Corporate report

The Statutory Review of the Debt and Fraud Powers of the Digital Economy Act (2017) (HTML)

Updated 8 February 2024

Ministerial Foreword

As Minister of State for the Cabinet Office, I am required to conduct a review of the Debt and Fraud Powers of the Digital Economy Act (2017) (DEA), 3 years (or as soon as practicably possible) after they entered into force in May 2018. These Powers are intended to facilitate data sharing to better manage and reduce public sector debt and to combat fraud against the Public Sector.

This report forms a key part of the review which summarises both evidence from the evaluation of pilots and consultation responses from stakeholders about the effectiveness of the Debt and Fraud powers of the DEA.

The report highlights significant progress that public bodies have made in reducing debt and combating fraud. This has often been with the help of the Public Sector Fraud Authority, a new body set up by the current Prime Minister in 2022. Since September 2018 data sharing using the DEA and facilitated by the PSFA has saved the public purse a minimum of £137 million in combating fraud and recovering debt, with £132 million having been fully audited and checked for veracity for fraud and £5 million in recovered debt. This all contributes to the PSFA having saved the taxpayer a total of £311 million in its first year of operation.

The powers have been used by 17 Government Departments and Executive Agencies and 70 Local Authorities, resulting in over 100 data sharing pilots that are registered on gov.uk.  A number of these pilots have involved our colleagues and departments in the devolved administrations in Scotland and Wales. Work continues with our colleagues in Northern Ireland to progress the commencement and use of the powers.

Increasing the scale and effectiveness of how the government shares and uses data is a priority for this government. In the case of the specific fraud and debt powers that are the subject of this 3 year review. It is clear that the DEA has proved its value in increasing public bodies willingness and ability to share data. This is demonstrated by the variety and breadth of data pilots and business as usual data shares that reduce debt and combat fraud. Responses from the consultation have shown there is an increased appetite to use the powers from bodies that haven’t done so before and discussions are in place to add them to the schedules.

This report indicates that the DEA has provided a firm foundation for the future of public bodies data sharing, with plans in place for significantly more data pilots and business as usual proposals. Currently there are 26 pilots in the scoping and development phase across a range of bodies indicating a growing potential to manage debt and combat fraud in the public sector. Greater opportunities for data sharing coupled with a desire to increase the number of bodies on the Schedules will continue to improve our ability to reduce debt and to combat fraud in the future.

As Minister with responsibility for the public sector counter fraud agenda, it is a personal priority to expand the scale and reach of the use of these powers, including moving more pilots into a business as usual state, as well as running more pilots and expanding the list of public bodies using the powers. This review shows the effectiveness of this legislation and how it can lead to strong, measurable outcomes.

There is of course more to be done which is why, based on the evidence provided in this report, I am pleased to announce that I will be retaining the powers in their current form. 

The final stage of the review is to publish this report on gov.uk and arrange for the laying of the reports in the UK Parliament, the Scottish Parliament, the Welsh Senedd and the Northern Ireland Assembly.

Baroness Neville-Rolfe DBE CMG

Minsters of State for the Cabinet Office

Executive Summary

• The Digital Economy Act (2017) (herein “DEA”) provides a permissive legal gateway to public bodies and other specified persons listed on the DEA schedules to reduce debt owed to the public sector and combat fraud against the public sector.
• The purpose of the report is to fulfil  the requirement of the statutory review of Section 53 of Chapter 3 (Debt Power) and Section 61 of Chapter 4 (Fraud Power) of the powers, which is to be commenced as soon as is reasonably practicable after the end of three years of the legislation coming into force. The relevant Minister must review its operation and decide whether it should be amended, repealed or retained in its current form.
• The report is based upon the evidence from completed data sharing pilots and/or business as usual proposals and the responses from the consultation conducted as part of the review process.
• Data sharing using the DEA has saved the public purse a minimum of c£137 million in combating fraud and recovering debt, with c£132 million having been fully audited and checked for veracity for fraud and c£5 million in recovered debt.
• The consultation received positive feedback from public bodies with regard to the effectiveness of the DEA powers. Analysis from the consultation showed that 71% of respondents from Local Authorities who used the powers think that they were useful for recovery of debt. 95% of the consultation respondents who used the fraud powers indicated that the powers were useful to combat fraud. Overall 74% across all respondents who had used both powers found them useful and notably that they increased public bodies’ willingness and ability to share data to manage and reduce debt and combat fraud.
• The DEA has mechanisms in place to ensure that robust scrutiny is applied to all data sharing agreements to ensure that data sharing using the DEA is balanced,  proportionate, transparent and observes relevant legal and data protection requirements, which was confirmed in a recent review of the DEA powers by the ICO^{[footnote 1]}. Respondents to the consultation stated that they experienced no privacy concerns when using the DEA debt and fraud powers to share data.
• The consultation has shown that public bodies that have used the powers have found them to be effective, and that there is appetite from public bodies who have not used the powers to use them in the future.
• The consultation has provided options for improvements on the use of the powers, these relate to logistical and procedural improvements that do not require legislative change. The DEA Secretariat will work to understand where these improvements can be made.
• Based on the evidence provided in this report, the Cabinet Office recommends that the relevant Minister retains the DEA debt and fraud powers.

Key Achievements

• 102 data sharing pilots to date registered on gov.uk^{[footnote 2]}
• Combined debt recovered and fraud identified of £137 million, including:
  • c£99.5 million of fraud identified in ongoing Covid loan pilot
  • £14.9 million fraud identified by National Fraud Initiative and DEA pilot
  • £5.1 million of fraud identified in companies’ “shadow accounts”
  • c£5 million recovered in inaugural DEA debt pilot
• DEA debt and fraud powers used by 17 Government Departments and Executive Agencies and 70 Local Authorities
• 3 pilots moved to business as usual with plans for 74 to follow
• Increased data sharing across the public sector
• Increased support for vulnerable debtors via the Government Fairness Principles

Background & Introduction

The Digital Economy Act (2017) came into force in May 2018. Chapters 3 and 4 provides a permissive legal gateway to public bodies and other Specified Persons listed on the DEA schedules who wish to reduce debt owed to the public sector and combat fraud against the public sector.

The purpose of this report is to fulfil the requirement for a statutory review of Section 53 of Chapter 3 (Debt Power) and Section 61 of Chapter 4 (Fraud Power) of the powers, which is to be commenced as soon as is reasonably practicable after the end of three years of the legislation coming into force. The relevant Minister must review its operation and decide whether it should be amended, repealed or retained in its current form. Due to the impact of the Covid-19 pandemic, it was deemed necessary and appropriate to delay this statutory review to focus on combating fraud against the Covid-19 support schemes.

The report will assess the DEA debt and fraud powers against the Review Criteria below that were set by the Cabinet Office Minister at the time, and issued as a Written Ministerial Statement in July 2021^{[footnote 3]}

a) What has been achieved in the three years since commencement and how has the risk of fraud and debt changed?

b) Have the powers been effective in managing and reducing debt owed to the public sector and in combating fraud against the public sector?

c) What positive and negative impacts (including societal impacts) have the DEA powers had? Due to their different characteristics, separate criteria will be used for fraud and debt:

i) For Debt: have the powers led to improved management and recovery of debt owed to government authorities, increased fairness and better approaches to vulnerable debtors among such authorities and sustainable Business-as-Usual processes which allow recovered money to flow into the public purse?

ii) For Fraud: have the powers led to improved identification, prevention and recovery of fraud committed against government authorities and sustainable Business-as-Usual processes which allow the prevention of fraud and recovered money to flow into the public purse?

d) Have the powers contributed to the effective delivery of Government policy, helped support manifesto pledges and supported the maintenance of the integrity of the Union and devolved administrations?

e) Have the powers enhanced the willingness of public authorities to engage with and utilise data sharing powers, reduced or created burdens for public authorities and/or given rise to any privacy concerns (such as in relation to reductions in privacy or the misuse of data)?

f) Are there changes that can be made that would improve the effectiveness of the debt and fraud powers’ operations?

This review report has been compiled by the Ministers Officials, in the DEA Debt and Fraud Secretariat within the Public Sector Fraud Authority (PSFA) in the Cabinet Office (herein “DEA Secretariat”).

Methodology

The objective of this report is to analyse the effectiveness of the DEA based upon the Review Criteria listed in the Background section. In order to achieve this, the DEA Secretariat has used both qualitative and quantitative methods where appropriate. The research was conducted by gathering evidence contained in evaluation reports submitted by organisations that have operated a debt or fraud pilot.

As well as evidence from DEA pilots, the DEA Secretariat consulted with the:

• Information Commissioner, Scottish Ministers, Welsh Ministers, the Department of Finance in Northern Ireland,
• and such other persons as the relevant Minister deemed appropriate, including:
  • government departments as part of the Home Affairs Committee, that have and have not used the debt and fraud powers and departments that are not currently listed in the DEA debt and fraud Schedules;
  • public bodies that have used the powers and;
  • members of the DEA Debt and Fraud Review Board including representatives of the Information Commissioner’s Office (ICO) and civil society groups such as the Step Change Debt Charity.

Table 1, notes the high level outcomes from the consultation.

Table 1: Total responses from the consultation

Category	Total Consulted	Responses	Nil Returns	Did not respond
Public Bodies	80	49 (61%)	3 (4%)	28 (35%)
DEA Review Board	23	12 (52%)	2 (9%)	9 (39%)
Total	103	61 (59%)	5 (5%)	37 (36%)

These organisations and individuals were consulted in order to understand whether they felt the debt and fraud powers have been effective, and if they felt there were changes that could be made to make the powers more effective.

Public bodies were asked 7 questions which were designed to capture feedback on elements of the review criteria. The results of this survey supplemented the evidence from the pilot evaluations and provided an opportunity to gauge user perceptions of the powers; something which cannot be assayed through the evidence provided in the evaluation reports. Review Board members were consulted and asked questions e) and f).

The consultation was open for 8 weeks between 28th March 2023 and 25th May 2023, responses were then analysed by the DEA Secretariat. Each question allowed responses via free text allowing public bodies a degree of flexibility. The analysis was undertaken by two members of the DEA Secretariat and independently reviewed by two Cabinet Office officials, including a qualified senior data analyst.

The analysis from the consultation responses and evaluations reports were merged and used to respond to each of the relevant Review Criteria.

The final report was reviewed and approved by PSFA Senior Civil Servants and the Chief Executive Office of the PSFA.

DEA Debt and Fraud Data Sharing Process

Each DEA data sharing agreement must be conducted in accordance with the DEA Code of Practice (herein ‘The Code’). The Code details a series of considerations and processes that bodies must adhere to in order to ensure that data sharing is proportionate, transparent, and subject to scrutiny. The DEA Review Board for non-devolved and England-only data sharing has been established since 2018 to apply scrutiny to all pilots. It consists of subject matter experts from i) Public Bodies, both Government Departments and Local Authorities; ii) representatives from Information Commissioner’s Office (ICO); iii) invited members from civil society groups, such as those representing privacy rights; and iv) invited members from debt support groups such as the Step Change Debt Charity.

Scheduled Bodies that wish to establish a data sharing pilot under the DEA are required to submit a Business Case, Data Protection Impact Assessment, and Data Usage Agreement to the Review Board for their national territory. Their relevant DEA Secretariat will review all documentation to ensure these are suitable for submission to the Review Board. As per the Code, bodies are advised by the Secretariat to ensure that their legal team and data protection officers are involved in the formulation of these documents. The Senior Responsible Officers within these organisations are also required to sign the documents, accepting any residual risks.

It is important to note that the powers are designed to be operated initially through pilots. Once the benefits of pilots are explored, a continuation to business as usual agreement is encouraged, subject to Ministerial approval. In order to transition to business as usual, bodies must provide evidence of the value of the data sharing exercise in their interim and subsequent end of pilot reports. Once a pilot has continued into business as usual, the pilot becomes fully operational whilst the DEA legislation exists. The data cannot be used for any purpose other than that stated in the pilot and business as usual governance documentation.

The Review

This section will address each of the Review Criteria by referring to evidence from pilots combined with evidence from the consultation.

a) What has been achieved in the three years since commencement and how has the risk of fraud and debt changed?

Increasing use of the DEA debt and fraud powers across the public sector

Table 2 provides a summary of the number and types of pilots either as a pilot or business as usual that have been facilitated by the DEA and published on the DEA public register for the period from May 2018, until 1 August 2023. 

Table 2 DEA debt and fraud pilot summary table:

DEA Debt and Fraud Data Sharing Agreements	Total	Pilots continuing as business as usual
Fraud Pilots	29	3
Debt Pilots	73	0
Combined total	102	3

The DEA requires that all data shares are conducted as pilots are published to ensure transparency and maximise trust in the process. Since the enactment of the powers, the DEA Secretariat has listed 102 pilots on the DEA public register. 73 of these are to manage and reduce debt, the majority of which form two separate groups of Council Tax debt recovery pilots, involving 70 Local Authorities (LAs). There have been 28 fraud pilots including three that have moved into business as usual agreement, these are pilots between (i) Companies House (CH) and His Majesty’s Revenue and Customs (HMRC), (ii) the National Fraud Initiative (NFI) and HMRC & (iii) Education Skills Funding Agency (ESFA) and HMRC. 74 pilots are being scoped to move into business as usual, this includes the 70 Local Authorities (LA) involved in the Council Tax debt pilot with steps being taken to include all Local Authorities in England, Scotland and Wales.  Governance work is ongoing with these additional 301 LA’s. As it stands approximately 75% of pilots have or are being actively moved into business as usual. The move to continue a pilot into a business as usual process is dependent upon a number of factors including departmental resources, budgets and appetite. For example, during COVID-19 internal resources in departments were reprioritised and had an impact on the ability to progress pilots.

The purposes of a pilot can range from identifying and understanding the prevalence and scale of fraud within a system, up to and including preventing loss and recovering funds.  The progression of pilots into BAU depends on the aim and outcomes, for example an outcome that indicates there is no fraud in the system would mean the pilot has successfully established that there is no  requirement to move to BAU and has met its objectives.

The evidence provided from pilot outcomes demonstrates the value and success achieved using the fraud and debt powers.

The DEA powers have been used by public bodies to combat fraud and debt in key areas such as Universal Credit, Company Tax, student loans, government contracts, and more. As this report will discuss, there have been pilots conducted by various Government Departments, Executive Agencies and LAs, demonstrating that while there is more work to be done to promote the powers, the legislation is becoming more well-known and utilised across central and local government.

Data sharing using the DEA legal gateway has provided public bodies with the ability to recover c£5 million through a Council Tax recovery pilot involving multiple local authorities in England and Wales. Furthermore, a number of pilots that have been facilitated through Cabinet Office’ Counter Fraud Function (now Public Sector Fraud Authority) have saved the public purse c£132m. This includes two pilots between the National Fraud Initiative (NFI) and HMRC as well as a pilot between Cabinet Office, Department for Business, Energy & Industrial Strategy (BEIS) and HMRC to detect fraud within the Covid-19 Bounce Back Loan Scheme (BBLS). These pilots will be discussed in more detail in the following sections of this report.

Key financial outcomes from the DEA

Table 4 Audited Financial Savings from DEA*

Category	Total Financial Savings	Prevented	Fraud Recovered / In-recovery Debt Recovered
Combating Fraud	£132,205,247	£8,175,550	£124,029,697
Managing and Reducing Debt	£5,000,000	N/A	£5,000,000
Combined	£137,205,247	£8,175,550	£129,029,697

*Only Audited figures are shown, pilots have produced financial outcomes but have not been audited.

The audited fraud figures presented in Table 4 above (c£132m) have been internally approved, by the PSFA Savings Assurance Board, and audited by the Government Internal Audit Agency (GIAA). The figures pertaining to debt (c£5m) have been reported by the public bodies who have operated the data sharing agreements, and have not been audited. While it is mandatory for public bodies who use the DEA debt and fraud powers to produce an evaluation report after the conclusion of their pilot, providing substantial information about the operation of the pilot and its relevant outcomes, there is no current requirement to provide the DEA Secretariat with fully audited financial outcomes. As a result, there is an additional c£27.5 million of savings that have been reported but not audited and these have not been included in the audited figures above.

The Secretariat has commenced plans to improve the reporting of outcomes and will work with bodies to agree on the reporting of assured and auditable financial savings and non-financial benefits. Work is ongoing with participating bodies on the assurance required for reporting all benefits that are included within a pilots success criteria, recognising that the impact of the DEA goes beyond financial savings, such as effectively managing debt and supporting those in debt including vulnerable debtors.

DEA providing effective solutions to tackle fraud and debt problem

Pilots that have been established since the DEA came into force have had an impact on reducing debt and combating fraud in the public sector. As well as delivering financial outcomes, pilots have proven to be effective diagnostic tools, providing evidence that data matching is possible and has the potential to be utilised to reduce debt and combat fraud. Through pilots, the DEA has allowed organisations listed on the schedules to address problems that historically were difficult to solve. An example being the ability to verify an individual’s income in order to recover Council Tax debt while ensuring that potentially vulnerable debtors are recognised and appropriate steps are taken to recover the debt proportionately. 

While fraud risk remains significant and continues to evolve, public bodies have been able to use the DEA to identify fraud and take necessary action, including strengthening their systems where necessary to prevent fraud, recover the monies lost, and take action against fraudsters up to and including prosecution. As shown in Table 3, the DEA has facilitated c£8 million of prevented fraud to date. The levels of fraud prevented by the DEA are anticipated to increase, and will likely result in savings to the public purse before monies are lost and resources are used in attempt to recover them.

Increasing public bodies’ appetite to share data

The DEA was developed and introduced following a recognition and challenge by government, the public sector and academia that there was a need to increase data sharing to combat fraud and reduce debt. One of the main themes from the consultation was that the powers have increased public bodies’ willingness and ability to share data to manage and reduce debt and combat fraud. The analysis shows the powers had increased their willingness and ability to share data, 24 out of 36 (67%) LAs respondents answered positively and 9 out of 10 (90%) Government Departments and Executive Agency respondents provided a positive response. This demonstrates the impact of the powers in improving cross government data sharing.

Specifically, respondents noted that while their ambition to share data for these purposes has always been high, the legislation has made data sharing more accessible, and has provided them with confidence in the ability to legally and safely share relevant information. The positive feedback gathered from the consultation therefore suggests that LAs are serious about managing and reducing debt and combating fraud and that there is potential for further effective engagement with the powers across the public sector. The evidence detailed in the financial outcomes and consultation responses show that there has been progress since the DEA came into force and that there is potential for further positive impact in the next period.

To summarise, there have been 102 pilots, with significant financial savings across a number of government schemes, including Council Tax, Covid-19 Schemes, Universal Credit, Company Tax and Student Loans, which have found effective solutions to tackle debt and fraud through data sharing and improve the appetite for more data sharing.

b) Have the powers, through their use, been effective in managing and reducing debt owed to the public sector and in combating fraud against the public sector?

c£5 million recovered in inaugural DEA debt pilot

The DEA has been utilised effectively by LAs to manage and reduce Council Tax debt. As of 31 March 2022, the total amount of outstanding Council Tax debt amounted to £5 billion (cumulated from the introduction of Council Tax in 1993).^{[footnote 4]} One of the most significant group of pilots using the DEA debt powers was conducted between March 2019 and March 2020, by 29 LAs and HMRC to investigate the potential value in using previously inaccessible HMRC income data to recover Council Tax debt. It is worth noting here that each Local Authority is a self-governing body and so requires its own data sharing governance.  Thus the first group of pilots consisted of 29 individual pilots between a LA and HMRC; this is reflected in the register. This group of pilots was successful and enabled participating councils to actively recover debt from those in employment by allowing the LAs to contact individuals’ employers and put in place an Attachment of Earnings Order if necessary and proportionate.

During the pilots, support was offered for those in financial hardship when their circumstances became known to their LA. c£5 million was recovered from the sample debt of £25 million, amounting to a 20% recovery rate. As well as working to progress this group of pilots into business as usual a second group of pilots has been undertaken and is currently being evaluated. Involving 41 LA`s, these pilots aimed to assess the value added by additional Department for Work and Pensions (DWP) data including enhanced vulnerability flags. This work shows the actual and potential value of effective data sharing between LAs to manage and reduce debt, as well as the effectiveness of the DEA in providing the legal gateway. Furthermore, it also shows the value of the piloting approach that allows for the introduction of new data which can then be assessed on their impact and ability to mitigate risks before moving into formal controls and business as usual arrangements.

c£99.5 million of fraud identified in ongoing Covid loan pilot

In response to the higher level of fraud risk and occurrence during the pandemic against Covid-19 support schemes, Cabinet Office delivered a fraud analytics pilot from June 2020 until June 2023 on behalf of Department for Business and Trade (DBT) (formerly known as  Department for Business, Energy & Industrial Strategy (BEIS)), and the British Business Bank (BBB) to identify fraud in Covid-19 Schemes,utilising HMRC data. This has involved using the data facilitated through the DEA to flag potentially fraudulent loan applications. Banks that are Accredited Lenders for the Schemes have used these flags to seek repayment of the loan. Lenders have also removed loans from the State guarantee in cases where they have accepted liability for the fraud and/or credit loss (meaning losses are realised by the lender and not the state). To date savings from loans repaid amount to a total of £99.5 million, with further savings expected.

Consultation shows public bodies find the DEA effective

Analysis from the consultation showed that 71% of respondents from LAs who used the powers think that they were useful for recovery of debt. This figure increased to 74% across all respondents who had used the powers. The responses indicate that this effectiveness was a result of access to previously unobtainable data.

95% of the consultation respondents who used the fraud powers indicated that the powers were useful to combat fraud. Similarly, responses indicated that access to previously unobtainable data was key to these effective outcomes.

To summarise, evidence from the pilot evaluation reports and consultation responses indicate that the powers have been effective in managing and reducing debt and tackling fraud, and protecting the public purse.

c) What positive and negative impacts (societal and otherwise) have the DEA powers had? Due to their different impacts, criteria will be held separately for fraud and debt, asking if the powers have:

• For Debt: led to greater management and recovery of debt owed to government authorities, increased fairness/vulnerability approaches among such authorities and sustainable Business-as-Usual provisions which allow recovered money to flow into the public purse.

Increasing debt recovery and taking action to identify vulnerable debtors using the DEA

As the evidence in response to Review Criteria (b) has shown, the DEA has led to greater management and recovery of debt by providing a straightforward legal gateway for gaining access to data. The first group of debt pilots using the DEA had a 20% recovery rate, yielding c£5 million of previously unrecoverable debt. The success of this pilot has identified the potential for further debt recovery and work is currently in progress to develop the pilot to include all LAs, who wish to participate, in business as usual.

The DEA has also contributed to ensuring that data sharing and any action taken in response to evidence gained through data sharing is fair, and that vulnerable people are identified and measures are taken to ensure they are treated fairly. In 2018, a National Audit Office (NAO) report stated that the Cabinet Office should “continue to explore how to improve data-sharing within government, to help tailor debt management approaches to debtors’ circumstances and avoid different parts of government competing with each other.”^{[footnote 5]} In response to this, a debt pilot between HMRC, Cabinet Office, various LAs and several Government Departments was initiated to gain an understanding of areas of overlap where individuals owe debt to more than one public body (i.e. Government departments and/or a LA), and achieve a better understanding of those individuals recorded as vulnerable by HMRC.

Scoping work is being carried out by wider government to develop a further operational pilot that will allow the ability to identify potentially vulnerable debtors and put appropriate measures in place with regards to proportionate debt recovery in line with the government’s Fairness principles. 

Respondents stated that the DEA was useful in terms of their approach to identifying and engaging with vulnerable debtors. There were no respondents who stated that the powers were counterproductive in this regard. Local Authorities also highlighted that in providing the ability to identify vulnerable debtors, the DEA has contributed to LAs’ ability to operate in line with Fairness Principles. The respondents identified additional positive impacts. For example, LAs noted an increased level of engagement from customers, and savings on resources which could be used to progress other policies and priorities. The consultation did not identify any negative impacts as a result of the application of DEA powers to manage debt on local and central government levels.

• For Fraud: led to greater identification, prevention and recovery of fraud committed against government authorities and sustainable Business-as-Usual provisions which allow recovered money to flow into the public purse.

£5.1  million of fraud identified in companies’ “shadow accounts”

The inaugural DEA pilot was led by the Counter Fraud Centre of Expertise in September 2018, bringing together Companies House (CH) and HMRC to target “shadow accounting” which involves companies fraudulently misstating their accounting disclosures and corporate structures to CH and HMRC in order to avoid or evade Corporate Tax, Value Added Tax (VAT), Employer National Insurance contributions or Director Dividend Tax liability to HMRC. The pilot identified £14.7 million of fraud, of which £5.1m has been assured by audit as financial savings. In addition, 3,510 sets of statutory accounts were identified as incorrect on the CH register and subsequently amended, thereby improving the accuracy and integrity of the register.  This data sharing agreement has moved into business as usual.

£14.9 million fraud identified by National Fraud Initiative and DEA pilot

One of the most significant pieces of work facilitated by the DEA has been between the Cabinet Office’s National Fraud Initiative (NFI) and LAs. The NFI is an ongoing exercise that matches electronic data within and between 1200 public and private sector bodies in order to prevent and detect fraud. Conducted under the Local Audit and Accountability Act 2014, the NFI matches 26 data sets from across government, enabling public bodies and LAs to identify fraudulent activity in systems such as Housing Tenancy, Council Tax, Employee Payroll and Licensing Data. Between April 2020 and March 2022 the NFI enabled participating organisations to prevent and detect/recover £443 million fraud and error across the UK.

Between 2018 and 2022, the DEA has provided a legal gateway for two pilots between the NFI and HMRC. NFI shared a total of 20 million records with HMRC to enable LAs to detect and prevent fraud by providing them with the ability to assess eligibility for benefits such as Council Tax and Housing Benefit. The outcomes as of 31 October 2022 for both pilots combined totalled c£14.9 million across different pieces of fraudulent activity in systems such as Council Tax and Housing Benefit. This data sharing agreement has moved into business as usual.

Business as usual arrangements in place to combat fraud

Since the DEA powers came into force in 2018, three data sharing pilots that were initiated to combat fraud have successfully transitioned to business as usual arrangements.

The CH Shadow Accounts fraud business as usual pilots has identified confirmed tax at risk, of over £10 million. These cases are currently under investigation by HMRC.

Additionally, the NFI and HMRC business as usual pilots has the potential for outcomes estimated to rise to between £16 million and £36 million, depending on levels of engagement from local councils, for each 2 year NFI cycle.

A pilot between the Education and Skills Funding Agency (ESFA) and HMRC has continued to business as usual. This pilot was set up to detect fraud whereby learning providers were submitting fake funding applications using fake identification to create non-existent applicants. The pilot identified a fraud and error rate of 4.5%, with savings of £715,896. With a second pilot leading to £12.06 million savings.

It is worth noting that not all successful pilots will progress to BAU, for example, some pilots are designed to identify if fraud exists, to test internal processes, thus preventing fraud entering the system and giving confidence to the participating bodies. Additionally, bodies may have varying levels of staffing/resource capability and this may impact their ability to progress a pilot and/or business as usual proposals quickly, depending on internal prioritisation requirements.

d) Have the powers contributed to Government policy; responded to Government manifesto pledges; supported the maintenance of the integrity of the Union and devolved administrations;

DEA support to the Government Debt Management Strategy and Public Sector Fraud Authority

The Government Debt Management Function recently published the 2023-26 Government Debt Strategy (the Strategy) which lays out its ambition to further improve how debt owed to the government is resolved, enabling Fair Debt Outcomes for All.^{[footnote 6]} The report details the government’s mission to support those in vulnerable circumstances to reduce the number who fall into problem debt, as well as seeking to improve the government’s capability to resolve debt efficiently and effectively. The use of the DEA data sharing powers are one of the tools that the Strategy highlights for their ability to identify vulnerable people and prevent problem debt occurring.

The formation of the PSFA in 2022 underlined the government’s determination to tackle fraud and the work that the DEA Secretariat does to facilitate and increase the use of data and data sharing pilots using the DEA is an integral part of the organisation.

As the evidence in this review has shown, the DEA has provided a significant contribution to the government’s policy to manage and reduce debt and combat fraud

DEA and the devolved administrations

The DEA has supported the maintenance and integrity of the union by working closely with devolved administrations across the UK to support the use of the legal gateway provided by the DEA debt and fraud powers. The powers are currently being used by public bodies in Scotland and Wales, and work is currently ongoing to include Northern Ireland in the DEA Schedules. Since the powers came into force, there have been data sharing pilots using the DEA with two pilots involving Scottish public bodies and three involving Welsh public bodies.

A further pilot between the Scottish Courts and Tribunal Service (SCTS) and HMRC initiated in September 2022 is seeking to aid SCTS in recovering debt. Prior to the pilot, SCTS had no access to verifiable debtor income information, preventing them from being able to verify a debtor’s income and take appropriate action to recover the money owed. In order to tackle this issue and make debt recovery more efficient, this pilot has combined SCTS debtor data with HMRC Pay As You Earn (PAYE) and Self-Assessment data which can be used to verify income and better identify recovery actions for individuals who are not repaying their debt, including recovering debt directly from employers if necessary as well as identifying potentially vulnerable debtors and taking appropriate measures to ensure debt recovery is fair and proportionate. This pilot is ongoing.

Furthermore, as well as having two Local Authorities involved in the Council Tax Pilot referenced in Review Criteria (b), Welsh public bodies have made further use of the DEA. Between June 2021 to March 2022, a pilot between the Welsh Government and HMRC was set up to detect fraud in grants which were delivered to businesses by the Welsh Government on behalf of HMRC in response to Covid-19. The data matching was successful, and identified no evidence of fraud. While this pilot did not yield financial outcomes, it successfully provided assurance that their current fraud controls were effective.

The DEA Secretariat within the PSFA has built and maintained healthy working relationships with the devolved administrations, sharing knowledge appropriately in relation to tackling debt and fraud problems. Colleagues from public bodies in Scotland regularly attend and observe the Debt and Fraud Review Board. Additionally, the consultation showed that the devolved administrations are keen to continue to work closely with the DEA Secretariat to utilise the powers. In their consultation responses, the Department of Finance in Northern Ireland indicated their desire to have the powers extended into Northern Ireland, while representatives and public bodies in Scotland and Wales highlighted the benefits of the DEA by expressing their desire to continue to increase the use of the powers in the future.

e) Have the powers enhanced the willingness of public authorities to engage with and utilise the data sharing powers reduced or created burdens for public authorities; invoked any privacy concerns, such as in relation to reductions in privacy or the misuse of data;

Public bodies who have used the DEA debt and fraud powers, have shown an enhanced willingness to engage with and utilise the DEA. As mentioned in response to Review Criteria (a), one of the themes from the consultation was that public bodies stated that the powers increased their ability and willingness to share data to manage and reduce debt and combat fraud as the powers have been valuable for fraud and debt detection, with respondents also highlighting that the DEA process is more straightforward than other legal gateways. Additionally, some public bodies who have not used the powers stated their support for the powers and their ambition to be included in the DEA schedules in the future.

30 out of 36 (83%) LA respondents stated that they experienced no privacy concerns when using the DEA powers and 9 out of 10 (90%) Government Departments and Executive Agencies also made this statement. In response to the question regarding privacy concerns, respondents highlighted the robust security measures in place throughout the process to ensure privacy concerns are dealt with appropriately.

There has been a single, low-impact data breach. The data breach occurred as a small number of LAs had failed to identify all of the third-parties who had access to their debt recovery systems via a weekly data upload (and thus would have had access to the pilot data). The breach was identified and rectified quickly. The ICO representative on the DEA Review Board was made aware of the issue and there was deemed to be no requirement for a formal report.

Recently the DEA Secretariat identified an administrative error in the dates contained in the paperwork for a pilot. This created a gap of a number of hours where data supplied under the terms of the data sharing agreement was not fully covered during the process to transition to BAU. The DEA Secretariat took immediate action to inform the bodies involved to halt the data sharing, assess the risks and instigate appropriate mitigation agreed by all parties including lessons learnt. As a result regular review points have been incorporated into DEA Secretariat procedural checks.

In an effort to ensure transparency and compliance with data protection and privacy matters, the DEA Secretariat engages with the ICO regularly. Representatives of the ICO are observers of the DEA Debt and Fraud Review Board and have oversight of each data sharing proposal that is presented to the board. The valuable feedback and input that is contributed by ICO colleagues is welcome and encouraged.

Feedback from the ICO with regard to the DEA data sharing process has been generally positive. In its recent report in March 2023, the ICO stated that the framework for data sharing under the DEA provides a supportive background to help organisations share data in ways that benefit the public. The report also considered the DEA framework and found that it includes robust safeguards that ensure organisations share data responsibly and in alignment with data protection principles, while also safeguarding people’s rights. The report also noted that public bodies who wish to share data under the DEA Debt and Fraud Powers are required to complete a Data Protection Impact Assessment (DPIA) which is then reviewed by the DEA Secretariat and Review Board. The ICO observed in the report that some organisations showed an exemplary approach to DPIAs, completing them before processing took place and ensuring that their documentation contained thorough, detailed assessments including mitigating actions for any identified risks. The ICO also provided valuable feedback to improve the DPIA process, highlighting the need to carry out DPIAs before sharing data and providing sufficient detail on DPIA documents about pilots, for example, the volume of data being shared. The DEA Secretariat welcomes continuing engagement and input from the ICO and will ensure its feedback is considered and action taken where necessary.

f) Are there changes that can be made that would improve the effectiveness of the debt and fraud powers’ operations?

There was constructive feedback provided by public bodies and the DEA Debt and Fraud Review Board. A number of logistical issues were raised as potential improvements to the effectiveness of the operation of the debt and fraud powers.

One of the themes from the consultation was a need for more effective communication between public bodies with regard to how the DEA can be utilised. For example, LAs indicated that there is a level of inconsistency in how the legislation is interpreted across government departments with regard to what data can and cannot be shared in a data sharing pilot.

Another theme from the consultation responses from LAs and Government Departments indicated that there is a need for more awareness of the DEA. Many organisations who have a debt or fraud problem are unaware of the legislation or may have heard of it but do not understand the process of how to initiate a debt or fraud pilot, or how it could benefit their public body. To address this, one of the DEA Secretariat`s key priorities is increasing and broadening outreach to make public bodies aware of the DEA and how it could benefit them.

Another issue identified was the length of the process and the time it takes to receive the requested data, with several respondents stating that in their experience, the process took too long and meant that the data was out of date and ineffective with regard to tackling their issue once it was received. The DEA Secretariat has recognised a need to balance the sharing of data to be done as  timely and efficiently as possible, whilst ensuring that all processes are followed in line with public bodies data sharing requirements and in adherence with the DEA Code of Practice.  The average time from development of a pilot to Ministerial approval is 7 months. The Secretariat is working to improve its procedural governance processes through improved monitoring and evaluation of progress at critical stages of activity required to deliver a pilot.   The pace of DEA pilots is reliant upon public bodies internal processes, governance, staffing, resourcing, capability and departmental priorities.

Responses from public bodies indicated that they would like the process to be more flexible with regard to making minor changes to the data sharing agreement when the pilot was operational. As per the Code of Practice, there is a process for making variations to agreements which ensures that the proposed changes are subject to the same scrutiny and privacy and data protection considerations as all proposals. Whilst this may add time to the duration of the process, this ensures due diligence is applied to all proposed variations is of paramount concern. This aspect is discussed with pilot bodies when discussing any variations proposals.

The feedback provided by the Debt and Fraud Review Board respondents in the consultation was positive, highlighting the effectiveness of the DEA in providing a relatively straightforward gateway, allowing data to be legally shared and used to tackle fraud and recover debt. The main concern highlighted by Review Board members pertains to the business as usual process, with several members highlighting the need for more clarity around Review Board members’ roles and responsibilities with regard to a pilot transitioning to business as usual. Additionally, some Review Board members stated that this transition could be streamlined to make the process more timely. The feedback from the consultation is being fed into a review of the debt and fraud code of practice, as part of an overall statutory review of all of the DEA code of practices to implement improvements and clarity around roles and responsibilities.

To summarise, the changes noted by consultees relate to the process rather than the DEA legislation itself, which indicates that those using the powers consider them to be effective.  Finally, three government bodies that are currently not on the schedules have indicated a wish to be added and the DEA Secretariat are working with these departments to add them to the schedules and actively encouraging other bodies to join.

Conclusion

This report has shown, the DEA has been an effective tool which can be utilised by public bodies to manage and reduce debt, with increased consideration of vulnerable debtors  and combat fraud. The data sharing that has taken place since the powers have been operational have provided value by allowing public bodies to share previously inaccessible data.  Feedback from bodies who have used the powers has indicated that the powers are effective, with government departments and the devolved administration which is not a Specified Persons under the DEA under the DEA stating their support for the powers and their ambition to be included in the DEA schedules in the future.

The evidence in this report has shown that the legislation has enhanced the willingness and ability of public bodies to share data to tackle these issues effectively and proportionately, and that there is potential for the legislation to be a pillar of the public sector’s ability to prevent fraud before money is paid out as opposed to the more difficult task of recovering money. As well as demonstrating the effectiveness of sharing data to tackle debt and fraud problems, the evidence has also shown that this is done proportionately and in line with relevant legislation and data protection considerations. The DEA Code of Practice, Secretariat, and Review Board ensures that all data sharing proposals are proportionate and subject to scrutiny, and this will continue in the future should the powers be retained.

Recommendation

The statutory review offers the Minister three options, amend, repeal or retain in their current form. 

Amend - whilst there have been suggestions that are being considered to improve and iterate the process, there have been no suggestions that would require amendment of the legislation itself - most can be addressed through changes to the Code or amendments to the Review Board operating model. Participants are happy with the gateway and the scope it provides for more data sharing across government, but there is more to do this can be achieved through making procedural improvements and driving cultural attitudes to data sharing however this consultation has demonstrated that, at this stage to achieve this wider use there is no requirement for legislative change, the powers are sufficient to achieve good outcomes and to do more in the future. Amend is not recommended.

Repeal - The evidence outlined in this report indicates that the powers have been effective.  Repealing the powers would lead to a downturn in the scale and breadth of how the government uses data for fraud and debt purposes, pilots currently being developed would not materialise, thereby losing all the benefits of both the debt and fraud pilots. For example, the potential loss of Council Tax debt recovery, that could potentially recover millions.  No respondents have suggested repeal in the consultation; the proposed improvements are procedural and can be considered and addressed through changes to the Code of Practice or amendments to the Review Board operating model. The powers have been overwhelmingly supported, have delivered good outcomes and should be maintained either in the current or amended format. Government is criticised for not doing enough with data, and there is a renewed push to harness emerging technologies such as AI as part of digital transformation strategies. The DEA gateway will be a central tool to progress this wider aspiration and Repeal would set the government back, as such Repeal is not recommended.

Retain - the evidence in the report shows the powers are successful and there is widespread support and interest in their continued use.

As stated, the purpose of this statutory review is to determine if the debt and fraud powers of the DEA should be amended, repealed or retained in their current form, noting that the consultation has provided options for improvements that relate to logistical and procedural improvements not requiring legislative change. Based on the evidence provided in this report, the Cabinet Office recommends that the relevant Minister retains the DEA debt and fraud powers in their current form.

1. ICO’s review into data sharing under the Digital Economy Act 2017 (PDF, 361KB) ↩

2. Register of Information sharing agreements under chapters 1, 2, 3 and 4 of part 5 of the Digital Economy Act 2017 ↩

3. Statutory Review of the Debt and Fraud Powers of the Digital Economy Act (2017). Statement made on 20 July 2021. ↩

4. (2022) Collection rates and receipts of Council Tax and non-domestic rates in England, 2021-22 (revised)(PDF, 358KB) . ↩

5. (2018) Report cross-government, HM Treasury - National Audit Office (PDF, 700KB)). ↩

6. 2023-26 Government Debt Strategy. ↩