Oral evidence: Economic impact of coronavirus, HC 882
Monday 19 April 2021
Ordered by the House of Commons to be published on 19 April 2021.
Members present: Mel Stride (Chair); Rushanara Ali; Mr Steve Baker; Harriett Baldwin; Anthony Browne; Felicity Buchan; Dame Angela Eagle; Julie Marson; Siobhain McDonagh; Alison Thewliss.
Questions 397 - 465
I. Gareth Davies, Comptroller and Auditor-General, National Audit Office; Andy Morrison, Director, HMRC, National Audit Office; Joshua Reddaway, Director, DWP, National Audit Office.
Witnesses: Gareth Davies, Andy Morrison and Joshua Reddaway.
Q397 Chair: Good afternoon and welcome to the Treasury Select Committee and our inquiry session into the economic impact of coronavirus. We are going to be looking specifically at fraud within Government schemes. I am very pleased to be joined by three members of a panel from the National Audit Office. I will ask them to briefly introduce themselves to the Committee.
Gareth Davies: I am Gareth Davies, the Comptroller and Auditor-General and head of the National Audit Office.
Andy Morrison: I am Andy Morrison, the NAO director responsible for our value-for-money work on HM Revenue and Customs.
Joshua Reddaway: I am Joshua Reddaway, the director responsible for our value-for-money work on the Department for Work and Pensions and one of the lead directors on fraud.
Q398 Chair: Welcome, all three of you, to the Committee. We will be putting questions to specific individuals on the panel but, if you are not brought into a conversation and want to contribute, just put your hand up and I will endeavour to bring you in at that point. Could I start, Gareth, with a very specific question? We learned at the tail end of last week that the NAO is to launch an inquiry into the Greensill situation. Could you tell us a little about what the terms of reference and the timing of that inquiry will be?
Gareth Davies: We are focusing specifically on the involvement of Greensill Capital in the Government’s Covid-19 business loan schemes: the process by which that company was accredited as a lender in the large business loan scheme by the British Business Bank, and the monitoring of how that arrangement was working post-accreditation. That is our focus. Clearly, lots of other issues have been raised around the role of the company, but that is the one that is closest to our remit and most important that we investigate at this stage.
Q399 Chair: On timing, do you have any thoughts? You may not be able to share anything with us at this stage.
Gareth Davies: I cannot give you an exact time. We are aiming to report before the start of the summer recess, so that Parliament has that in July at the latest. That will depend on what we find and how easy the evidence is to obtain.
Q400 Chair: Thank you. That is very helpful. Turning now to fraud more generally and Government schemes, if I could stick with you, Gareth, the pandemic has created an extraordinary environment in which Government have had to move at pace and do all sorts of things in perhaps a less considered way than they normally would. What is your view as to where fraud has been most noticeable? What are your thoughts on why these levels of fraud may have occurred?
Gareth Davies: People are tired of hearing it, but Government were dealing with an unprecedented situation, so that is clearly the context for everything we are talking about here. The risk of fraud has arisen for several reasons. First, Government have spent a lot more on the areas that are necessarily more prone to fraud. I am thinking there about universal credit, the employment support schemes and loans to businesses that, by definition, are in financial stress, being one of the reasons they are applying for those loans in the first place. Those are, by their nature, high-risk areas for fraud and error.
Another important feature is the pandemic itself. The nature of the virus meant that some well-established controls that Government used to deter and detect fraud were not possible to operate in the same way. A really good example of that is DWP and the requirement for face-to-face meetings before a universal credit claim could be approved. It had to suspend those, because those face-to-face meetings were not possible under the rules, so there was a conscious weakening of control in an area where the health emergency required it.
Another really important feature of this is that Government found themselves dealing with people and organisations that they did not have an existing relationship with, so the business of proving identity and understanding the provenance of claims and so on was much more complex. They were necessarily having to grapple with that problem, but it is a large source of fraud risk on something like the bounce back loan scheme, for example.
I would pick out those areas as where the fraud risk has been elevated by the pandemic. One area that I have not mentioned is procurement. Government have been spending vast sums on PPE, testing equipment and so on. As we know, procurement is another area of fraud risk, particularly where you are operating in an overheated global market and demand is sky high. In all our work, we are conscious of that too.
Q401 Chair: You mentioned bounce back loans, and we will come to that in more detail in a minute, but am I right in saying that that has been one of the key areas where there seems to have been a bigger problem than others? If that is the case, why is it specifically in that area?
Gareth Davies: That is right. This is the area in which we are most concerned about fraud risk but also credit loss: people just not being able to repay loans that they took out in good faith. That is the riskiest area for fraud, because Government consciously prioritised speed over control in that case. That was clearly the case, because a ministerial direction was sought for bounce back loans, and Ministers took responsibility for saying, “We understand that there is an impact here on the level of control, but the speed is so important that we must prioritise that”. Our job is not to question that policy decision but to understand how the risks that have been identified were then managed.
The big challenge there is the way in which those schemes were accelerated. If you remember, there was a lot of pressure from businesses at the time that the previous schemes were too slow. They could not get approval for the loans and were at urgent risk of going out of business, so it is understandable that a response was required, but the way in which the process was accelerated was largely through the removal of credit checks and affordability tests that would normally be applied for a loan of that kind. If you are not testing the creditworthiness or going into detail about the provenance of the claims, the risk of fraud in that case is escalated.
The other big problem for bounce back loans has been identity theft. I am sure that you have seen in the press lots of examples of people realising that their identity, and that of their company, has been used for fraudulent claims, much to their shock. Those are some of the reasons why bounce back loans in particular were vulnerable.
Q402 Chair: You mentioned that, with the bounce back loans, a lot of this money will not come back, and there is a range of assumptions as to how much the Government may not recoup. Some of that, as you said, is due to basic credit risk with distressed businesses and some due to fraud. How difficult is it to disentangle that and establish how much of it is due to fraud? Sticking with bounce back loans, I know that we have a repayment date coming up fairly soon, so I suppose we will get more information then, but when do you expect to know a bit more about what is fraudulent as opposed to just lending to distressed companies that cannot repay?
Gareth Davies: That picture will emerge gradually. As you just mentioned, the first repayments on bounce back loans are due in May, so next month, but the Chancellor announced a scheme to allow borrowers to apply for a deferral of the repayment date. Even with that provision, we will learn quite a bit next month, because those borrowers who neither make a repayment in May nor apply for an extension are going to be an interesting group for the Department and the British Business Bank to focus on, with the compliance checks that they are now applying. Clearly, something is happening there: either somebody has just forgotten to start paying and needs chasing up, or it is the first sign that that might be a fraudulent claim, the business no longer exists and they have departed with the money.
Joshua Reddaway: Another way of finding out is through the random sampling work that the British Business Bank is undertaking. It has been updating the Public Accounts Committee in a series of letters on how that is going. The first wave of that was done in January. It said it was undertaking further work. As it is sampling the debt book to try to find out how the money has been used and what the status is of those, it should end up with two data streams. One is what our experience is of the loans being repaid, and the other is sampling what is happening with those that are not. That is a very standard thing that we would want to see in any fraud management: using random sampling to understand what is going on and what the nature of the risk is that you are facing.
Chair: I am not going to dwell any longer on bounce back loans, because I know Rushanara is going to go into that in more detail a bit later.
Q403 Felicity Buchan: Good afternoon, everyone, and thank you for joining us. My questions are specifically on fraud in the furlough scheme and the self-employed scheme. Can you perhaps explain what types of fraud you anticipate seeing in the furlough scheme and the self-employed scheme?
Gareth Davies: One obvious area here is employers overstating the furlough claim. As you know, the way the scheme works is that the employers are paid by the Government through a furlough grant, and they are then expected to pay 80% to their employees, or whatever arrangement they have made within their businesses. The scheme is vulnerable to employers simply misstating the amount that they pay to their employees, by inflating either the number of staff or the salaries, or whatever approach. That is one source.
Another one is claiming the money but requiring their staff to work. There has been plenty of evidence through the hotline, whistleblowing and so on that there are lots of examples of that. It is very tempting for a hard-pressed employer, but clearly fraud on the scheme and outlawed by the rules of it. That is another important area.
A third one that I would pick out is organised crime: the risk that organised crime coerces legitimate employers into making fraudulent claims, or uses the fact that claims are possible through agents, for example tax agents who deal with HMRC, to set up either false agent arrangements or suborn legitimate agents. Those are three broad areas, but Andy may have others that he would like to indicate.
Andy Morrison: The ones that you have touched on, Gareth, would be the main areas. For the furlough scheme, the main risk we see is around that relationship between the employer and the employee, and the honesty with payments and working conditions against the rules of the scheme. The controls around the self-employed scheme are a lot tighter in terms of where the calculation of that is kept. It is done by HMRC, so some of the opportunities are much more limited. More recently, there has been another opportunity for people to submit self-assessment returns under the latest extension of the scheme, which then creates a lot more opportunities. One of the issues with the schemes is that, as they have been extended, there is perhaps greater understanding and opportunity for fraudsters to adapt their methods.
We have seen an evolution of the guidance around the schemes. HMRC has responded with probably greater awareness of some of the ways that people might be pushing at the boundaries of the schemes, with much more specific guidance around things like how to treat hours of leave when people are also on furlough pay, as well as a tightening of definitions around what it means to be adversely affected by the pandemic and the impact on profits. There are a number of areas in the margins that are probably better understood now than would have been the case at the outset of the schemes.
Q404 Felicity Buchan: So the opportunities for fraud have gone up with time. Intuitively, I would have thought that, as HMRC and Government have more time to finesse these schemes, you would expect them to go down over time.
Gareth Davies: Both things have been happening. There have been improvements in control. For example, one of our recommendations in our first piece of work on this was that the Government should publish the lists of employers claiming money through the furlough scheme. That might be the only way that employees would realise that they have been asked to work and their employer had simultaneously been claiming. We saw that transparency as not just an effective detection method but as a deterrent for future fraud in the scheme. We were pleased to see the Department starting to do that from December. That is an area where control has improved.
As Andy was saying, the extension of the scheme and the increasing complexity of it over time, for example introducing the ability for part-time furlough arrangements, makes error more possible, but it also means that fraud has more opportunities.
Q405 Felicity Buchan: Let me ask you about the scope of the potential fraud plus error, to your point. HMRC has worked on an assumption on the furlough scheme of 5% to 10%, and the self-employed scheme of 1% to 2%. Is that the right order of magnitude, or is it difficult to speculate?
Gareth Davies: It is very difficult. We are auditors, of course, so we trade in evidence. Those were the initial estimates and were based on experience of fraud in schemes that were as similar as possible, so they were used as a reference point. We did not and still do not have a better estimate than that. It is really important that those estimates are constantly refined as more information becomes available. That is an important area. We have been in dialogue with HMRC on its timetable for updating those estimates, which, at the moment, extend a long way into the future. We are keen that, using the compliance testing that is going on, and the information coming through the hotlines and whistleblowing, those estimates are updated more frequently, if possible.
Q406 Felicity Buchan: My understanding is that HMRC has said that it is not going to be able to summarise the extent of the fraud until the end of 2021, which does seem too late to me. Your view is that that is too slow.
Gareth Davies: I understand its methodology, because HMRC’s well-established methodology for tax compliance relies on this annual cycle of returns, compliance work and a robust estimate of tax losses and other compliance issues arising from that. I understand why that methodology is being applied in this case as well. This is different, of course, to tax; this is spending money, rather than receiving it, and some of the anti-fraud procedures that are more commonly used in things like grant schemes and benefits payments probably apply in this case more readily. That is the basis for the discussion that we are having with the Department.
Apart from anything else, we are very keen to get as accurate as possible an estimate as at the end of March just gone, because the 2021 financial accounts for the Department will need to include an estimate of losses on this. That needs to be materially robust for the purposes of our audit opinion. It is not just a value-for-money and counter-fraud question, but also a really important financial statements question for HMRC.
Andy Morrison: There is always going to be a trade-off between the robustness of the methods you use and the speed at which you get that information. In an ideal world, we would want to see both of those things, so that the Department can learn in real time about the scale of the challenge that it faces and plan accordingly in terms of the level of resources that it needs to devote to that. Although its approach is designed to get a very statistically robust estimate by the end of 2021, it is important to be making an assessment while the schemes are live, particularly recognising the changing conditions of the different phases and the different ways in which people may be using the schemes, so that you can learn and adapt the design but also respond promptly.
You asked earlier about the potential size of fraud. One of the things that we and others have done is to carry out some surveys of people who were on the furlough scheme, and ask whether they were being asked to work by and receiving payments from their employer. The surveys have all returned quite different results, depending on the timing and the framing of the questions, but our central estimate was that almost 10% of people were working in the first phase of the scheme while furloughed, and that probably around 4% of people were furloughed but not paid the full amount that they were entitled to under furlough.
When you dig behind the numbers, there is a lot more nuance, because people will not necessarily have been working their full hours. The majority of those people working would have been working for less than the full amount of their time, which is where it begins to be a little more understandable, I suppose. Very much in that first phase of lockdown, when many businesses would have been very concerned about whether they could continue, and employees would have been concerned about their jobs, you can understand why people would work some additional hours.
There is a fairness question. A lot of firms that would have followed the rules would not have been entitled to claim furlough support in either phase one or two, because, if you had not claimed in phase one, you were not entitled in phase two. There is quite a lot to it.
Q407 Felicity Buchan: Let me sneak in a couple of very quick questions. First, to what extent are you concerned about error here, as opposed to fraud, in administering the schemes? Secondly, you have mentioned work that HMRC and Government are doing to try to limit the amount of fraud, such as publishing the names of companies and the surveys that Andy mentioned. Is there anything else that they ought to be doing but not doing at the moment?
Gareth Davies: Hard-pressed payroll departments are trying to get accurate returns in for the furlough claims. There is a perfectly legitimate source of error there. HMRC has been encouraging companies to share any concerns that they have about the accuracy of their claims or any technical queries. As you know, quite a few companies have been returning amounts, either because they have identified errors or because their trading turned out to be more positive than they had expected when they started claiming, and they would rather be in a position where they were not relying on furlough money for decisions on things like dividends and so on.
There is evidence of errors being corrected as time has gone by, but inevitably, in a scheme with this volume of money going through very quickly, I am sure that there will be undetected errors as well. Part of our audit testing on the HMRC accounts, as I was describing just now, is designed to probe that level of error, as well as any fraud.
Q408 Felicity Buchan: Joshua, is there anything that Government or HMRC should be doing proactively?
Joshua Reddaway: This really goes to what we are saying to all our clients in Departments about their approach to fraud. As one of my colleagues was saying, it is about how you measure it in order to target your activity. Given that they are not going to be producing that until the end of the year, that is almost a missed opportunity for the reporting and the accounts. That is, hopefully, after the schemes have closed, assuming there is no extension. That means that they have not been able to use the most robust estimate to drive improvements in controls during the scheme. What it will be useful for, and what I think is the next stage, is how they use that estimate to drive recovery: identifying where fraud and error are, as well as any overpayment, how they then decide what their recovery strategy is and who they go after in order to get the money back.
Q409 Dame Angela Eagle: Mr Davies, I wonder whether you have any observations on the design of the coronavirus job retention scheme, which relies on employees whistleblowing, when the potential consequences to them, if they are discovered to be the whistleblower, are pretty awful.
Gareth Davies: You are right. Whistleblowing is one of the best ways of detecting fraud while it is in progress. In this case, it is a legitimate source of information for the Department on whether there have been abuses of the schemes. The people best placed to know are those who should be being paid and who are being asked to work, or not.
Your question is also about compliance activity that the Department will then do proactively. We know that there has been a big investment in extra compliance staff to tackle this question. That has taken some time to bring in. In the first phase, we know that compliance staff were diverted from compliance activity to getting the payment systems up and running and dealing with the volume of claims. The question there is how quickly proactive compliance activity, sample testing of claims, and following up data that looks wrong and requires investigation has been able to get underway.
Andy Morrison: It is worth pointing out that, initially, whistleblowing had to be done via an online form. Pretty much until August, employees were not able to call HMRC with a whistleblowing complaint.
Q410 Dame Angela Eagle: That was because HMRC staff were too busy administering the system to staff those sorts of phone lines, and the phone lines were not thought to be secure enough to be made available.
Andy Morrison: Yes, that is right. They prioritised making sure that they could achieve the operational response in terms of getting payments out and dealing with the transactional queries. There was also the security concern that, because people were taking calls in their front rooms, since most HMRC staff were working from home, they would not be able to handle those calls securely, if someone was reporting a whistleblowing concern. You can understand that a little more, but clearly that facility would have been helpful and there was no other immediate compliance action on CJRS until early August, when HMRC began making outbound calls to employers that were regarded as high-risk.
Q411 Dame Angela Eagle: It was literally six months of completely free goes at the system without any real checks.
Andy Morrison: The schemes got underway in April with CJRS, so probably a little shy of six months. HMRC has always made clear to employers that they need to keep records and that it will have the ability to carry out compliance work to check those records. There is another source, but that lags a long way behind. It did not expect to carry out one-to-one inquiries with employers until the end of October at the earliest, so that would be more than six months.
Q412 Dame Angela Eagle: An awful lot of people ended up being furloughed, and very many hundreds of thousands of employers and companies were using the scheme. What percentage of those will there ever be any compliance checks on?
Andy Morrison: The most recent figures that we saw were that HMRC was intending to do checks on 10,000 employers as part of its compliance checks. That was going to involve around 250 staff. The more recent announcement in the Budget indicates a greater number of staff being deployed to tackle this. We have not yet seen the figures in terms of the amount of checks that it intends to undertake, but the schemes have been extended, so there a lot more to look at as well. While 10,000 employers is a relatively small number, HMRC will have arrived at that figure from risk profiling, so they will be the ones where it considers the values of grants are at greatest risk.
Q413 Dame Angela Eagle: What is the likely downside of being discovered to have behaved fraudulently? What are the risks that a potential fraudster is taking? Not many of these people are going to be jailed, are they?
Andy Morrison: No, probably not. Fraud can be challenging to prove to that level. The difference between fraud and what can be classed as error is the extent to which you can determine intent beyond reasonable doubt. At the time we reported last October, HMRC has prosecuted three individuals for fraud. I believe one had already admitted to fraud and been successfully prosecuted on that basis. I am not sighted on how many further prosecutions have been undertaken to date.
Q414 Dame Angela Eagle: HMRC has investigated a quarter of fraud allegations reported online through that form that you were talking about. In 8% of cases, the employer has admitted some form of error. In 92% of cases, the employer has either refused to engage with HMRC or denied any wrongdoing, so it does not look to me like employers are losing much sleep at night over the potential risks that they might be running, if they have defrauded the Revenue.
Andy Morrison: I imagine that they will have been playing for time. At the time, many of the lockdown restrictions were in place, so it would have been difficult for HMRC to get out and visit people. It is easier to dodge them that way, but the figures that I have are that they had called about 2,800 employers by August. They had identified overpayments in around 18% of those, and errors not resulting in overpayments in 20%. For about 63%, either they had not answered or there was no error identified.
Q415 Dame Angela Eagle: That is of how many employers using the scheme?
Andy Morrison: I do not have that number to hand. I know that it is being used to protect about 11.2 million jobs.
Q416 Dame Angela Eagle: It is a significantly high number of employers. The Budget announcement of a taxpayer protection taskforce is going to provide 1,200 more HMRC staff to work on this. What effect will that have on the pretty dismal numbers that we are seeing at the moment?
Gareth Davies: It helps in terms of capacity. HMRC has a good track record on its return on investment from the cost of compliance staff. Recently, our estimate of overall compliance return was 9:1. For every £1 spent on compliance staff, £9 was being recovered from taxpayers. That is tax recovery rather than fraud recovery in this case, so it may well be that that is not available at the same rate, and I would be very surprised if it was, for the furlough fraud that we are talking about here. In general, the economics of fraud are that it is much more efficient to prevent it in the first place than to try to find and prosecute it, and then recover the funds.
Q417 Dame Angela Eagle: For reasons that we have already heard today, that horse has bolted. Another area where fraud might be happening is if the various schemes are not talking to each other. The CBILS scheme from the British Business Bank is not in contact with other bits of the Bank of England or the Treasury. In your experience to date, what has been the co-operation between the different parts of these structures—the Bank of England, the Treasury and the British Business Bank—about the use of these schemes? Has there been a lot of co-operation or are they all off in separate silos?
Gareth Davies: There has been co-operation, and we have some work planned on exactly this question, so I will be able to give you a more fully evidence-based answer when we have done that work. The evidence that we have so far suggests that it is patchy. In some cases, there are well-established collaboration arrangements for establishing that a particular business has been in receipt of a loan before it receives another one from a different scheme, for example.
Given the scale of the efforts in this case, and the fact that some Departments are doing this kind of thing for the very first time, we do not have those established relationships to fall back on. We are pretty clear that there will be examples where there needs to be better co-ordination between Departments running different schemes. To add to the ones you have mentioned, there have been sector-specific support packages involving companies and organisations. The culture sector, for example, has been targeted with support. Those businesses in the culture sector are also able to apply for the schemes that we are discussing here. Making sure that the full range of Government interventions has been understood and that information is taken into account before new decisions are made is something that we are looking at separately.
Q418 Dame Angela Eagle: If there was a risk register in the Treasury, for example, for coronavirus schemes, it was not shared with the British Business Bank, DCMS or any of the organisations trying to do work in sector-specific areas. It might be that you were a ne’er-do-well who had defrauded one bit of the system, and you were free to try your hand at all the rest. Is that what you are saying?
Gareth Davies: I cannot give you a definitive answer to that question. I can say that it is a risk area we have identified and will be doing some detailed work on, to understand how the risk is being managed and what the evidence is that people have been able to play one scheme while claiming another. The intention of these is to provide targeted state support in an emergency, and it is really important that the full picture is there before decisions are made, which is why we are focusing on this as one of our exercises.
Q419 Mr Baker: I would like to turn to the excluded. In your October report, one of your recommendations was to “consider how to ensure that reliable information, covering as many people as possible, can be used to determine eligibility so that fewer people suffering loss of income are excluded from similar schemes in the future”. To what extent was preventing fraud one of the main reasons why the Government did not help those people who were excluded from the schemes?
Gareth Davies: It was a very relevant factor. One of the design principles right at the start, given the speed at which this was being operated, was to ask, “How can we use the most reliable data that we have to make sure that we are targeting this money to people who are genuinely entitled to it?” In the tax system, it is the annual return and the real-time income system used by HMRC, so pretty much everything was based on the availability of up-to-date data through that system, hence the quite close focus at the time on, “What if I have just changed jobs and fallen out of the window covered by the tax return?” and so on. Arrangements were made to try to deal with that.
As Andy said earlier, on the self-employed scheme, one of the considerations was that, if we are just asking them to self-report their self-employed income, we have to rely on tax return data. Otherwise, there is a strong incentive there to report an inflated figure. That was definitely quoted at the time as one of the design principles for that scheme. The need to make sure that taxpayers’ money was protected from fraud as far as possible was a really central principle in those choices. That then had an impact on people who, for whatever reason—and there are lots of different reasons—did not have up-to-date tax information that HMRC could draw on.
Andy Morrison: From a fraud control point of view, there are two dimensions that were restrictions on HMRC. One was around the time limit and the other around the granularity of the data. We see the timeliness issue with people on short-term, freelance contracts or who were newly self-employed. We see the granularity of the data around things like director dividends that are not sufficiently split out in the tax return to be able to differentiate between owner’s dividends and investment dividends. Pretty much all the other reasons for groups that are excluded are really down to policy decisions around levels of entitlement, such as what the cut-off should be for the self-employed scheme, in particular around earning levels or the proportion of earnings down to self-employed income.
Q420 Mr Baker: Just to drill down into that point you made, you said investment dividends versus owner’s dividends, but I suppose investment dividends are owner’s dividends. Is that not the key point why it is difficult to separate them?
Andy Morrison: It is a subset. You might have dividends from a company that you are simply investing in but have no controlling stake in. I suspect that, when people are thinking about who has been excluded, they are less concerned about that group than people perhaps on lower incomes, who are remunerating themselves through dividends as well as perhaps some element of salary.
Q421 Mr Baker: Maybe that means that there is a case for, on the tax return, separating out dividends where you are not only an owner but a director of the company.
Andy Morrison: Yes, that would certainly be one way in which you could solve the issue around data and differentiate that. I have not seen that change being made in the most recent self-assessment.
Q422 Mr Baker: You have given us a pretty comprehensive answer, but I am trying to get to the bottom of the relative importance of fraud versus policy choices about what data is collected versus the technical capability of systems to be adjusted to implement the emergency schemes that were designed. You might need to assimilate that: fraud, policy choice, technical capability. Where does the balance lie when it comes to the reasons why people were excluded?
Andy Morrison: From an administrative point of view, in terms of the examples that we have talked about, I would say that the only data systems issue in terms of granularity of data is for the director group with dividends. That is potentially a fairly easy fix in terms of collecting data going forward. Going backwards, it is much more challenging. With the self-assessment process, you always run the risk that people can manipulate the data that they submit in those returns.
Essentially, the data that is being used for the latest wave would include the most recent self-assessment returns. The crucial difference with dividend income compared to some of the other areas is that you would not have the previous years as a comparator, so you would be relying on a single-year piece of data, which would clearly carry a lot more risk than where you can see what the trajectory would have been. Ultimately, with any self-assessment system, you always carry a risk around disclosures and there is that opportunity for manipulation when you know that the scheme is likely to be extended.
Q423 Mr Baker: We cannot blame anyone for failing to design software systems—and I would say this as a former software engineer—to cope with an emergency like a pandemic, but are there specific lessons that might be learned for the design and implementation of software systems in HMRC in order to deal with any future pandemic?
Gareth Davies: One of the reasons behind the relative success of the furlough scheme compared to some other parts of the programme of Covid-19 interventions was pretty wise investment in technology in HMRC in recent years. It would not have been possible to respond with the speed at which the systems were able to and with the volume of payments that were necessary, unless those previous investments had been made. Nobody made those expecting a pandemic, but they turned out to be extremely useful in overall terms for the capability that was needed here.
Andy Morrison: The real-time nature of the data for the PAYE system is clearly a big advantage. That is not available for the self-assessment system. One of the things that the head of HMRC, Jim Harra, said to the Public Accounts Committee, when he was asked about this issue, was that he looks with envy at some of the self-assessment systems that other Government Departments have. If you have more up-to-date data that you can use in more flexible ways, making more flexible cuts around the data, you can do a lot more with it. It is not just necessarily real-time information but also perhaps being able to cut by particular sectors or other lenses that could be particularly useful. It was clearly very difficult to predict that this was going to happen in the first place.
Joshua Reddaway: That has knock-on consequences for the benefits system, which would also really benefit from that data on the self-employed.
Q424 Mr Baker: Turning very specifically to the proposed director’s income support scheme, to what extent do you accept that that would have encouraged too much fraud? Are you convinced by that argument?
Gareth Davies: It is a relevant factor to consider. You would not immediately rule out a scheme like that just on the basis of the fraud risk attached to it. You would want to see what other possible design features we could use to design out as much fraud as possible. Maybe that would be more intrusive in terms of information requirements.
I was reflecting on the previous conversation. One of the interesting possibilities opened up by this experience that everybody has had is that a lot of people are now much more aware of the advantages of having a fully up-to-date tax record than they might have been before. There is an opportunity for Government there, in that people now understand the two-way nature of this relationship. It is not just about extracting tax from people but also being in a position to help when there is an emergency need to do so. In terms of behaviour, the design of schemes like this proposed directors’ scheme can be used to advantage to maximise compliance in normal times, so that schemes can respond more efficiently when they are urgently needed.
Q425 Mr Baker: We all know that support for the self-employed was capped for those earning £50,000. Nobody above that got any help. Is there any fraud-related reason for that cap?
Gareth Davies: I do not think so. Other schemes have tapered arrangements rather than single cut-off points, as I am sure you know. Both of those have fraud risks, but you would not set a flat rate just for fraud purposes.
Q426 Mr Baker: Could the self-employed scheme have had a tapered arrangement without any additional fraud risk?
Gareth Davies: That is a policy choice and, clearly, that is not our remit. In technical terms, the taper does not create a fraud risk.
Joshua Reddaway: Experience in the benefits system, where you have both flat rates and tapers, is that it is a mixed bag. On the one hand, if you have a taper, it can be more gradual, but you then have to assess the taper and get that right. On the other hand, if you have a flat rate, it is really easy to administer, but you then have a fraud risk of people falling straight over it, one way or the other. There are advantages and disadvantages to both.
Q427 Anthony Browne: I have questions about PPE procurement and a couple of quick ones about access to cash afterwards. The PPE procurement was an unprecedented exercise in scale and speed. You have done an inquiry into it. I was just wondering what you saw as the main failings of PPE procurement.
Gareth Davies: The first issue is the lack of information. It was partly the speed at which this pandemic developed; it was a new virus for the whole world. It was very hard for Government to get a clear picture of the necessary level of demand for this, particularly around the health service as well as care homes and frontline workers in transport and shops. It took a very long time to get anything like accurate data on demand. It is well-known that the existing pandemic stocks were designed for something different, inadequate and quickly overwhelmed, and Government found themselves having to try to buy very quickly in an overheated global market.
What were the main problems that that caused? Government ended up overordering. From being in a position of not having enough, with some real shortages around the health service and care homes, we now have, essentially, vast stocks of PPE around the country, with some of it still in shipping containers and so on, and far more than we need in any foreseeable version of this pandemic for some years. There is a challenge there about the value for money of what we have spent as well as the shelf life of some of this material.
When we looked at some specific examples, we found that quite a few PPE procurements had happened before the key controls were put in place, given the speed at which this team has been put together. There are some well-known examples that the press has covered in a lot of detail, where what was ordered turned out not to have been properly specified. It may have been delivered by the supplier but it turned out not to be usable as required. Some of that has been corrected; others are still being sorted out by the Government.
We found poor documentation of key procurement decisions. The key issue here is that everybody accepts that speed was necessary, which meant that you could not use the normal, reliable techniques of competitive tenders and so on, because it would have taken too long and we would have missed out on essential supplies and so on. That does not mean that it should have been a free-for-all. I am not suggesting that it was, but we did find inadequate documentation of some decisions to use suppliers. We found that, in some cases, conflicts of interest had not been identified, and how they were being managed was not considered or set out in any documentation.
This really matters. When you are spending what amounted to, in the end, up to £15 billion in a year on this high-priority equipment—and some contracts on their own were hundreds of millions of pounds—it matters why you chose that supplier, how you ensured that you were going to be get value for money and reliable delivery, and whether you can defend yourself against accusations that motives other than obtaining the right equipment at speed were driving your decision-making. The protections against that are good documentation and transparency: publishing, as quickly as possible, who has been awarded the contracts. We found gaps in all of that and, as you know, it has taken a long time to get timely publication of all contracts on PPE, as well as some other services.
Our line is that it is not just taking into account the urgency of the situation. The urgency of the situation itself meant that transparency was even more important than normal. If you cannot use competition, the onus is on you to really set out what you are doing to report as quickly as possible in order to maintain public confidence in that level of spending.
Q428 Anthony Browne: What are the lessons from this unprecedented situation? It was not just the scale of the PPE that the Government had to procure. We did not have a PPE industry in the UK, because we made only 1% of our total stock, so the Government did not have a procurement system and processes in place that were fit for purpose for this sort of mass, sudden procurement. They had a very long-term procurement system for far smaller volumes, and no one was expecting the pandemic. Given all of that, what would you recommend to the Government now, in case something like this happens again?
Gareth Davies: We are looking at the lessons learnt from this exercise, along with lots of other aspects of the pandemic response. Everyone agrees that we cannot allow ourselves to be in this situation again. We compared the amount that would have been necessary to spend last year on the volume of PPE that was bought, and the extra cost just through price increases was £10 billion. That is an indication of the value-for-money hit that Government had taken on this. How do you avoid being in that situation again? We can prepare for more pandemics but no stockpiling will guarantee success. We could certainly reduce the risk, but we are not going to guarantee success through stockpiling. As I said, some of the items have a shelf life anyway, so you have to be very careful with that.
What that takes you to is: how could we gear up production in a much slicker way, having planned that in advance? If we needed a particular type of PPE, we would know which suppliers we had contracts with for other materials, and how they would adapt their production methodologies to deliver what is required and make the adjustments when we know more about the pandemic that we are dealing with. It is easier said than done. It is a complex process. How do you make sure that you have that capacity to call on when you need to? It speaks to industrial strategy and to having a very clear eye on what we regard as an essential industry that we may need to call on very quickly for high volumes. How do Government interact with business so that they have easy access to volume when it is required?
Q429 Anthony Browne: We are talking about contingent procurement almost.
Gareth Davies: Yes. There are experts on this in Government who are thinking about this problem very hard at the moment. What we will be doing is reflecting the lessons that we have taken out of the work that we have done on this experience and feeding that into that planning process. It is an example of a bigger challenge. It is very tempting to draw one conclusion from this pandemic, which is that we need more resilience as a country for something of this kind.
In many ways, we do, but the value-for-money question, which is the one of most interest to us, is a really complex and challenging one. Just having more spare capacity builds in inefficiency straightaway anyway, and you may have chosen the wrong spare capacity to plan for, so it is a big challenge here. What is the high-quality, value-for-money response to the learning from this pandemic?
Q430 Anthony Browne: Can I ask about the role of the Treasury in this? It did not sit on the procurement committee that decided the contracts over £5 million. Should the Treasury have been more directly involved with procurement rather than leaving it to the Department of Health?
Gareth Davies: I know that there was a case-by-case assessment for each of these big areas of spending in the pandemic: how did the spending control framework need to adapt, if at all, to the situation facing a particular Department? I know that the Treasury went through that process, in this case, with the Department of Health and Social Care, so I do not have a reason to second-guess the decisions it made in doing that.
There was reasonable visibility of the scale of spending at the Treasury on this, because it was having to approve pretty rapid increases in the budget allocation, so we know that that was visible to it. It is more a question for the Treasury: does it regret not being more involved in individual contracting decisions here? It would not see that as its normal role and, even in an emergency, it would see its role as overseeing the framework and the control system, rather than being involved in individual contracting decisions.
Q431 Anthony Browne: In your very first answer, you mentioned the media speculation and questions over the motives around it, rather than just inefficiency in a crisis. In your investigations, did you find any corruption?
Gareth Davies: No, we did not. If we had, we would have referred it to the police, because that would be evidence of criminal conduct. This is where maintaining public confidence is so important. By far the best thing is to head off any of those claims by having a really strong evidence trail. I do not accept that this takes a lot of time and administrative effort, so I do not accept the argument that there was no time to do this properly.
One area that I have not mentioned today but which got a lot of attention was this high-priority lane for some bidders, for example. I am sure that people reached for that because they saw that we had to have some way of sifting out the credible from the non-credible bids, but there were no rules set for that scheme. There were no guidelines. There was very little transparency about who passed through it. All of that is a recipe for suspicion and, as we are seeing, accusations of improper motives.
Q432 Anthony Browne: They should have spent a day or two just sorting out the rules.
Gareth Davies: “We are going to do this. Prima facie, it is going to give us a risk around demonstrating even-handedness, so let us be really clear about how and why we are doing it, and transparent about who is getting what”.
Q433 Anthony Browne: My last question is about access to cash, a very different issue. You have done a report on it and the Treasury is doing a consultation on it at the moment. The number of payments being made by cash has been falling dramatically in recent years, but it has gone off a cliff during the pandemic and a lot of retailers have started refusing to accept cash now. We do not know whether they will come back afterwards. I know that the banks are worried about the ATM system becoming non-viable economically, because the volumes of cash are now so low. The Government want to ensure that vulnerable people have access to cash, and you made a series of recommendations around the governance of it. What should be done over the regulation of cash to ensure that people who need access to it get it?
Gareth Davies: The biggest point was about clarifying regulatory responsibilities in this area. It is a very mixed bag of different organisations, with different responsibilities. Our central point was that, given the huge importance of this issue and the need for Government to be able to set a policy and then implement it, it does require clearer levers for delivering those kinds of changes and monitoring their impact than they currently have. That division between the Treasury, the FCA, the Bank of England, the Royal Mint and others needs clarifying, particularly as to who is in overall charge here, and who can make things happen and assess whether those changes are having the desired impact.
Q434 Anthony Browne: Who should be in charge overall? Is it the FCA, as some people suggest?
Gareth Davies: We do not have a view on that. It is not as if a candidate leaps out and it would be crazy to do anything different. There are options there and it is right that Government take that call. Our point was that the system at the moment is not strongly led enough, and that needs addressing.
Anthony Browne: I would definitely agree with that.
Q435 Rushanara Ali: Good afternoon. I have a quick supplementary on PPE contracts. Mr Davies, you talked about transparency and mentioned £10 billion of extra taxpayers’ money that could have been saved. There is this issue about conflicts of interest not being taken into account; all these concerns around priority lanes; and the reports that we heard right through last year of civil servants being cast to one side when these fast lanes were created. There were reports of [inaudible] to those with links to the Conservative party. To many—and certainly to the public—that would be tantamount to corruption.
I appreciate your point about a lack of evidence to make that particular allegation stick, but there is a big issue about transparency and waste of public money. Can you talk more about where the Government could have avoided these conflicts of interest during what has happened? Of course, lessons can be learnt for the future. People will expect answers, given the catastrophic waste of public money, as well as this cronyism that has overtaken the current political discourse, which is damaging for our country.
Gareth Davies: In my role as the auditor, I can give you the good practice in managing these risks. That is why I made the point that the basic standards in this situation do not need to be set aside, even though you are moving very quickly to save lives and procure equipment as rapidly as possible.
The Government commissioned their own investigation into a different aspect of procurement in the pandemic from Nigel Boardman, who has since been commissioned to do a different review. He published that review just after we did ours, in late 2020, and came to the same conclusion: that Government at the centre needed much clearer guidance that, in an emergency, these minimum standards must not be set aside, whatever the pressure. This is how you deliver proper transparency and very fast procurement. The Government are working on that now.
Q436 Rushanara Ali: Time and again, we heard that as an excuse for the lack of transparency. In fact, many of us have raised those questions for months and months, and the emergency has been used as an excuse. That excuse justifies wasting billions of pounds of taxpayers’ money. Who is going to pay? That is what the public want to know the answer to. Are we just going to carry on as if nothing happened?
Gareth Davies: Our job is to report our findings, which we do publicly. As you know, the Public Accounts Committee takes nearly all our reports and holds hearings based on its findings, and takes evidence directly from the civil servants responsible for the spending. That happened in this case as well, so that is the mechanism that my organisation is part of and we will continue to audit the high-risk areas and make recommendations.
Q437 Rushanara Ali: You are also very important in the transparency debate. In relation to what happens next, are there lessons around the emergency legislation? Some people argue that it has been used as an excuse for a lack of transparency. There is a lesson perhaps to learn from there as well. Is that something that we should be thinking about?
Gareth Davies: There are lots of important reflections to make following this experience, and that is a really important one, around how you get the enabling power that was required in that situation and being upfront to say, “It may well be necessary, in some cases, to set aside competitive tendering, for example, if you need it tomorrow rather than in a few weeks’ time. In that situation, here are the emergency minimum standards that must still be applied”. That would be a reasonable piece of learning to take out of this and to build into any future such legislation.
Q438 Rushanara Ali: Moving back to bounce back loans and picking up on some of the points that the Chair raised, BEIS and the British Business Bank had estimated that between 35% and 60% of the bounce back loans may not be repaid. You touched on that earlier. That is between £16 billion and £27 billion, based on loans to date. Did the fraud controls by the banks on bounce back loans improve over time? Was that at the instigation of Government?
Gareth Davies: There were changes over time in how the bounce back loan scheme operated. It closed at the end of March just gone. The fieldwork for our report was in September/October. We have not done the detailed work since then to be able to track any changes that Government have made and who instigated them, in response to your question, so I cannot help you with the detail of that.
Joshua Reddaway: Just to give some examples of the improvement, one of the first steps was removing duplicate loans by sharing information between lenders. That is something that they brought in. They also brought in best practice sharing of the fraud risk. That sounds like quite a small thing but it is quite a big thing to have got the lenders talking to one another about the nature of the risks they were seeing and how to respond to that. They have made improvements to the reporting of fraud, which meant that there is at least some intelligence flow to the centre about what sort of frauds are being committed.
They commissioned NATIS, the National Investigation Service, which is a police-led organisation, to look at the more serious organised crime and frauds that they were finding. Finally, back in the autumn, they started their lender audits to assess whether lenders were doing their three main checks, which are the anti-fraud, anti-money laundering and know-your-client or know-your-customer checks.
That is a list of things they were doing. There is still that sense: could they have done more? How do they get the information to know what was going on? You also get the sense that it is a very disaggregated system. You have the centre trying to influence a risk that the centre holds through the guarantee but which the banks are responsible for managing.
Q439 Rushanara Ali: Earlier on, Mr Davies talked about a scenario where you might find borrowers not seeking to repay and not coming forward. Out of that group, what proportion of those people do you think are involved in organised crime versus those who may have other reasons why they are not coming forward?
Gareth Davies: We just do not have any data on that, so I cannot help you at all, I am afraid. Until we get to May and those first bits of evidence start coming in, it would be difficult. We do know that the banks are doing some work to correlate commercial loans that they have made to businesses in the past and where they have also paid a bounce back loan to that business. They are trying to spot patterns where people are starting to default on their existing commercial loans, because they are expecting that to also feed through into the bounce back loans. Through the British Business Bank, Government are talking to the lenders about that sort of evidence that they are building up as well.
Q440 Rushanara Ali: In your report, you made calls for robust debt collection with lenders and fraud investigation arrangements. Can you say a bit more about what discussions you have had with Ministers and other agencies to make that happen?
Joshua Reddaway: I do not know, Gareth, what discussions you have had with Ministers. The normal process is that we make some reports to Parliament. There was the hearing at the Public Accounts Committee, which led to its report. There was a Treasury minute and a process by which this is done. It is all pretty much done at an official level, unless Gareth has had a separate meeting with Ministers.
Gareth Davies: Not specifically on that question, no.
Q441 Rushanara Ali: In light of the Public Accounts Committee report, I noted some of the responses from Government, but do you feel confident that robust debt collection with lenders and fraud investigation arrangements will take place?
Gareth Davies: It is too early for us to say. There are some good plans in place, and Joshua described some of the lender audits, which are going to be a big source of evidence. The central challenge here is incentivising lenders who are not carrying the financial risk to pour resources into detection and recovery. A lot of the work that the Government are doing is to address that central incentive problem, because one of the reasons why these loans could be made much more quickly was the 100% guarantee from Government. That is what they are grappling with. We are following up our bounce bank loan recommendations later this summer and will be reporting on the evidence we have pulled together on exactly that question.
Q442 Rushanara Ali: I have a final question on the Greensill inquiry. It begs the question of whether there are other cases. Could there have been other cases where, particularly with the British Business Bank, BEIS and the connections between the two, there was a contamination of lobbying and improper influencing? Will you be picking up on and looking at, as well as lessons, whether there may be other cases like this? The public will be concerned about whether this is a widespread pattern of behaviour in terms of lobbying and its impact.
Gareth Davies: We are right at the start of the work that I described at the beginning of the meeting, so it is too early. We just do not have the evidence to be able to answer that question yet. As with any audit, we have a specific scope that we are tackling, but we pick up any threads that that identifies as we go. We will have the same methodology here. If there is an apparent connection to other cases, we will follow that up. We will not just leave it. It is too early to say whether that will be the case.
Q443 Julie Marson: I want to cover the capacity in Government to tackle and combat fraud. I wonder if you could give us a sense of how the compliance work regarding the coronavirus schemes differs from what you might call HMRC’s routine tax compliance work.
Andy Morrison: In many ways, there are a lot of similarities between HMRC’s approach with the grant schemes and tax work. It is an escalating approach of identifying which of the claims appear the riskiest and then focusing on those with a series of escalating checks, to try to prompt returns of overpayments or to check and get a sense of the scale. The approach with the job retention scheme is initially to carry out claim assurance checks over the phone; to have an amnesty period, sending letters out to the claims that appear the riskiest and encouraging them to return any overpayments; to move to harder-edged stuff around one-to-one inquiries with employers; and then to carry out work to protect against deliberate insolvency as the final stage of work. Essentially, the approach with the self-employment schemes is the same, although slightly behind where the coronavirus scheme was.
The main point I would make is that the nature of tax and the nature of grant payments are quite different, in that the payment of grants is upfront to customers and early on, whereas the receipt of tax payments comes after the accounting period and can often be quite lagged, so there is inherently a lag built in to tax compliance work. This lag has been also built into HMRC’s compliance work with grants, because it wanted to build a view of the scale of risk around a number of claims. As I mentioned earlier, we would like to see very active testing and investigation of the scale of fraud or error while cases are live, and then much prompter investigation with each iteration of the schemes.
Q444 Julie Marson: Did we move quickly enough? Did HMRC move quickly enough? We have touched on how we moved staff across to look at fraud in the Government schemes. Was that quick enough and what other implications were there in terms of training, IT and other resources that needed to be moved quickly?
Andy Morrison: We recommended that HMRC should look at whether it could speed up its recruitment of people to carry out grant compliance work. In the immediate short-term response to the pandemic, it prioritised moving people towards the operational and transactional response, to make sure that payments could go out. Then its initial assessment around June 2020 was that it would not be feasible to bring in new staff or to bring in private firms to support it. Its only available solution would be to redeploy people from tax compliance work, but that would come with too great an opportunity cost in terms of the losses to tax revenue. That really remained the case throughout the period of our review until October.
Shortly before we published, HMRC informed us that it would be looking to bring in private contractors. At that point, it made the decision that it would be bringing in extra capacity that way. Partly that was informed by the decision to extend furlough scheme support. They recalibrated on the basis that the support would be there for longer and the sums would be greater but, as I said, we would have liked to have seen earlier intervention on a lot of these things, particularly bearing in mind that these were initially intended to be one-off schemes. In forming an assessment of the level of fraud and error at the end of 2021, when your view is that the schemes may be over at least a year before that, there is clearly a very significant time lag there.
Q445 Julie Marson: Can you quantify the opportunity cost there has been on existing, routine work?
Andy Morrison: In terms of tax compliance work, it is difficult to do that, because the pandemic has imposed restrictions anyway in terms of what it is sensible for HMRC to do. I can tell you that, between April and May 2020, the number of new compliance cases fell by a third. Between April and June, the number of new tax compliance cases fell by half. That is more likely to have been due to pressure from moving compliance staff to deal with the operational impact of the pandemic, but it will also reflect the decision around how many inquiries businesses would be able to tolerate during that initial lockdown, which would clearly have had a major impact as well.
Q446 Julie Marson: It was announced in the Budget that there is going to be £100 million extra for the taxpayer protection taskforce, over 1,000 new staff. Will that give you enough resources and expertise to combat fraud in the support packages?
Andy Morrison: The number of staff being deployed is greater than the number that HMRC had under review at the point that we were reporting last October. Clearly, the spend on the schemes is much greater. Until we see a robust estimate of the scale of fraud and error, it is very difficult to form a judgment about whether the amount of resource deployed is commensurate to that.
Joshua Reddaway: I was just wondering whether it was worth putting it into perspective of the overall Government capacity in this area. I am afraid that we have not looked at that directly since 2016, when we said it was mixed. Since then, you have had the establishment of the counter-fraud function. I did have some observations that I thought might help. One is that this is a really resource-intensive area. With £100 million, you are talking about more than 100 staff, but that is the sort of thing that we would think is commensurate with this. In fact, that still probably leaves plenty of room for more.
In terms of the measurement that you are talking about, you need to be lots of people, looking at lots of transactions, and looking at them in lots of detail in order to assess whether there is any fraud in each transaction. That means those people have a very good understanding of whatever it is they are looking at. If it is looking at tax, they need to be really good at looking at tax. If it is looking at these loan schemes, they need to be really good at looking at these loan schemes. You need people who are very good at investigations, and that can be incredibly resource intensive. You are normally talking very low benefit-cost ratios once you are actually talking about prosecutions, in terms of the money coming back.
Of course, you have the deterrent effect on top of that. That is why civil penalties are often more popular, because they are actually cheaper to administer, but they still require a lot of work in terms of the investigation, and then the interviews that you would have and the gathering of evidence to get there.
You need new skills that are in short supply around data analytics, the use of artificial intelligence and how you are actually going to bring all this data together in order to do that. That is possibly why you are seeing quite a lot of the use of people from PwC and so on, coming in to provide some of this risk analysis and that kind of capability. There is a growing understanding that you need much more in terms of risk analysis, senior management involvement and understanding how you use all this information that is discovered to change your operational environment. How do you improve controls over time? That is a skill in and of itself. You need intelligence. Intelligence is not necessarily something that all these Departments have.
I just want to make the point that it is really resource intensive. I want to make the point that there are 6,600 counter-fraud professionals in Government, according to the last count, of whom more than half are in HMRC. If you then add in DWP, you get up to 75%. There is a real question about where that capability is and whether it is well matched. For example, BEIS has not had a tradition of strong compliance activity and counter-fraud activity.
Finally, there is the question of how you make the business case. We know that they have put £100 million into HMRC in the last Budget, but some money has also gone into DWP. The actual amount has not been disclosed. We know that some money has gone into BEIS and that number has also not been disclosed. It can be really difficult to make the case for putting money into counter-fraud if you do not know what the rate of fraud is. Generally, you will be talking about a cost-benefit ratio, when you have nothing, of about one-to-one. That is because you do not actually know what the problem is, so you do not know what the return will be.
If you have a mature function that is underinvested, you will get quite a high one, because you know there are quite a lot of problems and you know where to tackle them. For every extra person you get, you will get a high cost-benefit ratio. If you have a perfect environment, you will have a cost-benefit ratio of nearly one. That is because you are doing absolutely everything you can to combat fraud and error. If you were given one extra person, they would be a complete waste of time. Then you do not need them. It is really difficult to make that. Andy is really desperate to come in, so I will shut up.
Andy Morrison: Sorry, I know it has been quite a long answer. I just really wanted to mention that, while HMRC obviously has a supervisory role, we should not forget that all private companies will have some degree of scrutiny from their own accountants and auditors. There is a requirement on private sector auditors to also be looking for material levels of fraud when they conduct their work. I just want to flag that, because it is quite important to bear that in mind.
Q447 Dame Angela Eagle: On 24 March, it was reported in the media that the City of London Police had made it clear that they would only investigate fraud where there was evidence of organised criminality or the involvement of organised crime. Do you think that is appropriate, Mr Davies?
Gareth Davies Obviously, they make their own policy decisions. My general sense about this is that I am surprised there has not been more messaging to deter continuing fraud of these schemes and to demonstrate to people the likelihood that they are going to be detected. I am not just talking about the City of London police; I am talking about the whole system here. There has been a bit of that but, given the amounts we are talking about, the scale of the schemes and the length, I was expecting a stronger deterrent message.
Dame Angela Eagle: The amounts are likely to be billions.
Gareth Davies: That is not an expensive thing to do, to give a strong deterrent message with convincing details about the amount of resource that is going to be devoted to detection and recovery. We have seen stories about arrests and prosecutions, but they have been very small numbers so far. It is not a comment on any police force, but in general terms a stronger deterrent message would be very helpful.
Q448 Dame Angela Eagle: Mr Reddaway, you are waving your hand. On deterrent messages, this is actually the opposite. It is almost like a green light message: “Unless you are an organised criminal gang, the police are not going to be on your back, so do what you like”. It is almost the opposite of what you would like to see. Mr Reddaway, what are your thoughts?
Joshua Reddaway: I just want to add the footnote, which is that both DWP and HMRC have their own investigative powers and processes. They would only get the police involved in order to make an arrest and would make their own referrals to the CPS. Actually, it does make sense, what you are hearing about the police getting involved in the more serious stuff. The other body you would expect to hear in there is the National Crime Agency, dealing with serious organised crime as well. That does not take away from the overall point that these things are important for deterrence.
Q449 Dame Angela Eagle: We have had more of a view about what the police are not going to get involved in, rather than deterrent messages about guarding the public finances from fraud. Given the amount of money and the risks involved that were being brought to bear in the crisis, it might have been helpful to spend a little bit on that messaging, rather than communicate the opposite, do you not think?
Joshua Reddaway: The onus is on the Departments to do this, as much as it is on the police.
Q450 Harriett Baldwin: Thank you for your interim report on the test and trace programme. The Treasury seems to use a different approach than it did with the PPE procurement for NHS Test and Trace. It used a Treasury approval point process to approve new spending. Can you explain why you think that the Treasury used a different approach to these two programmes?
Gareth Davies: I would rather not speak for the Treasury there. It would have to give you its own reasons for that. There are some similarities here, clearly, scaling up a vast operation to meet high demand very quickly. There are also some big differences here, between essentially a laboratory‑based testing operation and huge amounts of retail equipment through the PPE system. There are differences, but the Treasury would have to give you its answer to that.
Q451 Harriett Baldwin: You do not have a particular approach that you would prefer generally with procurement programmes.
Gareth Davies: No, and it would need to be tailored to the risks involved in each one. It might well be appropriate for there to be a different approach but, as I say, we have not taken a view in this case on that.
Q452 Harriett Baldwin: As far as the test side of NHS Test and Trace is concerned, obviously we have gone from a capacity of a few thousand tests a day to now a million tests a day. It has been a phenomenal scale-up and has really exceeded expectations, with a stretch target in the early days of 100,000. Now, we are at a million. On the other hand, on the trace side of things, there has certainly been feedback from local public health teams that they would have preferred a more local approach. Are you aware of why the Government were so reluctant to use a more localised approach for the tracing side of things from the beginning?
Gareth Davies: We touched on this in our December report on test and trace, our interim report, as you say. The understanding we had at the time was that there was certainly dialogue between local public health services and the test and trace operation as it was getting going. A local authority chief executive was seconded to the team to help with the planning. There were certainly conversations about it. What seemed to be dominating there was just the sense of national urgency, in that we could not rely on every link in the chain being equally strong at a local level. Therefore, a national, consistent approach was needed. That was a judgment call at the time.
As we observed in our report, the balance of view from the stakeholders we consulted was that they thought a sooner engagement of that local capacity would have been helpful. Things have moved along quite a long way since we did our interim report and we will be reporting again before the summer recess, with an update on everything about test and trace, including this question. We already know that there is a lot more local engagement than we observed last autumn, exactly to this point.
You can see, as the vaccination programme rolls out, test and trace becomes equally critical but in a different way. It becomes about spotting outbreaks in a vaccinated population and stamping on them as quickly as possible, with really good local tracing. The kind that we are seeing for the new variants in some parts of the country at the moment is very targeted, relying very heavily on local knowledge. There, you have to engage the local public health professionals to do that effectively. That is where this is heading, and it needs to be building on that good practice as quickly as possible.
Q453 Harriett Baldwin: You can see the difference with PPE, where no one would suggest that every local authority would be better off procuring its own PPE because, obviously, it is good to be able to buy in bulk. With the trace aspect of test and trace, it appears that the localised approach could be enhanced. Then, in terms of the statement by the previous Permanent Secretary to the Treasury, Lord Macpherson, he said that NHS Test and Trace was the most wasteful and inept public spending programme of all time. You obviously look at quite a few examples of public spending. That is your role. What would your response be to that quote?
Gareth Davies: That is not auditor-like. Obviously, we identified significant problems on value for money in our interim report: the speed at which the commercial arrangements had to be put in place to secure the capacity through private sector laboratories, through to just purchasing the test technology itself. Quite a lot of inflexibility was built into those contracts. We pointed out, when it became obvious very quickly that there were too many contact tracing staff sitting by their phone at home with nothing to do, that the contracts did not allow those costs to be flexibly managed down quickly. They subsequently were changed, but for three months that cost had to be incurred.
The analogy we were using at the time was that the people being charged with this very difficult task were essentially laying the railway tracks in front of the train as it was rolling. A lot of the commercial arrangements definitely needed overhauling in that case.
Another challenging area of value for money is the use of consultants. The Public Accounts Committee reported on this point in strong terms, when it held its hearing on this report, and quoted the number of consultants paid thousands of pounds a day. It accepted why that might be necessary in the start-up phase but queried why it was lasting as long as it was, and whether the number of consultants paid at such high rates was necessary so far into the programme. That was another important value for money question.
Q454 Harriett Baldwin: Would you say that is the most important lesson that the Government need to learn? Your report says the Government need to learn lessons. Are those the key lessons or are there others?
Gareth Davies: There are many. There is the central/local question that we discussed; commercial flexibility, so how you bring in fast access to the capacity you need while building enough capability to vary it when you get better information about what you really need to pay for; and then not becoming dependent on very expensive consultants and for that arrangement to last no longer than it absolutely has to. Those are three of the big ones.
Q455 Harriett Baldwin: Of the £37 billion that often gets quoted, how much has been authorised versus how much has been spent?
Gareth Davies: That is the amount that was authorised, so £22 billion of that was for the financial year up to the end of March, and the other £15 billion for the year we are now in, so 2021-22. Those were authorised limits for planning purposes. We do not have the amount spent in 2021 yet, because that would obviously be a feature of the accounts for the Department of Health and Social Care. We know that it will not be as high as £22 billion, because the Department has already made that clear to us, but it is obviously a significant figure in the accounts. We will be putting a lot of audit attention into making sure that the evidence supporting the number is sound.
What is striking is how difficult it has been to accurately predict the spend of this service, partly for obvious reasons that the need for testing has fluctuated with the various phases of the pandemic. The very high peak in January drove a level of spend. At the moment, we are expecting that number to be in the high teens for 2021, rather than £22 billion. Obviously, it is too early to say what the actual spend will be in the current financial year.
Q456 Harriett Baldwin: Do you know how much of that breakdown is into test and how much is into trace?
Gareth Davies: I will give you a rough estimate. Between 85% and 90% of the cost is on testing, and 10% to 15% of the cost is on tracing.
Q457 Harriett Baldwin: Are you are the point now where you can actually say how much it is costing to do each test? Is there a marginal cost for the tests now?
Gareth Davies: There is data on that. I do not have those figures with me, I am afraid, but there is data on the unit cost of tests. Clearly, now, the Government need to be tracking this very carefully. They are offering free tests to every household at the moment, a certain number per week. As of right, if you are symptomless, have not previously had the virus and so on, you can apply for free tests. To understand the cost of that programme, Government are working on various unit cost estimates but, as I say, I do not have the numbers now.
Harriett Baldwin: They do not have one at the moment.
Q458 Alison Thewliss: I have some questions about the impact of the crisis on the Government’s financial reporting and the NAO’s audit and value for money work. First of all, in relation to a letter to the Public Accounts Committee on 3 December last year from the Chief Secretary to the Treasury, which said that some Departments had experienced significant delays in publishing their 2019-20 accounts, can you tell us anything more about which Departments those were?
Gareth Davies: Obviously, it was a very challenging period because, apart from responding to the pandemic, finance teams were suddenly working from home and using systems that were not designed to be operated remotely. Our staff were all working from home in that phase as well. Our systems are designed to be worked remotely, so we did not have any difficulties operating the systems, but none of our staff had audited Government accounts completely remotely before. Last summer was a learning process for everybody.
I was pleased that we were able to certify six of the 17 main Departments before the summer recess last summer, including some very big and complex ones like DWP, for example. It was possible, but 11 of the 17 were delayed beyond the summer recess, which is later than we would expect in a normal year. I would pay tribute to the finance teams in Departments and to my own teams, who worked together to devise solutions to things we had always done face-to-face using hard copy information. Everything was done electronically and remotely.
Clearly, as auditors, we had to be very alert to risks that we were not getting the full picture or not using reliable evidence. Some of the extra time was because we were making sure that our audits were of the right quality and that we were not accepting substandard evidence to make our judgments. My guiding principle for the organisation throughout that period was: no dilution of audit standards to achieve a deadline. We must get this right. In the circumstances, we delivered a timely set of audits.
For this year, some things are going to be easier. We have a lot of learning from last year that we can apply in advance and we know what works now, so we can just do that straight away, but some things are harder. For 2021 accounts, they will contain the bulk of the spending that we have been talking about in this session, because clearly it started in March or April, at the beginning of the financial year, and has gone all the way through to this March.
In the case of the Department of Health and Social Care, for example, we are looking at more than £60 billion of unplanned additional expenditure on PPE, on test and trace and on the vaccine programme, as the three main drivers of that, all of those with significant audit risks. We have just been talking about the fraud risk, but there are issues around accuracy of measurement and understanding exactly how much PPE stock there is in the country at the end of March. These are tedious audit questions but really important for getting an accurate take on the financial position of the Department. While we will be slicker working with Departments on remote working, there is a lot of audit risk, involving a lot more audit testing.
This year, we are expecting around about seven or eight of the Departments to be certified pre-recess, and the other 10 after the recess. Overall, it will be a bit earlier this year than last year. The reason it cannot all go back to a normal timetable is that issue about the sheer volume of spending that we are auditing this year, and the level of risk associated with much of that spending, which is very high. Again, we are ensuring that Parliament gets a thorough audit, so it can rely on the accounts that are presented to it, and getting that balance between speed and quality, which has been a bit of a theme of today’s discussion. That applies to auditing as well as all the other areas.
Q459 Alison Thewliss: It must have been quite a job, to do this at scale and to have people working at home on those things, and all credit to the staff you have in completing that task. Could I just ask for clarity? Which was the last of the 17 to come in and when was that?
Gareth Davies: It may not be a big surprise, but that was the Department of Health and Social Care, partly because of the impact of the pandemic on that Department. Obviously, we are talking about the 2019‑20 accounts, so the pandemic only came in right at the end, and there were other issues to do with trust finances and so on that needed a lot of audit attention. The main effect was that, of all the Departments, it was probably the most affected by the pandemic, and that was reflected in the timetable. We expect the Departments that you would expect to be most affected, like the Department of Health and Social Care and BEIS, to be towards the later phase of this year too.
Q460 Alison Thewliss: What was the date for the Department of Health and Social Care?
Gareth Davies: That was in late January.
Q461 Alison Thewliss: That is quite significantly behind the rest.
Gareth Davies: Yes, it was much later than we would want because, obviously, timeliness is an important part of the audit process. Yes, overall we are working on a plan. I have described the expected profile for this year, and we have detailed plans in place for each one of those. Next year, for 2021-22, our aim is to have every Department back on a pre-summer recess set of audited accounts, which was where we were before the pandemic. It will have essentially taken two cycles to restore a normal timetable.
Q462 Alison Thewliss: You talked about the quality of the information you had, trying to get to the bottom of what you have in front of you and whether that is accurate, and issues like that. Will you have to qualify some of the accounts as a result of the increased fraud and error in Government schemes. Is it to that scale?
Gareth Davies: We certainly identified those risks and a lot of those risks we have talked about today. Our audit plans reflect that risk analysis, and we are directing our audit attention to the riskiest areas, as we always do. There is an unusual amount of that this year. That is all I can say really. It would not be a huge surprise if out of that came more qualifications than you would see pre-pandemic, but it is too early to give you any numbers.
Q463 Alison Thewliss: That makes sense. Are there any other practical difficulties, other than those that you have outlined, in terms of getting information or speaking to the people you need to speak to?
Gareth Davies: We have really effective working relationships, so that our dialogue is efficient and we talk to the right people. There are some areas. Anyone who has ever trained as an auditor will have had experience of attending stock counts at the end of the year. Physical attendance at that was one of the basic requirements of the audit process, and we could not do that last March.
There was a lot of innovation to recreate the audit presence remotely, including asking someone to take a mobile phone around with a video on so that you could direct them into parts of the stores and ask awkward questions about what was actually there compared to what was on the records. That is just an example of the innovation that was needed to deal with the fact that we could not attend those things physically. This year, we are hoping to be able to do more physical stock counts, because clearly the conditions are better this year than last, but some restrictions are still in place. Some of that learning is still going to be useful in the future.
Q464 Alison Thewliss: Are there particular pieces of work that you have had to delay or put on the back burner because of the pandemic, such as value for money studies or any other things that you have been working on?
Gareth Davies: Overall, I am very pleased with the fact that we have been able to do 17 reports on the pandemic response since May last year and maintain our focus on the other big risks to value for money across Government. We have reported on some of the major infrastructure schemes, for example. The gigabit broadband rollout is a good example of that. We have delivered what we planned to do on really important areas, like how Government are organising themselves to deliver the net zero commitments. We have looked at very detailed areas of concern, things like the way the towns fund was operated and similar targeted exercises.
We have been able to maintain the coverage that Parliament would expect from the NAO and have this focus on the pandemic response in a timely way. Again, it is a credit to my teams, who have been able to pull that off, with a lot of hard work along the way and a lot of co‑operation from Departments to be able to do that.
We deferred some individual pieces of work, but only a handful, and we are planning to come back to those topics when the pressure on the pandemic part of our work programme reduces. As just one example, we were planning to audit maternity services in the NHS, a crucial area for lots of people, but it obviously was impossible to do the hospital visits that we need to do as part of that work over the last year. That is in our “come back to it” list for when conditions allow.
Q465 Alison Thewliss: That is good to know and certainly one to look out for. Lastly, I am just thinking of a slight follow-up question from some of the issues you discussed with my colleagues earlier around fraud and the job retention scheme. Have you been undertaking any particular analysis of employees who have lost out as a result of this? For example, if a firm has committed some kind of fraud against the scheme, the employees have not had any money from anybody, neither in universal credit nor in job retention scheme furlough payments. Have you done any analysis of the scale of that within the scheme?
Gareth Davies: Andy mentioned the survey that we did as part of our report on both the furlough scheme and the self-employed income scheme. In the absence of other data, we wanted to get a feel for ourselves on the level of reported fraud that employees were aware of, for example, and so on. That gave us a little bit of an insight into the area that you are touching on. We have not specifically focused on what is in place to support employees who find themselves the victims of those kind of frauds but, as part of the compliance work and the recovery work if a fraud is identified, that is clearly an important matter for the Department to consider in those cases. We are not aware of any policy stance on that. Andy can correct me if I am wrong on that.
Andy Morrison: No, that is right. It is the responsibility of employers to pay the employees. That is where HMRC has drawn the line in terms of its supervision, really. Its compliance work may prompt more in terms of getting those payments to people but, clearly, there were difficulties for people to be able to report to HMRC and get action, whether compliance work or interventions with employers. There is that risk. As I mentioned before, we estimated from our survey that 9% of people were asked to work while officially furloughed, and a further 4% were furloughed but not paid all their furlough money. We also collected data on outcomes for people who were not furloughed. In figure 9 of the employment support schemes report, there is a breakdown of outcomes for people who were not furloughed as well.
Alison Thewliss: I just feel as though, from my own casework experience in my constituency, the impact on employees seems to be the bit that is missing on this. By all means, go after employers but, at the end of the day, there are people who have not had any money at all
Chair: That brings us to the conclusion of this session. Can I thank Gareth, Joshua and Andy very much indeed for joining us? It has been extremely helpful.
This is clearly an unprecedented crisis that we have gone through. Very large sums of money have been mobilised by Government at considerable pace. Inevitably, fraud has reared its head, but we have covered a number of the key questions around that. Should fraud have been better designed out of some of these schemes? Was the balance between clamping down on fraud but acting quickly struck correctly in all cases? Was it possible that there could have been less fraud whilst retaining the quick delivery and the benefits of some of these programmes? How could we learn from this and do things better in the future? There were a lot of other questions that you very adeptly covered for us.
Could I thank you very much indeed for joining us today, for throwing light on some of those questions and those important issues, and also for all the very important work that you generally do at the NAO? Thank you very much.