Next steps – how to comply

This section sets out the actions and next steps that NHS organisations might consider when preparing for implementation of the offence.

Note:

This guidance is advisory only. The guidance is not a substitute for reading the legislation or obtaining professional legal advice where appropriate or necessary.

Statutory guidance in relation to fraud prevention procedures is published by the Home Office at Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud (accessible version) - GOV.UK All organisations should review the Home Office Guidance when establishing and reviewing their fraud prevention procedures.

See Section 1.4 of the Home Office Guidance for any conflict between alternative sources of guidance.

Checklist of actions for NHS Organisations

We suggest that NHS organisations meeting the criteria set out in the failure to prevent offence should:

  • prepare their fraud prevention procedures before the offence is in force using the legislation itself (the Economic Crime and Corporate Transparency Act 2023 (ECCTA)), the statutory guidance provided by the Home Office and the advice provided on this website including the NHSCFA guidance on the application of the Public Sector Fraud Authority requirements.
  • be able to demonstrate that reasonable procedures for the prevention of fraud are in place covering the scope of the offence as set out in ECCTA.
  • ensure that reasonable fraud prevention procedures are informed by the NHS Requirements of the Government Functional Standard and by the six principles outlined in the Home Office Guidance (chapter 3) (see headings below).

Each organisation will need to consider its own position and what fraud prevention procedures it is reasonable for that organisation to have in place. As referred to in the other sections of this guidance the defence that an organisation can call on where a relevant offence is committed is to demonstrate that it has fraud prevention procedures in place. Those procedures must be procedures that it was reasonable ‘in all the circumstances’ for that body to have in place.

For an NHS organisation, it will be expected that the organisation has considered the relevant guidance available to it; this will not be sufficient on its own however. The organisation will need to apply that guidance to its own circumstances in adopting relevant measures.

Using the fraud prevention advice, guidance and resources provided by the NHSCFA, and the guidance, supporting documentation and evidence provided as part of the NHS Requirements, actions and next steps that NHS organisations will need to consider in establishing or reviewing their procedures might include the adoption of the approaches set out below. These are matched against the six principles that the Home Office Guidance requires organisations to consider:

Top level commitment

  • Having an accountable individual at board level who is responsible for fraud, bribery and corruption (GovS 013 Component 1: Accountable individual).
  • The board of directors, partners and or relevant senior management of a relevant organisation committing to preventing fraud and fostering a culture in which fraud is never acceptable.
  • The chief executive officer (or equivalent) making a statement about the organisation’s fraud prevention approach and measures.
  • Ensuring that an effective whistleblowing facility is in place to facilitate the reporting of allegations or suspicions of fraud and other criminal conduct, and ensuring that there is board-level oversight of whistleblowing.
  • Discussion of key issues amongst senior management, thinking about key milestones between now and implementation date and if appropriate and necessary, taking professional legal advice on how the offence applies to the organisation.
  • Senior management should be aware of and accept the initiatives and ensure that they are embedded in corporate culture.
  • Monitoring the progress of measures to mitigate identified risks at a senior level.

Fraud Risk Assessment

  • Having a fraud, bribery and corruption risk assessment that feeds into the organisational work plan and is managed in line with the organisations local risk management policies (GovS 013 Component 3: Fraud, bribery and corruption risk assessment).
  • Undertaking risk analysis in line with Government Counter Fraud Profession fraud risk assessment methodology and recording this on the appropriate risk registers.
  • Consideration of fraud risks within any associated subsidiary of the NHS organisation.
  • Taking legal advice where appropriate and necessary on the identification of associated persons (employees, agents, subsidiaries or other person who provides services for or on behalf behalf of the organisation). For example, contractors may be associated persons when they are providing services for or on behalf of the organisation.
  • Undertaking effective fraud risk assessments which will inform proportionate fraud prevention controls
  • Consideration of whether current risk assessments cover the risk of fraud that is in scope of this offence (fraud that is intended to benefit the organisation, or in some circumstances, it’s clients and fraud committed by ‘associated’ persons).
  • Adaptation of current risk assessments to include fraud risks in scope of this offence.
  • If appropriate, responsibility for conducting a documented risk assessment which is kept under regular review, assessing the nature and extent of the organisations exposure to the risks of associated persons committing fraud in scope of this offence.
  • Consideration of the changes made to the ‘identification doctrine’ under ECCTA and whether current risk assessments cover ‘senior manager’ risk (see section on The ECCTA for guidance on the identification doctrine and the definition of ‘senior manager’).

Proportionate Risk Based Prevention Procedures

  • Having an annual action plan that is informed by fraud risk, identifying activities to improve capability and resilience (GovS 013 Component 5: Annual action plan).
  • Using the fraud prevention information, guidance and resources provided by NHSCFA, ensuring that clear, practical and enforced procedures are in place to prevent fraud by associated persons.
  • Ensuring that these procedures are proportionate to the fraud risks it faces and to the nature, scale and complexity of the organisation’s advice.
  • Thinking about what a fraud prevention plan/framework will look like (i.e. what the proportionate, risk-based, fraud prevention procedures will be).
  • Checking what anti-fraud procedures are currently in place and assessing whether they are sufficient to counter the risks identified in the risk assessment.
  • Using NHSCFA’s fraud prevention guidance documents to develop or adapt local fraud prevention policies, procedures and systems (see guidance on procurement fraud, payroll fraud, invoice and mandate fraud, pre-contract procurement fraud, management and control of prescription forms, employment agency fraud).
  • Having a proportionate fraud prevention policy which may form part of a general code of conduct or which may be a stand-alone policy.
  • Deciding what resources and governance structures are needed to adapt to this change in the law.
  • Being able to demonstrate a strong anti-fraud culture within the organisation.
  • Ensuring that an effective whistleblowing facility is in place to facilitate the reporting of allegations or suspicions of fraud and other criminal conduct and ensuring that there is board-level oversight of whistleblowing.
  • Having disciplinary procedures in place, which enable the organisation to take appropriate disciplinary action against an employee who commits a fraudulent act.
  • Establishing clear reporting pathways in place for reporting suspected fraud.
  • Adaptation of existing policies to include the failure to prevent offence (for example, whistleblowing, HR, fraud, external communications, media etc).
  • Ensuring that sub-contractors are within the scope of fraud prevention procedures.
  • Ensuring that fraud prevention procedures address how the relevant measures will prevent fraud by service provision.
  • For contracting relationships, updating standard wording to require compliance with fraud prevention policies.

Due Diligence

  • Ensuring alignment of the organisation’s counter fraud, bribery and corruption work to the NHSCFA’s central strategy (GovS 013 Component 2: Counter fraud, bribery and corruption strategy).
  • Application of proportionate and risk based due diligence procedures in respect of persons who perform or will perform services for or on its behalf to mitigate identified fraud risks.
  • Ensuring due diligence procedures are in place and considering the organisation’s existing due diligence checks in relation to such parties and whether they are sufficiently robust to identify previous allegations or suspicions of fraud against a third party.
  • Reviewing agreements with any agents, distributors, representatives, and other third-party intermediaries to ensure they contain appropriate contract terms in relation to fraud.
  • Ensuring pre-employment checks and procedures are in place.
  • Implementing the actions within the Due Diligence Quick Guide to assist NHS procurement teams in making informed risk management decisions on whether to engage with suppliers.

Communication (including training)

  • Having well established and documented reporting routes for staff, contractors and members of the public where necessary to report fraud suspicions (GovS 013 Component 7: Reporting routes for staff, contractors and members of the public).
  • Ensuring all staff have access to and undertake fraud awareness, bribery and corruption training as appropriate to their role (GovS 013 Component 11: Access to and completion of training).
  • Regular measurement of staff awareness levels.
  • Reviewing and delivering appropriate training to ensure awareness of coming changes.
  • Ensuring that the fraud prevention policy or code of conduct is proactively communicated to all staff, fully implemented, and demonstrably effective.
  • Measuring levels of awareness of the code of conduct among staff.
  • Being able to demonstrate a strong anti-fraud culture within the organisation.
  • Ensuring that an effective whistleblowing facility is in place to facilitate the reporting of allegations or suspicions of fraud and other criminal conduct.
  • Ensuring that the NHS Fraud and Corruption Reporting Line (telephone hotline and online reporting tool) is publicised.
  • Having a mechanism for recording referrals and allegations of suspected fraud, bribery and corruption.
  • Using NHSCFA’s fraud awareness toolkit to raise awareness of NHS fraud.
  • Using communication as a fraud fighting tool.
  • Using the NHS Fraud Reference Guide to raise awareness of types of NHS fraud.
  • Seeking to ensure that it’s prevention policies and procedures are communicated, embedded and understood throughout the organisation, through internal and external communication.

Monitoring and Review

  • Identifying and reporting upon annual outcome-based metrics to support improvement in performance (GovS 013: Component 6: Outcome based metrics).
  • Monitoring and reviewing its fraud prevention procedures and making improvements where necessary.
  • Learning from investigations and whistleblowing incidents and reviewing information from its own sector.
  • Reviewing and updating policies and procedures.
  • Ascertaining what anti-fraud procedures are currently in place.
  • ‘Testing’ procedures.
  • Reviewing internal systems and controls.
  • Thinking about whether internal investigation mechanisms need to be updated.

Please note that this check list is not exhaustive and has been prepared for advisory purposes only. Organisations are responsible for preparing their own fraud prevention procedures in the context of their particular circumstances and in accordance with ECCTA.

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.

Close

Thanks for the feedback!

Close