Anti-Fraud, Bribery and Corruption Policy

Transcription

1 Status Document Record ID Key Approved Version V2.2 Version Date Director Responsible for this policy Carl Vincent Person to contact about this policy Nick Cooney Author Nick Cooney 17/07/2017 Anti-Fraud, Bribery and Corruption Policy Copyright 2017 Health and Social Care Information Centre Page 1 of 13 The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.

2 Document Management Revision History Version Date Summary of Changes /05/17 Revised structure and format to reflect organisational change, new policy title, addition of fraud response plan and process /07/17 Annual review and minor amends to remove staff behaviours and signpost to Code of Business Conduct /0/7/17 Minor amends following review by DH AFU and HR Reviewers This document must be reviewed by the following people: Reviewer name Title / Responsibility Date Version Ken Baker Head of Employment Policy & Practice 12/07/ Michelle Holland Head of HR Operations 14/06/ Vanessa Kaliapermall Head of Operational IG 14/06/ Nick Cooney Senior Security, Compliance and Fraud Manager 14/07/ Richard Lawes Deputy Director of Finance 14/07/ Dean White Head of Corporate Governance 14/06/ Pat Nolan, Mark Richardson, Shirina Moss Department of Health Anti- Fraud Unit 11/07/ Approved by This document must be approved by the following people: Name Signature Title Date Version Carl Vincent Chief Financial Officer 17/07/ NB. The version of the policy posted on the intranet must be a pdf copy of the signed approved version. Document Status This is a controlled document. Whilst this document may be printed, the electronic version posted on the intranet is the controlled copy. Any printed copies of the document are not controlled. Copyright 2017 Health and Social Care Information Centre Page 2 of 13

3 Related Documents These documents will provide additional information. Ref no Doc Reference Number Title Version Whistleblowing Policy Code of Business Conduct Standing Financial Instructions Scheme of Delegation Hospitality Policy Travel and Expenses Policy Copyright 2017 Health and Social Care Information Centre Page 3 of 13

4 Contents 1. Policy Statement 5 2. Purpose and Scope 5 3. Definitions 5 4. Roles and Responsibilities 7 5. Fraud Response Plan 9 6. Governance 13 Copyright 2017 Health and Social Care Information Centre Page 4 of 13

5 1. Policy Statement NHS Digital has a zero tolerance of fraud, bribery and corruption. It has controls in place to ensure compliance with policies, is committed to taking all necessary steps to prevent fraud, bribery and corruption, and will seek the appropriate disciplinary, regulatory, civil and criminal sanctions against those who commit fraud and, where possible, recover losses. All staff have a responsibility to assist in preventing fraud, bribery and corruption and expected staff behaviours are contained within the Code of Business Conduct. This policy is supported and endorsed by the Executive Management Team and Board. 2. Purpose and Scope The primary purpose is to provide direction and assistance to NHS Digital staff who may suspect cases of fraud, bribery and corruption. It provides a framework for responding to such suspicions, and advice and information on any subsequent investigations and the implications of these for staff. This policy applies to all NHS Digital staff, regardless of position held, as well as consultants, vendors, contractors, secondees and/or any other parties who have a business relationship with NHS Digital. It will be brought to the attention of all staff and form part of the induction process for new staff. This policy should be read in conjunction with the Whistleblowing Policy. 3. Definitions 3.1. Fraud For the purposes of this policy, fraud is defined as the intentional use of deception to gain a financial advantage or to deprive, disadvantage or cause loss to another person or party. This can include the misuse of funds or other resources, or more complicated crimes such as false accounting and the supply of false information. The Fraud Act 2006 sets out three principal fraud offences: section 2: Fraud by False Representation o e.g. overstating qualifications on a CV to obtain employment section 3: Fraud by Failing to Disclose o e.g. not declaring an unspent criminal conviction in order to obtain employment section 4: Fraud by Abuse of Position o e.g. a finance employee uses their position to siphon off funds Copyright 2017 Health and Social Care Information Centre Page 5 of 13

6 The focus is on the dishonest behaviour of the subject and their intent to make a financial gain or cause a financial loss. The gain or loss does not have to succeed as long as the intent is there. Other examples of fraud that might occur at NHS Digital are: submitting false timesheets working for another employer whilst on sickness absence deliberately retaining salary overpayments submitting false or over-inflated expense claims disclosing sensitive commercial information contractors collaborating together during a tender process (bid rigging) cotractors submitting payment claims for goods or services that were not delivered or were inferior to what was specified in the order fake invoice scams, whereby fraudsters send an invoice or bill to a company, requesting payment for goods or services mandate fraud, e.g. someone requests NHS Digital to change a direct debit, standing order or bank transfer mandate, by purporting to be an organisation we make regular payments to, for example a subscription or membership organisation or a business supplier Bribery and Corruption The NHS Digital Management Statement on corruption makes clear NHS Digital s zero tolerance to bribery. The Bribery Act (2010) replaced legislation that was previously used to deal with individuals acting in a corrupt way. The offence carries a maximum penalty of 10 years in custody if dealt with at the crown court. Under this simplified legislation there are now just four offences: offering a bribe (The offering, promising or giving of a bribe to another person to perform a relevant function or activity improperly, or to reward a person for the improper performance of such a function or activity) accepting a bribe (Requesting, agreeing to receive or accepting a bribe to perform a function or activity improperly, irrespective of whether the recipient of the bribe requests or receives it directly or through a third party, and irrespective of whether it is for the recipient s benefit) bribing a foreign public official failure of a commercial organisation to prevent bribery (An arm s length body is considered to be a commercial organisation under the Act) Copyright 2017 Health and Social Care Information Centre Page 6 of 13

7 4. Roles and Responsibilities 4.1. Chief Executive The Chief Executive has overall responsibility for funds entrusted to NHS Digital as the Accountable Officer, and must ensure that adequate policies and procedures are in place to protect NHS Digital and the public funds entrusted to it from fraud, bribery and corruption Chief Financial Officer The Chief Financial Officer (CFO) has overall responsibility for anti-fraud measures in NHS Digital. Depending on the outcome of initial investigations, the CFO will inform appropriate senior management of suspected cases of fraud, bribery and corruption Internal and External Audit The role of internal and external audit includes reviewing controls and systems and ensuring compliance with financial instructions. They will inform the Fraud Manager of any suspicions of fraud, bribery and corruption Finance Director The Finance Director in consultation with the Fraud Manager and Head of HR Operations will determine when suspected cases of fraud, bribery and corruption should be investigated Fraud Manager The Fraud Manager works with the Chief Financial Officer and Finance Director to promote antifraud activities, effectively respond to system weaknesses and investigate allegations of fraud and corruption. The Fraud Manager will: help NHS Digital to create and maintain an appropriate anti-fraud culture; undertake, by agreement with the CFO and Finance Director, proactive exercises to prevent and detect fraud; investigate cases of actual or suspected fraud in accordance with the requirements of the Criminal Procedure Investigations Act (CPIA), Police and Criminal Evidence Act (PACE) and all other applicable legislation. This might include taking witness statements and interviewing potential suspects under caution when appropriate, prior to referring cases to the Crown Prosecution Service (CPS) should the investigation indicate that a crime has been committed; ensure that the DH Anti-Fraud Unit (AFU) and Finance Director are kept appraised of all referrals/cases. Copyright 2017 Health and Social Care Information Centre Page 7 of 13

8 liaise with the DH AFU on a regular basis to ensure alignment to wider health group objectives to tackle fraud, bribery and corruption; co-ordinate NHS Digital s ongoing input in respect of the National Fraud Initiative (NFI) Human Resources (HR) HR will liaise closely with Managers, and the Fraud Manager where an employee is suspected of being involved in fraud. HR shall advise those involved in the investigation in matters of employment law and in procedural matters, such as disciplinary and grievance procedures. Close liaison between the Fraud Manager and HR will be essential to ensure that any disciplinary or appropriate NHS Digital policies are applied effectively and in a coordinated manner; and that any sanctions imposed are consistent and proportionate. HR will ensure that recruitment policy and guidance effectively addresses requirements for appropriate pre-employment checks, including those necessary to establish identity and confirm relevant employment history, qualifications and membership of professional bodies. In this regard, secondees and fixed term contract employees are treated in the same manner as permanent staff. HR will maintain effective control over access to the Electronic Staff Record and will work with Finance and our payroll provider to monitor pay records to identify and address any anomalies Managers Managers must ensure NHS Digital s policies and procedures which safeguard it against fraud, bribery and corruption are adhered to. They should be alert to the possibility that unusual events or transactions could be symptoms of fraud. Where they have any doubt they must seek advice from the Fraud Manager. They must ensure that an adequate system of internal control exists within their areas of responsibility and that controls operate effectively. They must instill, amongst their teams, a zero tolerance culture towards fraud, bribery and corruption. Managers must bring this policy to the attention of their staff, make them aware of where they can obtain further information and how they can report suspicions of fraud, bribery and corruption. As part of that responsibility managers need to: liaise with the Fraud Manager to understand the risks within their areas of operation, how they might assess these risks, and how they might counter the risks; understand the Anti-Fraud, Bribery and Corruption Policy and the rules and guidance covering the control of specific items of expenditure and receipts; identify financially sensitive posts; ensure adequate controls are in place, and regularly reviewed, to minimise risk. Such controls might include: defined roles and responsibilities; supervisory checks; staff rotation Copyright 2017 Health and Social Care Information Centre Page 8 of 13

9 (with consultation), particularly in key posts; separation of duties wherever possible, so control of a key function is not invested in one individual ensure controls are being complied with; ensure expense claims are accurate and valid before authorisation; inform staff of NHS Digital s Code of Business Conduct and Anti-Fraud, Bribery and Corruption Policy as part of their induction process, paying particular attention to the need for accurate completion of personal records and forms; contribute to their Director s assessment of the risks and controls within their business area, which feeds into the NHS Digital assurance statements and the Department of Health Accounting Officer s overall statements of accountability and internal control. report all suspicions of fraud, bribery and corruption, which come to their attention, immediately to the Fraud Manager. The Fraud Manager is available to provide advice and support that may be required All Staff All staff must ensure NHS Digital s policies and procedures which safeguard against fraud, bribery and corruption are followed. They should be alert to the possibility that unusual events or transactions could be symptoms of fraud. Where they have any doubt they must seek advice from their manager. 5. Fraud Response Plan 5.1. Reporting Fraud, Bribery or Corruption Staff members who suspect fraud, bribery or corruption may be taking place should report it to NHS Digital s Fraud Manager by at fraud.manager@nhs.net, Referrals can be made anonymously and further information is contained within the whistleblowing policy. Alternatively, anyone who wishes to give information or report concerns can call the Fraud and Corruption Reporting Line, powered by Crimestoppers, on , anonymously if they wish. This is a dedicated freephone number, open 24 hours a day, 365 days a year. If staff do not feel confident reporting concerns through the sources listed above they can also report suspicions directly to: Department of Health Anti-Fraud Unit DH AFU has responsibility for the investigation of fraud, bribery and corruption within the Department of Health and its arm s length bodies (ALBs) where it does not affect the health service. fraudenquiries@dh.gsi.gov.uk, Copyright 2017 Health and Social Care Information Centre Page 9 of 13

10 5.2. Do s and Don ts Do record any concerns and report suspicions promptly Do try to secure or copy documents which you believe to be suspicious Do report all concerns and trust your instincts Don t try to investigate the matter yourself or confront the suspect Don t be afraid of raising your concerns (The Public Interest Disclosure Act 1998 provides protection for employees who raise reasonably held concerns via appropriate channels Whistleblowing.) Don t ignore it we all have a personal responsibility to report wrongdoing 5.3. Reporting Concerns Anonymously (Whistleblowing) Whistleblowing is when an employee notifies their employer, professional regulator, customers, the police or the media about a dangerous or illegal activity in their workplace. Examples of such activities include: fraud, bribery or corruption, unlawful conduct, financial malpractice, breaches of codes of conduct, disregard for health and safety rules, dangers to the public or the environment or any other similar matter. Anyone concerned about a wrongdoing that threatens the public interest and is unsure of whether they want to raise the matter through official channels can seek free, independent and confidential legal advice from the charity Public Concern at Work. They operate a helpline on , and can be ed at helpline@pcaw.co.uk Investigation Procedure The Fraud Manager, Finance Director and Head of HR Operations will agree the most appropriate course of action and will consult with DH AFU. When appropriate, enquiries will be made by the Fraud Manager to establish whether or not there is any foundation to the suspicion that has been raised. In order to minimise the risk of evidence being challenged in any possible court case, the member of staff must not try to investigate themselves. If the allegations are found to be malicious, they will also be considered for further investigation and possible disciplinary action. Serious and complex allegations of fraud, bribery and corruption will be referred to the DH AFU for investigation. Dependent on the outcome of investigations cases may be referred to the CPS for prosecution. Not all cases result in a referral to the CPS nor do the CPS always decide to prosecute. The Fraud Manager will acknowledge receipt of referrals, in writing, within 5 working days. Where appropriate, the Fraud Manager will provide regular case updates to the referrer during the lifetime of the case. Copyright 2017 Health and Social Care Information Centre Page 10 of 13

11 If the individual is not happy with the way in which an investigation has been conducted, the matter can be raised directly with the Chief Financial Officer. Disciplinary procedures, including criminal and/or civil sanctions if appropriate, will be initiated where an employee is suspected of being involved in a fraudulent or illegal act. This could lead to dismissal and/or prosecution, as well as the procedure of recovering any monies lost through the Proceeds of Crime Act (2002). NHS Digital will consider publicity of cases where fraud is proven to assist in convincing staff of the seriousness of fraud and in enhancing an anti-fraud culture. Such action will demonstrate that fraud and corruption are not acceptable and are being tackled. Copyright 2017 Health and Social Care Information Centre Page 11 of 13

12 5.5. Fraud Response Process Start Fraud Manager acknowledges receipt within 5 working days Fraud Manager, Finance Director and Head of HR Operations hold a case conference to review information and decide on appropriate investigation procedure Report of suspected fraud, bribery or corruption received via (HR, Career/ Assignment Manager, Whistleblowing Policy, Anti-Fraud, Bribery and Corruption Policy, Internal and External Audit) All reports should be referred immediately to: NHS Digital Fraud Manager fraud.manager@nhs.net ( ) Reports can also be made directly to: Dept. of Health Anti-Fraud Unit fraudenquiries@dh.gsi.gov.uk ( ) Crimestoppers ( ) Fraud, bribery or corruption suspected? No Yes Notify Chief Financial Officer and consider liaising with police Dept. of Health Anti- Fraud Unit informed Investigation sanctioned? No Rationale recorded on FIRST case management system Yes Investigation commences to gather evidence and interview witnesses as appropriate Consider full range of criminal, civil and disciplinary sanctions End Copyright 2017 Health and Social Care Information Centre Page 12 of 13

13 6. Governance Monitoring is essential to ensure controls are appropriate and robust enough to prevent and reduce fraud, bribery and corruption. Effectiveness will be measured by the amount of contact with the Fraud Manager and the number of concerns reported. A review of system controls in conjunction with Internal Audit will assist in identifying weaknesses in procedures. Copyright 2017 Health and Social Care Information Centre Page 13 of 13