Fraud awareness: good practice for education and training providers

Question 1

Introduction

Accepted Answer

The Public Sector Fraud Authority (PSFA) estimates that every year between £39.8 billion and £58.5 billion of taxpayers’ money is subject to fraud and error. According to the Office for National Statistics (ONS), fraud accounts for over 40% of crimes in England and Wales. We as individuals can be a target for fraud and so are organisations and businesses, including providers in the education sector.

Every pound lost to fraud in the education sector is a pound that could have been spent on improving opportunity and life chances for children and learners. The Department for Education (DfE) is determined to help the education sector prevent and to minimise the risk of fraud and error.

The threats from fraud are ever changing and increasingly sophisticated. It is therefore critical that all education providers have systems and processes to counter those threats and to manage fraud risks.

From September 2025 the Economic Crime and Corporate Transparency Act 2023 comes into force. Organisations in scope of the act can be prosecuted for failing to prevent fraud. Part 5. Investigating provider fraud has more information.

This guidance document has been produced following feedback from education providers to help them understand what fraud is and how it can happen. It includes information on how fraud can be identified and prevented, how it should be reported and actions to take.

The term providers is used throughout this guidance to refer to education and training providers. This guidance is primarily aimed at academy trusts, colleges, and independent training providers. Other types of education providers may also find aspects of the guidance helpful.

This guidance is designed to support providers as a helpful resource to be used both as a preventative tool and as a referral point when fraud is identified. Those responsible for combatting fraud within providers may want to familiarise themselves with this guidance and be able to demonstrate the benefits to the senior leaders and trustees of their organisation.

The guidance includes counter-fraud policy and training ideas, and it signposts providers to other external sources of support.

Providers can sign up to fraud alert notifications from DfE.

This guidance does not replace existing sector-specific documents and handbooks, issued by DfE (and previously the Education and Skills Funding Agency). Providers should continue to follow any obligations they have in regard to fraud and related areas as set out in publications they are in scope for.

You can find out more information on how to report fraud or financial irregularity to DfE.

This guidance will be reviewed and updated to ensure it stays relevant. Use the customer help portal for any feedback or questions.

Question 2

1. Understanding fraud

Accepted Answer

Overview

To be able to prevent, minimise and combat fraud, we need to be alert to how and when it can happen. This is so that we can find it and learn lessons to help prevent it from happening again. Understanding the theories of fraud and how fraud can happen will help providers to prevent fraud and to set an anti-fraud culture.

There are a number of published theories for why fraud takes place, including the fraud triangle and fraud diamond. You can find out more about these from the power hour video (7 min 10 sec) at the end of the resources section.

Legal definition

Fraud is a criminal offence as defined by the Fraud Act 2006.

The act defines fraud as:

fraud by false representation – where a person expresses or implies something, which they know to be untrue or misleading.
fraud by failing to disclose information – where a person fails to disclose information, which they have a legal duty to disclose.
fraud by abuse of position – where a person is in a position where they are expected to safeguard the financial interests of others but abuse that position.

This guidance focusses on fraud but there are a number of related concepts which are often talked about alongside fraud.

These are:

bribery – the giving, offering, receiving, or soliciting of something of value as a means to influence the actions of an individual or organisation in a position of power
corruption – the abuse of entrusted power for private benefit that usually breaches laws, regulations, standards of integrity and or standards of professional behaviour
theft – the dishonest appropriation of property belonging to another with the intention to permanently deprive the other of it
error ^{[footnote 1]} – a misstatement that is unintentional and does not involve deliberate deception
irregularity – acts of omission or commission, either intentional or unintentional, which are contrary to the prevailing laws or regulations and can include fraud

DfE counter-fraud policy and strategy has more information.

What is fraud awareness

Fraud awareness is something we all need as individuals and as part of our roles in organisations we work for.

Fraud awareness isn’t just knowing that fraud can happen. It is about understanding why it happens, how it happens, what signs to look out for, how to deal with those signs, and knowing how to prevent fraud.

Fraud awareness is about educating individuals and organisations to understand what fraud looks like, as well as realising the impact fraud can have.

Impact of fraud

The impacts of fraud can be highly detrimental and long lasting.

Financial

The most obvious impact is financial where significant sums of money are lost to fraudsters. In the education sector an example could be where a provider is tricked into paying a fake invoice.

Reputational

Losing money to a fraud can be reputationally damaging for an organisation as it erodes trust in its processes and systems. In the education sector this could result in providers finding it harder to receive favourable terms from suppliers, lenders, funders, donors and grant providers.

It could also impact on third parties wanting to contract with them, learners wanting to study with them, and people seeing them as a good employer to work for.

Societal

Where public funds are lost to fraud it means less money is available to government to spend on public services as a whole.

Human

The human impact of fraud can be devastating and traumatic when individuals become a victim through either their private life or through work. This can include feelings of guilt and self-blame. Friends and colleagues of those found to have committed fraud can also be impacted.

Types of fraud

Fraud is nothing new but over time it has become increasingly sophisticated as technology has improved. The development of artificial intelligence (AI) will bring further risks.

Fraudsters use a whole range of methods to trick their victims and evolve their tactics over time. They can also pressure their targeted victims into making quick decisions, potentially overriding controls in place. Vigilance is important to prevention. Even something claiming to support fraud prevention might actually be a fraud itself. Some of the most regularly used methods that are relevant to the education sector include the following.

Cyber fraud

This has increased rapidly as the internet has expanded. Cyber fraud is a term used to describe any kind of online fraud, but the most common forms are listed here.

Phishing (electronic impersonation)

Emails or other messages claiming to be from reputable sources are sent to individuals and organisations trying to get the recipient to reveal personal information such as passwords and credit or debit card information.

The information is then used to defraud the person who has supplied it, or is sold on to other potential fraudsters. Fraudulent use of electronic signatures is a growing problem and emphasises the importance of using secondary identity checks and software to prevent documents being amended.

Similar practices using different methods of communication include:

smishing - specific to the use of messages via mobile phone
vishing - phone calls and voicemail messages from fraudsters
quishing - fake QR codes

As an example, a phishing attack might aim to get sensitive passwords used by providers which would give the fraudster access to a provider’s bank account. The attack may involve impersonation of the leaders of educational institutions to make a request appear genuine.

Malware

Malware is a collective term for a range of online threats including:

viruses
spyware
adware
ransomware

It is malicious software which can cause harm to or impede the use of a computer, server, or network infrastructure with or without the knowledge of the user. This could lead to user harm.

Cybercriminals typically use malware to access and extract data, which they use to make financial gain from their victims.

An example of malware is ransomware. This involves cybercriminals blocking organisations from accessing their own files and a ransom is then demanded to regain access to the files. This is a risk for the education sector, which holds lots of sensitive information, including data relating to children. It can also prevent providers from being able to operate effectively, if, for example, it is impossible to access files such as lesson plans.

A malware attack can happen if a user:

opens a malicious attachment or link, assuming it is legitimate
visits an infected website, leading to malware being downloaded and installed without the user’s knowledge – once on the system, if the malware is not identified and dealt with swiftly, it can easily spread without user interaction and infect multiple networks

Cybercriminals sometimes target organisations when they are at their most vulnerable. Providers should:

be especially vigilant during holiday periods when they might have limited staffing
make sure they are aware of any minimum cyber standards they need to meet in their sector in order to qualify for funding or be eligible for insurance should they be the victim of a cyber-attack

Artificial intelligence (AI)

AI can be of real benefit when used appropriately and effectively but is also a new tool fraudsters can use to deceive.

AI enables fraudsters to impersonate others by creating deep fake videos and clone voices. This can convince victims that the person or situation they are dealing with is genuine. AI also makes it easier to combine real and fake data and to create realistic forged documents that can be used to verify identity or provide certification.

In the education sector AI is a real threat with regard to the:

use of copied or impersonated voices and imagery with the aim of extorting money and causing reputational damage – impersonating educational leaders such as CEOs, principals and trustees is a significant fraud risk in the education sector according to research from Lloyds and TSB bank
authenticity of work submitted by students
creation of certificates evidencing qualifications
creation of content potentially harmful to young people

The Public Sector Fraud Authority’s Introduction to AI with a focus on counter fraud has more information.

Invoice fraud

This is also known as mandate fraud. Fraudsters pose as genuine suppliers and usually advise of a change in payment details. They may ask for payment, urgently putting pressure on the target of the fraud.

The education sector is vulnerable to fraud due to the number of suppliers required across the country to make the system work. Providers should:

always double check with suppliers before making a payment to a newly provided bank account
use contact details they have reliably used previously and not contact details provided in the communication advising of the change of payment detail

Certificate fraud or qualification fraud

This is a big issue for providers and awarding bodies. Anyone who falsely creates a qualification certificate or alters a genuine one and presents it as real is committing fraud.

The main risks for providers are:

they enrol a learner based on a fake certificate or qualification and may claim funding that the learner is not eligible for
they employ an individual based on a fake certificate or qualification, who is unsuitable for the role and could be a safeguarding risk
individuals claim to have studied and achieved a qualification with the provider which is not a genuine qualification – this is potentially damaging to the reputation of the provider and can affect confidence in the integrity of the courses and qualifications they offer
falsified assessment of student work where unwarranted achievement might be recorded or claimed for financial or other benefit to a provider or assessor
certificate or qualification fraud can also be a breach of copyright and intellectual property rights, where genuine or fake logos of organisations are included on the certificate

Banking fraud

An attempt by fraudsters to get people to send money to bank accounts they have set up.

The most common examples of this in the education sector are emails sent to providers, which falsely claim to be from suppliers, a provider has used and give bank account details for payment to be sent to.

Providers should:

be aware of fake online banking websites when using search engines to find their bank
be aware of phone calls pretending to be from banks, where people are directed to fake online banking – fraudsters can have the capability to influence the call display, so it genuinely appears to be the bank which is calling
never give out payment details over the phone to somebody who has called them

Money laundering

This is where the proceeds from criminal activity are used for, or transferred to, a legal source of funding to conceal the money’s origin. In the education sector, providers should be wary of receiving large amounts of upfront fees or unexpected donations without a rational explanation. Students and young people are often targeted to be used as ‘money mules’ where fraudsters launder money through somebody’s bank account to make it harder to track.

Procurement fraud

Providers should be vigilant against various types of procurement fraud. Examples include:

fake invoices containing incorrect bank details or sending duplicate invoices for the same work
suppliers putting in genuine bids for work that an education provider has put out to tender, but the suppliers are working together to inflate the price beyond the true market cost – using a procurement framework with guidelines and processes for handling a procurement can mitigate against the risk of procurement fraud

The fraud methods listed above are not exhaustive and providers should be wary of any unusual activity, particularly requests for payments which fall outside of their normal established processes. A regular cross-check of supplier bank details can assist with this.

Internal fraud v External fraud

Internal fraud is when an employee or employees commit (or attempt to commit) a fraud against the organisation they work for. These can be hard to detect, as employees have inside knowledge of systems and processes the organisation uses and are aware of system weaknesses and vulnerabilities.

Internal fraud can include:

falsified travel expenses
theft of assets
accepting inappropriate gifts and hospitality
plots to transfer money out of the organisation

Internal frauds sometimes occur as a result of collusion from unknown and undeclared interests and relationships. Providers need to have processes in place to help them prevent and detect internal fraud, including being aware of any conflicts of interest.

External fraud is where parties outside of an organisation target an organisation illegally for some kind of financial benefit.

Fraud personas

Fraud personas (initially developed by the Commonwealth Fraud Prevention Centre) are linked to the way somebody is contributing to a fraud and help us understand the kind of behaviours that a fraudster might display. Personas include:

a corruptor – who abuses their position of entrusted power
a deceiver – who makes others believe something to be true which isn’t
an enabler – who allows a fraud they know about to happen
an exploiter – who uses information they are aware of to make dishonest gain
a fabricator – who invents or produces false documents and information
an impersonator – who pretends to be somebody else to make personal gain
an organised group – who work in a co-ordinated way to make dishonest gain

Question 3

2. Preventing fraud

Accepted Answer

It is unrealistic to think fraud can be stopped completely, but providers can take action to prevent and minimise fraud against their organisation.

Some of the actions providers can take to prevent fraud are to:

give specific fraud awareness responsibilities to named job roles
have a clear policy or response plan including robust internal systems to counter-fraud, including how specific fraud risks are identified, assessed and managed
ensure that staff at all levels have good awareness of fraud threats, including relevant regular training on emerging and new technology-based frauds to help create a counter fraud culture where challenge and reporting are encouraged.
ensure that any sub-contractors they work with also manage fraud risks and are not a fraud threat themselves
educate students and learners on fraud threats

Fraud can sometimes happen because nobody in an organisation has been tasked with responsibility for monitoring areas susceptible to fraud or for leading on fraud awareness and prevention.

Different types and sizes of providers will have different job roles within them. The following are examples of responsibilities providers could consider and who might appropriately fulfil them.

Delegating counter-fraud responsibilities to roles

Examples of counter-fraud tasks that providers can consider giving to specific roles:^{[footnote 2]}

creating a counter fraud policy and strategy and updating it on a regular basis
delivering regular fraud awareness training for staff at all levels
promoting an internal whistleblowing policy to staff, making sure that it is accurately and fairly administered and covers how to make direct disclosures to relevant funding bodies
carrying out fraud risk assessments of projects and policies
having a transparent documented process to show how any allegations of fraud will be handled and reported
analysing data to check for any fraud risks
attending external counter-fraud events and training sessions

Providers might give responsibility for counter-fraud tasks to the following roles:

senior responsible officer
head or director of governance
head or director of HR
head of IT (cyber-crime)^{[footnote 3]}
chief operating officer
chief executive
finance director
internal audit manager
audit and risk committee leads
head of data
headteacher
business manager
principal
governors
trustees
business owners (private companies)
counter fraud managers
counter fraud ‘champions’

Different roles might have various counter-fraud related responsibilities. This should not be confused with accountability, which will usually sit with an accounting officer, governing body, board or director, depending on the type and size of provider.

Where individuals are taking up a role linked to key financial decision-making, providers should:

consider any background checks that might be required in advance
familiarise themselves with any fraud-related responsibilities they have which are applicable to their own sector (outlined in other DfE handbooks, publications or through any other regulatory bodies)

Having a dedicated counter fraud policy or strategy helps organisations to combat fraud.

Providers of different types and sizes will want to consider:

the scope and scale of policy that best suits them and complies with any requirements specific to their sector
what is appropriate to include in public-facing documents – which might include counter fraud policies, compared with internal process documents and a fraud response plan

Counter fraud policy or fraud response plan

A non-exhaustive list of areas that might be covered in internal counter fraud policies or response plans for providers:

details of how the provider assesses the risk and impact of fraud – this might include:
- reference to any risk management policy in place
- reference to any risk register, including any processes in place for ensuring fraud risks are added to the register
- how the provider calculates the likelihood of fraud risks occurring, including how they RAG rate different risks
- how the provider identifies areas of their operation that are particularly vulnerable to fraud such as payroll and procurement
- how the provider assesses its projects, policies and procedures to identify risks of fraud and their potential impacts^{[footnote 4]}
details of how and when suspected and actual fraud will be reported to funding bodies, regulatory bodies, action fraud or the police as per any statutory, funding, or contractual obligations the provider has
a commitment to training staff at all levels in fraud awareness, including timescales for new starter training and refresher training to reflect fast changing fraud methods
details of how the provider promotes an anti-fraud culture, including how the tone is set from the top of the organisation, and how counter-fraud is considered as an agenda item at relevant meetings
a list of internal controls the provider has to prevent, mitigate, and detect fraud
details of how the provider’s procurement policy mitigates against the risk of fraud
a list of systems that could be targeted by cybercriminals and what safeguards are in place to stop this happening – the guidance on mitigating malware and ransomware attacks has more information
a statement confirming the provider does not pay ransoms for the restoration of systems following a cyber-attack (where that is the case), including where providers have any funding or contractual requirements to take that approach
a list of potential fraud indicators relevant to the provider – further details on fraud indicators can be found in 3. Detecting fraud
details of the approach the provider takes to due diligence on any organisations or individuals they work with
a high-level explanation of how the provider will investigate alleged and suspected internal fraud and sub-contractor fraud, including roles responsible for investigations, confirmation that those conducting investigations are suitably qualified to do so, and sanctions for consideration where fraud is found
details of the provider whistleblowing policy and processes they have in place to protect whistleblowers
how the provider tests its internal systems to assess robustness against fraud and error
a list of any other policies, procedures, and prevention methods the provider has in place that help counter fraud
details of how the provider ensures that any employees who leave the organisation no longer have any access to passwords for any systems the provider uses
a list of responsibilities for named job roles relating to counter fraud
definitions of fraud, bribery and corruption as set out in UK law
details of how often the counter fraud policy and associated policies will be monitored and updated to keep up with emerging fraud threats and to reflect lessons learned from any previous events impacting the provider

Being fraud aware

Fraud awareness is everyone’s business and is the first line of defence against fraud. We all need to know what fraud is, how to spot it, and what to do about it. Staff at all levels and in all areas should have fraud awareness. Fraudsters will often look for the weakest link into an organisation rather than necessarily targeting a more obvious route.

Providers can Sign up for fraud news and updates to be aware of current fraud threats and scams that might impact the education sector and providers.

Managing sub-contractors

Some parts of the education sector use sub-contractors to help deliver education and other provision they are responsible for. It is important that providers carefully consider how their sub-contractors manage their own fraud risks as part of the assessment processes. This should be done prior to contracting and as part of ongoing monitoring of their sub-contractors.

Providers should also have robust due diligence to ensure sub-contractors themselves are not a fraud threat. Sub-contractors themselves should also be vigilant against prime contractor fraud, for example by checking they don’t receive irregular payments.

Providers must follow any requirements outlined in sector specific publications relating to sub-contracting.

Ensuring students and learners understand fraud threats

Providers will also be aware of the responsibilities they have to their students and learners, who are also potentially vulnerable to fraud both in everyday life and in ways directly linked to their learning.

Methods used by fraudsters to target students and learners include:

offers of cheap accommodation, flexible work, loans, credit cards, and textbooks
using students as money mules
social media and students using WiFi in public places

Providers might consider how they educate students and learners on fraud threats as part of their pastoral education offer. Education charity Association for Citizenship Teaching have collaborated with the Home Office and National Crime Agency to produce fraud education and resources to educate young people on the risks of fraud.

Question 4

3. Detecting fraud

Accepted Answer

Where fraud is taking place in the education sector, DfE wants to find it at the earliest opportunity. To assist with this, we encourage all providers to have robust processes in place to detect fraud.

There are obvious advantages in detecting fraud – it prevents money disappearing out of the system, can enable funds to be recovered, and teaches us lessons on preventing it happening in the future.

The other main reason for strong fraud detection methods is deterrent against fraud in the first place. Fraudsters target areas they consider to be vulnerable and where their frauds are less likely to be spotted. If they see strong detection mechanisms in place they are less likely to target those sectors and organisations.

As mentioned earlier in this guidance being a victim of fraud can also be reputationally damaging. By detecting fraud providers are increasing confidence in their organisation and systems and increasing the chances of people wanting to work and learn with them.

Ways to detect fraud

Fraud can be detected pro-actively through the use of analysis, and reactively when a fraud or suspicion of fraud is reported. By creating a culture of fraud reporting, organisations put themselves in the best position to detect fraud. Methods of detecting fraud include the use of fraud indicators and having fraud reporting mechanisms.

Fraud indicators

Risk factors can often provide an indication that a fraud is taking place, or could take place, and can be used to help detect fraud. None of this guarantees that a fraud is taking place, but a pattern of indicators can be a starting point for detecting a fraud.

For some of the indicator types, the risk could be from within the provider itself. It could also be from other individuals or organisations looking to defraud providers, such as contractors and related or non-related third parties.

Personal motive

A person has what they believe to be a reasonable rationale for their actions. These might be a grievance, personal problems, pressure, or conflicts of interest. In the education sector this could be a person who works for a provider or somebody externally who has targeted a provider. Signs to look out for might include changes in:

behaviour
working patterns
standard of living

Organisational motive

Where there is a motive at organisational level to commit a fraud. Signs to look out for include organisations:

that have financial difficulty
where the level of governance has declined or become dominated by an individual
where there is immediate pressure to achieve results or outcomes
where there has been previous organisational failure

Internal control weaknesses

Where there is a lack of transparent processes, governance, commitment to ethical standards, best practice, and robust financial management. Time pressures or management vacuums should not override internal processes.

Transactional indicators

Transactions that are not transparent or appear to have minimal oversight, inadequate audit trails, or might only require one person to approve. These might relate to connected parties, sub-contracting agreements, and consultancy arrangements.

Methods to commit or conceal fraud

These can include unusual working hours and patterns, refusing to take leave or share work, working in isolation, and inadequate explanations of how processes work.

Administrative indicators

Irregular or suspicious documents, evidence, or internal transfer of funds. Also, any unusual accounting, business, and banking practices.

The indicators of potential fraud in educational organisations has more information.

Fraud indicators can be found through observing behaviour and patterns but also through the use of data analysis, including exception reports. Analysing data sets of operational transactions like checking monthly accounts and purchase ledgers can identify irregular patterns of behaviour and help with identifying periods when a fraud might have taken place. It can also narrow down who might have committed a fraud. Standard audit and monitoring can also lead to the detection of fraud.

AI is a potential weapon for fraudsters, but it is also being used to help develop sophisticated fraud detection programmes. The big advantage of AI in preventing fraud is that it can be used for analysis in real time to identify unusual patterns, suspicious activity and recognise fake websites and accounts. AI is already being used widely in the banking and financial sectors to detect fraud and this is likely to expand across other sectors.

Fraud reporting - whistleblowing

Whistleblowing is a common reporting mechanism which enables fraud detection. Having a transparent, accessible, and safe whistleblowing policy increases the chances of detection. It also gives confidence to funders and partners that providers want to detect fraud.

Providers need to be aware of requirements relating to whistleblowing in DfE handbooks and guidance documents specific to their sector. As minimum good practice they should have a whistleblowing policy that is easy for employees and related contractors to access (for example through an intranet) and understand. Examples of what a policy could include in relation to fraud are:

The whistleblowing policy should be reviewed regularly and be clear who is responsible for the review.

Providers could also consider using dedicated whistleblowing hotlines and email mailboxes that concerns can be sent to. These could be managed internally or by an external third party. Services should be explained so that whistleblowers understand how they will be protected.

Whistleblowers need to be protected in line with legal requirements, but there might be occasions when a whistleblower wishes to remain anonymous. It can be more difficult to investigate anonymous allegations, but such allegations should not be dismissed. Efforts should be made to investigate and corroborate any information provided alleging fraud and financial irregularity.

As part of fraud awareness training, it is good practice to inform employees about internal whistleblowing procedures and the external bodies that fraud can be reported to.

Question 5

4. Reporting fraud

Accepted Answer

Once an actual or attempted fraud has been detected (or is suspected) it should be investigated. It can then be stopped (if ongoing), and any possible recoveries can be made and legal action taken. To enable this, fraud needs to be reported to the relevant authorities as appropriate.

Use the guidance on how to report fraud or financial irregularity to DfE.

Different types of providers should be aware of fraud reporting requirements specific to their sector:

Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you can report fraud if you have been defrauded or experienced cyber-crime in England, Wales and Northern Ireland.

It is also important to report a fraud to organisations that might be related to how the fraud has been committed. This reporting should be additional to the kind of reporting already mentioned. Examples might include:

an attempt to take money – inform your bank or credit card provider
an attempt to steal the identity of an individual or the credentials of an organisation – inform relevant government departments or public bodies such as HMRC, the Department for Work and Pensions (DWP) or the Department for Business and Trade (DBT)
an internet or phishing scam - report as a cyber incident
a data breach – may need to be reported to the Information Commissioner’s Office
using a particular online platform – let the provider of the platform know, for example social media companies or energy suppliers
an impact on an insurance policy – let the insurance company know
mis-use of certificates – inform the relevant awarding body
exploitation of the friends and family of fraud victims whose details they have obtained via the fraud – warn these people along with organisational contacts such as contractors whose details might have become known to or compromised by fraudsters

Registered charities must also report serious incidents to the Charity Commission. These include incidents resulting in the ‘loss of charity money or assets.’ Fraud also needs to be reported internally to those with oversight of the provider such as a board of directors, trustees or risk and audit committees.

Question 6

5. Investigating provider fraud

Accepted Answer

DfE will investigate alleged fraud within the education sector. Alleged and suspected fraud is taken very seriously. It can result in the loss of public funds which have been set aside to help children and learners.

When an allegation is received, the information provided is assessed and a decision made about whether an investigation is required. Investigations will gather relevant facts and information and a report will be produced which will detail the outcome of the investigation.

Where a breach of funding rules is identified, providers are given opportunity to provide an explanation before findings are finalised.

Sanctions can be enforced on providers to help protect public funds. Depending on the type of provider, contracts and funding agreements in place, sanctions may include:

issuing a notice to improve
recovery of funds
termination of contract
removal from a register of approved providers
referral for legislative action – this can result in individuals being barred from management positions in educational institutions
referral to the police for criminal actions
referral to regulatory bodies and other third parties to consider sanctions they can apply

From September 2025 large, incorporated organisations can be prosecuted under the Economic Crime and Corporate Transparency Act 2023 for failing to prevent fraud if they have 2 of the following criteria:

over 250 employees
over £36m turnover per annum
over £18m assets

The guidance on the Economic Crime and Corporate Transparency Act 2023 has more information. The introduction of the act makes it important for providers to have appropriate controls in place to help prevent and detect fraud. If providers are in any doubt as to whether they are in scope of the act they should take appropriate legal advice.

Question 7

6. Resources

Accepted Answer

There are a wide range of materials and resources available relating to counter-fraud and fraud awareness both within the education sector and beyond. Many of these are linked to within the relevant sections of this guidance and others are listed in this section.

The following resources are intended to be helpful as reference points. DfE is not responsible for any content published by other organisations.

‘Error’ on the part of providers can also lead to significant recovery of funds. Providers should have adequate controls and measures in place to minimise errors and follow DfE funding rules and handbooks applicable to their sector to help prevent errors occurring. ↩
When making roles or individuals responsible for specific tasks, providers should also consider the importance of checks and segregation of duties where appropriate. This is to make sure no individual has sole responsibility for something they could personally benefit from. ↩
It is important that Heads of IT have direct access to senior management to be able to report potential cyber-crime that could quickly impact providers. ↩
DfE conducts an initial fraud impact assessment (IFIA) for any project or policy involving major spend in the education sector. ↩

Cookies on GOV.UK

Applies to England