1. Introduction
The University is committed to the proper use of funds, both public and private.
As a consequence, it is essential that everyone associated with the University - including staff, students, employees, contractors and third-parties - are aware of the risk of fraud, corruption, theft and other activities involving dishonesty, in all its forms. The University aims to reduce instances of fraud to the absolute practical minimum - and to also put in place arrangements that hold any fraud to a minimum level on an ongoing basis. The University’s approach to counter-fraud is designed to be on a risk managed basis, balanced, comprehensive, cost-effective and professional, using specialist expertise if, as and when required.
2. Scope of the Policy
This policy applies to all University of Derby employees. The policy sets out the procedures that must be followed to enable the University to comply with its expectations and legal obligations.
3. Definition of Fraud, Corruption and Bribery
Fraud can be defined as
(i) wrongful or criminal deception intended to result in financial or personal gain and
(ii) a person or thing intended to deceive others, typically by unjustifiably claiming or being credited with accomplishments or qualities.
Both definitions are, clearly, directly applicable to the Higher Education sector. Corruption can be defined as dishonest or fraudulent conduct, typically involving bribery. Bribery can be defined as the offering, giving, receiving or soliciting of any item of value (money, goods, favours or other forms of recompense) to influence the actions of an official or other person in charge of a public or legal duty.
4. Counter Fraud Policy Objectives
Most organisations adopt a multi-faceted approach to fraud and the University is no exception. The eight key objectives of the University’s counter-fraud policy are:
1. Establishment of a counter-fraud culture
2. Maximum deterrence of fraud
3. Active and successful prevention of any fraud that cannot be deterred
4. Rapid detection of any fraud that cannot be prevented
5. Professional investigation of any detected fraud
6. Effective internal and external actions and sanctions against people found to be committing fraud, including legal action for criminal offences
7. Effective communication and learning in relation to fraud, and
8. Effective methods of seeking redress when/where fraud has been perpetrated.
The overriding objective of the University’s counter-fraud activity is to ensure that (i) fraud is seen as unacceptable by each and every stakeholder and (ii) counter-fraud is seen to have the unwavering focus of the University as a whole.
This document sets out the University’s policy and procedures for dealing with suspected cases of fraud, including corruption, and includes summarised instructions about what to do, and who to contact/notify, should any fraud-related concerns arise. It does not include theft and other criminal/illegal acts involving dishonesty, which is the subject of a separate security policy document, details of which can be found under Section 8, covering associated policies, below).
At a practical level, fraud is deemed to be deliberate intent to deprive the University (and its associate activities) of money or goods through the falsification of any records or documents (e.g. submission of false invoices, inflated time records or travel claims and/or the use of purchase orders to obtain goods for personal use). This is an important distinction, intended to clarify the crucial difference between deliberate fraud and unintentional error, removing - wherever possible - any potential confusion or ambiguity.
5. University of Derby Policy
The University is absolutely committed to the highest standards of honesty, accountability, probity and openness in its governance. As a direct consequence of this, the University is committed (i) to reducing fraud associated with any of its activities, operations and locations to the absolute practical minimum and (ii) to the robust investigation of any fraud issues that should arise.
Any such investigation will be conducted without regard to factors such as position, title or length of service. Where any acts of fraud or corruption are proven, the University will make every endeavour to ensure that the perpetrator(s) are dealt with to the full extent of the law and University disciplinary policy/contractual processes (where a third-party is involved), and will also take every step to recover any and all losses in full. It is the responsibility of everyone associated with the University - including staff, students, employees, contractors and third parties - to report any fairly based suspicions of fraud or corruption.
The University has a “no retaliation“ policy for people reporting reasonably-held suspicions, and concerns can be raised if necessary under the University’s Whistleblowing Policy (details of which can be found under Section 9 covering associated policies)
This policy applies to any fraud, or suspected fraud involving everyone and anyone associated with the University - including staff, students, employees, contractors and third parties.
6. Examples of Fraud Risks to which University of Derby may be exposed
These can include, but are not limited to:
- Fraud involving cash, physical assets or confidential information
- Misuse of accounts
- Procurement fraud
- Payroll fraud
- Financial accounting fraud, including fees
- Fraudulent expense claims
- Reference, qualification and related employment fraud
- Recruitment and appointment fraud
- Bribery and corruption fraud
- Academic fraud including immigration, admissions, internships, examinations and awards
- Accommodation-related fraud, including preference and payment
7. Counter Fraud Actions
Where there is suspicion that fraud or corruption has occurred, or is about to occur, then it is essential that the appropriate person within the University is contacted immediately; a list of appropriate persons and how to contact them is contained in Appendix 1 to this policy.
- Do report your concerns, as above; reports will be treated as confidential.
- Do persist if your concerns remain.
- Do retain or copy any relevant document(s). This holds documents for use in any subsequent investigation and avoids any documents being accidentally - or purposely – destroyed.
- Don’t be afraid to see advice from an appropriate person.
- Don’t confront an individual or individuals with your suspicions.
- Don’t discuss your concerns with colleagues or anyone else other than an appropriate person.
- Don’t contact the police directly - that decision is the responsibility of the appropriate person and other senior University officers.
- Don’t under any circumstances suspend anyone if you are a line manager without direct advice from Human Resources and other appropriate person(s).
The University has a no retaliation policy for people reporting reasonably held concerns and suspicions, and any retaliation against such people - including victimisation and deterring/preventing reporting - will be treated as a Serious Offence under the University’s disciplinary processes. Equally, however, abuse of process by reporting malicious allegations will also be regarded as a disciplinary issue. Any contravention of the no-retaliation policy should be reported through the dedicated process contained in University’s Whistleblowing Policy.
8. In the Event of a Known or Suspected Fraud
A fraud response plan is shown in Appendix 2 to this policy and should be followed in the event of a known or suspected fraud
9. Whistleblowing Policy
The University's Whistleblowing Policy is designed to allow staff, student and all members of the University to raise at high level concerns which they believe in good faith provides evidence of malpractice or impropriety.
Individuals discovering or suspecting malpractice, impropriety or wrongdoing are able to disclose the information without fear of reprisal. A disclosure in good faith which is subsequently not confirmed, will not lead to action against the person making the disclosure. The Counter Fraud policy links to both the Anti Money Laundering Policy and the Anti Bribery Policy as two specific areas where the University may be susceptible to fraudulent action. These policies are available on the Finance pages of the University’s website.
10. Fraud with Academic Implications
Fraud can often be associated with direct financial gain, such as procurement and invoicing fraud. However, in the University/Higher Education sector, academic fraud is a further possibility, including fraud related to immigration, admissions, internships, examinations and awards. Such a fraudulent activity could be very high-profile, with potentially significant consequences for the University. In such cases, it is again essential that an appropriate person is contacted at the earliest opportunity, together with other senior University officer(s), as deemed appropriate.
As each case of this type is different, it is largely impossible to produce fully definitive guidance to follow. Such a fraud may involve a number of stakeholders, including the police and professional bodies, but decisions regarding their involvement - generally - remain the purview of senior University officers.
To ensure that the investigation is not compromised, however, it is vital that the number of people aware of the investigation is kept to an absolute minimum. Notwithstanding, it should be recognised that some frauds of this nature will involve the police initiating their own investigation.
Appendix 1: University list of appropriate persons and how to contact them
| Appropriate Person | Title / Role | Phone | Email | Postal Address |
|---|
| Kathryn Mitchell |
Vice-Chancellor, Executive |
01332 591000 |
counterfraud@derby.ac.uk |
University of Derby, Kedleston Road, Derby, DE22 1GB |
| Craig Jones |
Director of Finance |
- |
counterfraud@derby.ac.uk |
University of Derby, Kedleston Road, Derby, DE22 1GB |
| FC |
Financial Controller |
- |
counterfraud@derby.ac.uk |
University of Derby, Kedleston Road, Derby, DE22 1GB |
| Registrar |
University Secretary and Registrar |
- |
counterfraud@derby.ac.uk |
University of Derby, Kedleston Road, Derby, DE22 1GB |
Appendix 2: Fraud Response Plan
Introduction The University is accountable to a wide range of stakeholders for the use and management of those funds, and the associated controls.
It is the responsibility of all University officers and staff to ensure that University funds and resources are used honestly and correctly, and to report any circumstances which may indicate their improper use. Channels to make such reports are covered later in this plan.
Universities promote and practice openness and collegiality, which can lead to a lack of segregation of duties, independent oversight and fraud focus.”. When fraud is suspected or indicated, it is essential that prompt and professional reactive action is taken, and it is here where the need for trained fraud ‘first-responders’ within the University is clear.
Fraud is unpredictable, time consuming to investigate, relationship-damaging, very disruptive and unpleasant and has the potential to require significant stakeholder involvement. Primary responsibility for the prevention and detection of fraud rests with officers and staff who also have responsibility to manage the risk of fraud.
Investigation of fraud is the overall responsibility of the VC & FD supported by fraud first-responders or other trained investigators and the project team that may be set up to investigate selected cases. The University’s Fraud Response Plan detailed below outlines the process to be adopted if suspected fraud is reported or detected; the Supporting Appendices also contain a range of useful information, including potential fraud indicators or warning signs.
Definition of Fraud
The term fraud is a broad and widely-used term to describe a number of fraudulent-type activities that include theft, false accounting, misappropriation, bribery, corruption, deception and collusion. Some definitions of these and related terms are contained in Appendix A. In general, a fraud may be described as any type of deception that results in a gain to one party and/or a loss to another, in this case the University. The Fraud Act 2006 outlines three classes of fraud:
- Fraud by false representation
- Fraud by failing to disclose information
- Fraud by abuse of position Additionally, theft - such as the removal and/or misuse of funds, assets or cash - is not prosecuted as a fraud but falls under the various Theft Acts.
In terms of the University’s Fraud Response Plan, fraud may be defined as deception with the intention of:
- Gaining an advantage, personally and/or for friends and relatives
- Avoiding liability, or,
- Causing a financial and/or reputational loss to the University or one of its subsidiary organisations
- The main types of irregularity are:
- Theft: As above
- False accounting: dishonestly destroying, defacing, concealing or falsifying any account, record or documents required for any accounting purpose, with a view to personal gain or gain for another, or with the intent to cause loss to the University or subsidiary or furnishing information which is or may be misleading, false or deceptive
- Abuse of position: This is where fraud is committed by a person or people by virtue of their position, or authority where they are expected to safeguard another’s financial interests (e.g. that of the University as their employer) or not act against those interests Whilst they can be very varied in nature, some examples of these irregularities within the University context include:
- Abuse of the expenses process and system
- Abuse of recruitment processes, including failure to disclose relevant information
- Use of the University logo and/or letterhead for personal gain
- Abuse of the research grants, including misrepresentation and/or ‘siphoning’ of funds for personal gain
- Abuse of procurement processes
- Conflicts of Interest
The Fraud Response Plan Purpose
The purpose of the Fraud Response Plan is to define authority levels, responsibilities for action and reporting lines in the event of a suspected fraud or financial irregularity.
The use of the plan allows the University to:
- Respond quickly and professionally to any suspicion or suggestion of fraud or irregularity
- Assign responsibility for initial and subsequent investigation
- Prevent further loss
- Establish and secure evidence necessary for disciplinary and/or criminal action against those who have committed the fraud
- Notify the funding council/regulator if required
- Notify the University’s insurers if required
- Minimise and recover losses
- Establish an internal and external communications strategy and process
- Establish the need (or otherwise) for external specialist involvement
- Establish the need for police notification, and the lines of communication
- Review the circumstances of the fraud, actions taken to prevent a recurrence and any action needed to strengthen future responses to fraud
- Deal with HR-type issues such as references in relation to staff disciplined and/or prosecuted for fraud
The plan covers the following 15 key stages:
1. Initial Response
2. Initial Reporting
3. Meeting of the Fraud Response Team
4. The Lead Investigator’s plan
5. Communications during, and after, the investigation
6. Establishing and securing evidence
7. Staff under suspicion
8. Interviewing/statements
9. Police involvement
10. Prevention of further losses
11. Recovery of losses
12. Administration, including HR-type issues such as references
13. Reporting, including notifying HEFCE
14. Review, communication and action on findings
15. Closure
1. Initial Response
A fraud or financial irregularity may be discovered in a variety of ways, from your own or a colleague’s observations, someone from inside or outside the University ‘blowing the whistle’, financial controls identifying a discrepancy, internal or external audit discovering a problem or external bodies identifying an issue.
A fraud or financial irregularity may also come to light through:
- The University’s public interest disclosure policy
- The University’s disciplinary procedures
- The University’s procedures for addressing research misconduct
- Disclosure by the person, or persons, involved
Irrespective of how a potential fraud is discovered, the following - Things to do, Things not to do and Things to remember - should always be borne in mind:
Things to do:
1. Stay calm - remember you are a witness not a complainant
2. If possible, write down your concerns immediately - make a note of all relevant details such as what was said in phone or other conversations, the date, the time and the names of anyone involved
3. Consider the possible risks and outcomes of any immediate action you may take
4. Make sure that your suspicions are supported by facts, as far as is possible at this stage
Things not to do:
1. Don’t become a private detective and personally conduct an investigation or interviews
2. Don’t approach the person/persons potentially involved (this may lead to conflict, violence, him/her destroying evidence etc.)
3. Don’t discuss your suspicions or case facts with anyone other than those persons referred to below (Head of Department and/or the Director of Finance and/or the Head of HR) unless specifically asked to do so by them
4. Don’t use the process to pursue a personal grievance
Things to remember:
1. You may be mistaken or there may be an innocent or good explanation - but this will come out in the investigation
2. The fraud response and investigation process may be complex and relatively lengthy and, as a consequence, you may not be thanked immediately. Moreover, the situation may lead to a period of disquiet or distrust in the University despite you having acted in good faith.
2. Fraud - Initial Reporting
All actual or suspected incidents should be reported immediately either:
- To the Head of Department and/or the VC, FD or FC. The Head of Department should then inform these other colleagues or, in their absence, the Director of HR, or
- Via the University’s Whistleblowing Policy process
provided reports are made in good faith then an individual is generally protected by the University and the law against retribution, harassment or victimisation and the individual’s confidentiality must be preserved.
If the disclosure involves or implicates any of the individuals identified above then the disclosure should be made to the Vice Chancellor and/or the Chair of University Council and/or the Chair of Audit Committee as appropriate and/or Funding Council and/or police Guidance for managers on receiving a report of fraud Managers who receive a report of a fraud should:
- Listen to the concerns of your staff and treat every report you receive seriously and sensitively. Make sure that all staff concerned are given a fair hearing, bearing in mind that they could be distressed, upset and/or frightened;
- Reassure your staff that they will not suffer because they have told you of their suspicions, as long as they are made in good faith;
- Get as much information as possible. Do not interfere with any evidence and make sure it is kept in a safe place; and
- Ask the member of staff to keep the matter fully confidential in order that it can be investigated without alerting the suspected/alleged perpetrator.
3. Meeting of the Fraud Response Team
As soon as practicable a meeting of a Fraud Response Team should be convened, normally consisting of the members to decide on the initial response: to include (from):
- Vice-Chancellor or Deputy Vice-Chancellor or Chief Financial Officer;
- Human Resources;
- Finance; or
- Head of Department.
It may also be necessary to involve colleagues in communications if there are potential public relations and/or media issues. This group will decide:
- Whether an investigation is required;
- Who should lead the investigation;
- Who should undertake the investigation and the composition of any project group set up to co-ordinate the investigation;
- Whether, and at what stage, Internal Audit need to be involved in the investigation - and whether a special audit is warranted ;
- Whether the staff member or members need to be suspended; and
- Whether the matter should be reported to the police
- What stakeholder communications should be undertaken at this stage e.g. advising the Chair of the Audit Committee
4. The Lead Investigators Plan
The Fraud Response Team should appoint a Lead Investigator who should then create a plan to cover the subsequent actions.
5. Communications
The Lead Investigator should take single responsibility for all subsequent communications.
6. Establishing and securing evidence
The Lead Investigator should take single responsibility for all evidence and record log of evidence should be kept which can be referred to during an investigation.
7. Staff Under Suspicion
The Lead Investigator should take lead in deciding if any staff under suspicion should be informed prior to the start of any investigation. If a decision to discuss the suspicion with the staff, HR should be consulted to ensure all employment laws are abided by.
8. Interviewing/statements
The University will follow standard and established disciplinary procedures against any member of staff who has committed fraud. Additionally, the University will normally consider prosecution of any such individual. The investigators and Internal Audit will ensure that:
- Evidentiary requirements and standards are met during any fraud investigation;
- Staff involved in fraud investigations are familiar with and follow rules on the admissibility of documentary and other evidence in criminal proceedings;
- Where required, external forensic services (such as IT) meet evidentiary requirements and standards, such as those relating to continuity of evidence.
Where the initial investigation provides reasonable grounds for suspecting a member or members of staff of fraud, the Fraud Response Team will decide how to prevent further loss.
This may require the suspension of the individual(s) suspected of fraud and removal of physical (i.e. campus, building and office) and systems access rights. Any suspension will be in accordance with University’s disciplinary procedures, but it may be necessary to plan the timing of suspensions to prevent individuals from destroying or removing evidence that may be needed to support the investigation process.
However, it should be recognised that there may occasionally be circumstances where it is decided to allow a fraud - and associated losses - to continue to identify, for example, further culprits.
When interviewing employees under suspicion it must be made clear whether it is a formal interview or an informal discussion. It should be explained that the University and the interviewers have no pre-set view, the suspicion should be outlined and the employee given adequate time to respond. If it is decided that formal questioning is needed because potential involvement in a criminal offence is suspected, then the interview should be conducted in accordance with the principles of the UK Police and Criminal Evidence Act (PACE). Guidelines can be found on the Home Office Website.
PACE provides protection for the individual and ensures that any evidence collected through interviews, (including the taking of statements) can be presented in court, whether or not such interviews are being carried out under caution. PACE covers such rights as the right to silence, to legal advice, not to be held incommunicado, to accurate recording and protection against evidence obtained through oppression. Because of this, very early consideration should be given to police involvement, or consultation in these circumstances. Legal advice should also always be sought, recognising that there may be variations in local legislation where an overseas campus, for example, is involved. Interviews should only be carried out with the approval of the Fraud Response Team.
There are strict rules relating to tape recorded interviews and investigators must be suitably trained, skilled and experienced if these are to be used. Ideally, statements should be taken from witnesses using their own words. The witness must be happy to sign the resulting document as a true record - the witness can be given a copy of the statement if desired. It is also very important to keep contemporaneous notes on file, in the event that they are needed for future reference (e.g. court, tribunal or disciplinary hearing).
9. Police involvement
At some point a decision will need to be made as to whether an incident is reported to the police. However, even if it is reported there needs to be an element of realism as to the likely extent of police involvement.
For large-scale frauds, it may be appropriate to ask the police to attend meetings of the Fraud Response Team. The lead investigator should prepare an ‘Evidence Pack’ that can be handed to the police at the time the fraud is reported, and a Crime Reference Number obtained. The Evidence Pack should include a summary of the fraud, highlighting (where known) the amount, the modus operandi, and the location, and including photocopies of key supporting documents and contact details of the person leading the investigation. All contact with the police should be channelled through one person which would generally be the investigator or, possibly, the communications lead (i.e. the person leading the investigation).
10. Prevention of Further losses
Immediate review of controls and processes would be needed to prevent further loss and investigation into what control has failed or if one existed. Short term changes in policy would need to be proposed to prevent further loss which would require approval from the VC & FD.
11. Recovery of losses
Recovering losses is clearly a major objective of any fraud response investigation. Internal Audit or those investigating the incident should ensure that in all fraud investigations the amount of any loss is quantified. Repayment of losses should be sought in all cases. Where the loss is (potentially) substantial, legal advice should be obtained without delay about the need to freeze an individual’s assets through the courts pending the conclusion of the investigation.
Legal advice should also be sought about the prospects for recovering losses through the civil court in circumstances where the perpetrator(s) refuse repayment. The University would normally expect to recover costs in addition to losses.
The University’s insurers should be involved in such cases and, indeed, their notification (above) may be a mandatory requirement of cover.
12. Administration and HR issues
Careful administration of the investigation is of vital importance. A disordered investigation, without clear records and logs of events, communications, key dates etc., will cause problems at any court hearing, tribunal or disciplinary panel. It is equally important that confidentiality is kept both for paper and electronic (e-mail) communications. Where e-mail is used for communication, subject names that have no direct link to the investigation should, for example, be considered. Within the employment law framework, HR must deal with any requests for references from staff who have been disciplined or prosecuted for fraud and related issues.
13. Reporting, including notifying regulators
The Fraud Response Team should provide a confidential and regular report to the Chair of the Audit Committee, the Vice Chancellor, the external audit partner and other nominated individuals at an agreed frequency.
The scope of the report should include the circumstances surrounding the case, contributory factors and progress with the investigation. Any incident meeting the criteria for a report to regulators should be reported without delay to the Vice-Chancellor, the Chair of the Audit Committee and the Chair of the Finance Committee where there is a (potential) financial loss. The Team should also consider if incidents not meeting the criteria should be reported, both to the regulator as well as to sector fraud alert networks (e.g. via BUFDG), to anonymously warn other sector bodies of potential risks.
14. Review, communication and action on findings & Closure
On completion of the investigation the Fraud Response Team should submit to the Audit Committee a report typically containing:
- A description of the incident, including the value of any loss, the people involved and the means of perpetrating the fraud
- Actions taken to prevent recurrence, and,
- A plan detailing any recommendations and actions (with timings) required to strengthen future fraud responses.
Last reviewed: 30/10/2020
Policy Owner: Finance