HoC 85mm(Green).tif

Public Accounts Committee

Oral evidence: Work of the COVID Counter-Fraud Commissioner, HC 107

Monday 6 July 2026

Ordered by the House of Commons to be published on 6 July 2026.

Watch the meeting

Members present: Sir Geoffrey Clifton-Brown (Chair); Mr Clive Betts; Anna Dixon; Sarah Green; Sarah Hall; Catherine McKinnell; Sarah Olney; Blake Stephenson.

Gareth Davies, Comptroller and Auditor General, National Audit Office; Joshua Reddaway, Director, Fraud and Propriety, National Audit Office; and George Osborne, Alternate Treasury Officer of Accounts, HM Treasury, were also in attendance.

Questions 1-115

Witnesses

I: Tom Hayhoe, Covid Counter-Fraud Commissioner; Mark Cheeseman OBE, Chief Executive Officer, Public Sector Fraud Authority; Beth Russell, Second Permanent Secretary, HM Treasury; Marcus Mason, Director, Public Spending, HM Treasury.

II: Samantha Jones OBE, Permanent Secretary, Department of Health and Social Care; Elizabeth O’Mahony, Director General, Finance, DHSC; Steven Greenwood, Director, Grant Delivery Directorate, Department for Business and Trade; Chris Jones, Director for Local Government Oversight and Accountability, Ministry of Housing, Communities and Local Government; Janet Alexander, Director, Compliance, Operations Directorate, HM Revenue & Customs.


Final Report of the Covid Counter Fraud Commissioner

Pursuing Recoveries and Preventing Reoccurrence

 

Examination of witnesses

Witnesses: Tom Hayhoe, Mark Cheeseman OBE, Beth Russell and Marcus Mason.

Q1             Chair: Welcome to the Public Accounts Committee on Monday 6 July. Today we are examining the work of the covid counter-fraud commissioner in identifying and recouping taxpayers money lost to fraud during the pandemic. During covid-19, the Government acted at pace to deliver lifesaving equipment, protect jobs and sustain the economy. However, that urgency came with significant risks, and it is now estimated that £10.9 billion may have been lost to fraud across a range of support schemes, of which a staggering £9 billion has not been recovered. The establishment of the commissioners role reflects the scale of the challenge in recouping those losses and strengthening the Government’s counter-fraud capability.

Today, in the second panel, the Committee will examine whether the Government have recovered all they reasonably can, whether Departments have the tools and resources needed to pursue fraud at scale, and what lessons are being learned to ensure that the UK is better protected against fraud in future crises.

In this first panel, we will hear from the covid counter-fraud commissioner—to whom we will extend a warm welcome in a minute—the Public Sector Fraud Authority and officials from the Treasury. We welcome you all. Without any further ado, it would be helpful if you introduced yourselves and your roles. Let us start with you, commissioner.

Tom Hayhoe: Good afternoon, everyone. I am Tom Hayhoe. I spent a year working out of HM Treasury as the covid counter-fraud commissionerI stress that the role was about counter-fraud, not counter-corruption, because there is sometimes a bit of confusion about that—with a brief to do what we could, both to achieve further recoveries of money lost through fraud in the course of the covid pandemic, and to make recommendations on how we could prevent recurrence of fraud on that sort of scale. That, in essence, was the brief that I was working to.

Q2             Chair: I do not normally do this, but may I commend you on what I think is a very diligent and comprehensive report? I think we all owe you a debt of gratitude—thank you.

Will the rest of the panel introduce themselves? Mark, we have seen you many times before this Committee.

Mark Cheeseman: I am Mark Cheeseman, chief executive of the Public Sector Fraud Authority.

Beth Russell: I am Beth Russell, second permanent secretary to the Treasury.

Marcus Mason: Hi all. I am Marcus Mason, director of public spending at the Treasury.

Chair: Thank you very much.

Commissioner, we have had evidence from Transparency International, which makes exactly the point that you made. Your role was first announced, by the Chancellor when she was in opposition, as that of a counter-corruption commissioner, but it became counter-fraud commissioner when, or before, you were appointed.

Transparency International said in its evidence that the role excluded cronyism, conflicts of interest and abuse of power, despite political messaging implying otherwise. It says that—I am sorry; I am not being critical of you, but I would like to put this to you to get an answer—the commissioner failed to address systemic corruption risks, leaving limited learning for future crises and continued reputational damage to UK governance. I am not being unkind by putting that question; as I say, I would just like to get your take on that comment.

Tom Hayhoe: The first thing to point out is that, at the same time as establishing my role as the counter-fraud commissioner, the Government established a post that Baroness Hodge took on. I cannot remember precisely what the title was, but she was charged with taking the lead on anti-corruption across Government. That is the first point.

The second point is that corruption does not necessarily result in fraud. Fraud is frequently related to corruption, but the two are not the same. For example, one of the issues that I think Transparency International pointed out was the initial poor performance of contracts under what the public called the VIP lane—bowdlerised as the “high-priority lane”—for PPE procurement. At the end of the day, that did not result in greater financial losses. There were some shortcomings with some contracts, but the money was recovered in those cases.

There is no doubt in my mind, as someone who is quite sympathetic to the concerns about cronyism, that there did appear to be some cronyism, but it did not necessarily translate into fraud. There was no shortage of fraud that was completely unrelated to cronyism—it is helpful to make that distinction. If I had been trying to cover both briefs, it would not have been a reasonably addressable thing in the scope of a year, and I probably would have been less focused on the recoveries that we made and the recoveries that there are still to make.

Chair: Thank you for that helpful explanation.

Q3             Catherine McKinnell: My first questions are to Tom and Mark. In its response to the covid counter-fraud commissioner’s report, the Treasury noted that the Public Sector Fraud Authority assessed that covid-19 spending attributed to fraud and error could be even greater than the £10.9 billion that has been quoted. This is probably a question for you, Mark. What are the reasons for that assessment?

Mark Cheeseman: Before I start, let me give a bit of context. The £10.9 billion is the best estimate that we have available. If we look at benchmarks internationally, we are one of only three countries I know of—the others being the US and Canada—that have estimated covid and pandemic-level spending. Others have not done that.

The other important bit of context is that fraud measurement is quite a new thing. HMRC and DWP have done it for a while, but more broadly in Government—this Committee has challenged us on it before—it is quite a new thing. As such, practice in it is growing. The reason that the PSFA and the predecessor—an independent panel that reviewed the estimates done for PPE, grants and covid loans—came to that as an underestimate was because the measurement exercises that were done did not meet the standard that had been set. The prime thing for that was that there were some areas of risk that had not been measured.

However, it is also important to note that the £10.9 billion is the total best estimate that we have, and we have had impact on some of that, as is covered in Tom’s report. There are other aspects as well. With bounce back loans, for instance, you could fraudulently take a loan and then pay it back, and that would come out of the £10.9 billion.

Q4             Catherine McKinnell: How confident are you that we have the full extent of the potential loss? Are you confident in those assessments? Are you confident that each Department has maximised its ability to detect where that fraud might have occurred? What is the range for that £10.9 billion figure that you are working with?

Tom Hayhoe: I am not sure that I can give you the range, but I can illustrate some of the problems and why there is a degree of uncertainty.

As I documented in the report—this is documented directly by DHSC, and provided for a £10 billion write-off—there was massive over-procurement of PPE. Quite a lot of that ended up finding its way into landfill. What we do not necessarily know is whether some of that stuff would have turned out to be faulty and potentially contestable, with queries about whether there was fraud involved—so there are bits of uncertainty in there.

In relation to the bounce back loan issue, which Mark has alluded to, some loans may have been taken out fraudulently. Cages have been rattled by DBT, through its dissolution objection programme, which means that if you have an outstanding bounce back loan, you cannot wind up your company. Within that, there may be some cases that turn out to be fraudulent. There will be others where the money will end up being repaid—70,000 such companies withdrew their applications to dissolve—so the fraud will not necessarily crystallise. Around those sorts of things, we can put a lower limit on the level of fraud, but I would struggle to say what the upper limit is.

Q5             Catherine McKinnell: Can I probe a little on the PPE example that you gave? That is fraud and error. To what extent does the error cover the ordering of PPE that was not required?

Tom Hayhoe: There is no doubt that there were major errors in the way the PPE procurement programme was undertaken.

Q6             Catherine McKinnell: So why is that not included in the £10.9 billion figure? Is that just for fraud rather than fraud and error?

Tom Hayhoe: The error was in procuring a lot more than was ever going to be needed. I believe that the PAC has looked in detail at PPE procurement previously. In the figures in the DHSC accounts for 2023, there is an extraordinary chart, which is chopped off at 104 months. At that point, there were at least 104 months of forward stock of clinical gowns.

Q7             Catherine McKinnell: Is that included in the £10.9 billion figure?

Tom Hayhoe: No, it is not.

Mark Cheeseman: No, it is not, and the reason is that the Government intended at the time to buy that PPE. The fraud-and-error estimate looks at, based on Government intention, what was either a fraud attack or an error that was not aligned with the criteria that the Government had set.

Tom Hayhoe: So a mistake in procurement. There is a difference with the use of the word “error”.

Q8             Catherine McKinnell: In hindsight, you could have broadened the scope to be fraud, error and waste. That might have been a useful exercise.

Tom Hayhoe: I think the PAC has already addressed some of that stuff in relation to PPE.

Q9             Catherine McKinnell: I guess what I am trying to get to the bottom of, given that not everything is known, is the extent to which you are confident in the Government's assessment. Are you confident that they are targeting the right extent here? They are significantly undershooting in terms of recovering, but is it even worse than is apparent? Is there actually an even greater amount of money if you are going to look at a range? I have to say, in my experience, you would normally have a range in these circumstances rather than a specific figure, if you are not clear about what that figure is. I am just trying to get a sense of how confident you are that it is as it has been stated, or whether there is significant uncertainty about these figures.

Mark Cheeseman: The first thing I would say is that this was the first time we had done this in a pandemic, and we were actually the first country to do it. Coming to the £10.9 billion figure was an attempt to do that. To what extent do we know the full extent? Well, during the pandemic we had a global fraud risk assessment, which we have continued because we thought it was good practice. From that, we looked at what the highest-risk schemes were, and those were the ones where the measurements happened. I am reasonably confident that the highest-risk areas are covered by the measurements, and I think the commissioner has looked at that in his work as well.

To what extent do we know the full extent? Well, we have talked before about general estimates of fraud and error in the public sector—that is a difficult question. I would say that we certainly know enough to act in two ways. The first is to take action where fraud and error has occurred, and as the commissioner has reviewed; the other is to re-engineer the system on the basis of what has happened to make it stronger, so that the levels are lower in the future.

Q10        Catherine McKinnell: That brings me to a question for you, Beth. What is the process by which the Treasury decides whether it is feasible or value for money to pursue the recovery of fraud and error, and what guidance does the Treasury provide to the Departments to determine that?

Beth Russell: The Government have published a response to the commissioner’s report, accepting the vast majority of the recommendations, some of which refer to specific recoveries in Departments, particularly around bounce back loans. As you are probably aware, in the Budget last year, the Treasury put £17.5 million into a series of pilots to look in that area, which comes directly out of Tom’s work and the discussions with the Department for Business and Trade.

We will then look at the evidence from those pilots, which are deliberately designed in a “test and learn” way, precisely because we need to test what actions and where are most effective to recover more. We will get real-time information from those pilots and will be able to make quite rapid decisions about whether to scale them up or decide that, actually, in some areas they are not working.

To respond to your broader question about investment to recover fraud and error, if you look beyond that specific investment, particularly in DWP and HMRC, the Treasury has invested, I think, around £5 billion in the last two fiscal events in this area. Obviously, we are always encouraging Departments to come to us with spend-to-save proposals in this area.

Q11        Catherine McKinnell: So £5 billion is being invested in recovery currently, or so far?

Beth Russell: Yes, I believe that is the cumulative number from the last two fiscal events over the scorecard period.

Q12        Catherine McKinnell: Okay. Given that we are still at only around 10% of the estimated losses, and £9 billion of losses are still unrecovered, what would be your assessment, Tom, of how effectively the Government are assessing value for money and priorities when it comes to pursuing these recoveries?

Tom Hayhoe: One thing that one has to recognise is that an awful lot of that will not be recovered now. One of the things that is quite frustrating, having kind of come into this role with an initial brief—“First, Tom, go and focus on PPE”—was that I had to basically approve recommendations to Ministers to write off £700 million in disputed contracts where there was no prospect of making a recovery. Because of the haste and the pressures at the beginning, that included things like defective contracts, contracts that went out with digitally corrupted schedules attached to them, and cases where there were counterparties in China and no prospect of making a recovery. I have worked and discussed this with some top City firms that have been doing work for DHSC on this, and their advice was that it is not worth spending more to try to recover this, because the prospects for success are sufficiently low.

Added to that was the problem—those who are lawyers around the table will be familiar with this—that, in order to secure damages, you have to demonstrate your loss. If you had nine years’ worth of gowns, and the packaging meant that they had a finite life in which they could remain sterile, the defence would have been: “You were never going to use those anyway, so where’s your loss?” So there are some issues there.

On the question of whether there should be more investment for fraud prevention and recovery, I am not a fraud professional—I came to this having had years as a retailer and in NHS governance—but in my view there is none the less a compelling business case to invest more in fraud.

In relation to HMRC, one of the things that I was initially critical of—but I can see exactly where it was coming from—was that HMRC stood down its covid counter-fraud team because it reckoned it had better returns to be made on its counter-fraud work elsewhere. Given that there were still very substantial returns on the investment it was making on the covid stuff, that suggests to me that there is a compelling case for HMRC investing the returns it is making on its work. HMRC has been chasing fraud since probably going back to the smugglers in the 18th century, and that is embedded in there. I think it is less embedded in other Government Departments, and there is more to do.

Q13        Catherine McKinnell: Looking forward, which Departments have the greatest potential to bring in further substantial recoveries? You have mentioned HMRC; are there other Departments that should be focusing?

Tom Hayhoe: I think that HMRC is better placed than I am to make the assessment as to what the level is, but there is a compelling case there. One of the two areas that gave me concern, which I highlighted in the report, was the work to be done around bounce back loans and the opportunity there.

One of the themes that I hope comes through in the report is that we tend to focus too much attention on criminal recoveries, which are very expensive, often unsuccessful and, in terms of actually recovering money, singularly unsuccessful, whereas there is a lot of scope around using the civil routes. Rattling the cage around director disqualification, which can be for up to 15 years, is quite a severe sanction. It requires proof only to the civil standard, and the investigation is very different in lots of ways.

In terms of provoking people to withdraw their plans to dissolve their company and not repay the loan, the record of the dissolution objection process—with potentially 70,000 companies withdrawingis probably in the order of £0.9 billion saved. That never crystallised as fraud, but it would have done if those actions had not been taken.

Q14        Catherine McKinnell: To go back to the Treasury, how are you incentivising Departments to prioritise this? It is a matter of prioritisation.

Beth Russell: I totally recognise the importance of incentives and improving those. To say a bit about what we have done so far in that area, the Treasury already allows Departments to keep income up to a certain level, which includes income generated through fraud recoveries. In “Managing Public Money” in 2023, we made explicit that the Treasury would look favourably on requests to retain recoveries from fraud. In the spring statement last year, partly as a result of this work, we went further with a covid recovery retention scheme that said that we would pre-approve keeping the proceeds if Departments came to us. You may have seen that the commissioner has recommended going further on that. What we want to do there is review the effectiveness of the things we already have in place, because there have not been as many requests from Departments as we thought there might be, so we need to understand what is behind that. There is more we want to do on incentives.

Q15        Catherine McKinnell: Commissioner, do you think that is working? Is that £5 billion all being spent?

Beth Russell: The majority of that is DWP and HMRC, and that is being spent by them, yes.

Catherine McKinnell: Are the incentives working?

Tom Hayhoe: It certainly assists, but in terms of the internal logic of it, if they do not have the opportunity to retain it, they will not focus their attention on that.

Beth Russell: Just to add, financial incentives are not the only incentives for us to think about. I know Mark and PSFA are doing a lot with Departments more generally on how to make sure that they are really focused on this, up to the most senior levels.

Q16        Chair: To put the whole thing into context, £10.9 billion has been lost and £1.8 billion has been recovered, of which £1.3 billion was from HMRC. The whole of the rest of Government has recovered only £0.5 billion—£500 million.

Tom Hayhoe: One of the questions is about looking at the £0.9 billion that did not crystallise as a result of the dissolution objection scheme and beginning to rattle the cages of the people who were trying to wind their companies up. In fact, there may be a whole lot more. However, that is stuff that does not come into that total but otherwise would have done if it had crystallised. The unrealised fraud that is prevented is outside those sums.

Q17        Chair: I get that, and I get the whole business of barring companies from going into liquidation while they have outstanding BBLs, but nevertheless you have to put all that into context: only £500 million has been recovered by the whole of the rest of Government and you are putting £5 billion in from Government to try to recover more money. I am just wondering whether we are beginning to spend good money after bad in trying to recover more sums.

Beth Russell: I think I should clarify that the £5 billion is not all related just to covid fraud; it is for fraud more generally.

Chair: It is total fraud. Okay.

Beth Russell: Apologies if I have caused confusion there.

Chair: That is a helpful clarification, Beth. Thank you.

Q18        Sarah Olney: Reading your report was a slightly unusual experience: someone had something nice to say about HMRC. That is not a common experience for us on the Committee, or as constituency MPs.

Tom Hayhoe: I am not familiar with saying nice things either.

Sarah Olney: You laid out all the steps that HMRC took to be much more effective at dealing with fraud than other Government Departments. Can you explain for the record what it did, and what other Government Departments that were more successful at countering fraud did, to make themselves more effective than the rest?

Tom Hayhoe: One key thing about HMRC is that it has the data; it also applies a lot of effort to analysing it. Data analytics is one of the really important keys in all this. Of course, these days I am chair of the NHS Counter Fraud Authority, although I have been there only a couple of months, but one of the key things is the investment that we are making in data analytics in order to interrogate NHS data to identify and spot fraud that has not otherwise been recognised. One of HMRC’s advantages is that it has a very comprehensive view of both companies and individuals from what has been submitted, and it is in the business of interrogating that. I think the real question is the degree to which organisations that do not have that data can be provided with better access to data to be able to do the same thing.

That gets on to a vexed issue that I have: the lack of transparency when we look at corporate data, and in particular at the small companies regime. I made quite a strong statement in the report about the deterrent effect of knowing that at least your turnover and profit will be in the public domain. One area where I am disappointed at the lack of progress is that the full implementation of the ECCTA 2023 is not going ahead, to the extent that data about a company’s P&L will not be revealed unless it opts to allow it to be in there. To my mind, if you are going to take advantage of the protections of limited liability—let’s face it, it has been one of the engines of economic growth for 170 years—you should not object to members of the public, your employees, your creditors and the people you do business with knowing the basic economics of your business. I think there is something about having access to data, and HMRC has an advantage over other Government Departments in its comprehensive access to data.

The other quite significant thing is that fraud appears to have been most prevalent where Departments were dealing with parties they did not normally do business with. Levels of fraud in DCMS were a lot less because DCMS was typically working through Arts Council England and the Sports Council, which in turn knew the organisations they were dealing with. A number of Departments made particular efforts to undertake some basic due diligence before dishing money out. We saw the biggest areas of fraud where people were dealing with unknown counterparties.

Q19        Sarah Olney: Thank you; that is really interesting. I will come back a bit later to your recommendations, particularly those that have been only partially accepted, including on your point about the small companies regime.

You have talked about the NHS and the difficulty of data, as well as the unknown counterparties, which is probably the best way to put it. What more should those Government Departments be doing to prevent fraud in the future?

Tom Hayhoe: There are all sorts of things. One of the lessons learned from the bounce back loan scheme, for example, was that the measures that would normally be undertaken if someone is going to borrow money basically went out of the window. Part of that was the fact that the Government decided they would go for a 100% guarantee on bounce back loans. I found it very strange: I spoke to a couple of people who had been at the most senior levels at big clearing banks, who said, “Frankly, we were really surprised at that. We did not think that that made sound sense.” Ironically, the view expressed further down the ranks in the DBT and the British Business Bank is, “The banks would not have done anything with us if we had left them with some degree of skin in the game.” I am reminded of Mandy Rice-Davies: they would say that, wouldn’t they?

In terms of the sheer haste that went into the bounce back loan scheme, we all need to remember what it was like at the time: things that would not have happened in the cool light of day did happen. To some extent, there was appetite to go at a greater pace than was prudent. It would, for example, have been sensible for the bounce back loan scheme to have stuck to the original £25,000 level it was set at. Had there been a need to go back and provide more support, that could have been done in the light of experience. In terms of schemes that were more successful at containing fraud—these may be at the opposite end—there was the zoo scheme. That involved tiny sums of money, but it was done in phases, which meant you could do a bit of learning. Again, I suspect that they were also dealing with a limited number of parties they knew anyway. As far as I know, only a small number of zoos were supported under that scheme, and DEFRA would have known all of them.

Q20        Sarah Olney: Mr Cheeseman, what specific actions can Departments take to increase the amount they are recovering?

Mark Cheeseman: To increase their recovery, all Departments, under the fraud functional standard, are required to have access to trained investigators. Under the debt management functional standard, they are required to have access to debt collection facilities as well, and to seek to continually improve those. In terms of the work Departments do under those functional standards, we expect them to continue to do that collectively as a system.

In terms of other things they can do, in line with what the commissioner has suggested in his report, they should continue the work they are doing on those areas where it has been identified that they could do more. They should review that—you have touched on HMRC already—in the light of the return on investment and value for money. In fraud, that is the pure money you get back, but also the deterrence effect of taking action.

Q21        Mr Betts: I will now come on to a couple of Government Departments that outsource their giving of loans and grants to third parties. The Department for Business and Trade gave the bounce back loans out using the British Business Bank and commercial lenders. What lessons have we learned there in terms of providing that ability to third parties, who in the end have no financial incentive to recover the money? They give it out, and that is their job done. Is that a concern we should be looking at for the future?

Tom Hayhoe: One of the basic lessons should be that you need to provide some degree of incentive, which means leaving some degree of exposure to the banks. There could have been much tighter policing and stricter application of the requirement that was there, in theory, although I think it was never properly resolved, that you could actually only extend a loan to an existing customer. One of the complaints that the big clearing banks made was that some of the challenger banks were seeing this as a great opportunity to build market share. In terms of where the bigger exposures were, the smaller the bank, the bigger the financial loss and the bigger the default rates have been.

Q22        Mr Betts: In other words, it was just something they gave out? It was largesse?

Tom Hayhoe: Worse than that, it was actually a great marketing strategy. Without naming names, there was one particular bank which was notorious for the way in which it appeared to be using this as a way to build its franchise with small business customers.

Q23        Mr Betts: And that was not illegal?

Tom Hayhoe: It might have been outside the spirit of the rule, but the framework was written sufficiently liberally that it could have applied. That being said, in some of the most egregious cases the DBT and the British Business Bank did technically withdraw the Treasury guarantee.

Beth Russell indicated assent.

Tom Hayhoe: But that actually does not apply to the challenger bank that I mentioned there, which I think saw it as just a good commercial opportunity.

A big problem, which features in the report as one of the lessons learned, is that you need to remember that just because you are in a crisis, it does not mean that people will behave well. For all the talk of the Dunkirk spirit and Blitz spirit, we need to remember Private Walker from “Dad’s Army” with his black market activity. People will exploit opportunities, and I think there was a degree of almost naivety about how we, collectively as a nation, responded.

Q24        Mr Betts: In terms of bounce back, there was no clarity about who was responsible in the end for ensuring the loans were properly paid to organisations that needed them?

Tom Hayhoe: The big difficulty is when you say you want to do something at scale and you adopt a policy that there will be a 100% guarantee. It is interesting to look at the US example; their equivalent was called a loan, but it was essentially a grants programme. They used the loan device as a means to claw back the grants that were made when it turned out that someone had abused the terms of the scheme they were using to prop up the economy in a crisis.

Q25        Mr Betts: Was that more successful in getting the money back?

Tom Hayhoe: In terms of those cases, because their model was effectively a grant dressed up as a loan, they have used the loan successfully where the schemes have been abused.

Another thing that the Americans did that we did not was that they were completely open about everyone who received a grant or a benefit. That tends not to apply in this country. One organisation that I think was exemplary in being extremely open in real time about who they were giving money to was the research and technology arm. I cannot remember what the particular scheme was, but if you had a smart idea for trying to address covid and put in a bid of £20,000 for support, that was published and available in real time. However, nobody knows who got a bounce back loan, unless you forensically look at balance sheets of Companies House.

Q26        Mr Betts: Mr Cheeseman, local authorities are the other area where the Department, effectively, outsourced the distribution of funds to other bodies. It seems that the Ministry of Housing, Communities and Local Government has said, “Actually, it’s not our responsibility any more. It’s local authorities’ job to recover the money, because they made the loans and we didn’t.” That approach is not sustainable, is it?

Mark Cheeseman: I will return to the previous question and then answer that one. The previous question was about what the Government are doing with loans and grants and what they are learning. There has been a lot of activity to learn, so I will break it down into two areas.

The first thing is understanding the risks. Since the pandemic, “Managing Public Money” requires Government Departments to do initial fraud impact assessments and fraud risk assessments. We have trained hundreds of people in fraud risk assessment, put them across the system and assure them, so that that deep understanding of risk is there.

The second point is that we are pretty clear that this requires capable oversight, and the Government are invested in that capable oversight because we have a qualification for those who lead fraud within Departments. They take that qualification. As someone who delivers part of that qualification, part of it is on lessons learned around the covid-19 pandemic and the different experiences. So to touch on that first bit, I think there has been a journey there, which is worth recognising.

Your second point was about local authorities. The dynamic there is the interplay between the accounting officer’s statement and the local government accountability framework, and the extent to which the accounting officer keeps oversight of the spending, compared with local authorities, which are accountable to their local electorate for the money they spend.

Q27        Mr Betts: There is accountability at the end—the accounting officer—but MHCLG seems to be saying, “Well, it’s not our fault or our responsibility. This is all down to local authorities if things went wrong.”

Tom Hayhoe: The issue is that, at one level, they are not accountable for what is driven by local democracy. I cannot dispute that as the way things should be; that said, there is a role for someone at the centre to be enabling, facilitating and calling out problems. Covid fell in the gap between the old Audit Commission—having been in the NHS, I have been on the receiving end of some of the way it would operate—and the new local government audit function. There was no one there championing this work and making sure that, consistently across local government, attention was paid not only to basic financial reporting, but to good practice management and control of public money.

My frustration, which I have sort of channelled towards MHCLG in the report, is that at the moment we have not got that addressed. Looking at the Government response, I think there is an intention that the local government audit office’s role will be more robust in that respect than it was even when I was talking to people about this nascent body back in the autumn. But it is really important that it is there.

Q28        Mr Betts: Part of the problem of the weakening of local government audit oversight by the centre goes back to the Audit Commission and the failure then to properly put in measures and bodies to perform those essential functions.

Tom Hayhoe: One has to acknowledge the tension with local democracy, as a sort of devolution of responsibility, but this was central Government money that was being dished out.

Q29        Sarah Green: Mr Cheeseman, I would like to ask what your perspective is on the decision by the Department for Business and Trade, or BEIS as it was at the time, to pursue recoveries on the bounce back loan scheme through NATIS, the National Investigation Service. It is a contract that has cost the taxpayer over £38 million, and it has recovered £7 million and resulted in only 14 convictions so far. I am keen to get your take on what lessons can be learned from that choice that the Department made.

Mark Cheeseman: Yes, that was outsourcing of the investigations to the National Investigation Service. I would break down the lessons into three areas. The first is that when the investigations were outsourced originally, the focus was on complex criminal matters. From a management of fraud point of view, that is the most expensive long-term thing to take action on; it is expensive and it takes time. I have just said the same thing twice. Sorry.

The second thing I would say is that, in retrospect, there was not enough experienced, expert oversight from the Department of what was going on in the investigations—how they were working and what the performance level was—or independent assurance of that.

The third thing was that the funding in that space was less proactive than it was in HMRC—we talked about HMRC earlier, and £100 million for 1,200 people. It evolved more over time, as the threat was understood.

I think all three were lessons that contributed towards making it more difficult for the National Investigation Service to do a return on investment. There were also issues, which have been talked about, with the governance there and the overall oversight of that within the organisation, although I have touched on the oversight from the Department.

I think lessons have been learned on that. I will point to one thing I have already pointed to: leaders across Government. We have done the leadership qualification. We talk about this as part of that qualification. Part of the standard talks about your management and commissioning of fraud services and how you oversee those services. We use examples to try to build the capability off the lessons learned.

The second thing is what we are doing with the legislation that came through the House recently. We are now building the public authorities fraud investigation and enforcement service. Fundamentally, we are focusing on a mix of different things, as Tom covers in his report. A lot of those powers were civil powers. They are lower cost to deal with and more agile than complex criminal investigations. The Government have appointed and are appointing independent expert oversight of the enforcement service, again building off the lessons learned in the pandemic.

Q30        Anna Dixon: I think we are doing a bit of a double act, Chair. Going back to PPE, this Committee has considered DHSC accounts over several years in which the large numbers you mentioned before—£10 billion—have been written down. That led to qualifications on those accounts by the Auditor General. You talked about the difference between fraud and corruption. You have also already talked about the over-ordering error. Was excess profiteering a type of fraud, given the price that was paid for these goods?

Tom Hayhoe: The question “What is excess profiteering?” is a very difficult one. There was a business that made gloves. Unfortunately, I cannot remember its name. Its base was in either Peterborough or Bedford, or somewhere like that. It enjoyed a period of being able to run its factory on three shifts full-time and made twice the level of net margin as well as cash profit. I could hardly see what it did as profiteering. That company bounces along in regular times and was able to step up to the plate. I would contrast that, which is the economic system working as it should, with people who saw an opportunity to make a mint and a customer who was willing to pay it.

Fundamentally, I see the fault as the very lax and uncritical way in which procurement was taking place. That was partly driven by a belief that we were going to need to buy twice the amount that we were ever going to need, which then facilitated an approach to purchasing whatever we could. There were tales of people arriving at a factory in China and discovering that the Americans had got there first, which created a sort of psychology. The question is whether that fault is with the company making the supply or the customer.

Q31        Anna Dixon: The customer in this case was the NHS and the DHSC. We know that politicians were involved in putting companies on to the so-called VIP lane. At what point does the over-ordering and overpaying by a customer where there were relationships between politicians and some of the suppliers trigger things that you should be referring or have referred for further investigation?

Tom Hayhoe: I think the big problem was whether they were able to deliver. There were businesses that failed because they were let down by third parties—the intermediaries between them and a purported supplier. One of the most notorious of the cronyism cases was a supplier who happened to be an agent in Matt Hancock’s constituency who ended up not being able to deliver, but returned all the money. If we look even at the case of PPE Medpro, they delivered one contract entirely satisfactorily. The second contract was the one that did not appear and was the subject of the £122 million settlement.

The UK got into quite the panic mode. The scale of our purchasing was massively disproportionate to what our requirements turned out to be, partly because a decision was taken that we should purchase 12 months forward stock at the top of the market before we knew what the actual demand would be.

In the report that appears in the appendix, which was my preliminary report to the Chancellor, there is an exhibit of something produced at the end of April that projected a monthly demand that was only 50% of the level that was ever called off by the NHS.

Had the NHS or DHSC written off a couple of billion at the end of this crisis, and we had maintained good supply, I think one would describe that as being a right-side failure. However, writing off £10 billion on a £13.8 billion procurement meant that we were pushing global prices up because of the scale of our purchasing.

It is a very difficult one that is way above my pay grade. It is one to leave to economists to establish what the appropriate pricing would be in those sorts of circumstances. Ultimately, we should have been a much smarter customer and not operated the approach that we did. Essentially, we operated a sort of rule of thumb that created an upwards movement in prices. On the figures, I think the price that was being quoted had to be within 10% of what the previous order had been. That created a sort of formula for a ratcheting up.

To go back to the case of the glove manufacturer from Bedford, frankly I think the fact that they maintained the capacity to meet capacity meant that they earned it.

Q32        Anna Dixon: But you would suggest that there were some conflicts of interest?

Tom Hayhoe: There were undoubtedly some conflict-of-interest cases. With the very high-profile case of PPE Medpro, anecdotally, there was more conflict of interest applied in that case than others in terms of how the case was pursued. There were many people who were referring cases. There were NHS colleagues and DHSC colleagues who received an approach and put them into the high priority lane.

I think it was also probably a device to protect—maybe not anyone around this table—but politicians who were being chivvied by someone saying, “I can provide you with stuff; what can I do?”

Q33        Anna Dixon: You mentioned the modelling being way out—sort of double plus a 20% contingency from any amounts that were ever used. It just mentions an external consultant; who did the modelling? Is that report in the public domain?

Tom Hayhoe: The report is not in the public domain. I am not at liberty to say who the company is.

Q34        Anna Dixon: My final point is really about the stuff that was never used. We have talked about how some contracts were not fulfilled. Obviously, some contracts were fulfilled, but the stuff was never used. It was put into storage containers. It was therefore very difficult to judge whether the stock supplied was substandard. Obviously, part of this fraud that we are trying to establish is whether we were mis-sold the products. Did you get to the bottom of that?

Tom Hayhoe: It comes back to the question about errors and actually scoping out what the numbers were. The answer is we do not know. With regards to all the things that I learned in a commercial career in retailing about things like goods received and checking and sampling stuff before you opened it, the sheer volume meant that the whole procurement was essentially out of control. That was partially driven by this belief that we needed to build 12 months forward stock now and order it now. On top of that, there was also a further contingency—there may have been a second contingency, but I could never quite get to the bottom of it. That contingency was based on a forecast that used some basic modelling, albeit modelling that I am told had initially come from bottom-up estimates from within the NHS.

I think the real problem is that when you are doing something at scale and at pace, you need to think twice before you make bigger commitments than you need to. We would not have had the same problem if we had bought three months’ forward stock and kept a bit in the background before we made the next commitment. There is something about not doing everything at once.

Q35        Anna Dixon: I have a final question, and you can just give a short answer. Do you think that DHSC’s £324 million estimate of PPE fraud truly reflects taxpayers’ full loss from fraud? You can just say yes or no.

Tom Hayhoe: I think there is an extent to which we do not know. It may be bigger—it will not be smaller, put it that way.

Q36        Chair: To pursue Anna’s last point, Tom, can you tell us why that estimate is £324 million of PPE fraud, but you apparently approved write-offs of £762 million? Those are the two figures in paragraphs 2.4 and 2.10 of your report. Why did you approve that bigger write-off?

Tom Hayhoe: The reason is that having looked at each of those contracts, and having discussed the particular circumstances around them with lawyers, the prospect for recovery was next to nil.

Q37        Chair: But the report says “By 31 July 2020, it”—this is the Department of Health—“had awarded over 8,000 contracts for goods and services, such as PPE and professional services, in response to the pandemic, with a value of £18 billion.” When somebody signed those contracts, they must have had an idea of what the volume was. The Committee has heard many times that they were putting pallets and containers on land in farmyards, or even on farmland, as they had no idea where they were going to put it. They did not have enough staff to go around and see what was in those pallets and containers. This was a monumental failure of Government, wasn’t it?

Tom Hayhoe: Yes. A view was taken that, overnight, we should be building this sort of stock, which might be prudent to have to protect us in the long term. This was something that personally stayed with me, as someone who spent 13 years chairing NHS trusts and cracking the whip over people who would, in turn, crack the whip to make a cost improvement programme of £5,000 for a small frontline team, yet £10 billion was written off. Most of that £10 billion was not fraud, but that was a separate issue.

Q38        Chair: That was Catherine’s point; it was error.

Tom Hayhoe: It was not even error—this is the distinction that Mark was making. These were conscious decisions that were taken that should not have been taken. It was a very big mistake, and it is one that came from a lack of recognition of the uncertainty.

Q39        Chair: The tragedy of it was that there were points where social care settings were desperately short of PPE, but because they did not know when the sell-by date came and went, they were not even able to donate it to poorer countries around the world. It literally went to waste in landfill. The whole thing was terrible.

Tom Hayhoe: I think we all agree, hence some of the lessons were about recognising the risk of big programmes, and exercising a degree of discretion and judgment about how we mitigate those risks. I think that is where the failure was.

Q40        Chair: This might be a question for you, Tom, or it might be for Mark. Our July 2022 report states: “In April 2022 Supply Chain Coordination Limited (SCCL) took over responsibility for the programme”—that is, the PPE contracts programme. It went on to say, in relation to stock taking, “however it is unclear how exactly responsibilities and roles are split between itself and the Department”. Can you throw any light on that, Mark?

Mark Cheeseman: That is not something I have information on.

Q41        Chair: Can you write to us and tell us what that is all about? It seems to me that it was employed to do a job but did not do it—or did not do it properly.

Mark Cheeseman: That may be one for the Department of Health accounting officer.

Chair: I will ask them in the next session—that is very kind. We have done quite a lot on PPE, just simply to say that it was pretty awful.

Q42        Sarah Olney: Tom, I said earlier I would come back to the recommendations at the end of your report. What do you think is the most important recommendation, which you really want the different Government Departments to take on board?

Tom Hayhoe: Possibly the most important recommendation is the one about preparedness and learning lessons. One of the big risks that we face—this is not unique to Government—is that we do not learn the generic lessons from the last crisis; you may learn the very specific ones that will not be reproducible.

I cited David Omand’s example about taxis during the fuel crisis. Certain sorts of things come at a certain stage in life: I remember doing my A-levels by candlelight during the first miners crisis, but no one in a professional role will have a memory that long. Something that happened 30 or 40 years ago is in my memory but not necessarily in those of the frontline decision takers now.

The question is how you refresh some of those things and what things you put in place. One of the good examples of the work that has happened is Operation Pegasus, which was a bit of road testing. I do not know whether Anna Dixon is aware from her healthcare days of the rubber windmills, which was the NHS approach to simulating exercises. But doing those sorts of things and constantly reminding about it leads to preparedness. Within that, we need to make sure that awareness of fraud and the potential abuse of schemes is, if not at the top of mind, a major consideration. That is the key thing.

Q43        Sarah Olney: Let me come back to your earlier point about the small company reporting regime. The Government only partially accepted your recommendation, on the basis that Companies House accounts reforms will improve transparency and data reliability. Could you expand a little on what you were saying earlier about why you think that is important?

Tom Hayhoe: In direct relation to the bounce back loan scheme, it would have been much easier for people to have undertaken a very basic bit of due diligence: “Looking at your accounts at Companies House, we can see that you did not have the turnover that you were claiming.”

Secondly, there is a bigger issue of principle. If you are going to be protected by limited liability, your creditors, the people you do business with and the people who work for you—maybe also the local government office that is extending certain trading rights to you—should be able to look back and see who you are. The big question for people who argue against that is: what have you got to hide?

My name appears as a director of about 27 or 28 companies at Companies House. I have spent most of my career working with, and in some cases as the principal of, small companies. I cannot see a good reason for not providing transparency when it comes to basic data on your underlying performance, as a quid pro quo for limited liability. It should not be a matter of having to go and identify from accounts over a couple of years, with a bit of elbow grease or an AI tool, whether someone has been the beneficiary of a bounce back loan that they have not then repaid. Transparency in this is a basic trade-off for the protection you receive from limited liability.

Q44        Sarah Olney: I also want to ask about recommendation 3(c): the Treasury should amend Managing Public Money to require Accounting Officers who have sought a Ministerial Direction regarding fraud risk to provide an update…to their minister. Do you want to say a little more about that?

Tom Hayhoe: There is an essential issue in relation to ministerial directions that I think extends way beyond fraud—fraud was my remit. If you are doing something that means that, probably for very good reason in a time of crisis, you relax or move the guardrails that “Managing Public Money” puts in place, there should be some process for ensuring there is, essentially, a sunset clause on it. Quite a lot of ministerial direction may be transactional, in which that is not required, but it strikes me as odd.

Q45        Sarah Olney: Are you suggesting that there should not be open-ended ministerial direction? There should be a defined end to a ministerial direction issued in a time of crisis.

Tom Hayhoe: It should automatically expire or at least be subject to review. You can ask, “Why did I suggest four months?” I think three months is too short and six months is probably too long. But there needs to be some process and if it is not exactly as I have proposed it, some alternative that provides that degree of protection, essentially, of the integrity of “Managing Public Money”, which I think has been a very powerful tool.

Q46        Sarah Olney: Just quickly, what led to that recommendation? Have you found that there are officials in Government Departments who are continuing to operate under a ministerial direction that should have—

Tom Hayhoe: There were some issues because the crisis was perceived to extend for some time; we went through several rounds of lockdown. There were some ministerial directions—I would not call out any one in particular—where in retrospect one might have said, “Well, actually, we don’t require the ministerial direction; we can do it within ‘Public Money’”, but a decision was taken to go that bit further. “Managing Public Money” is a very powerful tool to protect, apart from anything else, the ministers and senior civil servants themselves. From time to time, ministerial directions may be appropriate, but you need to make sure that they are not open-ended.

Beth Russell: I totally agree with the intent here, which is that a direction should not be a one-off thing and then, “Oh, that’s all right because I’ve got a direction.” It absolutely has to be closely and transparently managed. Since covid we have already made updates to “Managing Public Money”, in 2023 and 2025, in order to make that point much more explicit and to say that accounting officers should seek to bring policy into line with what the position was before the direction as soon as possible, and that they should have regular conversations with ministers about regularising the position. We plan to do more on that in the light of Tom’s recommendation. We are going to review the ministerial direction process and look at the best way to pick up that recommendation in a way that does not add more complexity to the ministerial direction process.

Tom Hayhoe: I agree; we do not want complexity but, regarding the “as soon as possible” thing, I think there are occasions when putting a line in the sand may actually be helpful. However, although I have been a director of 27 or 28 companies—I have lost track—I am not necessarily an expert on the precise ways in which some bits of Whitehall work.

Q47        Sarah Olney: Beth, you were leading me to my next question: do you think that, as a result of the recommendations, the Government are now better prepared and in a better position to manage or minimise fraud losses in future crises?

Beth Russell: We obviously thank Tom for his report. As others have said, it is a really comprehensive piece of work. A lot of it is focused on recoveries from the last crisis but I think that the lessons learned and the preparation for the next crisis are really important parts of it. Obviously a lot of things have changed since covid, not least Mark’s role and the Public Sector Fraud Authority; under the recent Act we have much stronger powers. We absolutely see the report as being at a point halfway through an ongoing process, rather than the end of it.

One thing we have not talked about that comes out a lot in all this is the importance of the start of the conversations about the schemes that you are introducing, or the things that you are doing, and setting them up right. We have been trying to do a lot through guidance and the engagement that the Treasury has with Departments. We recently published “Spending in a Crisis”, which sets out the things that Departments should be thinking about in that kind of situation. It is not that no risk can be taken; some risk will always need to be taken, but you need to understand the risks, be transparent about them and make sure that, if you think there is risk of fraud, then in advance you bake in and take account of the cost of cleaning that up. There is quite a lot we are trying to do there, as well as the contingency planning exercises, where we are going to be looking at ensuring that fraud is being properly taken into account.

Q48        Sarah Olney: Mark, would you agree with that assessment, or do you think there is more that the Government still need to be doing?

Mark Cheeseman: I am sure this Committee will come up with some suggestions of things we should be looking at, as Tom has. I am sure the covid inquiry will come up with some suggestions and, of course, we will look at them. We will look at how we can get better, because we are not standing still, but neither is our capable and committed adversary. We need to be continually looking at how we get better. I have already talked about what has happened on risk, and we talked in another Committee about what we are doing on data, which was driven by learnings during the pandemic as well. There are a couple more things I will point to.

We talked in the last Committee about the targets that Departments have. Earlier, the question was about the difference with HMRC. One of the differences was that it is very used to saying, I invest this to get this outcome on fraud,with all those different levers. Other Departments were less mature on that. This Committee recognised that only 7% of public bodies had those targets. Putting in that performance focus from the Public Sector Fraud Authority and getting those targets across the system is one way the system is learning that lesson to be better prepared, and I think it will be.

The second thing that we have touched on is the public authorities fraud investigation and enforcement service. That will take action in line with what the commissioner has suggested, but it will also be there for the next crisis, with better powers and better ability to recover debt and look at things. That is there as well.

The third thing I will point to, which I have touched on a bit, is systematically building capability across the system. I have talked about training for leaders and fraud risk assessors, but there is also training on measurement and fraud prevention, which the Government counter-fraud profession is pushing across the system, systematically getting those learnings and making sure they are there.

We have also touched on how “Managing Public Money”, the Amber Book, the Green Book and a lot of the documentation that supports how we do this have been updated. Yes, we will be better prepared, but we should always challenge ourselves on how we are going to go further.

Tom Hayhoe: I probably should say, as chair of the NHS Counter Fraud Authority, that we and all my new colleagues do have targets. They are very proud of the fact that they have exceeded them, and they will be pushed to have bigger targets in future.

Sarah Olney: That is very good to hear. Thank you.

Q49        Chair: Marcus, I am very conscious that we have not asked you any questions. Is there anything you want to add before we close?

Marcus Mason: The only thing I would add on the last question is that, as part of the response to your report, Tom, we are setting up a scrutiny panel, which will oversee delivery of actions taken off the back of your recommendations.

Tom Hayhoe: I think you wanted me to sit on it, didn’t you?

Marcus Mason: Absolutelywe would love you to be involved. That is another mechanism to keep us to account over the coming months.

Q50        Chair: Will that scrutiny panel specifically go through all the commissioners recommendations and see how you are performing against them?

Marcus Mason: That’s right.

Q51        Chair: That is really good. Finally, Tom, is there anything we have not discussed today that you think we should have, particularly in relation to lessons for future pandemics?

Tom Hayhoe: I do not think there is anything, but what I would highlight is that I recognise that quite a lot of work has taken place, even since December when I produced the report, and some elements were already in hand. The challenge is to maintain pace. There are bits of me saying, “Why haven’t we done that yet?” but I am confident that there is work going on. Because I now have this role in relation to counter-fraud in DHSC and the NHS, I can see the work that is going on and the progress that is being made.

Chair: Can I thank you particularly? We have benefited hugely from your work and your report, for which we are all very grateful.

I thank all our witnesses today; it has been an interesting session. We will reflect carefully, via the transcript, on what you have said. An uncorrected version of the transcript will be available in the next few days, following which we will write a report with recommendations, which I hope you will all scrutinise carefully. Again, many thanks for coming today.

Examination of witnesses

Witnesses: Samantha Jones OBE, Elizabeth O’Mahony, Steven Greenwood, Chris Jones and Janet Alexander.

Chair: Welcome back to the Public Accounts Committee on Monday 6 July. May I extend a warm welcome to our witnesses? Today we are examining the work of the covid counter-fraud commissioner in identifying and recouping taxpayers money lost to fraud during the pandemic. During covid-19, Government acted at pace to deliver lifesaving equipment, protect jobs and sustain the economy. However, that urgency came with significant risks. It is now estimated that £10.9 billion may have been lost to fraud across a range of support schemes, a staggering £9 billion of which has not been recovered.

The establishment of the commissioners role reflected the scale of the challenge in recouping those losses and strengthening the Governments counter-fraud capability. Today the Committee will examine whether the Government have recovered all they reasonably can, whether Departments have the tools and resources needed to pursue fraud at scale, and what lessons are being learned to ensure that the UK is better protected against fraud in future crises. And today we are very fortunate to have the permanent secretary on one of her many return visits. Sam, will you introduce yourself, please?

Samantha Jones: Good afternoon. I am Sam Jones, permanent secretary at the DHSC.

Elizabeth O’Mahony: I am Elizabeth O’Mahony, director general for finance at the Department of Health and Social Care.

Steven Greenwood: Good afternoon. I am Steven Greenwood, director of grants delivery at the Department for Business and Trade.

Janet Alexander: Hi, I am Janet Alexander, director of compliance operations at HMRC.

Chair: Chris, you have stepped in at very short notice, so thank you for that.

Chris Jones: No problem at all. I am Chris Jones, director for local government oversight and accountability at the Ministry of Housing, Communities and Local Government.

Q52        Catherine McKinnell: A minimum of £9 billion of unrecovered covid fraud, or fraud and error, has been identified by the commissioner. I appreciate that a number of Departments are here, so I plead for brevity, but what is it that you are doing? Do you accept that there is much more to do to recover the fraud, and what are you going to do about it? Who would like to start?

Samantha Jones: Shall I start?

Catherine McKinnell: We will go into more depth on DHSC—

Samantha Jones: I’ll go last, then.

Catherine McKinnell: Yes, you go last and we will start with DBT.

Steven Greenwood: We have the covid loans and covid grants that we are responsible for in DBT. I appreciate the point about brevity, but I should say that the majority of the covid loans—about 68%—are either repaid or repaying on schedule. We expect to recover the majority of the money through the loan schemes. That being said, I recognise the substantial amount that is currently suspected fraud. The commissioner sets that out in his report. About £1.7 billion has been flagged by lenders as suspected fraud.

What are we doing? I would probably talk about it in three ways. We have enforcement activity aimed largely at the most serious fraud cases—both criminal cases and things like director disqualifications. The Insolvency Service has already disqualified about 3,000 directors. They are important deterrence and justice outcomes that we are progressing through the system.

We then have two areas of work that we are scaling up now. On compulsory liquidations, we ran a pilot with lenders, which I think showed a modest net positive return, so we are scaling that up over the next two years. Working with the Public Sector Fraud Authority, we have also been piloting a letter-writing campaign, which will encourage people to start repaying and is a good route into the civil penalties regime. I do not know whether Mark was able to talk about that at the last session, but we see that as a really good route to trying to recover more money, and we expect to ramp that up over the autumn.

Q53        Catherine McKinnell: Can you clarify something that you said? There is still quite a significant gap between the bounce back loans that have been detected as fraudulent and the amounts recovered. When you say 68%, do you mean in financial value or do you mean in the number of loans?

Steven Greenwood: In the number of loans.

Catherine McKinnell: Ah, so where are you on the financial value that you are recovering—the £1.62 billion not yet recovered? It is a significant amount.

Steven Greenwood: It is a significant amount, I agree on that. I think a lot of the money that has not been recovered is genuinely due to the failure of small businesses, so we are focused on the fraud element.

Catherine McKinnell: So put the 68% in context.

Steven Greenwood: It is 68% of all the loans. Approximately 1.6 million loans were made out across the three covid loan schemes.

Catherine McKinnell: Do you have a value for that 68%?

Steven Greenwood: Of that 68%, about £62 billion has either been repaid or is on schedule.

Catherine McKinnell: Do you mean million?

Steven Greenwood: Billion.

Catherine McKinnell: Billion? Okay.

Steven Greenwood: That is not the fraud population; that is the whole population.

Catherine McKinnell: Okay. I do not really understand that.

Steven Greenwood: After this, I am very happy to write and break it down in a table, if that is helpful.

Catherine McKinnell: We have £1.7 billion detected—

Steven Greenwood: Suspected fraud. That is correct.

Catherine McKinnell: And what was the figure that you have just given me?

Steven Greenwood: I was talking about the whole loan book, not the suspected fraud.

Catherine McKinnell: We are just talking about the fraud.

Steven Greenwood: Sorry, so £1.7 billion—

Catherine McKinnell: What is the 68%, then?

Steven Greenwood: That is of the whole loan book.

Catherine McKinnell: Oh, gosh. We are just talking about the fraud and error—

Steven Greenwood: Of the fraud, £1.7 billion, as you say, has been flagged by lenders as detected. We have recovered £80 million of that, as per the commissioner’s report.

Q54        Catherine McKinnell: So what is the plan to recover the rest?

Steven Greenwood: The plan is, as I say, that enforcement activity.

Catherine McKinnell: Sorry; I thought the 68% was you saying that that is the amount.

Steven Greenwood: No, sorry. I was trying to set the wider context of the programme.

Catherine McKinnell: Okay. That is quite confusing, but thank you.

Chair: It is actually set out quite well in the table.

Q55        Catherine McKinnell: Yes, which is why I was curious about the 68%, which did not make sense in the context. Thank you. Which Department would like to go next?

Janet Alexander: Shall I go next? HMRC administered three of the grant schemes—the popularly known furlough scheme, the self-employment scheme and eat out to help out. The total cost was £98 billion. We estimated at the start of the schemes, because they were developed at such a pace, that the fraud and error rate—we do not tend to separate the two in HMRC—would be around 5% to 10%. We put in quite a lot of upstream controls, so we managed to mitigate that risk to 5%. That was the exposure before we paid out.

It is probably worth being really clear that the 5% is an estimate based on statistical modelling, not a list of cases in which we know somebody has claimed the wrong amount. I think that that is different from how other Departments have approached this challenge. So far, we have recovered £1.3 billion, compared with the total of £1.8 billion across Government, but again that is a mixture of error and fraud.

We still have more than 50 open criminal investigations, and if we are successful in securing prosecutions, there will be substantial moneys to recover from those, too. I am not in a position to quantify that today, and those will naturally take time to go through the criminal justice system. We still have a relatively small amount of more routine cases that are around £1 million. We were able to stand up our activity very quickly because we had a legislative framework that we could act on, so we recovered quite a lot just in 2021.

Catherine McKinnell: That is really helpful—thank you. Obviously, HMRC has had the lion’s share of recovery. You now have another period of six years—

Janet Alexander: Should I talk about the legislative framework? Would that be helpful?

Q56        Catherine McKinnell: I want to talk about how long you have left. I guess the concern is that there do not seem to be specific targets or any sort of clarity on exactly what they would be. We have that figure on collected, identified fraud, and a significant amount of that is obviously attributed to HMRC. However, from the answers that the Committee has had so far, I am not clear what target either HMRC or DBT is working towards.

Janet Alexander: We stood up the taxpayer protection taskforce in the second year—that is, 2021-22 and 2022-23. I think the target was between £525 million and £625 million, and the taskforce recovered £692 million. When I last came to the Committee back in 2022, we were on track for £1.1 billion. We have exceeded that, so we are at £1.3 billion. In that embarrassing way, Sir Jim Harra challenged me in the room to get more than £1.1 billion, so I am glad to say that we managed that. As I say, we are still really pushing those fraud cases through the criminal justice system.

Catherine McKinnell: Okay, so there is not a target at the moment.

Janet Alexander: No, there is not a target at all.

Q57        Catherine McKinnell: When will a target be determined? Presumably, it would be helpful to have a target to work towards, or it certainly seems to have proven helpful in the past.

Janet Alexander: I do not know. It is not my decision, but I do not think we will have a target for recovery. It is probably worth saying that, in the context of the estimate number, more than 56% is attributed to error, not fraud. As you can imagine in a time of national crisis, lots of people made relatively small mistakes, and it would not be cost-effective to go after relatively small amounts. In fact, we said publicly that we would not go after people who had basically made simple mistakes, because we wanted to encourage people to make a claim rather than being scared about making a claim.

Q58        Catherine McKinnell: When you are assessing whether something is a simple mistake, is that based on the size or nature of the error?

Janet Alexander: What we did in HMRC—

Catherine McKinnell: Sorry, I mean the value of the error. If much of that is error, it amounts to quite a significant amount of money.

Janet Alexander: HMRC reviewed every single claim that came into the Department, and we ascribed every claim a risk score. The risk score basically says, “Out of all the data that we have available to us, is this claim in line with that data or out of line with that data?” At that point, we do not know whether it is error or fraud, unless we have received information through the intelligence hotlines, when somebody has reported somebody else. You put the two together and go, “Ah, this looks like it is going to be fraud.”

We then took through that prioritised list, to basically say, “Okay, we will start with the biggest ones, either because we have an indication of abuse or fraud, or because the quantum is really high.” Until you start engaging with the claimant, you do not know. It might be a relatively large amount that comes from error, as they might have just got themselves in a mess, and we would obviously still recover that. However, what we have not done is seek very small amounts across a large population.

Catherine McKinnell: So it is a quantitative assessment rather than a qualitative one.

Janet Alexander: It is a quantitative assessment that is informed by both data and insight. I think we had over 40,000 references on our fraud reporting helpline, and we clashed that information with the data-led approach to say, “Okay, what does that tell us about the nature of the claim?” As we went through the processes, we saw the quantum go down quite dramatically as we went down the risk score. But after we had done the risk score, if we had new sources of information—I think the commissioner’s report refers to this—we were able to clash different data sources. When we got information from eat out to help out, we clashed that information with CJRS, because it is impossible for somebody to basically say, “I have made all these sales of meals in my restaurant, but by the way I am not employing anybody on furlough.” We did the initial risk assessment and then went back around that population when we had more data that we could clash with.

Q59        Catherine McKinnell: That is really helpful—thank you. Obviously that is the lion’s share, but the second largest is DBT. Have you undergone a similar process and are you pursuing a quantitative approach to identify where the largest and highest risk factors are, in terms of the quantity and the value of fraud, or is it more of a qualitative process?

Steven Greenwood: It is a bit of both, but largely a quantitative process. We have been doing a lot of work. Obviously the schemes are delivered by lenders, so effectively they are the first line of defence: they have a series of markers that they will flag in cases of suspected fraud. We have been working with the PSFA, and we have agreed some data-sharing arrangements with HMRC. We are now able to bring that data together to triangulate where the most serious cases are and where the smaller cases are, where someone has inflated their turnover. At the moment, we are effectively trying to disaggregate the cohorts.

Q60        Catherine McKinnell: Are you working towards a target?

Steven Greenwood: At the moment we do not have a target. In our response to the commissioner’s recommendation, we have set out that we will develop an end state for the programme. We will do that over the summer and talk to Ministers about it. One thing we will want to talk to Ministers about is whether they want a set of parameters around the different interventions, to be able to judge how much they want to pursue the different avenues. But at the moment there is no overall target.

Q61        Catherine McKinnell: MHCLG is in a slightly different situation: its review outcome is “unverifiable”. Do you want to explain what your Department is doing, Chris?

Chris Jones: Of course. As the Committee knows, responsibility for financial management is devolved to councils. That is backed up by the statutory roles that we have in place for overseeing council finances, as well as a whole raft of assurance mechanisms around internal and external audit. We agree with the counter-fraud commissioner’s conclusion that practice across councils is highly variable. That is backed up by other reports such as the National Anti Fraud Network’s report last year, and by our own experience. We are very much looking forward to taking collective action across the sector, working with partners such as the Local Government Association, CIPFA and the PSFA to get a much better handle than we have previously had on current practice within councils, to map the fraud risks that we can see and to take further action on them, including the possibility of collecting much better data than we have had up to now.

Q62        Catherine McKinnell: “The possibility of collecting better data”? Is that not a requirement?

Chris Jones: We go through a process of assessing whether new data collections are proportionate, are cost-effective and provide value for money. We have not yet completed that process, because it is one that we go through with our partners in the sector. It is important to get their views on this as well.

Catherine McKinnell: When you say “partners in the sector”, do you mean local authorities?

Chris Jones: I mean local authorities and the Local Government Association, but also experts in counter-fraud that we work with, as well as the Public Sector Fraud Authority. We will take all those views and all that information.

Q63        Catherine McKinnell: Why has that not been done before now?

Chris Jones: The assessment that has been made until now is that we do not have significant evidence of fraud in local authority spending. In fact, the assurance mechanisms that we have put in place are an effective bulwark against fraud through local authority spending, so we have not collected that data until now. As I say, we are happy to review that decision and will be reporting back to the ministerial group that is overseeing this work as we do so.

Catherine McKinnell: That is really helpful—thank you. Did you want to contribute from DHSC, Elizabeth?

Elizabeth O’Mahony: From a departmental perspective, you would probably primarily want to ask me about PPE.

Catherine McKinnell: I think we are coming to that, so in the interests of time I will hand over, but you will have an opportunity.

Q64        Chair: I have two important questions. Chris, following on from Catherine’s questions, the present system is clearly unsustainable. You are relying on each local authority to assess whether it has really detected all the fraud and error that it should. All the mechanisms you described are additions to that; are they all codified somewhere for future pandemics?

Chris Jones: We have a wealth of information about local authority finances. We look at that in a holistic way, so we are able to catch local authorities when significant errors are made that result in significant financial failure. We are supporting an increasing number of local authorities in that way. Looking forward, as you heard in the previous session and are fully versed in, we are establishing the local audit office, which will strengthen our oversight function of the sectors and financial resilience.

Q65        Chair: That is going to take time, isn’t it?

Chris Jones: That will take a bit of time, but the legislation establishing that office now has Royal Assent. We have appointed a chair, who has just been through the Select Committee confirmation process, and we are rapidly staffing up that organisation, so it will happen.

Q66        Chair: This all worries me. I will use our session on roads as a typical example of this. The Department for Transport gives however many billion pounds to local authorities but has no idea how effective that money has been when it is spent. We need to have a mechanism codified so that the relevant Department and accounting officer can really be accountable for where local authorities, particularly with the emerging mayoral authorities, are spending that money—and the value for money.

Chris Jones: I think we do have, as I say, significant assurance about the achievement of value for money in local authorities through the series of statutory roles that we have set up. We have given that responsibility to local authorities; Parliament has decided that that is how it wants to oversee the system, through the section 151 officer, monitoring officer and head of paid service roles. They were established to have oversight of value for money.

Q67        Chair: I have to say, as Chairman of the Committee, that we will be holding a hearing on this subject but at the moment, I remain dissatisfied that there are strong enough mechanisms of scrutiny of local government, particularly the larger mayoral authorities, to make sure we are getting value for money. As I say, we will be having a hearing on that in future.

Janet, we are often critical on this Committee, but as the chief compliance officer you have recovered £1.3 billion. You were challenged by your then accounting officer to achieve £1 billion. Congratulations. We are often critical, but where people are successful, I think it is only right that we should congratulate the individual.

Janet Alexander: Thank you so much.

Q68        Chair: I have a question off the back of that. Given that you were so successful and that you have a lot of mechanisms, how is that being promulgated across Government Departments to make sure that what you put into practice and were so successful at can start to be done by them as well?

Janet Alexander: We work hugely in partnership with the PSFA—I know that Mark Cheeseman was on the previous panel—and we use that as a mechanism to share our experience cross-Government. That is both in terms of assessment of the risks and how we share data to support other Departments’ activity. You mentioned that we worked in partnership to make sure we are sharing information. I was looking at the NAO’s Report from last July about data analytics and spotting error and fraud; I think you can see after the 28 pilots, 23 were using HMRC data. That is how we work and support each other.

We did not do that so much in the time of covid, mainly because we were all nose to the grindstone in sorting out our own schemes, but we have in the past lent colleagues to other Government Departments when they are thinking about, “How do I address this error and fraud risk?” But I think the Public Sector Fraud Authority is a real focus for how we work together.

Chair: Very good; thank you. I call Sarah Olney.

Sarah Olney: That was my question.

Chair: I am sorry. Would you like to ask a different one?

Sarah Olney: Only if you would like me to. I do not want to re-ask the same question, given that we are pushed for time.

Chair: Let’s move on. I am sorry about that. Would you like to ask Clive’s question? I must apologise to our witnesses. My very able deputy has had to go to the Floor of the Chamber because of the statement on civil services pensions, on which this Committee has done an awful lot. It is a very difficult and tragic subject. That is why he has left; it is nothing to do with the witnesses, I assure you.

Q69        Sarah Olney: Chris, to what extent did delivering schemes to local authorities and lenders limit the ability of local government to prevent fraud and recover it?

Chris Jones: Is there a specific scheme you are asking about?

Q70        Sarah Olney: I had not prepared to ask this question. It is basically around capability, capacity and local government, and the existing mechanisms that there were to tackle fraud and implement counter-fraud measures. Given the scale of what was required during covid, do you think that local government may have struggled to cope with that?

Chris Jones: As I say, our assessment, shared with the commissioner, is that capacity and capability are both variable, as you would expect with over 300 local authorities across the country. The vast majority of the schemes that we administered used established mechanisms that councils are used to using. For example, they provided money through the council tax scheme to those in certain council tax bands who required additional support for the cost of living and so on. That is an established mechanism. Those are households they know. We saw no reason for an additional fraud risk because of that.

Where there was potential additional fraud risk, we asked for new schemes to be set up, such as the scheme where we repaid councils for significant income losses that they might have incurred—for example, sales and fees when leisure centres were closed and car parks were shut, and that kind of thing. We designed a new scheme and worked with the sector to build in counter-fraud and more assurance mechanisms. We reconciled estimates that were given to us through the pandemic at pace after the fact and balanced the books as a result. We administered a mixture of schemes, some of which relied on existing mechanisms and which we are confident in and some which we applied additional controls to.

Q71        Sarah Olney: The counter-fraud commissioner said in his report that MHCLG could not provide him with assurance on levels of fraud and error in its covid-19 spending. Has the Department been able to address that in the time since?

Chris Jones: As discussed, we did not record that data for reasons of proportionality and previous approaches to this issue. We have taken steps forward in the interim. For example, in 2022, when support was being provided through councils for higher energy costs, we gave much more guidance to councils about counter fraud. We set clear expectations around identifying recipients and making proper checks. Again, that was because it was a new scheme delivered to many, many more households than councils knew about previously, and there was a higher risk of fraud. We recognised that that existed and took the appropriate action.

Q72        Sarah Olney: Steven, a lot of the bounce back loans and other loans available to businesses were driven through lenders—banks and so on. Were the counter-fraud measures required by the Department sufficient for the loans being delivered in that way?

Steven Greenwood: I think the Department at the time made decisions around taking away some of the controls that were put in place, which I know the Committee has looked at before. One of our reflections on how we might prepare for a future emergency situation is that we might want to introduce some of those controls back in.

That being said, if we are thinking about lenders, there a few points I would make. The guarantee agreement between lenders and the Government has some quite strong prescriptions around the activity that they need to do—for example, the assurance activity and the recovery action. That is guided by industry standards. There is control in that system and they are incentivised in that way to do it. The British Business Bank has a good assurance programme and has continued to strengthen that programme of audit and assurance, looking at what lenders are doing and whether they are meeting those obligations. In the bounce back loan scheme, for example, that assurance activity has resulted in, I think, about £500 million of guarantee being taken away from lenders. There is control and assurance in the system.

If you were going to design the scheme again, there are probably certain controls that—and ultimately, it is a decision for Ministers; I think this was made clear at the time, and there were various directions, etc. In our playbooks and frameworks for how we might approach a future emergency scenario, there are a few more of the checks—like credit checks, for example. That is something that you might introduce a bit earlier. Similarly with the CIFAS data sharing, which is a way to detect multiple loans, that came in later in the programme. We would definitely look to institute that almost straight away as well.

Q73        Sarah Green: I would like to address Mr Greenwood around the decision by the Department for Business and Trade—or BEIS—to use the National Investigation Service to pursue recoveries. Why did your Department do that? What was the driver behind that decision?

Steven Greenwood: I was not there at the time, but ultimately, the Department did not have the capability to pursue some of the most serious cases. The cases that went through NATIS were some of the most serious and complex fraud cases. Therefore, the Department took the decision to use this third-party external body to take that forward.

Q74        Sarah Green: I would like to focus in on the governance of that service. The covid counter-fraud commissioner’s report shows that only 17 convictions have taken place so far. I will quote from the independent investigation into governance concerns surrounding the operations of NATIS. It says that “it appears likely that the vast majority of staff (103 out of 108) did not have proper secondment documentation in place at the time.” That was alongside a “lack of a formal contract” between the Department and NATIS. It continues, “Despite this, it is likely that many have continued to exercise” Proceeds of Crime Act powers on the Department’s behalf. The investigation also says that, “If officers have been exercising powers with expired secondments, their actions could be legally challenged.” I appreciate that you were not there at the time, but what assurance can you give the Committee that any prosecution using evidence collected by NATIS will in fact be robust?

Steven Greenwood: First of all, you are absolutely right to acknowledge these issues, particularly the historical secondment issue. From a DBT perspective, though, once that report was made available to the Department we acted pretty quickly to make sure the appropriate governance was put in place. We strengthened our enforcement capability to oversee that contract and have the right specialists on it.

Q75        Sarah Green: Is the contract still in place?

Steven Greenwood: The contract has now ended. The contract ended at the end of April, and we have transferred the work to the Insolvency Service. On your specific point around the cases, I do not want to comment on any specific case.

Q76        Sarah Green: I would not expect you to.

Steven Greenwood: I can say to the Committee that we have reviewed this in quite a lot of detail. Ultimately, we feel quite confident that the cases are not at risk on the basis of what was done at the time. The underlying work and ongoing powers issue is not going to jeopardise any of those cases.

Q77        Sarah Green: You are clearly confident to put that on the record.

Steven Greenwood: We have done a lot of work on it. I do not want to talk about individual cases because there may be specific issues.

Q78        Sarah Green: That is fair. Would you be willing to write to the Committee with some of that additional detail?

Steven Greenwood: Of course.

Q79        Sarah Green: I think the Committee would welcome that.

Steven Greenwood: Of course. I am very happy to.

Q80        Anna Dixon: I will come on to PPE. Hello Samantha and Elizabeth. I do not know if you were able to hear our pre-panel. One of the questions that we put to the covid commissioner was around the 11 billion PPE items that were bought and never used by NHS and DHSC, as well as the estimated £324 million fraud estimate. He said it could be bigger. I think he said it was unlikely to be less. Do you agree or do you have a revised estimate? How confident are you in that estimate?

Elizabeth O’Mahony: Again, I was not around at the time but, looking at the methodology that was used, we believe that the £324 million is a robust estimate. It is 2.4% of the total value of the covid PPE contract. I could go on and describe more about what we have recovered but, having looked at the methodology that we used, it is an estimate of suspected fraud.

Q81        Anna Dixon: Given that my colleague, Catherine, did not ask you the question about how much you have already recovered and plan to recover, do you want to answer that now?

Elizabeth O’Mahony: Of the £324 million, £70 million has been recovered. We prevented £163 million through enhanced due diligence and making sure that payments were not made—they were suspected, identified and not made. There was also a material contract that was suspected. That subsequently went through a legal process, which found in favour of the Department.

Q82        Anna Dixon: In terms of scope for further recovery from PPE contracts, obviously we know that PPE Medpro settled—£122 million—but there seem to be different views on the likelihood of you pursuing further claims and indeed on whether the legal costs of pursuing those further claims are worthwhile; can you comment on that?

Elizabeth O’Mahony: We have two issues with PPE: the suspected fraud and the contract issues. From the contract issue perspective, we had 394 covid contracts for PPE; we identified 176 of those as high risk. That totalled to the £2.6 billion that is in the Report. Those contracts were subject to investigation. They were whittled down to 55 contracts in December 2024, which is £1.258 million. Subsequently, in the Report, we referenced £325 million in eight contracts. I am pleased to say that has further reduced to five contracts across three suppliers, worth £114 million. We will continue to review and go through that process.

Anna Dixon: Sorry—£140 million is left?

Elizabeth O’Mahony: £114 million in five contracts with three suppliers. Our work was continuously supported and reviewed through the covid counter-fraud commission appointed by the Chancellor. It was agreed, as we were going through the claims, that some claims would be abandoned simply because of contractual shortcomings, missing schedules and corrupted information, which was the result of the pace at which the contracts were put in place.

Anna Dixon: So there was literally nothing on paper that you could use to substantiate?

Elizabeth O’Mahony: For some of it, yes.

Q83        Anna Dixon: You say that is on the contracting side; what about on the fraud side?

Elizabeth O’Mahony: On the fraud side, total fraud across the whole group plus UKHSA and test and trace was £535 million, of which £324 million related to the Department’s group on PPE. Of that we have recovered £70 million and mitigated £163 million. There is also the big contract that we just talked about—PPE Medpro—and that case was found in our favour.

Anna Dixon: Going back to how this all happened and preventing it—these are perhaps easier questions, as I know you were not around at that time—there seems to have been a combination of over-ordering, with wildly inaccurate modelling of the actual demand and the decision to order a 12-month stockpile at the height of it, and some concerns about sub-standard product, whether you were paying a fair price and whether there was profiteering. A number of things went wrong, but what steps have you taken to reduce the likelihood of both profiteering and fraud in the event that you had to have some sort of emergency procurement in the future? I do not know which of you wants to start, Samantha and Elizabeth.

Samantha Jones: I will start and Elizabeth will tell me when I have it wrong. First, though I am not disputing what happened, I want to recognise the pressure that individuals were under at the time and the speed at which they were making the decisions. We all recognise that. We have totally accepted the work of the commissioner; it has been incredibly helpful, as was going through the process with HMRC that Elizabeth outlined. We have taken forward a number of learnings and recommendations, both in terms of how we approach fraud, in the Department and through contracts, and as part of our pandemic preparedness exercise, Pegasus—as you will know. Our strategy, published earlier this year, outlined our approach for what we would do in that situation again and how we have learned from it across all areas, including making sure that the items Elizabeth identified about why decisions were made not to follow up on some of the contracts, contract documentation, what it looks like and the detail behind it are included as part of going through that.

Any modelling exercise is also about ensuring a reasonable case scenario, rather than what was done at the beginning. It is also about ensuring that this is fundamentally a cross-Government exercise, rather than it just being DHSC and the NHS. We will further update towards the back end of the year on contracts, PPE stock, the amount of money that has been invested, the money being invested as part of the preparedness strategy, and where we are from a UKHSA perspective.

That is a long answer—apologies. It is about taking forward the recommendations into the exercise we did recently, ensuring that the investment that has been given has the right PPE stock ready to go should we need it again, and the approach to modelling.

Q84        Anna Dixon: Given the failure to account for and deliver any PPE to social care at the outset, leaving care workers and the older and disabled people they were caring for very exposed to covid, with many tragic deaths of both care workers and people in their care, do your preparedness, modelling and robustness of distribution mechanisms now include care homes and care workers going into peoples homes?

Samantha Jones: Apologies, I should have been clear about that. They were heavily involved in the exercise we went through and in the lessons and recommendations from the previous NAO Report. There is parity from a social care perspective with the broader NHS.

Q85        Anna Dixon: Obviously, PPE was over-ordered and then sat in containers while so many did not get it. On a fundamental level, we are looking here mainly at waste, fraud and the waste of public money, but I want to recognise the human cost to some of those decisions.

Elizabeth O’Mahony: The only thing I would add is about the data sharing that we have now to support the earlier decision. Going into this, we did not have the supply and demand information that we have now. We now have that available transparently, and we can share it across organisations and with the public. That is definitely a lesson we have learned. As Sam described, we have tested that robustly through Exercise Pegasus. There is always room for continuous improvement, and we are continuing to learn how to ensure we have the right and appropriate stockpiles in the event that we end up in another situation that requires them.

Q86        Anna Dixon: If there were a similar emergency procurement neededmaybe not for PPE, but for drugs, vaccines or other thingswould you be confident that you could deliver transparent procurement, there would be no need for a VIP lane, and conflicts of interest would be handled correctly? Given all the things that we saw go wrong in the procurement, would you be confident that you now have systems for open procurement and can have confidence that due diligence will be applied? I think a lot of due diligence was not applied to the early suppliers.

Samantha Jones: I am absolutely confident that we have learned the lessons and taken the recommendations described, including the lessons from the inquiry and the covid counter-fraud commissioners work.

If I may, Anna, I understand the point about the VIP lane, but all PPE orders went through the same process; they went through the same approach. Irrespective of how they came into the Department, they all went through the same process.

Q87        Anna Dixon: But that process did not include much due diligence at the beginning. Is that not correct?

Samantha Jones: If it is helpful, I am very happy to share the process we went through for the products received and the samples taken, and in ensuring that the technical documentation met the required specification and so on. A very clear approach was taken. If you loop it round to the work of the commissioner, that is where we have more confidence that we were able to pursue the contracts that we were pursuing.

Anna Dixon: Chair, you may want to pick up on the dodgy stuff in containers.

Q88        Chair: I do. Anna has given you the soft questions; I will give you the hard questions. Forgive me, Elizabeth, but you quoted a lot of the figures quite quickly. Can you confirm again your best estimate of the total amount that your Department recovered from PPE?

Elizabeth O’Mahony: From suspected fraud in PPE? £70 million.

Q89        Chair: £70 million? That is what I thought I heard you say. Samantha, you became permanent secretary in February 2022. Is that correct?

Samantha Jones: No, it was a year ago—a year ago last week in fact.

Chair: I am sorry. My brief has an error in it; it says 2022.

Samantha Jones: It was in June ‘25.

Q90        Chair: Fair enough. So, you were not there when most of it happened, but nevertheless, £10 billion-worth of PPE written off and just £70 million recovered is a pretty good stain on the Department, isn’t it?

Samantha Jones: As he said, the commissioner left no stone unturned in checking the robustness of the Department’s approach to setting up the dissolution unit, in order to understand exactly what happened, contract by contract, and separating out where there was fraud or potential fraud and where we could potentially recover.

I do not want to undermine the point that you are making, but the Department moved very fast when it recognised the scale of the issue that it had. As you will know, it also developed the “tap” approach, to understand what was needed from a supply-and-demand perspective. Under the speed that the Department was working, we were putting in place the right processes and, really importantly, recovering as much as we possibly could.

We have learned lessons from working with the authority. We have champions around fraud for every contract that we review, and we have a board across the Department of Health to ensure that people are trained to understand what they should be looking for. It was a difficult start, but it moved very fast in terms of the opportunities to recover.

Q91        Chair: I appreciate the gloss that you are trying to put on it. Our report in February 2021 said that by July 2020, the Department “had awarded over 8,000 contracts for goods and services, such as PPE and professional services, in response to the pandemic, with a value of £18 billion.” Somebody was signing off those contracts; they must have understood the volume of stuff that was coming into this country. We have done a lot of work on this. Pallets and containers were stuck wherever you could put them on farmland—a lot of them unopened—and eventually that stuff was either burned or it went to landfill.

Surely it is just basic contract management that you would go and find each contract and assess what was in it, so at least you knew whether you had received what the contract specified. It might have been a little bit more inventive to open some of those parcels and see what was inside and what the quality was like. I know you were acting at speed, and I understand that the Department was under huge pressure at the time, but it must have occurred to somebody that the contract management needed to be done a little better.

Samantha Jones: I was not putting a gloss on it or being facetious, Chair—forgive me if that is how it came across. I was saying what the covid counter-fraud commissioner himself had said.

There are definitely lessons on contract management and the supply-chain approach that was taken. A PPE cell was subsequently set up so that we could learn and understand whether we could get the PPE out to where it needed to get to. There are definitely lessons that could have been learned, and it could have moved in a faster and different way.

However, 97% of the volume of the PPE procured remained usable. While it was going through challenges on the supply chain delivery in the way that you described, stuff that was ordered was still usable and continued to be so, and we were deploying it.

Q92        Chair: I made the point in the previous panel that the even greater tragedy in all this was that there were times during the pandemic when social care settings almost ran out of PPE. Some of it could surely have been given to countries around the world, but you did not know what was there because you had not been in and inspected it. That was a tragedy on the part of the Department, but was it not an even bigger tragedy that some of this stuff was not used elsewhere?

Samantha Jones: I feel that very keenly as well. Personally, I was running clinical services during the pandemic, including very close work with social care. On getting the right PPE to the right people at speed, lessons could definitely learned—there is no question about that.

Everybody was doing their best, at a time of quite significant pressure, to understand what exactly was required. Mistakes were definitely made around the modelling assumptions—no questions about that—and we have covered that. I am not sitting here saying that the Department got it right; what I am saying is that a commitment was shown, and continues to be shown, to recovery in cases of potential fraud, and also to learn about contracts and how we do contract management. That commitment is definitely in place.

Q93            Chair: Okay. I asked this question in the previous panel, but in order to understand what happened, the summary of our July 2022 report states: “The future of the PPE programme remains uncertain. In April 2022 Supply Chain Coordination Limited (SCCL) took over responsibility for the programme, however it is unclear how exactly responsibilities and roles are split between itself and the Department, and the already delayed PPE strategy paper is still to emerge.” Can you shed any light on that? If not, I would be more than happy for you to write to us.

Samantha Jones: Thank you. I will write if you are comfortable with that. The PPE cell that I described became a mixture of the two things. I will make sure that we cover that when we get back to you.

Q94            Chair: That is very kind.

I want to move on to the Report itself, as that is basically what this hearing is all about. It states, “Transparency is an essential tool for preventing fraudulent or improper behaviour, while a lack of transparency may fuel public perceptions of impropriety even where decisions are fair. Emergency spending increases the need for transparency.” Is that one of the lessons that you have learned? There was a whole issue about contracts not being posted on time on Contracts Finder and so on. Is that something that the Department has absolutely tightened up on now, and are these lessons that could be learned in future pandemics?

Samantha Jones: Yes.

Q95        Chair: Great; well done. We are making very good progress, so let us move on. Is there is any scope for further recovery of taxpayers’ money, or have we got to the end?

Samantha Jones: I will hand over to Elizabeth, but I would never say that we have got to the end because where there is a possibility, we will absolutely follow it very robustly. As the commissioner said, we have quite a vociferous—if that is the right word—team who will not hesitate if there is any kind of suspicion of anything.

We are also—I think this was mentioned in the previous answer—making sure that pursuing a contract is the best value for the taxpayer, because that might not be the case. We have to weigh that up. We did go through every contract that there was with the commissioner and our HMRC colleagues to see whether we should pursue them. I am confident that we went through the right process with colleagues from outside the Department, including the commissioner and HMRC, to assess the likelihood of success in any context. Of course, should there be anything else that we believe is a possibility, we will continue to pursue it.

Elizabeth O’Mahony: Just to add, on outstanding contract issues we are down to five contracts and three suppliers. That work will continue for those.

Q96        Chair: Thank you; that is very helpful. Moving on to you, Steven, the Committee has done a lot on PPE, but it has also done a lot on bounce back business loans and some of the lessons that have been learned. There is still an awful lot of money out there not recovered. One of the things that puzzles me most about the bounce back businesses loans is why the Government guaranteed 100% of the money. There was no incentive for the banks to recover any, or indeed to make sure that they did a better job on due diligence before they handed out the money.

Steven Greenwood: I think, ultimately, the decision taken at the time by Ministers on the guarantee was due to the scale and speed at which these loans needed to flow. That was the cover that the lenders needed. As I said, we did not absolve the lenders of all responsibility. Some checks were done up front; know-your-customer checks were still required. The guarantee agreement sets out the subsequent assurance activity that needs to be undertaken by lenders, which is audited by the British Business Bank.

Q97        Chair: You estimate that a huge amount of money is still outstanding. Let me ask you the same question that I asked the permanent secretary of DHSC: how much money do you still expect to recover?

Steven Greenwood: There isn’t a figure. I think what we are trying to take here is a balanced and proportionate approach, a bit like has just been discussed. There is still lots of value in pursuing the most egregious cases. They will not necessarily return a financial return, but it is really important that we pursue those justice imperatives, and particularly things like director disqualification, which is a way of taking bad actors out of the system.

I would say, though, on compulsory liquidations, the letter-writing campaign and the PAFER powers, we think there is some scope there for us to increase the rate of recoveries into the autumn, particularly as those powers come into effect.

Q98        Chair: The commissioner was making that clear in the previous hearing. That seems to me a powerful tool. If you cannot liquidate your company until the loan is paid off, that is a very useful measure to encourage people to pay them off.

Steven Greenwood: Exactly. The dissolution objections process, for example, has been a really effective mechanism. We have seen about £260 million worth of benefits brought back into repayment because of that mechanism. There are things that we can do, and there are certain areas where we are doubling down to try to push a bit more recovery out. It is hard—I am not going to say that it is easy to get all this money back—but we think there are certain areas that show some promise of return.

Q99        Chair: In the previous panel, the commissioner set some store by the disqualification of directors, which you just alluded to. It is a non-criminal threshold that you have to pass, and they are disqualified for 15 years, so it is quite a hefty sanction. What more can you do in that respect?

Steven Greenwood: Part of the funding we got from the Treasury on the back of the commissioner’s work was for a test and learn pilot around director disqualifications. We are looking at whether, with the Insolvency Service, we can use technology and other investigation methods to speed up the rate of disqualifications, because the disqualification process takes quite a bit of time. The hypothesis of the test and learn is that, if we can move quicker, we can potentially disqualify more individuals.

Q100   Chair: Thank you very much. What lessons are you learning? What are you taking forward from all this, particularly the commissioner’s report?

Steven Greenwood: I think there are probably three points for DBT as a whole. I wear the hat of responsibility for all counter-fraud in DBT as well now. The first is preparedness. There are two things I would say on that. We have a really good established emergency response structure now in DBT, which includes counter-fraud; my counter-fraud team is embedded into that structure. We have our playbooks as part of that as well; we actually have a specific grants and a finance playbook. They act as frameworks, effectively, to say, “If youre going to mobilise emergency schemes, be they grants or loans, these are some of the things that you should do.

Data sharing is a great example of this. One of the real challenges in the schemes is the lack of data-sharing arrangements that were put in at the beginning. That made it really hard, subsequently, for various analytics, and for us to get information from local authorities, etc. We have template data-sharing agreements as part of that pack, so it is a framework to help officials move quickly and put advice to Ministers.

Q101   Chair: Does that data sharing include HMRC, DWP and local authorities? Are you able to share data with all Government Departments?

Steven Greenwood: It would depend on the nature of the crisis and what we were doing. If I take local authorities as an example, one of the assumptions in our grants playbook is that you might use local authorities as a delivery mechanism. Our playbook sets out the types of data sharing protocols that we need to have in place in the grant funding agreement, and in a template grant funding agreement, from day one. That is one of our big lessons learned: the way the information was shared back with the Department has made it quite difficult for us to continue our own counter-fraud activity in that space.

Q102   Chair: With huge emergency powers, you could do virtually anything you liked while they were in place, so a lack of powers during the pandemic itself should not have been an issue.

Steven Greenwood: I think it is more about learning how we as a Department would take action, and setting out the framework for decisions and what to remember to have in place. In terms of crisis preparedness, I think we have taken a big step forward as a Department.

If I may, I will highlight two more things. There should be capability. I believe that the Committee has looked into bounce back loans and grants before. There was a fairly small team of counter-fraud professionals in BEIS; we have grown that team. We have also established my directorate, with professionals who have a load of experience and are able to deliver schemes at pace. Then, we have the Public Sector Fraud Authority—Janet talked about it earlier—which has caused a step change in how we think about counter-fraud in Government.

Finally, and in some ways most importantly, in DBT we have tried really hard to embed our counter-fraud mitigations in our business-as-usual processes. An example is that all cases for new grant schemes over £1 million, or business cases over £20 million going through our investment committee, must now have an initial fraud impact assessment. Right at the beginning of that design, the counter-fraud professionals from my team—and it sometimes involves PSFA, too—are getting in there.

I feel like there is still more to do—I take that challenge—and the commissioner has highlighted some of those things in his report, but we have made a good step forward, and we have definitely tried to embed those lessons into business as usual and future preparedness.

Q103   Chair: Well done. We will no doubt come back to lessons learned and future preparedness for pandemics, but that is good progress. Elizabeth, what lessons have you learned?

Elizabeth O’Mahony: I think we have touched on some of them—emergency preparedness and ensuring that we have the capability and capacity beyond health. For example, we now have a PPE stockpile that we continually replenish with a variety of products and sizes. We have much better supply-and-demand data at a local and organisational level, which we did not have previously, to support transparent decision making. Those are the main things: the stockpiles, emergency preparedness and data requirements.

Q104   Chair: Well done and thank you. Samantha, is there anything you want to add to Elizabeth’s response?

Samantha Jones: As I think I referred to earlier, we have a similar process: any investment over a certain amount has a fraud assessment. We also have counter-fraud champions across DHSC, working with NHS England. The number of people trained in fraud is now higher than before. I do not want to overplay it, but we are ensuring that we follow any opportunity to recover.

Q105   Chair: Brilliant. Janet, you are already pretty tight on all this stuff. Are there any lessons that you are taking forward? In particular, are you giving lessons to DWP and others? It seems to me that there is a lot of synergy between what you do and what they do.

Janet Alexander: Obviously, some of the recommendations reflect existing practice in HMRC, as we have touched on in this hearing. We did not wait for the commissioner’s report to take action on data sharing, so we are much more proactive with DBT and DHSC. That absolutely makes a difference.

Q106   Chair: Chris, what lessons have you learned? In particular, how quickly can this Local Audit Office start to come to your assistance?

Chris Jones: Similarly to what Steven said, we have invested in the Department’s counter-fraud approach and it has developed significantly since the pandemic. There are similar types of controls in terms of business cases and requirements on senior responsible owners of our significant projects to consider fraud up front, to reduce those fraud risks upstream rather than reacting to them. I said earlier that we have since delivered other emergency schemes, such as the one in response to the energy price crisis in 2022, and we have built in further counter-fraud measures through our work with local government. We clearly recognise that we do not know as much as we need to about the capability and capacity in the sector, and we will rectify that as well.

The Local Audit Office, as you rightly point out, is a really important part of the next phase of this. As I say, it will be up and running imminently with a new chair in place; it is being staffed up as we speak. They will be fully online from the end of this year, and we expect them to support this work as soon as they can.

Q107   Chair: Are you working actively with the Public Sector Fraud Authority, as Steven just mentioned, so that, for all new schemes—if you suddenly ask local authorities tomorrow to give out some grants for this, that or the other—you have consulted the Public Sector Fraud Authority and designed in measures, as best as you can, to try to prevent fraud?

Chris Jones: We have very good support from the PSFA in working through our fraud mechanisms. If a scheme is novel and the fraud risks are high because it is not using established mechanisms or oversight procedures, then counter-fraud measures will absolutely be a part of the design of that.

Q108   Sarah Olney: Steven, for the companies that receive bounce back loans, as much as 48% of the loans will not be repaid, according to the report, and a lot of that is due to companies winding up before repayment is due. What progress has the Department made in recovering moneys where businesses have been wound up?

Steven Greenwood: This is ultimately very challenging. Where a company has failed for genuine reasons, one of the challenges in the scheme design is that there are no personal guarantees. That is why we introduced the dissolution objections process. As I said, I think that has been an effective mechanism for trying to recover money. There have been £264 million of benefits so far because we stopped those companies dissolving before they went. Ultimately, though, there are big numbers here. If these companies have legitimately failed, we will try our recovery activity but there is only so much that we can do. One thing the commissioner has recommended we look at, which we will look at over the summer and probably talk to Ministers about in the autumn, is whether we might look to resolve the status of some of the companies in the dissolution objections process that have genuinely failed.

Q109   Sarah Olney: What is the plan for the ones you have blocked from dissolving that cannot pay back?

Steven Greenwood: We are currently working through the options. Part of it is linked to data sharing. We are pulling together datasets to look at whether there are ways they can repay.

Q110   Sarah Olney: You mentioned that there were no personal guarantees originally. Do you have any powers to change that? Where you have companies that do not have any assets and cannot repay your loan, but the individuals involved do, are you able to—

Steven Greenwood: I can confirm that for you, but I do not believe that we are, with the way the schemes were set up. The nature of the limited liability company—

Q111   Sarah Olney: So you could have someone with considerable personal wealth, but the particular entity the loan was made to now has no assets. You are preventing that company from dissolving, but you have no power whatsoever to compel any of the individuals involved to surrender any of their personal wealth.

Steven Greenwood: I can confirm that for the Committee, but I believe that that is correct.

Chair: Write to us about that if you can.

Steven Greenwood: Yes, no problem.

Q112   Chair: If the banks were lending this money, they probably would have asked for a personal guarantee. Unless you can give me an answer now, would it be a part of your strategy, if you ever did something similar in future, to demand personal guarantees?

Steven Greenwood: Ultimately, that would be a decision for Ministers, based on the nature of the situation. These loans were set up to move quickly at pace to a broad sector of small businesses. It is something we have considered, and it is one of the choices, alongside whether you want to target particular sectors or do a broad-brush approach. It is ultimately a decision for Ministers to take.

Q113   Sarah Olney: Are companies taking other steps to avoid repayment? Some are obviously being blocked from dissolving, but for the ones that are still trading but not making repayments, are there other ways around repayment that they are exploiting? Are there any loopholes?

Steven Greenwood: Not that I am particularly aware of. The majority of businesses have repaid or are repaying on schedule. We think that, for those that have stopped repaying, we have—

Q114   Sarah Olney: Just about. Up to 48% of the loans will not be repaid, so it is only just the majority.

Steven Greenwood: Where we have paid out the guarantee, the analysis we have suggests that the majority of those companies are genuine business failures that probably cannot repay.

Q115   Chair: When did you take those powers to stop companies going bankrupt if they have not paid the loans? In one of our earlier hearings, we heard about the dreadful word “phoenixism”—I hope I pronounced that correctly—which is when a so-called sound company goes into bankruptcy and immediately forms an almost identical company with no assets. That was quite prevalent when we first examined this matter in July 2022.

Steven Greenwood: I will have to write back to the Committee with the exact date we introduced it. That is one of the things it is trying to stop: a company dissolving and then popping up a few months later.

Chair: I guess that it was post July 2022, because it is the first time I have heard of it when doing research for this hearing.

Steven Greenwood: I am very happy to provide you with more information on that process.

Chair: That is very helpful. I will bring this hearing to a close, unless any of you have any final words. It has been an interesting hearing; we will examine your evidence very carefully. Thank you, Permanent Secretary, and others. An uncorrected version of our transcript will be available in the coming days, and we will produce a report with recommendations that I hope you will study carefully. I guess that we will come back to some aspects of all this. Thank you very much again for coming this afternoon to give evidence.