New anti-fraud standards to be implemented in April

The updated requirements stem from the updated government functional standard on counter fraud, which replaces previous NHS standards for fraud, bribery and corruption. The new functional standard has now been interpreted by the NHS Counter Fraud Authority (NHS CFA), producing a list of 12 requirements that will apply from 1 April.

The 12 components include producing a counter-fraud, bribery and corruption strategy to be submitted to the counter-fraud body; introducing outcome-based metrics; and having an accountable board-level individual.

The National Audit Office has challenged the government to take greater action against fraud. The standard is its response – developed by the Cabinet Office – to ‘ensure that government organisations have a robust and co-ordinated approach to protecting public services against the risk of fraud, bribery and corruption’.

The NHS CFA estimates the NHS is vulnerable to more than £1.2bn worth of fraud each year.

The new requirements apply to all NHS-funded bodies in England and Wales, including NHS trusts, foundation trusts, clinical commissioning groups, health boards, ambulance trusts, some independent sector providers, NHS England and NHS Improvement. If they meet qualifying criteria, trust subsidiary companies may also be subject to the new requirements.

‘The focus is governance, identification, prevention and recovery,’ said NHS CFA quality and compliance manager Paul Tiffen (pictured below).

He said that for around the last 10 years, the NHS CFA and its predecessors had developed a series of counter-fraud standards, which it supported the NHS to achieve. But the Cabinet Office has been leading a growing counter-fraud community across the public sector, and hopes the new standard will see common, high-quality anti-fraud work across the whole public sector.

The NHS CFA had been able to add its ideas and NHS experience into the development of the standard, and had now interpreted it for use in the health service.

‘Our whole philosophy was one of evolution rather than revolution,’ said Mr Tiffen. ‘We didn’t want to change too much; we didn’t need to change too much. We wanted to bring people along with us to get the wider government standards incorporated into the NHS.’

The Cabinet Office wants the standard of counter-fraud work across the public sector to increase long term, but this should be balanced with more incremental change.

‘It didn’t want people’s heads to go down by trying to run too quickly – it’s trying to do it in a sensible way, but at the same time one that shows progress,’ said Mr Tiffen.

However, the new Cabinet Office standards have diverged in some areas from those already in use by the NHS. And with 12 new categories, requirements already in place in the health service have been moved around to fit the new structure. To help NHS organisations, the NHS CFA has mapped its previous counter-fraud standards to the new requirements.

Outcome-based metrics is one example of a new requirement and should be produced as part of an annual counter-fraud action plan. Organisations should define the outcomes they are seeking to achieve each year, together with the metrics they will use. Those with a significant counter-fraud investment and those with a significant estimated fraud loss should include financial impact metrics. These metrics should, for example, be based on a targeted value of prevented and/or detected fraud against a baseline to measure improvement.

‘We want organisations to take a more risk-based approach,’ Mr Tiffen said. ‘The NHS is massive, and organisations are varied. There isn’t a one-size-fits-all approach you can take.’

Each NHS-funded body must provide details of their performance against the 12 requirements – and thus the standard – annually. The NHS CFA will use this to provide assurance to the Cabinet Office of NHS action against fraud, bribery and corruption.

NHS organisations should identify risks, and based on this, develop targets. He added that the metrics were important as they will feed into the authority’s overall targets. ‘Broadly speaking, this is broken down into the amount of fraud they identify and the amount of money they can recover as a result of that.’

The NHS CFA strategy is to recover £400m overall in the next three years, and it hopes local organisations will contribute to meeting this aspiration.

Mr Tiffen urged NHS-funded services to prepare for the new requirements. ‘They should familiarise themselves with the requirements. This is not revolution. Directors of finance and audit chairs should be ready to challenge the individuals operating counter fraud work locally, and support them as they prepare to meet the challenge of achieving the new requirements.’

He acknowledged that the counter-fraud community faced challenges due to the Covid pandemic. Some people have been diverted from their work to support the Covid-19 effort, for example, and while this work is important, the pandemic offers opportunities for fraudsters.

‘We have seen a massive increase in e-procurement, for example, over the last 12 months and, understandably, these things were done quite quickly. Sometimes fraud can creep up when things are done quickly,’ he said.

Mr Tiffen paid tribute to local NHS bodies for their engagement with the NHS CFA’s work to adapt the standard for health service use.

‘This is not something you can cook up in isolation,’ he said. ‘We reached out to the local counter-fraud community, directors of finance and audit chairs, and I would want to acknowledge their input into this.

‘The NHS CFA is responsible for providing assurance to the Department of Health and Social Care and the Cabinet Office regarding overall compliance with the functional standard across the sector, and will be working collaboratively with NHS bodies to enable them to comply with the requirements.’