout the procurement process.
  • Concerns raised by employees and suppliers should not be ignored.
  • Undertaking a due diligence exercise will usually begin with a desk-based review of publicly available information about the prospective supplier, as well as information the NHS organisation has requested directly. Should there be a need to follow up on the initial desk-based review, further clarity might be sought by way of site visits and interviews with the prospective supplier.
  • Due diligence should also be conducted on the product being procured to ensure it meets the technical specification of the procuring organisation, and all quality standards, directives and other legislative requirements where applicable.
  • Specific regard should be given to the procurement of personal protective equipment (PPE) given current urgency requirements and high demand.

See our due diligence and buying goods and services quick guides for further guidance.

Managing contracts and performance

When managing contracts/performance:

  • Ensure separation of duties so that no single individual has control over the whole process.
  • Ensure contract managers are appointed for independent oversight and reporting.
  • Set up a contract monitoring programme with clear parameters to assess the level of contract management required (determined using a risk-based approach) and ensure that the correct contract management protocols are applied. Contract monitoring should use the following tools to assess the effectiveness of a contract:
    • Standard templates for document contract reviews, meetings, KPI management and any contract variances.
    • A SOP/policy in place for the management and frequent monitoring of KPIs and contract variances. The SOP/policy should lay out actions to take if contract KPIs, variances, and deliverables occur outside agreed protocol.
    • Monitoring pattern of spending with suppliers.
    • Minuted supplier meetings.
    • Accurate record keeping.
    • Escalation routes for staff to report concerns.

See our contract reviews quick guide for further guidance.

Paying suppliers

When paying suppliers:

  • Staff should be vigilant during this time, as analysis indicates vulnerable periods are more at risk for mandate fraud to occur in the NHS. Staff should check any invoice to ensure the supplier’s details, including trading name, address, contact details, logos, and bank details (including account name, number, and sort code) are genuine. If in doubt, check against records and details held on file.
  • With increased numbers of NHS staff having to self-isolate and workplace adjustments being made, it may be that authorised credit card holders are away from the normal workplace. A clear process should remain in place to ensure that the authorising manager within the Finance or Procurement team are notified of any staff leavers, or staff not present at work to ensure credit cards are returned and/or deactivated.
  • All credit card transactions should be checked on a regular basis, at least monthly. This is to identify anomalies, unauthorised spend (purchase and limits) and any potential misuse or fraud.
  • Staff issued with the credit card are advised to keep the card in a secure place.
  • If you suspect that you have been the victim of a mandate fraud, immediate action is crucial and may prevent any actual loss of NHS funds. LCFSs and Directors of Finance must act immediately and contact the NHS organisation’s bank and advise them of the suspected mandate fraud in action. The NHS organisation’s bank should be instructed to immediately contact the bank where the fraudulent transfer of NHS funds has been made and request an immediate freeze on the funds transferred into the suspected criminals’ account.
  • All fraud whether suspected, attempted or successful should be reported to NHSCFA (please see details below).

See our mandate fraud and credit card fraud quick guides for further guidance.

Other resources

Please see NHSCFA’s wider advice on the prevention of procurement fraud on our NHS Fraud Guidance page. Find more information and definitions for the different types of procurement fraud affecting the NHS in the NHS Fraud Reference Guide.

How to report fraud

Report any suspicions of fraud to the NHS Counter Fraud Authority online at or through the NHS Fraud and Corruption Reporting Line 0800 028 4060 (powered by Crimestoppers). All reports are treated in confidence and you have the option to report anonymously. You can also report fraud to your nominated Local Counter Fraud Specialist.

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!