There is no hiding from the fact that fraud is a significant threat in the public sector. Combatting fraud is a never-ending battle requiring constant vigilance, and the stakes are high. It is estimated that public sector fraud and error amount to at least £33bn each year!
The government correctly states that “every pound of taxpayers’ money saved in fighting fraud is a pound invested in our public services or back in the pocket of the taxpayers we serve, and a pound less in the pocket of criminals.”
Yet tackling fraud is particularly challenging in the public sector due to the sheer size of organisations such as the NHS. There is the inevitable risk that fraud prevention work can be duplicated, and patterns of fraudulent behaviour can easily get missed.
Sharing data across organisations is vital, but it’s not always easy to efficiently implement. There is, however, a consensus that fraud prevention becomes very difficult when data isn’t routinely shared.
The issues around data sharing were discussed in detail during a panel session at NHS Fraud 2023, chaired by Alex Rothwell, Chief Executive Officer of the NHS Counter Fraud Authority.
The importance of data integrity
At the panel session, Sahara Mather, Head of Data Governance & Intelligence in PSFA, Cabinet Office, outlined their problems: “Often we have to go and find data. The data that we have available doesn’t give us the insight needed. You can have fantastic tools, amazing data scientists and analysts, and cutting-edge platforms, yet without the right data, you’ve taken out key ingredients needed to inform what all your nice tools do.”
Data sharing and siloed working practices
The question of data sharing is by no means a new dilemma. Panellist Mark Astley has been with National Anti-Fraud Network since its inception 25 years ago. He notes that some habits in the public sector are hard to shift: “We continue to work in silos. We only think about what we are doing, but, actually, we need to reach out to each other because we are all doing the same things in slightly different ways.”
Removing silos (where teams or departments work in isolation) is crucial when creating a culture of data sharing. Silos occur for many reasons, and sometimes the underlying emotion is fear of doing the wrong thing.
Data sharing fears and challenges
Graeme Thomson often sees situations where people refrain from sharing data as they worry too much about what will be done with the data. They think that if the data is misused, they will be blamed.
As Head of Fraud Analytics, Strategy and Ethics, at the National Counter Fraud Data Analytics Service - Public Sector Fraud Authority, Thomson has seen the issues first-hand. He believes that data sharing is questioned for three reasons:
- Is it a technological challenge – is the data of a sufficient quality to share?
- Is it a cultural challenge - do people feel comfortable sharing information?
- Is it a legislative challenge - am I legally prevented from sharing data?
Data definitions and technology
Mike Haley, Chief Executive & Board Member of CIFAS (a not-for-profit fraud prevention service), picks up on the first challenge: “Often it is the definition of what is to be shared that causes the problem. What data is needed? Is it just a registered name and address, not the health information? The data requested has to be proportionate and relevant to the question.”
The cultural challenges of data sharing
Concerning the cultural challenge, Thomson draws attention to leadership: “You have to have a strong leadership culture. People must feel comfortable doing their job and supported in the role.” When people feel safe in their environment, they are far less likely to be overly cautious and can feel more confident to share data via appropriate channels.
Data security and the legalities of data sharing
The legal question is the most complex challenge. People, quite rightly, expect their data to be secure. The implementation of GDPR rules has solidified data protection to avoid misuse.
However, not all legislation has complicated data sharing. The Digital Economy Act 2017 (DEA) was designed to facilitate data sharing. The act was introduced to improve data sharing across government departments, enabling more efficient detection and prevention of fraud while ensuring compliance with privacy regulations.
Graeme Thomson was one of the authors of the DEA, and he recalls: “We put the DEA in place because we recognised that departments felt fearful of sharing data. We did a lot of work to understand where that fear came from. There was a fear that sharing of data was not permitted. The DEA is a permissive power that allows any government group on the schedule to share data with any other government group in the schedule for countering fraud.”
Legislation limitations and the exclusion of health services
The DEA has had a positive impact on data sharing, but perhaps the main downside is the limitation of its scope. The act only applies to public sector bodies, excluding the NHS.
Mike Haley advocates widening the DEA’s reach: “It’s narrow to government. In the future, we need to have a Digital Economy Act which goes right across the economy. There are great benefits from data sharing, and I would like to see this spread more widely to help deal with the epidemic of fraud that we have in the country.”
In public sector terms, including health services is the next obvious step. So why was health excluded? Thomson explains: “At the time the bill was going through, there was concern about mentioning the NHS. The concern was that involving the NHS would make the bill toxic and prevent the bill from passing. We lobbied for health to be included, but it was seen as being too contentious and was excluded for that reason.”
It is understandable that there is caution when it comes to data relating to people’s health, but sadly, the NHS is not immune to fraud. Many would welcome the inclusion of the NHS within the remit of the act.
A centralised versus localised approach to fraud and data intelligence
Another hot topic discussed by the panel was whether data sharing is enough. Rather than simply share data, shouldn’t there just be a single cross-departmental government fraud agency or service?
Sahara Mather understands why such a proposal would be attractive. “You’re missing a key part of the picture if you don’t look at a collaborative approach,” she says. But she also cautions: “If you have a centralised approach for fraud and combating it, it is challenging to create a bespoke approach within departments.”
Mike Haley advocates a centralisation of data intelligence. He says: “When I started as a fraud investigator, we were always up against other priorities. Fraud always seemed lower on the pecking order than other criminal activities.
“If you start bringing the fraud departments together, that’s where you’d be forced to put your resources, but it could be to the detriment of smaller departments. I’ve worked in HMRC, local authorities and the NHS, and they were all very different landscapes, so having specialisms is a real benefit for investigators. But it’s the same fraudsters who go after public and private funds, so centralising data intelligence can be helpful when tackling organised crime networks.”
Mark Astley wouldn’t go as far as having a centralised counter-fraud service. “I’m a firm believer that we’re all good at what we do, whether it is local authorities or other public authorities,” he argued.
“When it is dictated by central government, the risk is that the focus reflects the flavour of the day rather than what matters to the local community. We should keep our specialist bodies, but we do need to do more when it comes to sharing the intelligence.”
Graeme Thomson concurs. “The risk is that if we don’t bring these datasets together, then we’re still working in silos. However, the key isn’t centralised prevention but centralised access to that data and intelligence, so the local specialists can do what they need to do.”
The consensus from the panel was that centralising everything has its risks, but there is an absolute need for more dynamic data sharing.
A final word: learnings from the banking sector
The final word in the discussion on data sharing went to Mike Haley, who has worked closely with fraud investigators in the banking sector, which inevitably has the most robust practices. Haley said: “The investigators stress that data sharing is vital; it effectively saves money through prevention and successful investigations. If we can reduce fraud in the public sector, more can be put back into frontline services. That has to be the ultimate measure of success.”
GovNet’s fraud conferences provide the perfect platform to learn, network and identify best practices. Our 2024 Counter Fraud conference theme is Strengthening the UK’s resilience to Fraud, Bribery and Corruption. You can book tickets and discover more about the event here.
Jessica Kimbell, GovNet