Part 6: The regulator and intervention

How the Department for Education (DfE) oversees colleges and may intervene where concerns arise in accordance with the oversight, support and intervention framework.

ESFA oversight

6.1. The Education and Skills Funding Agency’s (ESFA’s) accounting officer is accountable to Parliament for how ESFA uses its funds and is personally responsible for the regularity, propriety and value for money of its expenditure, and, by extension, for that of the sector as a whole. Consequently, ESFA’s accounting officer may issue a ‘Dear accounting officer’ letter to college accounting officers on an ‘as required’ basis in relation to emerging issues concerning accountability, regularity, propriety, value for money and accounting matters.

Access rights

6.2. ESFA or its agents may carry out audits and investigations at a college. The college must provide ESFA with access to all books, records, information, explanations, assets, premises and staff. ESFA may take copies of relevant documents.  

Investigations: third party documentation

6.3. Where ESFA has concerns about financial management and/or governance at a college, it may wish to obtain from third parties information or documentation about the college, which ESFA considers relevant for the purposes of its investigation. Colleges must provide ESFA with written authority giving permission for any third party to provide such information and documentation to ESFA or its agents on request of ESFA.

Retention of records

6.4. The college must retain records to verify provision delivered by it, or its subcontractors, in relation to this handbook and its accountability agreement, for at least 6 years after the period to which funding relates.

Funding audit

6.5. As set out in the Post-16 audit code of practice (P16ACOP), funding audits provide assurance to ESFA on learner data provided by a college through its individualised learner record (ILR) to calculate its recurrent funding and establish whether the data is accurate and supported by evidence. The scope and timing of funding audits are determined annually.

Fraud, theft, irregularity and cybercrime  

6.6. As set out in accountability agreements, contracts with ESFA (and, where relevant, with Mayoral Combined Authorities and the Greater London Authority), and the Post-16 audit code of practice (P16ACOP), colleges must establish and maintain an adequate system of internal control, to ensure compliance, and to prevent and detect error, irregularities and suspected fraud (including theft, bribery and corruption). To achieve this, a college must establish and keep up to date an effective and proportionate anti-fraud policy, which sets out the approach to raising awareness, prevention, detection, investigation and sanction (including seeking redress where appropriate) of suspected fraud.

6.7. In developing an anti-fraud policy, colleges should consider the nature of the threat faced. The non-exhaustive list below contains suggestions for the main components of such a framework:

• a fraud risk assessment to identify areas most vulnerable to suspected fraud - ESFA has developed a list of potential fraud indicators to support a review
• robust and well-designed internal control systems to address vulnerability to fraud and the testing of internal controls to ensure that they are operating as intended
• policies and procedures (such as a whistleblowing policy and a fraud response plan, detailing how to report suspected fraud and the processes to follow when reports are received
• a fraud loss measurement exercise to evaluate the scale of suspected fraud

6.8. The policy should also provide for regular and frequent review of its own effectiveness. The fraud threat is constantly evolving and so colleges must ensure that they keep themselves up to date with the risks.

6.9. Colleges must have procedures in place to ensure any suspected or discovered instance of fraud, cybercrime, theft, bribery, corruption, irregularity, major weakness or breakdown in the accounting or other control framework are identifiable. Where identified, colleges must inform the chair of the audit committee, external auditors and internal auditors (if applicable) as soon as practically possible. ESFA, and any other relevant college funder, must also be informed as soon as possible when the fraud, or suspected fraud, is significant. Contact ESFA through allegations.mailbox@education.gov.uk.

6.10. Significant fraud is where there is one or more of the following factors (though this list is not exhaustive):

• the gross amount of the loss (that is, before any insurance claim) is in excess of £5,000
• there is likely to be public interest because of the nature of the fraud or the people involved, especially when the fraud is committed by a governor or senior employee, regardless of the amount
• the particulars of the fraud are novel or complex
• the fraud is systematic or unusual in nature

6.11. With regard to the reporting of funding error, colleges must continue to adhere to the requirements of their accountability agreement and the funding rules.

6.12. Fraud’s inherent nature means that any fraudulent transaction must be irregular and improper. The accounting officer must include any significant fraud in their statement of regularity, propriety and compliance.

6.13. Fraud, including any suspected or attempted fraud, should be reported to Action Fraud to help identify systematic risks potentially affecting whole sectors (for example, cybercrime).  

6.14. ESFA reserves the right to conduct investigatory work in respect of any college when there are reasonable grounds to believe that fraud or other financial irregularity has occurred. Such grounds may include a notification from the college itself or from other information received. ESFA may involve other authorities, including the police. If such a college is also funded by another public authority, then ESFA and that authority will cooperate to determine which authority will lead the investigation. ESFA will publish reports on its investigations at colleges.

Cybercrime, penetration testing and cyber ransoms

6.15. Colleges must also be aware of the risk of cybercrime, put in place proportionate controls and take appropriate action where a cyber security incident has occurred.  

6.16. Colleges must not pay any cyber ransom demands. DfE supports the National Crime Agency’s recommendation not to encourage, endorse, or condone the payment of ransom demands. Payment of ransoms has no guarantee of restoring services and may lead to repeat incidents.

Find out more about cybercrime and IT heath checks at:

• National Cyber Security Centre
• NCSC Alert: Further targeted ransomware attacks on education sector March 2021
• IT health checks
• CHECK penetration testing

College oversight, support and intervention

6.17. The framework for College oversight: support and intervention sets out how DfE  will work with colleges to identify, at an early stage, any financial and quality issues that might hinder their success. It sets out the support and advice available to colleges when they need it, including from DfE, Further Education Commissioner (FEC) and ESFA. The framework provides that, where there are concerns about financial management or governance in a college, DfE may issue the college with a notice to improve (NtI).

Find out more about the oversight, support and intervention framework, and intervention notices and reports, at:

• College oversight: support and intervention
• Further education intervention notices and reports

The Secretary of State for Education’s statutory intervention powers

6.18. The Secretary of State for Education’s intervention powers are set out in sections 56A and 56E of the Further and Higher Education Act 1992 (FHEA 1992), as amended by the Skills and Post-16 Education Act 2022. The Act sets out the:

• circumstances in which the powers can be exercised
• actions that the Secretary of State for Education can take

6.19. Where the Secretary of State for Education has serious concerns about the management of a college, the Secretary of State for Education may take statutory intervention action to address those concerns.

6.20. Where one or more of the circumstances for intervention have been met, the Secretary of State for Education can take a number of actions, including removal or appointment of members of the governing body. The Secretary of State for Education can also give the governing body a direction as Secretary of State considers expedient relating to the exercise of their powers and performance of their duties.

Find out more about the Secretary of State for Education’s statutory intervention powers in Statutory intervention powers for the FE sector.

DfE’s work with the Charity Commission for England and Wales

6.21. Where there is a relevant concern, we may refer colleges to the Charity Commission, reflecting the Commission’s interest in addressing non-compliance with legal or regulatory requirements or misconduct or mismanagement in the administration of any charity, and in ensuring individuals running the charity (in particular, but not limited to, the trustees) do so in compliance with their legal duties. The Commission may use its regulatory powers as described in its memorandum of understanding with DfE.

Find out more about the memorandum of understanding between DfE and the Charity Commission.

National Audit Office and Public Accounts Committee

6.22. The National Audit Office (NAO) has the right to access the accounts and relevant records of a college for inspection, or for value for money studies. The college must cooperate with NAO and their contractors and provide help, information and explanation as is reasonable and necessary. NAO’s findings are considered by the Public Accounts Committee (PAC). The PAC has the power to call anyone, including past and current accounting officers of a college, to account for the proper use of public funds.