26
Fraud Act 2006 and Digital Fraud Committee
Corrected oral evidence: Fraud Act 2006 and digital fraud
Monday 17 October 2022
2.30 pm
Members present: Baroness Morgan of Cotes (The Chair); Lord Allan of Hallam; Baroness Bowles of Berkhamsted; Viscount Colville of Culross; Baroness Henig; Lord Sandhurst; Lord Triesman; Lord Vaux of Harrowden; Lord Young of Cookham.
Evidence Session No. 24 Heard in Public Questions 250 - 272
Witnesses
I: Damian Collins, Minister for Technology and the Digital Economy; Sarah Connolly, Director for Security and Online Harms, DCMS; Tom Tugendhat, Minister for Security, Home Office; Duncan Tessier, Director, Economic Crime, Home Office.
Damian Collins, Sarah Connolly, Tom Tugendhat and Duncan Tessier.
Q250 The Chair: Good afternoon and welcome to this final evidence session of the House of Lords Fraud Act 2006 and Digital Fraud Committee. A transcript of the meeting will be taken and published on the committee’s website, and witnesses will have the opportunity to make corrections to it where necessary.
We are delighted to be joined by the Minister for Technology and the Digital Economy, Damian Collins; the Minister for Security at the Home Office, Tom Tugendhat; the director for security and online harms at DCMS, Sarah Connolly; and the director for economic crime at the Home Office, Duncan Tessier, who is back for his second tour of duty before this committee.
Without further ado, let us go to the questions. We have a lot to ask, as you might imagine; we have had a lot of evidence. Quite a bit of this session will be asking for views as well as testing some of the evidence that we have heard and the recommendations that we will give. Perhaps, Mr Tugendhat, I can start with you. In your briefings as the new Minister for Security, could you confirm whether you have had instructions from the Prime Minister and the Home Secretary specifically on tackling fraud, given its scale in the UK, and making it a priority? I know that you are relatively new in the job, but how much time do you estimate you will spend tackling fraud issues?
Tom Tugendhat: Thank you for inviting me to appear before my first Select Committee. The perspective is somewhat more hostile than the other way around, but it is a great pleasure to be here. This came up immediately after my appointment by the Prime Minister and in very early conversations with the Home Secretary. Fraud is a scourge on UK people: it is a tax on businesses and people, and it not only damages the integrity of our financial and economic system but undermines trust in our economy and reduces our ability to trade freely. So I consider this a matter of national security and of extremely grave importance for me to tackle.
As you will remember well from your time, it is difficult to give an estimate, but this has certainly taken up a large part of my extremely extensive five-week experience in the Home Office, and I have no doubt that it will take up a large part of whatever time I have going forward. The reality is that if we do not tackle fraud, we will see an incremental rise in crime and, more importantly, a diminution in trust, which will leave people feeling exposed and vulnerable and businesses trading much less.
Q251 Lord Young of Cookham: Following on from that, 42% of crime against the individual is fraud, but we have been told that only 1% of law enforcement resources are devoted to economic crime. Does that reflect the severity of the impact of crime that you have just talked about?
Tom Tugendhat: No, it does not, but it does reflect the reality of the complexity that has formally restrained—or, rather, been an obstacle to—many law enforcement actions. The reality is that much of fraud is not just international, which poses its own problems, but transnational, which makes it particularly hard for territorial policing. This is one reason why police forces have traditionally found this a difficult crime to deal with.
However, the department is already putting more money into this and allocating more resources to it in order to make sure that police and crime commissioners and chief constables can not only put more resources into this but, I hope, get more results out of it. If we are going to get the reduction from 42%, as you rightly put it—although, as you know, these figures are somewhat arbitrary—how we focus on making those resources add up with results will be a key element. I am sure we will come to this, but I will highlight it anyway: this is where the fraud strategy will come in.
Q252 Lord Young of Cookham: Moving on to the organisation, we have heard a lot about the alphabet soup of the various bodies that are involved in this. Last month in the House, you said: “Tackling fraud requires a unified and co-ordinated response from government, law enforcement and the private sector”. When you were chair of the Foreign Affairs Committee and not constrained by ministerial responsibilities, you wrote a piece for “ConservativeHome” that said of counterfraud policing: “our policing systems are under-powered, under-funded and badly organised. Our hotchpotch of agencies and local police forces isn’t up to scratch”. Is that still your view?
Tom Tugendhat: The beautiful irony is that I am now responsible for my own words. It is certainly true that the organisation of policing is a matter of great concern to me. This is not just about policing or the organisation within the police force; it is wider than that. As you know, the reality is that the connection between the private and public sectors is absolutely essential to delivering this. I know that my friend sitting next to me will talk about some elements of this online, but the reality is that this is not just about online but about how the private sector, including banks, finance houses and many other organisations, communicate not just with law enforcement authorities and the Government but with their clients.
Trying to bring all that together is hugely important, which is why the Joint Fraud Taskforce will be very important. I will not give an opinion on it yet, on the grounds that it has not yet met under my chairmanship, but, once it has, I am sure I will be able to bring the rigour that I was calling for in the piece.
Q253 Lord Young of Cookham: The ministerial responsibilities for fraud cover about eight departments. You suggested a new leadership group, jointly chaired by the Chancellor, the Home Secretary and the Secretary of State for Justice. We have heard some arguments for a Minister for Fraud, for a Cabinet sub-committee looking at fraud and for a ministerial taskforce with all the relevant Ministers. Do any of those models catch your eye?
Tom Tugendhat: At the moment, the Economic Crime Strategic Board, which is under the Chancellor and the Home Secretary, as you know, offers some expectation that we will be able to bring this together. It is an important way of focusing all the relevant departmental elements under one roof. I hope that, alongside the Joint Fraud Taskforce and under the guidance of the fraud strategy, that will focus effort in ways that will deliver the results that we all expect to see.
The reality is that we have a pretty complicated map of people who are dealing with fraud in this Government, as you correctly identify. Every department in this Government should be correctly dealing with fraud itself. Some are dealing with wider fraud in different areas, and some of us—the Home Office and DCMS in particular—need to deal very closely with fraud against the individual, which is exactly where I and my friend here are focused.
Q254 Baroness Bowles of Berkhamsted: This is also a question to Tom Tugendhat. Do the Government intend to publish a 10-year or a long-term fraud strategy, as was previously the plan? If so, can you provide any details of its headline policies and how it will differ from any measures introduced as part of the Economic Crime and Corporate Transparency Bill?
Tom Tugendhat: We are looking at a long-term fraud plan. The reality is that that is what the fraud strategy is: it is supposed to set out an agenda for a long-term fraud plan. We have already sent out some elements of this. If I have not set this out to you personally, just to be clear I will mention the three pillars on which the fraud strategy is based.
The first is so-called “stop and block”, which is to stop advertising and the outreach from fraudsters that sometimes lures people into a fraudulent relationship with them. The second is to empower people, giving them the information that they require so that they can respond to and report phishing incidents, for example, or block those unwanted approaches. The third is to pursue fraudsters. This triple strategy underpins that long-term plan. I very much hope that I will get the chance to deliver that, because it is really important.
I was speaking this weekend to a friend, who is also a constituent, who was pointing out the difficulties that he had had with Action Fraud and with different elements of our current fraud strategy. All I can say is that we need a long-term strategy and the co-ordination that Lord Young highlighted, and we need the resources that the Government have set out. I intend to deliver all of these, and that is what the fraud strategy will underpin. Other departments will feed into this, and I hope I will be able to co-ordinate.
Q255 Baroness Bowles of Berkhamsted: Moving on to the Economic Crime Strategic Board and the Joint Fraud Taskforce, how will their key outputs be fed into and proceed under the long-term strategy and economic crime Bill?
Tom Tugendhat: The first, the Economic Crime Strategic Board, is really the overview of not just fraud but many other offences, including anti-money laundering and other such things. This country is subject to a whole range of different forms of economic crime, sadly, and many of them are not Home Office affairs, in the sense that they are much more to do with financial markets or policing issues. There is, sadly, an enormous range that we have to confront, and the Economic Crime Strategic Board is designed to confront all of those. It is overarching.
The second, or the next one down if you like, is the Joint Fraud Taskforce. That is what I will be chairing soon. It brings together the public and private sectors; we have government, law enforcement and businesses coming together with the intention of coming up with strategies and policies that will make a difference. You may have heard, for example, that the co-operation with the telcos—the telecoms companies—in recent years has reduced the outreach of some of those spam texts. There is one company still outstanding, which I will not mention, but I very much hope that they will be watching today.
The Chair: You are welcome to name them in the committee.
Tom Tugendhat: I am aware of the benefits of privilege, but I am trying to encourage them into good behaviour without the need for embarrassment. Let us very much hope that they are watching, because they really should be and they should keep up with the others.
There is a whole of series of areas where that can come together. The last bit, which you have not mentioned, is the NECC, the National Economic Crime Centre, which is really the operational element of this. That is where the police force, the National Crime Agency, and indeed others that may be relevant on a case-by-case basis, come together to make the policy into an operation that we can all deliver to protect the British people.
The Chair: Mr Collins, I promise we will come to you in just a moment, so hold fire. So far, Mr Tugendhat, you have said—I do not want to put words in your mouth—that there are lots of different bodies all working together and there is not really a desire for simplification. That is what I take from what you have said.
Tom Tugendhat: At the moment, I am quite keen to make sure that these things work on different levels. If you like, it is a four-star, three-star, two-star, one-star command. You need brigade-level operations to deliver the operational result. That is where the co-ordination of different units comes together to have an effect on the ground. However, you also need the divisional level and the core level to make sure that you get the interaction between policy at a wider level and the ability of individual units to act. Run properly, all these elements have a role.
You will forgive me, five weeks in, for not saying which I ones I think may be streamlined and which might need a little more tightening. I do not know yet, I have to be honest with you, but I will be keeping them under review. The key has to be that this is a threat to the British people and to our economy. It is a break on our growth and on our trust networks within the United Kingdom. That needs to be tackled and it is simply unacceptable that it has grown to the degree that Lord Young has already highlighted. We are all committed to making that difference.
Some of this will be down to operational-level policing decisions. That is something on which the City of London Police are taking a lead, but others feed into that very actively. Some of this is down to cross-agency work, which is more at the NECC level; some is more government-private law enforcement co-ordination, which is for the Joint Fraud Taskforce; and some is whole-of-government, because we are dealing with much wider issues which, sadly, I am afraid, include some hostile overseas organisations. That co-ordination has to be down to us. At the moment, I can see the merit in those cases, but I will keep it under review.
The Chair: Do you have a date for your first chairing of the Joint Fraud Taskforce?
Tom Tugendhat: I will have to come back to you in writing on that.
Duncan Tessier: A question was asked about the economic crime Bill, and I just want to add something on that. There are a number of important features of that Bill, but one that is really noticeable is the changes that are being made to Companies House. These are long-awaited and very significant reforms—I think they are the biggest reforms to Companies House for 170 years. We have been waiting a long time for this. These reforms will make a big impact to stop the abuse of UK corporate structures for money laundering in particular, but that will also benefit the fight against fraud, because a lot of fraudulent activity is driven by the use of shell companies. I just wanted to flag that in answer to the question about the Bill.
We have a date for the Joint Fraud Taskforce; I believe it is in the next couple of months.
The Chair: Let us know afterwards, if you could.
Tom Tugendhat: I will write to you.
The Chair: I am sorry to come in again, but you have just raised something else. One thing that has come up in evidence is the resourcing for Companies House, given the new responsibilities. What can you say about that? I appreciate that there are bigger, wider issues about public spending commitments at the moment, but Companies House cannot do this without more money.
Tom Tugendhat: You will forgive me, but there is a discussion ongoing as to what the new registration fee to register a company will be. That will provide some of the resourcing. There is also a wider discussion with the agencies and Home Office on who does what and where. That is up for discussion.
Duncan Tessier: As you will be aware, we are introducing the economic crime levy, which will raise an additional £100 million per annum. Some of that money will be set aside to support the transformation of Companies House, so there is a sustainable funding solution. Again, that shows how, alongside the Bill, we are making some really important structural changes in the broader economic crime problem.
Tom Tugendhat: It is worth making the point that this is not just a financial element for Companies House. It also needs, and is getting, some professional assistance to make sure that its system works.
Q256 Baroness Henig: I move on to policing. Mr Tugendhat, you have already said that the organisation of policing is of great concern. It clearly is, because all the evidence we took made it pretty clear that the police structure as it exists is not really working when it comes to fraud. I think that something like 1% of police resources was going into tackling fraud, but over 40% of crimes are fraud. There is clearly a big problem.
You have called for a new dedicated national fraud squad supported by adequate resourcing. Is that still your ambition, and what other reforms are the Government considering to improve the response to fraud by law enforcement?
Tom Tugendhat: One thing that I am trying to do is to make sure that the existing organisations work well, not just to try to reinvent different systems. Using organisations like the NCA, which already have strong elements of fraud response, and indeed using best practice elements from some of the territorial police forces, is an area where I think we can make a really big difference. I have already been enormously impressed by the work not just by the City of London Police but by some of the other territorial police forces that have put their minds to it and their resources behind it. The reality is that some are making a big difference locally. This is not just down to them, but some are making a big difference locally.
We need to recognise that this is not just down to the territorial police forces, although there is more that some of them can do, but it is also down to a wider national response. The National Crime Agency is doing a very good job on that, but it is also doing a good job on the international response. I do not know if you know, but a fraud ring in Romania was recently busted, if that is the correct term, by the National Crime Agency. There are many other areas where we are demonstrating that international co-operation really makes a difference.
Baroness Henig: Sorry, I am not clear. Are you saying that you do not want a national fraud squad, or that you do?
Tom Tugendhat: I have many ambitions but, as I am discovering, ministerial life is about what is possible today, not just what is ambitious for tomorrow.
Baroness Henig: If I can try to ask something more specific, should fraud be included within the strategic policing requirement? It is not at the moment.
Tom Tugendhat: I see the merit in the argument, and in many ways it is already in different ways. It comes up in different ways in the national policing requirement in the simple act of reducing crime. If you are committed to reducing crime, as the chief constables around the country are, the reality is that you will achieve that only by reducing fraud.
Baroness Henig: But will it be there explicitly, because it is clearly not there at the moment? It is not a priority.
Tom Tugendhat: I am very happy to take it away and talk to the Policing Minister about how he wishes to instruct police forces. But the reality is that this is one of those areas where we have a slight division of responsibility in this country, as you know. The police and crime commissioners have a say and the chief constables have a say. We can allocate resources and encourage, but territorial policing is territorial.
Baroness Henig: I accept all that, but we have found this huge gap between needing to do something about fraud and how the police are dedicating resource to it. There is clearly a big problem. Will the long-term fraud strategy be matched by long-term funding, because there will clearly be a problem with funding?
Tom Tugendhat: Absolutely. There is already a commitment for £400 million to tackle economic crime, including fraud, over the current three-year spending review, and no doubt with things like the economic crime levy that Duncan mentioned there is further resource to come in different ways. It is worth making the point that we are focusing, quite understandably and rightly, on what the Government are doing and the different elements that law enforcement—
The Chair: We will come on to others.
Tom Tugendhat: Okay. I was going to mention that the amount of resource that the private sector puts in here will dwarf what the Government do, and rightly so. That is going to make the biggest difference.
Q257 Lord Vaux of Harrowden: That takes us neatly on to the private sector. This is a question for both witnesses. Perhaps we should give Mr Collins a chance to speak and let him go first this time.
There is a range of private sector businesses involved in what we have chosen to call the fraud chain rather than the kill chain, the phrase that is sometimes used, which goes from the means to contact the victim through to the money coming out at the other end. Which sectors do you see as playing the key part in enabling and facilitating fraud? Do you think that the private sector is sufficiently incentivised to tackle fraud? If not, what can we do to improve that incentivisation? Separately, do you think there should be a duty to report fraud that occurs on platforms so that the information is publicly available and there is real transparency?
Damian Collins: You raise the right questions. You could look at fraud and say that there is a criminal and a victim. The crime has been committed by the criminal, so you investigate them and the victim seeks redress. Where communications networks are facilitating fraud, there should be a regulatory intervention so that the companies are clear what their responsibilities are.
In the recent Ofcom survey, seven out of 10 respondents had had a phishing text. Text messaging is a major way in which people may be contacted by a criminal fraudster, and we want standards there for the operators to adhere to on how they respond to known frauds that are being run through their systems. Ofcom has regulatory powers to intervene with the operators as well if it feels that they are not doing enough.
Reporting is an important point. When I chaired the DCMS Select Committee, we looked at data breaches by mobile phone operators and things like that. They have an obligation to inform the regulator. That does not have to be public, but they have to inform the regulator that an incident has occurred. Obviously, we do not want to disclose information that might be used for profit by a fraudster or a criminal gang by understanding more about how these networks are abused.
The provisions in the Online Safety Bill relating to online user-to-user platforms such as Meta are really an extension of that principle. That is to say that where there is known criminal activity taking place through the systems of a company, even though that company has no direct involvement in it, it should do all that it can to limit and mitigate that activity and to take action against networks and accounts that are part of it. In the Online Safety Bill, that now exists for both user-generated content and advertising promoting frauds and scams that are run through the systems.
Lord Vaux of Harrowden: Mr Tugendhat, do you want to add anything to that?
Tom Tugendhat: No, I think Damian covered it.
Lord Vaux of Harrowden: You have not mentioned the web-hosting services, domain name providers, ISPs, et cetera, which are often quite important; you click on a link that takes you to a fraudulent website. Is there anything we can do to incentivise them?
Damian Collins: On hosting platforms, there is a role for the regulator to be involved if we know that a company is hosting a platform that is being used to perpetrate fraud. An appropriate regulatory intervention could be action against that. The same could apply to domain name hosting as well.
There are some points where it is quite difficult for the platform to reasonably know. Certainly, the point of registering a new domain name that is similar to a corporate one could be harder to police, but where there is evidence of known criminal activity taking place on systems, the regulator should expect a systems-based approach from the companies.
Lord Vaux of Harrowden: Going back to telecoms specifically, I think it is fair to say that in our evidence we have not been at all impressed or convinced by the level of incentivisation that telecoms companies have to do the right thing. There have been improvements, and one or two companies are doing better than others, but none the less we have not been at all impressed.
We will come to the Online Safety Bill later, but obviously that does not cover the telecommunications side of things. I wonder if there is a possible route to attacking this area through the Telecommunications (Security) Act 2021, which is quite widely drafted. It talks about security compromises, including the exploitation of networks or services, and allows government to step in and regulate. If sending thousands or millions of fraudulent texts or cold calls is not exploitation of a network, I do not know what is. Do you think that is worth looking into, to see whether that legislation is worth using for the telecommunications industry?
Damian Collins: I certainly think it is worth looking into. Ofcom published two consultations earlier this year, for which we are still awaiting the formal response. Obviously, we will give a response to the response to those Ofcom reports and to the report from this committee. I certainly think that the ideas you set out should be considered in light of those responses as well.
Q258 Lord Allan of Hallam: In an interesting role reversal, I want to ask Mr Collins about the Online Safety Bill, which this committee is very positive about. In our questions, my colleague Viscount Colville and I want to explore the before and after for when this legislation comes into force. I want to talk about the general provisions and then Viscount Colville will talk about the advertising category 1 provisions specifically.
My understanding is that all the 25,000-odd regulated entities—I think that was your estimate—will have to take some actions in respect of fraudulent content, because it is one of the defined offences in the Bill. Can you clarify that and explain the kind of things that all the regulated entities will have to do, as opposed to specifically the category 1 ones?
Damian Collins: As I said, the boot is on the other foot now. As you know, online safety is very important to us. We have included online fraud in the Online Safety Bill, not just in terms of user-generated content but in terms of advertising, because we recognise the very important role that major online platforms play in sharing and distributing information. When I chaired the Joint Committee of the Lords and Commons, we recommended that fraudulent advertising was included in the Bill, so I was pleased to see that the Government accepted that recommendation, before I became the Minister.
As you say, this is priority illegal activity, so all the companies in scope are expected to demonstrate to Ofcom the systems they have in place to readily identify frauds and scams as they exist on their own platforms but also through advertising in order to prevent the purchasing of advertising on their platforms as well. These are proactive obligations, so as part of their response to the risk assessments that Ofcom will create, the companies have to demonstrate through the codes of practice what their policies will be. The Online Safety Bill is a regulatory system, so there will be occasions when content slips through the net. The regulator will want to know why, but it can expect that to happen.
The companies can also consider the upstream solutions that they have in place. When the Joint Committee took evidence on this, I remember questioning Facebook and Google about it. Google has a policy of restricting access to its app platforms depending on whether an entity has been approved by the FCA. Facebook does not have the same policy in place. Since Google made this change, incidents of fraud on Google’s ad services seem to have declined, while on Meta, in particular on Instagram, they seem to have increased quite dramatically. It would be perfectly proper for the regulator to consider that when developing the codes of practice. Did you want to come in on this, Sarah, or is that a strategic cough?
Sarah Connolly: No. All of that is absolutely correct. There are only two things I would add. First, in the interests of clarity, Schedule 7 to the Bill sets out that it is fraud and financial crime, so both are covered. Secondly, the transparency powers in the Bill are fairly sweeping—I am looking at the Chair, because she was the Secretary of State who brought it in—and that process will also help to shine a light on a whole set of priority illegal harms but including fraud and financial crime.
Damian Collins: The way the Bill works means that the powers of the regulator to investigate how companies are meeting their obligations, particularly regarding the priority offences, are one of the most important aspects of the Bill. There is really nothing else like it in the world. It will give the regulator the opportunity to determine whether the companies really are doing what they say they will. As Lord Allan knows, we are always assured that the companies have systems and policies in place and that it is a very high priority for them, but are they really any good at doing it? For the first time, we will have the chance to know.
Lord Allan of Hallam: I recognise the frustration that the powers are limited to naming and shaming, although they have been quite effective powers at times to date, and that has driven the Bill. Can you just project forward for us a couple of years? The Bill is now an Act and we have complaints coming in from Parliament and the police that a platform is not dealing with fraud. What is different? What can Ofcom now do to that platform which it could not do today if it is refusing to do its risk assessments or not taking it seriously?
Damian Collins: If it is refusing to do its risk assessments, it is complying with the regulator’s request, in which case an individual at the company would face personal criminal sanctions for non-compliance with the regulator’s request. That would be the first, very dramatic difference. We would also have codes of practice published where companies have set out what they would do to mitigate fraud on their platforms both in user-generated content and in advertising.
Then there is Ofcom’s ability to investigate companies. Let us say that there have been lots of complaints that, despite the company’s policy, there still seems to be a lot of fraudulent activity on that platform. Ofcom can investigate that, suggest remedies for that platform and, if the platform does not introduce sufficient remedies, fine it. As you know, the maximum fine is 10% of annual global revenue. So you see a very real requirement to comply with requests from the regulator on risk assessments and other things, with criminal sanctions in place; reporting what is really going on with the platforms, which Ofcom can make public; and big fines for the companies if they are not fulfilling the terms that they set out in the codes of practice.
Q259 Viscount Colville of Culross: Mr Collins, you mentioned fraudulent advertising. We on this Committee are minded to recommend that all platforms, regardless of size or function, should be required to take measures to prevent fraudulent advertising. Would you consider extending at this moment the requirements on limiting fraudulent advertising from categories 1 and 2A to 2B as well?
Damian Collins: This is priority illegal activity as set out in Schedule 7 to the Bill, as Sarah mentioned earlier, so it applies to everyone. The categorisations are separate duties that do not relate to illegal activity, so it would be clearly in scope for everyone. I think it is right that everyone will have to demonstrate to Ofcom what policies they have in place to combat fraud on their systems.
Viscount Colville of Culross: At the moment, you have clauses specifically for duties on fraudulent advertising in category 1 services and regarding duties on fraudulent advertising for category 2A services, but you do not have clauses regarding category 2B services.
Damian Collins: To be clear, all companies in scope will have those proactive obligations. They will still have to reassure the regulator about the systems they have in place. It is particularly important that this applies to search services as well and that we do not just take it as a display advertising problem. I remember taking up the question of ticket touts with Google some years ago. If you search for a ticket for a show, you might see a ticket tout who is trading outside of consumer protection law but who is the highest-ranked return on Google Search, with an ad product attached to it.
Those obligations will be there. There is a general presumption that the online safety Bill companies to address illegal activity on their systems, and certainly in terms of advertising—I say this as Minister for the online advertising review—looking into the future we need to consider what scope there should be to combat illegal activity in advertising online beyond fraud.
Viscount Colville of Culross: Looking at the categorisation itself—this is slightly off our report, but I am really interested in this—in your Joint Committee you said that it should not be based just on size and high level and that factors such as reach and user base should also be included. Do you think there should be changes to the Bill so that we see additional metrics in the categorisation of services?
Damian Collins: This is a really important point: what does Ofcom do if it sees a platform that is small but where there is a lot of very concerning activity taking place? Ofcom will in effect have reasonably substantial powers to investigate that, because the activity that we are principally talking about will almost certainly be priority illegal activity, and Ofcom can also consider what terms of service the companies have to combat that. In practice, the illegal nature of the activity will still give Ofcom the power to investigate high-risk platforms.
Viscount Colville of Culross: Would you not like belt and braces, though? Would you like to be able to go ahead with the recommendation that you made in the Joint Committee and amend the categorisation?
Damian Collins: It is an issue that we have discussed a lot within the department. I think what the Joint Committee was getting at is that categorisation does a good job in trying to say that the highest level of risk is probably found on the biggest platforms with the greatest number of users, so that is where the greatest amount of harm can occur. Nevertheless, for the worst kind of activity, the most risky activity, those legal responsibilities still apply to everyone else, so that balance is probably the correct one.
With regard to where the responsibility for the major platforms really rests, with fraudulent advertising I felt very strongly when the committee made its recommendations that companies should not be sat there passively profiting from illegal activity, which could be the case now. If the companies say that their policy is not to allow fraudulent advertising on their platforms, which both Meta and Google do, they should welcome their additional responsibilities and not feel threatened by them. When I asked the companies in front of the Joint Committee whether they agreed with us that this was a good idea, they both felt that they could handle it themselves, but the fact that we are passing this Bill shows that we think we need to go further.
Viscount Colville of Culross: You, like us, are all excited by the Online Safety Bill. When do you think it might be reintroduced in the House of Commons?
The Chair: Are we talking weeks, days, months?
Damian Collins: I think “soon” as it is commonly understood, rather than a government “soon”.
The Chair: Like a government “autumn”.
Viscount Colville of Culross: Could you explain a little more about the online advertising programme that you mentioned earlier? Some of us are slightly vague about what it will try to accomplish. How will it advance the attack on criminality and fraud online by the online safety Bill?
Damian Collins: In terms of fraud, it does not particularly. In some ways, we have brought forward a decision that might or might not have been made by the online advertising review. We think that the case for fraud is so clear that we should address it now, and the online safety Bill gives us a chance to do so. It would have seemed perverse to say that someone could post on their Facebook page an enticing scam for someone to engage with and that would be regulated, but if they put 1p of ad spend behind that post, it would be an advert and it would be out of scope. When the definitions of fraud are so clear, that would have been an odd outcome.
As a general principle, looking forward—obviously we are yet to produce the response to the online advertising review—if the online safety Bill works on the presumption that illegal activity on user-to-user platforms is regulated by Ofcom, why would we make an exception for other sorts of illegal activity that might be being promoted through paid-for advertising? How will we get that balance right? What are the shortcomings at the moment of the self-regulatory system that the advertising industry employs?
I say that as an ex-adman. When I worked with Saatchi’s, we were principally talking about media companies, media owners and major brands that all co-operated very closely with the advertising industry. They all had brand jeopardy for what they did, and the media owners were very responsible in taking activity against illegal activity or ads in breach of consumer protection law. Can we say in confidence that the same thing happens on major international online platforms now? The point of the review is to look at what we can do to strengthen that.
Lord Allan of Hallam: One of the issues that have come up in the inquiry is that a lot of the fraud is taking place from outside the UK. To be clear, under the online safety Bill, if there is a service outside the UK that is saying, “Ofcom, I don’t want to talk to you. I’ve got nothing to do with the UK”, and it is pumping out content that is causing fraud in the UK, what can you do to it?
Damian Collins: The platform has a responsibility to the users in the country it is serving in. If the user is in the UK, the platform has to have a response to protect them from that fraud even if it is being perpetrated by someone based in a different jurisdiction. The platform’s responsibility is to the users in that jurisdiction.
Lord Allan of Hallam: And if they ignore Ofcom and say, “Talk to the hand”, what can you actually do to stop them operating?
Damian Collins: If they are a regulated service provider and they say, “Talk to the hand”, they face criminal sanctions.
Q260 Lord Sandhurst: I have a question for Mr Collins. The message from the evidence has been quite clear that exchange of information between stakeholders, of whom there is a big range, is critical to and at the heart of fighting fraud. The same evidence has shown that stakeholders, whether law enforcement agencies, private companies, banks or whoever, quite often wrongly perceive GDPR to be a barrier to the effective exchange of data and information. If in doubt, they just stay silent.
Two questions arise from that. First, two Bills are before Parliament: the data protection Bill and the economic crime Bill. Can either or both of them be strengthened to encourage and facilitate, or even mandate, the sharing of fraud risk information? Secondly, do you have any plans to work with the Information Commissioner to give clear, focused guidance to remove such false perceptions? We have heard evidence that even the police and the CPS sometimes think they cannot do things that they can.
Damian Collins: I should say that I am not the Bill Minister for either of those Bills, so what I can say is limited.
Lord Sandhurst: Then take a message back.
Damian Collins: I can certainly do that, and perhaps my colleague, Minister Lopez, will want to respond to you with regard to the data Bill. It is important that regulators work well together behind the scenes. Certainly, I would expect Ofcom to work closely with the Information Commissioner to investigate fraud responsibilities in the Online Safety Bill. If you looked at online advertising being in scope of that, you could want to investigate whether a fraudster was not only placing ads but using ad tools on platforms to promote them, using custom data audiences or lookalike audiences on platforms such as Meta. The Information Commissioner may be interested in understanding where that data came from—it was probably not freely given. So there is a lot of overlap, and we want regulators to work closely and be able share information with each other when pursuing their different interests.
Lord Sandhurst: The point is that very often we do not even know that there has not been an exchange of information. because it has not happened. If you are a commercial organisation, you simply do not want to take the risk of falling foul of the ICO and being criticised in the press and so on. So does something not have to be done about this to give them comfort?
Damian Collins: I will take your points on data back to the Data Minister, who will be better placed than me to respond to them. But, as I said, important information sharing often takes place in the background. Obviously, companies that suffer data breaches have to notify the ICO and, even if that information has not been made public, it is still an important part of their ongoing work. The general principles that underpin the data Bill are that we want to make it as easy as possible to work with and make it clearer to companies what their responsibilities are and how they work with the regulator. We also want to make the consumer interface easier but still make sure that people's data protection rights are respected.
The Chair: Mr Tugendhat, could I ask you about this from the police perspective? We appreciate that you are not a Justice Minister, and this is also relevant to the CPS—we raised this with the Director of Public Prosecutions when he gave evidence to us. Could you speak about this from a criminal justice system perspective?
Tom Tugendhat: Frankly, this is where the economic crime Bill is working on what Lord Sandhurst referred to, and there is a whole series of elements within it. The principal one is the way in which Companies House will have to report, which will be a major element in eliminating it. The other elements concern the way in which law enforcement bodies will be encouraged to work together. We have put this forward in various strategies, and the economic crime Bill enables it to go forward.
Duncan Tessier: Specific clauses within the economic crime Bill will encourage and allow information sharing between private sector entities, as the noble Lord mentioned. These are on the disapplication of civil liability in the case of sharing information for the purpose of preventing economic crime. That does one part of it, but, as you pointed out, the second part is GDPR, which the economic crime Bill does not touch. A debate is going on about the exact clauses in the data Bill that could provide further clarity there.
The Chair: So you are trying to avoid any gaps between the two regimes.
Duncan Tessier: Exactly, so the two come together on this point.
The Chair: We will have some slightly random questions before we move on to prosecuting fraud.
Q261 Viscount Colville of Culross: This question for Mr Tugendhat is slightly random, but I think it is interesting. We had an interesting evidence session with the SEC in Washington DC. As a result, we are coming up with a recommendation, we hope, that the FCA should review the SEC’s regime for awarding whistleblowers where their information leads to a conviction or the retrieval of money obtained through fraud. What do you think of that?
Tom Tugendhat: Whistleblowing has become a matter of great interest to me in recent weeks—I did not think it would, but it has—and several things have come up. One is that there is a range of suggestions, and the SEC’s is important. I am glad to see that no committee’s report is complete without a trip to Washington.
The Chair: We could not go to Washington; we had to do it virtually, unfortunately.
Tom Tugendhat: I am sorry to hear that. The reality is that that is one way of doing it, but there are many others. A lot of this is not about the financial reward but about reputational damage to an individual and their future employment rights. I am not saying that I disagree with the SEC’s approach; I am just saying that there are other factors to look at.
In some ways, the UK has quite a good record of whistleblowing reports from individuals who are not seeking financial gain in any way but are using routes that currently exist—perhaps we should look at new routes that should exist—in order to report crime that is already happening in the UK.
Damian Collins: On the Online Safety Bill, one of the recommendations of the Joint Committee was to offer whistleblower protection for people who come forward in breach of a non-disclosure agreement to share information with a regulator. The Government accepted that amendment; it is not part of the Online Safety Bill, but they will introduce that correction through a separate instrument. It will give people like Frances Haugen reassurance that if they co-operate with the UK authorities, they will be protected.
Q262 Lord Browne of Ladyton: I apologise to our witnesses for coming to this meeting late. This was partly caused by the west coast main line, but it was mostly because I promised to support an Oral Question that was asked in the House of Lords. I apologise more if I am bringing you back to an issue that you have already engaged with, but I will ask my question anyway.
My question is about why the Social Market Foundation, in its report of August this year, described the UK as the “fraud capital of Europe”. The UK has rapidly become a major centre for digital fraud. The evidence that we heard concentrated quite substantially on the English language: the universal use of it in this country, with rapid digitalisation and globalisation. I have to admit that I am sceptical about the English language aspect of this; I may be the only person on the committee who is. I lived in the United States of America for three years, and almost everyone spoke English, there was pretty rapid digitalisation and there was certainly a lot of globalisation. But your chances of being a fraud victim in this country are exponentially greater than they are in the United States. I address this to Minister Tugendhat, whom I congratulate on his appropriate appointment.
Tom Tugendhat: It is a pleasure to be before your committee. I declare an interest: when that report was written, I was on the board of the Social Market Foundation. I am marking a lot of my own homework this afternoon.
The Chair: That means that you might get something done about it.
Tom Tugendhat: That is the only reason why I took the job. The report looked carefully at this. As you may know, the Social Market Foundation’s work is absolutely fantastic—I say that entirely self-interestedly. It is one of the most important organisations reporting on government work and coming up with ideas for it today. I am a big fan of its work and reports, by and large, although I will regret saying that when it brings out something critical of something I am on. The point it makes in that report is extremely valid: yes, the English language is an important element, but there are other elements too.
One is that the speed of transactions in the United Kingdom is much higher than in most other jurisdictions—including, I think I am right in saying, the United States, if my memory serves me correctly, but I will have to check that. We are one of the very few jurisdictions in the world that allows for pretty much instantaneous transfers; very few others do. That means that you can do two things.
One is that obviously you can defraud somebody quickly and therefore have access to the cash immediately, but you can then do the second thing, which is so important, which is to pass it on to 20 or 30 other bank accounts and then other bank accounts and so on, so that by the time the law enforcement authorities are involved, the money has long since left the country, or at least left the jurisdiction. That is an important element.
The second element is that the UK, much to our benefit in many ways, has been a global centre for financial transactions for decades, certainly, and possibly even centuries, depending on how you count. So the connections that people have are much wider and deeper than with many other jurisdictions. That means that the UK, I am afraid, is particularly vulnerable, but it also means that the UK is particularly responsible. One of the points I have made in the past, and we have made it separately together, is that the UK has a particular responsibility in defending global trade, fighting global crime and making sure that the national security threats not just to us but to others that financial crime can present is fought at every level and in every possible way.
Very sadly, one conversation that we had recently—I hope you will forgive me; I do not think I am breaching a confidence—was about the way in which state actors use fraud to get money around jurisdictions, in some cases to pay agents and in other cases simply to reward those who have acted on their behalf. This is not simply a matter of violating the rights of the British people, although that is clearly a crime enough; it is about threatening the integrity of states around us. That is why I take it so seriously.
Damian Collins: I agree with what Tom has said about the approach. First, on the English language, from an online safety point of view it should almost give us some advantage. Tom has answered the points about the technical transfer of money. I know from my own constituency casework people who have been victims of frauds and have had exactly that problem that, by the time the crime is identified, the money is long gone and almost untraceable.
On the way in which we want to bring, through the Online Safety Bill, online systems and platforms in scope, we certainly know that they find it much easier to work within the English language, so there should be more resource for enforcement. We can look at the way in which major platforms are used to support the committing of crimes at scale and then ask the companies to take a systems-based approach to that whereby, as we said earlier, they can also have policies in place on whether they accept financial product ads without the provider being pre-approved by a body such as the FCA, which obviously should lower the risk of a crime being committed. Once the Online Safety Bill is law, we will have the ability to use the systems of some of these major platforms to try actively to prevent fraud and to require the companies to explain what their policy is to do just that.
Lord Vaux of Harrowden: You have made the point that the faster payments and rapid transactions are obviously a part of the problem. It raises the obvious question: should we be slowing down those payments?
Tom Tugendhat: That is a conversation that I know the Treasury is having in different ways. I will not prejudge those discussions, but it is something that has been discussed with me.
Q263 Lord Browne of Ladyton: I would like to follow up on something that you said, Minister Tugendhat, about the global crime. What analysis do the Government conduct to pinpoint who exactly these fraudsters are and where they operate from so that we can have some sort of idea how, internationally, we are to use our soft—and maybe other—power to influence the people we need to?
Tom Tugendhat: Some of this analysis is done by the National Crime Agency, which does an extremely good job. Forgive me, I am going to repeat myself, but you were not here at the time. There was a recent incident where the National Crime Agency closed down a fraud ring in Romania, which was an extremely impressive piece of policing. There are other examples around the world where the NCA, co-operating with our agencies and local law enforcement, has taken action against people who are defrauding the UK despite being outside our jurisdictions. That is a hugely important element.
There is some analysis done by our embassy network in the Foreign Office in various different ways, and some analysis done by some of our agencies. The reality is that most of this is very difficult to be certain of. A lot of the best analysis is done, or rather could be done, by the private sector. After all, it is Meta that knows who paid for the advert that went on to Instagram, and it is Meta that knows where the person who constantly comments under my Instagram stories offering to do financial exchanges at extraordinarily bizarre rates is raising those comments from. After all, it is Meta that hosts the platform and, if you like, publishing the data that is then being used to defraud people.
Damian Collins: If I may add to that, the platforms have an ability to learn and to make learned assessments of different types of fraud. One complaint to Meta by Martin Lewis, the money saving expert—familiar to us all—was that he said he did not endorse financial products. If his picture is being used to endorse a product, you know that that advert is a fraud, because he has nothing to do with it. If you see the things that are put at the front end for a consumer to see to build the level of trust in the message they are seeing, you can learn what those things are and learn to identify and exclude content that does that.
The Online Safety Bill takes us to a different place. These cases are being decided on a case-by-case basis as someone complains, with the advert then taken down because it has breached the rules. But what about the 10,000 copies of that advert that basically do and say exactly the same thing? They do not get removed en bloc; they go through a case-by-case process as well. The systems-based approach in the Online Safety Bill means that the regulator can say, “Come on, there are some learned characteristics of these fraud ads that we know are happening now. You should be using your AI to identify all those things in real time and get rid of them”. That is the kind of change in approach that we will see, I think.
Q264 The Chair: We will move on to prosecuting fraud. We could have had any number of Ministers before us today, so this may not be completely within your jurisdiction. I turn to you, Mr Tugendhat, but you are very welcome to ask others to write to us. I think you said something about the Computer Misuse Act and the review which the Government recently announced.
Tom Tugendhat: The Computer Misuse Act, as you know, is now about 30 years old, and although it has proven remarkably adaptable it still needs updating and we need to be quite clear that that is becoming ever more important. There are various different conversations about it. As you know, there is a review that is currently under way. The proposals include things like defences for activity that might breach CMA offences, which may cover certain areas: powers to seize internet domain names, which Damian has already touched on in the way domain names are registered and then used to lure people down a fraudulent path; powers to require the preservation of data; the new offence of illegally copied data; and, of course, sentence levels. All those are being reviewed. As you know, several departments will have a view on it, so I am not able to go enormously far on that.
The Chair: But it is an active piece of work.
Tom Tugendhat: It is.
The Chair: Part of the committee’s remit is to look at the Fraud Act 2006 specifically. We have had a memo from the Ministry of Justice about that. Do your colleagues have a view on whether there is a case for reviewing sentencing guidelines to bring offences under that Act in line with others, such as money laundering?
Tom Tugendhat: That, again, is something that is under review. The Fraud Act has also proved remarkably resilient, but there is evidence that there are things that need to be reviewed. The reality, from my perspective, is that it is more to do with bringing prosecutions that can get to the Fraud Act rather than reforming the Fraud Act itself. That is where my focus is going. That is why the national fraud strategy is all about getting cases before the CPS and making sure that they have a proper evidence chain and that witnesses are ready and all that sort of thing, to make sure that what we get is a prosecution, not just the totem of an updated Act.
The Chair: Again, on the Fraud Act, have you had any representations about disclosure and how that is conducted? The vast volumes of information that now get disclosed was raised with us by the police and others when giving evidence.
Tom Tugendhat: That has been discussed in a number of different ways at different times. The reality is that disclosure is a real problem. As you rightly say, the volume is quite extraordinary for some of these cases and is leading to a failure to prosecute. So we are working to understand how we can reduce the unnecessary burdens and focus the amount of data into that which is relevant, for the prosecution and of course for the defence, to make sure that there are fair trials on this. It is imperative that we defend the privacy of all citizens, but that also means that we enable the police to bring prosecutions.
It is worth focusing on the point of these prosecutions. It is to enable free trade; it is not to close it down. Making sure that the relevant elements of data and disclosed data are available to the authorities to bring those prosecutions is about liberating people to conduct their lives in freedom.
Q265 The Chair: This might be a point for both of you, or something colleagues will write to us on. We have had strong calls for there to be a new failure to prevent fraud offence to add to the corporate criminal liability offences. Do either of you wish to comment on that?
Damian Collins: If you look at the principles of the way the Online Safety Bill works, that does apply. Companies will set out their policies. They have to try to get agreement with Ofcom that they have robust policies to do what they have all been asked to do. If they fail to fulfil those policies, either because they have not resourced them correctly or because they do not work as promised, there is a degree of liability for the failure to prevent something that was anticipated and known about, and the intervention could come. A company could be fined because it failed to put in a robust enough system and failed to do what it said it would do, and therefore is in breach of its obligations under the terms of the Bill as it currently stands.
Tom Tugendhat: You may be aware that I may have mentioned this in the past when I was slightly more free to comment.
The Chair: Words will come back to haunt you.
Tom Tugendhat: They do; no good deed goes unpunished. This is something that I raised before. The work that Margaret Hodge and Kevin Hollinrake have done on this has been extremely impressive. I hear from media reports that they may be putting down an amendment. I will certainly look at what they put forward, because the reality is that making sure that we see a similar dissuasive power against companies that may otherwise be responsible would be very useful.
The Chair: That hints that you think that this is potentially important in driving behaviour change within companies in the way we have seen with the Bribery Act 2010, where a similar offence is reported to have changed the way companies behave.
Tom Tugendhat: The Bribery Act, the Health and Safety at Work etc. Act and various other Acts have seen behaviour changes but not large numbers of prosecutions. We do not want a large number of prosecutions; we want the end of the behaviour that puts people at risk. I have been a friend of Kevin for a very long time and I hope to stay friends with him and Margaret for a lot longer.
The Chair: We will look with interest at any amendment.
Q266 Lord Triesman: This is a question for the whole of our witness panel, but particularly the two Ministers. Should all victims of authorised push-payment frauds be reimbursed for their loss? If you think they should, what do you think the unintended consequences of that might be? Who would fund it?
Damian Collins: Lord Triesman, it is good to see you. That is a really good question. I think to some extent this goes back to the question we had before about the level of anticipation that could have been there; there is a buyer beware principle that applies across the board. If a fraud is being perpetrated that could reasonably have been anticipated, to what extent should there be compensation for the victim? Should recompense be sought from the platform whose business it was to try to prevent this easily preventable crime and which failed in its obligations to do so?
If, for example through the Online Safety Bill, large fines were levied against a company for failing in its duties to protect users from known frauds and scams, there would be a question with the Treasury, as always, on what we should do with that money. There may be a question on how it should be used, and whether some of that resource should go towards victim support groups or individual compensations, rather than it just being a line of revenue for the Treasury itself.
The Chair: Mr Tugendhat, does the Home Office have a view on mandatory reimbursement?
Tom Tugendhat: There are various arguments on this. We welcome the introduction of the contingent reimbursement model, which was in the 2019 code. There were various elements there, but reimbursement rates remain inconsistent, and finding a way to ensure that people are reimbursed appropriately is important.
One issue that some of the financial providers have raised is that they do not want to see a way in which companies can prove victim to a different form of fraud where you have the impression of a victim but the victim is actually a participant. I realise that that is currently a tiny minority of cases, so we should not raise the danger signs too high, but it is certainly worth making sure that when we talk about reimbursement we do not trigger accidental punishment for those who are trying to do the right thing.
Lord Triesman: Mr Tugendhat, I do not want to put words in your mouth, but when you described the impact of these crimes on the economy of the United Kingdom and the extent to which they could damage us, it seemed to me that you were describing something that might have a significant strategic impact on our economy if it went unchecked. Should it be one of the things reviewed in the national threat register?
Tom Tugendhat: The foreign policy and security committee has just started its work. One of the reasons why the Prime Minister asked me to sit on it is that she sees economic security as a fundamental element of national security. In some ways, she has already updated it by asking me to do that.
The work that we do in different ways to keep this country safe is absolutely connected to the financial markets and our ability to trade across the United Kingdom and the world. I feel that she has kind of answered that question already. As to whether lines should be added, I will take that away, but I do not think there is any great doubt that this Government see economic security as fundamental to national defence.
The Chair: My clerk has just reminded me that this is the first time Lord Triesman has spoken in this committee. Do you have any interests that you need to declare, Lord Triesman?
Lord Triesman: I wish I did. I do not think I do.
The Chair: We will speculate about that.
Q267 Lord Young of Cookham: This question arises from what Lord Triesman just asked. We have not talked about it at all so far. What is the role of the public in combating fraud? Are you both satisfied with the current awareness campaign, the counterfraud education campaign, that is trying to make people more streetwise and savvy? Is there perhaps a role for a centrally driven advertising campaign with input from the voluntary and private sectors to really ram home the message about being alert to fraud and raising the profile perhaps higher than it has currently been raised?
Tom Tugendhat: I take the point; it is one of the things I was asking officials about. I am told that one of the things we have found with this is that the multiplicity of voices has actually led to confusion, not reporting. Having a simpler form of information is an important element; this is where we really need to be focused rather than multiplying the number of voices. That said, I come back to the point we have made already in this committee, which is that the private sector has a hugely important role in keeping this country safe.
Damian Collins: Public awareness of known scams is obviously effective. We would all raise an eyebrow if we had an email from a businessman in Ghana we had never met suggesting we invest in his lucrative scheme. We would be slightly sceptical of that, but those sorts of fraud emails proliferated online for a long time.
Looking at this in the context of the Online Safety Bill, if the anti-fraud measures in that are a success, hopefully that will mean that users might look at, say, the promotion of an investment scheme on Facebook and think, “Okay, I know there are proper systems in place and that they have to do lots of checking about what they are allowed to run. I should still make sure that I investigate carefully before I make a decision, but at least I have some reassurance that there are some quality control processes in place”.
At the moment, there are probably not enough systems to protect people, not enough checking being done and not enough kite-marking of content making it clear that this is a legitimate product. One of the difficulties with online scams in particular is that they look very like the real thing and it is difficult to distinguish. As a constituency MP, one of the most insidious things I have come across is people passing themselves off as the solicitor of someone selling a property and persuading someone to transfer very large sums of money on the day when the proceeds of the sale come through into a fraudster’s bank account. That is done by mimicking the behaviour of the legitimate actor.
Q268 Lord Young of Cookham: Following Mr Tugendhat’s response, if there were a centrally-driven campaign, who would be in charge?
Tom Tugendhat: I will have to take that away, but as the Fraud Minister it is probably me, so I suspect I can answer that by trying to find a way to do it.
Damian Collins: The Home Office has far deeper pockets for this sort of thing.
Tom Tugendhat: I am not going to get into that.
Something that is worth saying—we have not yet mentioned this in this session, but it is worth putting on the record—is that victims of fraud very often do not come forward because they feel foolish or that they should have known better. These are very accomplished criminals who quite literally make their money by finding ways to attack people who are vulnerable for one reason or another. That does not necessarily mean that they are vulnerable in the way the police would often consider vulnerability; it may be for other reasons. We should be supporting those who have become victims and making sure that they feel able to report. Only if we get the reports in are we able to deal with it—and, of course, in reporting, victims protect others.
Q269 Lord Vaux of Harrowden: This question is related to the public awareness issue. Something that surprised me—and, I suspect, everyone—was the fact that most victims of fraud are not elderly vulnerable people but in fact young people. They are also vulnerable to being conned into becoming money mules. How can we improve school and university education for them?
Tom Tugendhat: You are now going way beyond my purview.
Damian Collins: Going back to what I said in answer to Lord Young’s question, some of that is about giving people the tools they need to navigate through different sorts of content that they see, particularly in the context of social media platforms, which are the principal gateway through which many people consume all sorts of information these days. Those could be delivered at the platform level. When you think about what a good media literacy strategy looks like, part of that can be educating people to look for the signals and signs on the platforms that are there to help you to navigate your way through.
However, DCMS funds a range of media literacy projects that work in both and in communities, including at primary school level. That is something we do to give people the basic information they need to try to keep themselves safe and question the sources of information they see.
Lord Vaux of Harrowden: Would you support strengthening those?
Damian Collins: Of course. There is always a question of how much resource the Government can invest in it directly, but looking at Ofcom’s role in the online safety Bill with regard to fraud, it would be perfectly legitimate for it to say to companies, “You have your policies. What do you do to make users aware of what those policies are? What do you do to make your users aware, if they are uncertain about something, of what they should do and how they should respond to it?” Meta, for example, has tools where you can see why you are seeing and being targeted by a particular ad. If you decided that you did not want to see any advertising for financial products because you were concerned about the risk, how easy would it be to turn those off? Those are all the sorts of conversations that Ofcom can have with the major user-to-user platforms and search services about what they do to help to protect their users from fraud—not only what the company does upstream, but what users can do to protect themselves.
Q270 Lord Allan of Hallam: I have a follow-up for the DCMS team, because I have been mulling this over. You have sold the Online Safety Bill really well, but there is now the risk of a gap between what will happen for the Online Safety Bill-regulated providers, which will do risk assessments and take proactive measures, and the telecom companies, where SMS delivery scam messages are not covered by the same regime, or the domain name providers. You pointed to the fact that Ofcom has other regulatory tools. Could you explain to us how some of those similar disciplines could apply to the other parts of the chain—comms providers and domain name providers—that will not be in scope of the Online Safety Bill?
Damian Collins: Ofcom has also been conducting its own reviews this year. We are waiting for Ofcom’s recommendations to come from that, and the department will take its own view in response. Ofcom’s consultations that have been running this year have largely been looking at how it interacts with operators to do the sorts of things that you are talking about.
Q271 The Chair: I have two more questions, one for each of you, and then we will draw this session to a close. The first is to DCMS. You will not be surprised to know that digital identification verification has again come up in evidence, particularly relating to financial institutions. What is the latest in government policy on that? There was a big scheme, but it has fallen away. Where is government policy on digital ID?
Damian Collins: I will let officials come in on this as well. A robust digital ID is often a gateway to safe, secure digital services and public trust. Last week I was at the Tallinn Digital Summit in Estonia, and the scheme they have there is the gateway to accessing all services, including voting online. It is trusted and it works really well. We have seen public awareness and knowledge of how these systems work grow as they try to access different areas of government services, most typically with people who have the NHS app in order to demonstrate their vaccination status for Covid. I am sure people will say, “Okay, I have government gateway ID, I have ID I use to access the NHS. Can’t we have something that brings all these things together, and are we sure we can keep it robust?” It remains our view that this is an ongoing piece of work, but it is core to keeping people secure online and helping them to access the services that they need.
Sarah Connolly: Yes, it is still something that we are actively looking at.
Q272 The Chair: Mr Tugendhat, earlier we talked about whether online fraud should be part of the strategic policing requirement. I have been reminded of some evidence that we heard: we put that question to Rob Jones, the director-general of the NECC—I think he is head of threat leadership at the National Crime Agency—and he said yes, he would want it to be made a strategic policing requirement. He said: “Our experience of prioritising threats across serious organised crime has shown that, once you get the threat into crime and policing plans, and it is part of the strategic policing requirement … we shift the dial and it becomes an appropriate priority”. I am not expecting you to necessarily make government policy, although you are very welcome to do so right now—
Tom Tugendhat: I will go and speak to him.
The Chair: —but perhaps I could ask you to take that away and discuss it with him.
Tom Tugendhat: I would be delighted to.
The Chair: If there are no further questions for our witnesses, I formally end this meeting. Thank you all very much for your time this afternoon.