Anti-Fraud Policy

1.     Policy

The University is committed to conducting its activities fairly, honestly and openly, in accordance with relevant legislation, and to the highest standards of integrity.  Further, the University believes that action against fraud is in the broader interests of society. As a charity deriving a significant proportion of its income from public funds, benefactions and charitable organisations, the University is concerned to protect its operations and reputation and its funders, donors, staff and students from the detriment associated with fraud and other corrupt activity.

The University has no tolerance of fraud committed by staff or associated persons, and aims to reduce instances of fraud perpetrated against the University to the absolute practical minimum.  The University will take appropriate action to prevent fraud in respect of its activities. Fraud by University employees or student members acting on behalf of the University will be treated as a serious disciplinary offence.

2.     Standards

Staff and other associated persons who act on behalf of or provide services to the University are expected to act at all times in a manner that is fair, honest and open.  In order to conduct the activities of the University to the highest standards of integrity, in accordance with relevant legislation, and to ensure that there can be no suspicion or appearance of fraud or corruption, they are expected to abide by the following standards:

  • no member of staff or person acting on behalf of or providing services for the University shall commit any form of fraud;
  • all staff shall ensure that the Information Security Policy and other relevant guidance is followed at all times, in order to reduce the risk of fraud from unauthorised access to systems and data;
  • any suspicion of fraud or irregularity should be reported immediately through the channels defined by this Policy, and the University will consider appropriately all such reported instances.

 3.     Application

3.1. Scope

This Policy applies to all staff and associated persons of the University. It shall be made generally available and published publicly via the University website.

This Policy has been adopted by Council and applies throughout the University apart from Oxford University Press, which has its own complementary policy and procedures for the prevention and detection of fraud. This Policy applies in full to majority and wholly-owned subsidiary companies unless separate policies have been formally approved and adopted by the Boards of those companies and endorsed by Council’s General Purposes Committee.

3.2. Definitions

Fraud is a dishonest act or omission that is made with the intent of making a gain or causing a loss (or the risk of a loss). Under the Fraud Act 2006 there are three specific offences:

  1. fraud by false representation (Section 2);
  2. fraud by failing to disclose information (Section 3);
  3. fraud by abuse of position (Section 4).

Corruption is dishonest or fraudulent conduct, typically involving bribery.

Bribery is the offering, promising, giving, requesting, or accepting of a financial or other advantage with the intention to induce or reward improper performance. (See the University’s Anti-Bribery Policy.)

Additional information about these definitions is provided on the University website.

3.3. Examples

Examples of fraud in higher education institutions include, but are not limited to:

  • Fraud involving cash or physical assets
  • Fraud involving confidential information
  • Procurement and payment fraud
  • Payroll fraud
  • Fraudulent expense claims
  • Reference and qualification fraud
  • Immigration fraud
  • Recruitment, appointment and employment fraud
  • Bribery and corruption fraud
  • Academic fraud including admissions, examinations, awards and research
  • Accommodation-related fraud, including preference and payment

3.4. Responsibilities

Every member of staff and associated person who acts on behalf of or provides services to the University is responsible for ensuring that they comply at all times with this Policy.

The Registrar is responsible for ensuring that this Policy is implemented and maintained and that appropriate explanatory guidance is provided.

Heads of Division, Heads of Department (including Faculty Board Chairs), and Heads of University Services (UAS and ASUC) are responsible for ensuring that staff within their divisions, departments or sections (as appropriate), affected students, and other associated persons are made aware of this Policy and associated explanatory guidance.

The Boards of Directors of majority and wholly owned subsidiary companies of the University are responsible for ensuring that this Policy, or an alternate policy that is approved by Council’s General Purposes Committee, is implemented and maintained within those companies, and that staff and other associated persons are made aware of the Policy and associated explanatory guidance.

4.     Risk assessment

The risk of fraud should also be assessed as part of the wider risk assessment and management performed by divisions, departments and committees. Information about pre-employment screening, including standard compulsory checks, is available on the Personnel Services website.

5.     Third parties

The University expects third parties acting for or providing services to the University not to commit fraud and will take appropriate measures and action should it discover that third parties are engaging in fraud.  Third parties are advised, therefore, to make themselves fully aware of the provisions of this Policy and, in particular, the Standards relating to fraud. Where appropriate, the University will include contractual obligations in respect of adherence to this Policy in its agreements with third parties.

6.     Interaction with other policies, procedures and regulations

This Policy interacts and overlaps with a number of other University policies and procedures:

This Policy also takes account of the University’s wider legislative obligations and provisions pertaining to fraud and associated behaviour as set out in but not limited to:

  • The Fraud Act, 2006;
  • The Bribery Act 2010;
  • The Terrorism Act, 2006;
  • The Proceeds of Crime Act, 2002; and
  • The Computer Misuse Act, 1990.

7.     Procedures for dealing with suspected instances of fraud 

Individuals who reasonably suspect the occurrence of fraud in the context of the University’s activities should report their concerns as soon as possible to the Director of Finance, the Registrar or to compliance@admin.ox.ac.uk, providing a brief description of the alleged irregularity, the loss or potential loss involved, and any evidence that supports the allegations or irregularity and identifies the individual or individuals responsible.  Any report will be treated as a disclosure under the University’s Public Interest Disclosure (whistle-blowing) Code of Practice and it will, therefore, be brought to the attention of the Registrar who will decide on the procedure to be adopted and determine whether there is a case to answer. 

Subjecting people who have reported reasonably held concerns or suspicions to any detriment will be regarded as a disciplinary issue, as will abuse of process by making malicious allegations.

Bribery and Fraud Review Group

Where the Registrar has determined that there is a case to answer, the matter will be taken forward under this Policy. It will be considered by a Bribery and Fraud Review Group (‘BFRG’) comprising:

  • the Registrar;
  • the Director of Finance;
  • the Director of Legal Services and General Counsel; and
  • the Internal Auditor. 

With the agreement of all other members of the Group, the officers named may send nominated delegates on those occasions when they are unavailable in person.

The BFRG may call upon the advice of any other person with specialist, technical or professional knowledge that may be relevant to the particular case under consideration. If at any point there is a suspicion that the conduct complained of includes unlawful conduct, the BFRG will take immediate steps to secure appropriate professional advice as to the steps required before proceeding further.

The BFRG will decide on such further steps as are necessary including:

  • investigating the concerns;
  • notifying the police and other relevant authorities;
  • minimising further loss;
  • complying with any requirements of the University’s insurance cover;
  • establishing and securing evidence necessary for criminal and disciplinary action;
  • recovering losses;
  • ensuring that appropriate action is taken against those responsible; and
  • communicating with internal personnel and outside organisations with a need to know, in particular considering:

 - whether there are issues that should be referred to the appropriate funding body under the terms of any grant to which the allegations relate;
- whether the incident should be reported to HEFCE under the terms of the Memorandum of Assurance and Accountability; and
- whether the matter should be reported to HMRC

and will take steps to ensure that the relevant actions are undertaken as soon as is reasonably practicable. 

In any case where immediate action is required, the Registrar or Director of Finance may take the steps he or she deems necessary. Where such action is taken, the Registrar or Director of Finance as appropriate shall report his or her actions and reasoning to the BFRG as soon as possible thereafter.

In any case where a member of the BFRG is the subject of an investigation under the Policy, the Vice-Chancellor or, if he or she is the subject of complaint, the Chancellor will appoint an alternate or alternates to fulfil the role or roles specified under the Policy.

Investigations will normally be carried out by the Internal Auditor or an alternative agreed by the BFRG, taking account of appropriate professional practice, and any relevant guidance issued from time to time by HEFCE, the Charity Commission or any other relevant regulatory body.

The investigator will keep the BFRG informed as to the progress of the investigation and will complete the investigation as soon as reasonably possible.

Student involvement

In cases which involve or may involve students, the Proctors will be informed at the outset of the investigation. If a student is the subject of an allegation of fraud, this will be dealt with by the Proctors under the disciplinary procedures applicable to students.

Staff involvement and suspension

Where an allegation of fraud concerns a member of staff, Personnel Services must be consulted. 

Subject to the advice of Personnel Services, any member of staff suspected of fraud may be suspended (without deduction of pay) pending a full investigation. No one person, acting on his or her own volition, may move to suspend a member of staff in such circumstances.  The suspension of a member of staff does not constitute a finding of misconduct against him or her. Any staff suspended as a result of a suspected fraud will be informed of the reason for the suspension.

Individuals suspended for suspected fraud, and individuals suspended to enable a proper investigation to be carried out, will normally be required to leave University premises immediately and will be denied access to the University’s IT facilities. During the period of any suspension they will not be permitted to return to the premises, to make contact with staff or witnesses, or to act on behalf of the University, unless given express permission to do so by the relevant University authorities. Any infringement of this requirement may be treated as a disciplinary offence.

Confidentiality

All persons involved with the investigation must treat the information in strict confidence. Where necessary, information will be transmitted in confidence to relevant regulatory bodies.  An unwarranted breach of confidence may be the subject of disciplinary action.

Police involvement

In all cases where the police are involved, the University reserves the right, where it would be reasonable to do so, to proceed with its own disciplinary procedures and/or with civil proceedings.

Insurance

In the case of insured claims, the BFRG will ensure that any requirements of the insurance cover are observed.   

Interim reporting

If the Registrar deems that there is a case to answer, the BFRG will notify the Vice-Chancellor and the Chair of the Audit and Scrutiny Committee that a matter has been reported and will be investigated under this Policy; and the BFRG will provide further and confidential interim reports as are deemed necessary. Such reports may be oral or written.

Notifying HEFCE of serious incidents 

The University will notify HEFCE of any serious incidents of fraud as required by the terms of HEFCE’s Memorandum of Assurance and Accountability. 

Recovery of losses

The investigator will endeavour to quantify the amount of any loss. The Director of Finance will take advice from Legal Services and the Insurance Office and may recommend civil action to recover outstanding losses in those cases where there is a reasonable prospect of success. In cases of substantial loss, consideration may also be given to an application for an order to freeze the suspect’s assets pending completion of the investigation.

Final report

The investigator will prepare a report of their investigation for submission to the BFRG: the BFRG will be responsible for considering the findings and making recommendations to the Vice-Chancellor.  The final report will be provided in strict confidence to the Vice-Chancellor and to the Chair of the Audit and Scrutiny Committee. The Chair of the Audit and Scrutiny Committee may, at his or her discretion, share the final report in strict confidence with the Audit and Scrutiny Committee.

The final report will contain:

  • a description of the allegations and the steps taken to investigate them;
  • a conclusion as to whether the allegations made had substance and if so the extent of any loss and any other adverse impact on the University;
  • a description of any steps taken in relation to the individual or individuals concerned together with recommendations as to any disciplinary action;
  • the steps taken to mitigate any losses to the University;
  • the measures taken to minimise the risk of a recurrence; and
  • any action needed to strengthen future responses to fraud, which may include provision for a follow-up report within a specified time frame.

Records 

The Registrar shall maintain a register (the ‘Register’) of all allegations of fraud which are reported within the University (except Oxford University Press, which maintains its own records), including those where there was found to be no case to answer. 

The Register will be maintained and will be available for inspection, subject to the requirements of the Data Protection Act 1998 and the Freedom of Information Act 2000.

The Register shall specify the following, in an anonymised form, in relation to each case of fraud: 

  • what the suspected or actual incident was;
  • whether the incident was suspected or actual;
  • when the suspected or actual incident occurred;
  • what the actual and potential impact of the incident on the University might be;
  • what inquiries were made and/or action was taken, including any reports to other regulators or the police;
  • how any decision to terminate the investigation of the incident was made, and why;
  • what policies and procedures were in place that applied to the incident, whether they were followed, and if not, why; and
  • whether policies and procedures need to be introduced or revised, and if so, how and by when;
  • the date that the final report was provided to the Vice-Chancellor and Chair of the Audit and Scrutiny Committee and, if relevant, to the Audit and Scrutiny Committee.

Communication with parties involved

Subject to the findings of the final report and agreement of recommended actions, the individual or individuals involved will be informed of the outcome as soon as possible after its presentation to the Vice-Chancellor and Chair of the Audit and Scrutiny Committee and, if relevant, to the Audit and Scrutiny Committee.

The complainant will be informed in broad terms of the outcome of the investigation, having due regard to the confidentiality of information relating to the individual or individuals accused and others identified in the report.

References for employees or students disciplined or prosecuted for fraud

All requests for references for members of staff known to have been disciplined or dismissed for fraud must be referred to Personnel Services for advice as to how to respond. In no circumstances must any person provide a reference for a member of staff whom they know to have been dismissed for fraud without first consulting Personnel Services.

References for student members who have been the subject of disciplinary sanction must be referred to the Proctors.

 

Approved by Council on 20 June 2016

A downloadable PDF version of this policy is also available: Anti-Fraud Policy (148kb)

This Policy draws on the BUFDG template policy. Further details at: http://www.bufdg.ac.uk/fraud/toolkit