Tackling fraud in UK aid: country case studies

Executive Summary

Fraud and corruption divert aid from those that need it and entrench poverty and inequality by undermining the systems needed to deliver sustained social, environmental and economic progress. The UK delivers aid programmes in some of the most challenging environments which often involve significant fraud and corruption risks. How the UK protects this spending from fraud is therefore of utmost importance, both to ensure UK taxpayer money is not diverted to corrupt individuals and entities and to safeguard the social, environmental, economic and governance gains it aims to support.

The Public Sector Fraud Authority (PSFA) estimates between 0.5% and 5% of all government spending is lost to fraud and error. The Foreign, Commonwealth and Development Office (FCDO) reported overall detected fraud of £2.2 million in 2020-21 compared to total expenditure of £9.9 billion, a detected fraud loss rate of 0.02%. The PSFA considers reporting of ‘near zero’ levels of fraud to be an indicator of poor value for the taxpayer because it shows that either fraud is not being found or that controls are so tight that the quality of delivery is compromised.

This supplementary review builds on findings and themes from the earlier reviews of fraud and governance in UK aid by the Independent Commission for Aid Impact (ICAI). It assesses how effectively fraud risk is managed in aid programmes delivered through the UK’s global network of embassies, high commissions and other UK government offices, overseen by FCDO Heads of Mission – the UK’s ambassadors and high commissioners. It draws on the principles for public sector fraud as set out by the UK’s Public Sector Fraud Authority:

1. There is always going to be fraud
2. Finding fraud is a good thing
3. There is no one solution
4. Fraud and corruption are ever changing
5. Prevention is the most effective way to address fraud and corruption

During its third commission, ICAI conducted a series of rapid reviews on programme governance and counter-fraud measures in aid spending. Our 2021 review, Tackling fraud in UK aid, assessed how the five biggest aid-spending departments tackle fraud in their aid delivery chains. The review found that measures to prevent and investigate alleged fraud were operating as designed but that detection levels remained low across all departments. It highlighted how individuals and organisations are disincentivised from finding and reporting fraud.

Our 2022 review, Tackling fraud in UK aid through multilateral organisations, assessed how the Foreign, Commonwealth and Development Office (FCDO) ensures the effective management of fraud risks in its core funding to multilateral organisations. The review took place following significant reductions in the UK’s ODA budget, which we found had affected FCDO’s ability to influence multilateral partners and increased overall fraud risk at the country level.

Our 2023 review of The FCDO’s Programme Operating Framework, assessed FCDO’s devolved approach to programme governance and risk management as set out in its Programme Operating Framework (PrOF). This found that while the PrOF has the potential to enable agility and context-appropriate decision-making, its devolved approach requires country-level leadership and local capability and capacity to be effective.

Due to COVID-19 travel restrictions, country visits were not possible for these reviews. Therefore, this supplementary review focused on the experience of in-country programme staff who manage fraud risk on a day-to-day basis and comprise the ‘first line of defence’ to fraud. This included how well the first line is supported by the rules, guidance, intelligence sharing and training which comprise the ‘second line of defence’. The review centred on three in-depth case studies including country visits (Mozambique, Kenya and India), and five case lighter-touch studies conducted remotely (Lebanon, Montserrat, Myanmar, Somalia and

Syria). For each of our in-depth case studies we identified strengths, weaknesses and opportunities. These findings were combined with our remote case studies, interviews with central staff and document reviews to enable us to answer our review questions.

Efficiency: How efficiently does the UK government deploy resources to ensure robust country-level fraud risk management in the aid delivery chain?

Programme teams build long-term local knowledge through locally hired staff, while UK staff posted overseas periodically rotate to bring cross-learning and refreshed scrutiny. This can be undermined, however, if UK staff rotate too frequently and where FCDO struggles to compete for local talent. We also identified areas of potential inefficiency, such as in FCDO’s outsourcing of risk management processes to delivery partners and in managing very small fraud cases.

FCDO has failed to build its second line of defence both centrally and in-country. Its network of fraud liaison officers is a missed opportunity. Central counter-fraud capability is under-resourced and has been unable to take a proactive approach to tackling fraud. This has left in-country counter-fraud capability vulnerable. Similarly, the lack of investment in effective training for programme staff on FCDO’s new finance system, Hera, has led to inefficiencies and increased risk.

A strong second line is essential to support, monitor and challenge the first line of defence.

Effectiveness: How effective are the UK’s overseas teams at identifying and responding to fraud allegations and concerns in aid delivery?

FCDO has good processes for fraud prevention and to investigate reported cases that staff understand and apply effectively. Programme teams recognise the importance of building good relationships to encourage openness about fraud. FCDO is recognised as taking fraud risk management seriously by partners, although programme teams do not travel to project sites as much as they would like and a lot of reliance is placed, sometimes unduly, on due diligence assessments, third-party reporting and audits.

Processes are focused on preventing fraud, which is important, but not on finding it. The second line of defence, both centrally and in-country, is better at supporting teams to implement processes than searching for problems or gathering intelligence. The message that “finding fraud is good” is beginning to get through, but many staff and partners are wary and virtually no fraud is reported compared to FCDO’s spend.

A range of major influences, including the merger to form FCDO, COVID-19, ODA budget reductions and the implementation of a new finance system, have increased the risk of fraud while also distracting programme staff. It is a testament to teams that they have maintained good programme management practices, but good processes are not enough to effectively tackle fraud.

Coherence: How well does the UK work across different UK government teams, departments and bodies (internal coherence), and with external partners (external coherence), to tackle fraud in aid delivery?

FCDO has a strong reputation for taking fraud seriously with partners and donors, which gives it an opportunity to play a leadership role in promoting better coherence in tackling fraud. There are barriers to systematic data and intelligence sharing, but co-operation among like-minded actors is all the more important in the shifting geopolitical landscape.

FCDO has a huge amount of experience of tackling fraud and corruption in its anti-corruption programming, and pockets of expertise elsewhere in its network, including its arm’s length entities British Council and British International Investment, and across other UK bodies and government departments. However, FCDO is not using this knowledge to help promote a coherent approach to fraud across all the UK’s aid delivery.

Heads of Mission do not have clear visibility of the centrally managed programmes that operate in their countries and there is significant variation in Heads of Mission’s understanding of their responsibility for risk in these programmes. FCDO teams in-country are working to address this, but each country is doing it independently.

Overall, FCDO is not doing enough to match its counter-fraud capability to evolving risks faced by programme staff in the field. While it has strong counter-fraud processes and diligent programme staff who have good relationships with partners, it places insufficient value on the professional development of in-country counter-fraud and programme staff, and has under-invested in its central and in-country second line of defence. The lack of robust second-line capacity has two concerning consequences. The first is that as fraudsters evolve and become more sophisticated, FCDO risks being left behind in areas such as cybercrime, artificial intelligence and the use of big data. The second is that in-country staff are not properly supported. FCDO risks relying on the accumulated skills and capabilities of former Department for International Development programme management staff rather than adapting to meet the ever-changing fraud landscape.

Recommendations

Recommendation 1

FCDO should take a substantially more robust and proactive approach to anticipating and finding fraud in aid delivery.

Recommendation 2

FCDO should strengthen its second line of defence in the top 20 ODA recipient countries, allocating dedicated, well-trained and sufficiently senior resources to manage fraud risks.

Recommendation 3

FCDO should develop specific guidance on capital investments within its Programme Operating Framework.

Recommendation 4

FCDO should increase Head of Mission oversight of and accountability for fraud risks relating to centrally managed programmes and other government department programmes that operate in their country.

1. Introduction

1.1 Fraud and corruption not only divert aid from those that need it, but entrench poverty and inequality by enriching corrupt and powerful individuals and undermining the systems and culture needed to deliver sustained social, environmental and economic progress.

“As a direct result [of corruption], education, health and other development priorities remain underfunded; the natural environment is ravaged; and fundamental human rights are violated. Those who suffer the consequences are ordinary citizens, and particularly those most left behind.”

Transparency International

1.2 The UK is the sixth-largest official development assistance (ODA) donor. Anti-corruption programmes play a part in the UK’s ODA programming, but amount to less than 0.2% of the total ODA spend across all sectors. The UK spends ODA in some of the most challenging environments which often involve significant fraud and corruption risks. How the UK protects all of its ODA from fraud is therefore of utmost importance, both to ensure UK taxpayer money is not diverted to corrupt individuals and to safeguard the social, environmental, economic and governance gains it aims to support.

1.3 The UK participates in the International Public Sector Fraud Forum (IPSFF) along with Australia, Canada, New Zealand and the United States to share good practice in fraud risk management. The UK’s Public Sector Fraud Authority guidance for effective fraud control in ODA has adopted IPSFF’s five principles, as shown in Figure 1.

1.4 This supplementary review focuses on the challenges that the UK’s country teams face in managing fraud risk at the country level. Drawing on the principles in Figure 1, it assesses how effectively fraud risk is managed in ODA delivered through the UK’s global network of embassies, high commissions and other UK government offices, overseen by Foreign, Commonwealth and Development Office (FCDO) Heads of Mission – the UK’s ambassadors and high commissioners.

Table 1: Our review questions

2. Methodology

2.1 This supplementary review is based on case studies of how country staff manage fraud risk in programmes that include official development assistance (ODA). It supplements a series of rapid reviews looking at fraud and governance in ODA since 2020:

• • Tackling fraud in UK aid, published in 2021.
  • Tackling fraud in UK aid through multilateral organisations, published in 2022.
  • The FCDO’s Programme Operating Framework, published in 2023.

2.2 Due to COVID-19 travel restrictions, fieldwork was not possible for the previous reviews. This review was designed to complement and follow up on the themes identified in the earlier reviews, summarised in Section 3, by focusing on the perspectives and experiences of the UK’s overseas programme staff. We used case studies to assess how well fraud risk is managed at the country level and to draw out examples of good practice, areas of weakness and learning opportunities relevant to wider fraud risk management in the Foreign, Commonwealth and Development Office (FCDO) and other UK government departments that manage ODA programmes.

2.3 Our methodology comprised the following components:

1. Review of the current FCDO and cross-government guidance and FCDO fraud data.

This included reviewing documentation provided by, and interviewing, central, UK-based FCDO counter-fraud staff. We also reviewed FCDO fraud reporting data and documentation for a sample of six significant closed cases of suspected fraud reported through FCDO’s systems. This provided context for our case studies and insight into developments in FCDO’s fraud risk management since the earlier reviews.

2. In-depth country case studies: India, Kenya and Mozambique.

These included field visits and involved:

• A review of relevant FCDO and public materials for the country, such as risk assessments and fraud reporting data, and interviews with senior officials responsible for fraud risk management.
• Interviews with programme management staff and a review of risk management documentation for a diverse sample of three to five programmes per country.
• Interviews with key external stakeholders such as delivery partners, local civil society organisations, other aid agencies and donors, local counter-fraud professionals and experts, and host government officials.

These case studies provided a deeper view of fraud risk management in country-specific ODA-funded programmes. The in-country work helped us understand the interface between policy, guidance, and practice and how this is informed by attitudes and behaviours towards fraud and fraud risk management by staff with these responsibilities. They form the core part of this review and enable comparison between different countries, programmes and contexts.

3. Supplementary case studies: Lebanon, Montserrat, Myanmar, Somalia and Syria.

For a further five countries, we undertook:

• A review of relevant FCDO and public materials for the country, such as risk assessments and fraud reporting data.
• Interviews with programme management staff and review of risk management documentation for a sample of one to two programmes per country and a sample of fraud reporting and whistleblowing cases where applicable.

These case studies provided breadth to the review and enabled us to compare approaches across a wider range of countries and programmes, including those with smaller ODA budgets and conflict-affected environments where aid delivery is managed remotely.

2.4 The three in-depth case studies are presented in Section 4 of this report, including strengths, weaknesses, challenges and opportunities that we observed. These, combined with the other aspects of the methodology, inform a discussion about the overall efficiency, effectiveness and coherence of fraud risk management in UK aid delivery in the second part of Section 4. Our conclusions and recommendations in Section 5 relate to this wider analysis.

Our review approach to fraud and wider corruption

2.5 The UK’s 2006 Fraud Act describes fraud as making a false representation, failing to disclose relevant information or the abuse of position to make financial gain or misappropriate assets. While fraud requires intentional deceit or abuse of power, for this review we took a broad interpretation of fraud, including bribery, theft and other corrupt acts relating to UK ODA. This is consistent with our approach in previous reviews. In addition, this review looks both at the risk of fraud to UK ODA and the risk that UK ODA enables fraud of third parties. We did not, however, audit any data or systems, nor did we seek to identify new fraud cases or quantify fraud levels in UK aid.

2.6 Further details about our scope and methodology are provided in the approach paper published in December 2023.

3. Background

3.1 The UK’s global network of embassies, high commissions and other government offices, overseen by its Heads of Mission – the UK’s ambassadors and high commissioners – brings together the UK’s diplomatic and aid delivery capability to promote the UK’s interests and tackle poverty and global challenges through overseas partnerships. The Foreign, Commonwealth and Development Office (FCDO) has more than 17,000 staff in diplomatic and development offices worldwide, including 281 embassies and high commissions. FCDO Heads of Mission have overall responsibility for the UK’s strategy and risk management in each country. Other government departments with overseas operations deliver programmes according to their own procedures, but their country-based officials also have a reporting line to the FCDO Head of Mission.

3.2 In 2022, the UK delivered £2.4 billion (18%) of the UK’s £12.8 billion ODA expenditure though country specific bilateral programmes. Of this, FCDO managed £2.1 billion (27% of FCDO’s £7.6 billion total ODA expenditure), with other government departments managing the remainder. Country-specific bilateral ODA is primarily managed by staff based in the country of delivery. It excludes global and regional programmes and core contributions to multilateral organisations (covered in previous reviews in this series), but includes some country-specific expenditure managed by staff based in the UK or a third country for security, political or logistical reasons, such as in the case of the UK Office for Syria which has staff based in the UK and Lebanon.

ICAI reviews before the DFID-FCO merger

3.3 Financial governance and fighting fraud and corruption have been key themes for the Independent Commission for Aid Impact (ICAI) since its inception in 2011. Prior to the creation of FCDO in 2020 – merging the Foreign and Commonwealth Office (FCO) with the Department for International

Development (DFID) – ICAI’s reviews in this area focused primarily on DFID. ICAI’s programmatic reviews have uncovered major governance failings, such as its reviews of Girl Hub in 2012 and TradeMark Southern Africa in 2013, leading to urgent changes at both the programme level and in DFID-wide risk management processes, such is its pre-grant due diligence.

3.4 ICAI’s thematic reviews in this area include the 2011 review of DFID’s approach to anti-corruption, which highlighted the need for greater co-ordination in DFID’s approach to risk management, anti-corruption programming and fraud resourcing. A subsequent review in 2014 recommended more programmes targeting everyday corruption experienced by the poor, and for DFID to gather evidence of effectiveness in anti-corruption measures, disseminate lessons learned and cultivate expertise to help drive anticorruption efforts globally.

3.5 ICAI’s 2016 review of DFID’s approach to managing fiduciary risk in conflict-affected environments commended DFID for good practice in identifying fiduciary risks in programme design and implementing measure to mitigate risks in challenging contexts. However, the review raised concerns about confusion among staff and partners about what it meant for DFID to have “‘zero tolerance’ to fraud and corruption” in high-risk environments, and the potential for this messaging to discourage reporting of suspected fraud and corruption. The report also recommended that DFID clarify expectations around risk transfer down the delivery chain and improve transparency and monitoring of fiduciary risks in bilateral

programmes implemented by multilateral partners. DFID responded positively, strengthening guidance around risk appetite, and implementing supply chain mapping for all programmes, including those with multilateral partners.

ICAI fraud reviews after the formation of FCDO

3.6 ICAI’s 2021 review, Tackling fraud in UK aid, looked across five ODA-spending government departments: DFID, FCO, the Department for Business, Energy and Industrial Strategy (formed in 2016 and dissolved in 2023), the Home Office and the Department of Health and Social Care. Research for this review coincided with the merger of DFID and FCO in September 2020. At this time, former DFID and FCO programme management and counter-fraud systems and functions were still being operated in parallel. As the review was looking at past performance, we assessed DFID and FCO as separate departments but with a view to providing timely insights for the newly formed FCDO. The review also took place during COVID-19 travel restrictions and provided initial learning about how this had impacted fraud risk management, especially the necessity for remote monitoring.

3.7 Due to travel restrictions, this review focused on the risk management support functions (central second line of defence) and fraud reporting and investigation (third line of defence). We also surveyed more than 400 frontline staff, counter-fraud professionals and delivery partners (first line of defence) to understand their perceptions of fraud in UK aid. The review found that measures to prevent and investigate alleged fraud were operating as designed but that detection levels remained low across all departments. Among former DFID staff we found that the understanding of ‘zero tolerance to fraud’ had evolved since our 2016 review to be understood as “fraud risks can be taken with proportionate controls in place [and] zero tolerance for inaction to prevent and quickly rectify problems when they come to light”.

3.8 This more nuanced understanding was not shared across all departments or by partners, including DFID partners, risking the unintended of consequence of burying fraud deeper, as individuals and delivery partners down the delivery chain fear the consequences of reporting fraud. Our 2021 survey aimed to understand why so little fraud is reported (see Figure 2). The main reasons given were:

• People are not incentivised to look for fraud (71% considered this likely or very likely).
• People fear reporting will damage the reputation of UK aid or result in reduced funding (69% considered this likely or very likely).
• People are afraid or disincentivised to report fraud (73% considered this likely or very likely).

3.9 Two key disincentives identified in ICAI’s 2021 review were, first, the administrative burden that results from information demands when reporting fraud and, second, that delivery partners often bear the fraud costs, rather than these being successfully recovered from the fraudster.

Figure 2. Stakeholder perspectives on why so little fraud is reported in UK aid

3.10 This review made four recommendations (see Box 1), consistent with good practice set out by the Organisation for Economic Co-operation and Development (OECD) Development Assistance Committee. This includes that agencies should work towards a comprehensive system for corruption risk management, such as: codes of ethics; whistleblowing mechanisms; financial control and monitoring tools; sanctions; co-ordination to respond to corruption cases; and communication with domestic constituencies (taxpayers and parliaments) on the management of corruption risks. It also states that agencies should “communicate clearly about how confidential reports can be made, including providing training if necessary, and streamlining channels to reduce confusion”. It suggests that agencies should “communicate clearly and frequently about the processes and outcomes of corruption reporting, to build trust and reduce any perception of opacity around corruption reports and investigations”.

3.11 While the government decided not to introduce a centralised ODA counter-fraud function, it did establish an ODA Counter Fraud Forum led by FCDO to help ensure good practice and consistency of the ODA counter-fraud response and share intelligence across all ODA-spending departments. Progress on the remaining recommendations, however, was hampered by severe and protracted resource shortages and staff turnover in FCDO’s central counter-fraud and investigations teams following the DFID-FCO merger. As a result, ICAI’s follow up reviews published in 2022 and 2023 found that little progress had been made in addressing recommendations 2, 3 and 4. Further developments relating to these recommendations are included in Section 4 of this report.

3.12 ICAI’s 2022 review, Tackling fraud in UK aid through multilateral organisations, assessed how FCDO ensures the effective management of fraud risks in its core funding to multilateral organisations, which was excluded from the scope of the 2021 review. This review took place following significant reductions in the UK’s ODA budget, which we found had affected FCDO’s ability to influence multilateral partners. Also, unplanned budget reductions increased overall fraud risk at the country level, creating gaps in local mechanisms and heightening fraud risk in affected programmes. FCDO’s response to this review has led to a more joined-up approach to managing fraud risks across FCDO’s portfolio of multilateral organisations, including better knowledge sharing between FCDO’s multilateral teams, and peer review of central assurance assessments.

FCDO’s Programme Operating Framework and risk management

3.13 FCDO has a devolved approach to programme governance and risk management, set out in its Programme Operating Framework (PrOF). This framework is based primarily on the rules, principles and guidance that evolved during years of DFID aid delivery, adapted for the FCDO context. The PrOF was rapidly developed after the September 2020 merger of DFID and FCO and launched on 1 April 2021, in time for the first financial year of the newly formed department. FCDO intended the PrOF to establish a common approach to ODA and non-ODA programme management across the new department. It provides the basis for how FCDO programmes should be managed to ensure high standards and meet central government expectations.

3.14 The PrOF applies to all FCDO policy programmes, not just ODA, but does not apply to other government departments, some of which also manage country-specific ODA programmes. Other government departments manage and are accountable for programmes according to their own procedures, but their country-based staff also have a reporting line to the FCDO Head of Mission, who is responsible for in-country risk management.

3.15 ICAI’s 2023 rapid review of The FCDO’s Programme Operating Framework found that while the PrOF has the potential to enable agility and context-appropriate decision-making, its devolved approach requires country-level leadership and local capability and capacity to be effective. The PrOF defined a new set of roles for programme delivery (see Box 2 and part 4 of the publicly available PrOF document). Changes to the senior responsible owner (SRO) role, to make it more senior, and the addition of a programme responsible owner (PRO) reporting to the SRO, has also helped to align FCDO with other government departments. The addition of a portfolio SRO at the Head of Mission level situates the devolved model within a country-level portfolio approach to delivering UK priorities that supports coherence between FCDO’s programmes and policy work. These have the potential to make FCDO’s ODA and non-ODA programming better at delivering strategic goals, but we found the roles to be poorly understood by programme staff and limited engagement with the PrOF at the Head of Mission level. FCDO responded positively to our recommendations, including relating to these findings.

3.16 The PrOF is a critical tool for ensuring effective fraud risk management and many of the rules relate directly or indirectly to good counter-fraud practice. Central to the PrOF are 10 principles and 30 mandatory rules that govern FCDO’s programmes. Each rule has associated guidance, but it is up to programme staff to decide how to implement the rules based on the PrOF principles. Figure 3 sets out the PrOF principles and summarises key rules relating to fraud risk management.

Figure 3: PrOF principles and key rules relating to fraud risk management

The UK’s Public Sector Fraud Authority

“The fraud perpetrated against aid in its many guises is not victimless – it has a clear and immediate impact on life-saving projects across the world as well as undermining the hard work of those involved from taxpayers onward. Tackling the epidemic of fraud is essential for security, credibility and to ensure all funds have the impact intended.”

Public Sector Fraud Authority

3.17 The UK’s Public Sector Fraud Authority (PSFA) was launched by the Cabinet Office in August 2022 to “transform the way that the government manages fraud” by working “with departments and public bodies to better understand and reduce the impact of fraud against the public sector”. This is part of UK’s aim “to be the most transparent government globally in how we deal with public sector fraud”. PSFA’s remit includes research, analysis and intelligence gathering. It also sets cross-government counter-fraud standards for public bodies and assesses public bodies against these standards, and sets professional standards for staff to develop capability through a counter-fraud profession.

3.18 PSFA estimates between 0.5% and 5% of all government spending is lost to fraud and error. FCDO reported overall detected fraud of £2.2 million in 2020-21 compared to total expenditure of £9.9 billion, a detected fraud loss rate of 0.02%. Similar low levels of detected fraud are reported across UK government departments and by other major donors. Prior to the merger of DFID and FCO to form FCDO in 2020, DFID was detecting fraud losses at 0.06%. PSFA considers reporting of ‘near zero’ levels of fraud to be an indicator of poor value for the taxpayer because it shows that either fraud is not being found or that controls are so tight that the quality of delivery is compromised.

3.19 PSFA ODA guidance sets out some of the main fraud challenges pertinent in aid delivery and indicators of heightened fraud risk. It highlights learning from COVID-19 programmes, including the importance of:

• working with fraud control experts to support the design of the aid scheme
• developing intelligence capability, and collecting and sharing consistent data across donor governments
• including counter-fraud communications campaigns and post-event assurance in programme design to detect fraud and error
• sharing experiences and best practice with international and local partners to build knowledge and expertise.

3.20 A section on ‘Managing counter fraud in the international aid cycle’ in the PSFA guidance sets out how to incorporate good aid practice in each stage of programme delivery from needs assessment to peer review and lesson-learning processes following closure. It links to resources from the US, but not the UK or other countries, namely the US Agency for International Development anti-fraud plan (although this link did not work when we tried to access it on 29 February 2024) and the US Agency for International Development Office of Inspector General, Compliance and Fraud Prevention’s A pocket guide for programme implementers.

3.21 The guidance references a World Bank Development Research Group study on Elite capture of foreign aid that shows “aid disbursements to highly aid-dependent countries coincide with sharp increases in bank deposits in offshore financial centres known for bank secrecy and private wealth management, but not in other financial centres” resulting in an implied leakage rate of 7.5 percent. It also provides real world examples of fraud cases relating to collusion in tendering processes, the creation of false identities of refugees eligible for aid and an instance where an estimated £5 million was diverted to corrupt aid workers, community leaders and business owners though a complex fraud scheme. It unfortunately does not give sufficient details to understand what could have prevented the fraud or how it was found. It is nevertheless a step towards more open discussion to help drive a “change in perspective so the identification of fraud is viewed as a positive and proactive achievement”.

Fraud liaison officers

3.22 FCDO has continued DFID’s network of fraud liaison officers (FLOs) based in country teams. The FLO role is not to investigate fraud (which is the job of the central IAID) but to “encourage reporting of all or any suspicions”, “[advocate] the need for fraud prevention, detection and response across the organisation and [promote] a deeper understanding of FCDO’s zero tolerance approach to fraud”. FLOs should also “challenge inaction and importantly highlight and help to promote best practice”.

3.23 The role is set out in terms of reference but is not mandatory and it is up to each embassy or high commission to decide whether and whom to appoint and what the role should entail in their context. There are no specified qualification, training or experience requirements or recommendations. The terms of reference, however, set out responsibilities FLOs can expect, which are:

• “Liaison and support for Internal Audit and Investigations Directorate (IAID), including oversight of progression of business managed cases
• providing advice and helping to raise awareness
• analysis and risk management.”⁵⁷

3.24 The FLO role is not full time. While there is no hard rule, FLOs are expected to dedicate an average of 10% of their time to the role.

3.25 A cross-FCDO FLO network provides a forum for discussion between FLOs and with central fraud specialists, intended to provide two-way learning. The terms of reference also states that “FLOs are expected, unless in circumstances where normal duties need to be prioritised, to attend and participate in bi-monthly sessions and conversations on the dedicated [Microsoft] Teams site”. Each government department has its own fraud risk management structure. This review focuses on FCDO’s structure and also how FCDO interacts with other departments in-country. The FLO network applies only to FCDO and there is no indication of any expectation for engagement between FLOs and other government departments.

The three lines of defence model

3.26 FCDO uses an established model of three lines of defence against fraud as shown in Figure 4. FCDO’s first line of defence is typically based in-country, with a few exceptions such as FCDO Syria for security reasons, and FCDO Montserrat which is managed remotely. FCDO’s second line of defence is split between central functions, which include the Control and Assurance counter-fraud team and the Centre for Delivery, and country-specific resources which may include an FLO and a cross-cutting country team such as the Delivery Unit in India or the Accountability and Results Team in Kenya. FCDO’s third line of defence – IAID including the fraud investigations team – is independent of FCDO country offices and based in the UK.

Figure 4: FCDO’s three lines of defence model

Sources: The IIA’s the lines model, Institute of Internal Auditors, p. 3-4, link; FCDO Programme Operating Framework, Foreign, Commonwealth and Development Office, updated 19 December 2023, p. 45, link; FCDO Fraud Response Plan, Foreign, Commonwealth and Development Office, accessed 20 November 2023, unpublished.

FCDO’s new finance system, Hera

3.27 FCDO was formed in 2020 with the merger of FCO and DFID. At this time, DFID operated a finance system called ARIES and FCO used one called Prism. FCO, however, had already selected a new finance system, Hera, to replace Prism. After the merger, FCDO adopted Hera as the new system for the merged department. Implementing Hera was problematic and delayed. FCDO originally had more ambitious integration and modernisation plans but the government’s Infrastructure and Projects Authority found these “overambitious and unachievable” given FCDO’s resources. FCDO scaled back its ambition to focus on creating a shared IT architecture and integrating former DFID and FCO aid programmes onto a common platform. Hera was finally launched in June 2023 although some functionality, such as access to full programme finances where some data was previously on ARIES, was not available until later in 2023. The implications of the Hera implementation for the efficiency and effectiveness of fraud risk management are discussed in Section 4 of this report.

4. Findings

4.1 Case studies for Mozambique, Kenya and India are summarised on the subsequent pages, presented in the order in which we visited the countries. The case studies highlight the main strengths, weaknesses, challenges and opportunities that we observed. These are followed by our analysis of the efficiency, effectiveness and coherence of counter-fraud in UK aid. This brings together findings from the Mozambique, Kenya and India case studies, insights from our lighter-touch review of aid delivery in Lebanon, Montserrat, Myanmar, Somalia and Syria, and our review of documentation and discussions with central teams. Figure 5 shows the case study countries alongside their UK ODA spend and fraud data. The figure also shows differences in how the fraud liaison officer (FLO) role, described in paragraphs 3.22 to 3.25, is deployed in each of the case countries.

Figure 5: Map of case study countries and ODA spend in 2021-22

Notes: The values for fraud found are based on closed cases recorded in internal FCDO reporting. Fraud is not necessarily found in same year as it occurred. Additionally, FCDO does not capture fraud that occurs in pooled funds to which it contributes, as discussed later in the report.

FCDO ODA spend is based on the published accounts for FCDO while the numbers of programmes come from the UK government’s Development Tracker website. Spend in the published accounts differs from the that published on the Development Tracker website as explained in Annex 1.

Country case study: Mozambique

In the two decades after its first democratic elections in 1994, Mozambique achieved high economic growth, human development progress and relative peace. This success attracted substantial amounts of Official Development Assistance (ODA), including budget support from donors such as the UK. During this period, Mozambique received 10-15% of total foreign direct investment inflows into sub-Saharan Africa. This momentum ended abruptly in 2016 with the revelation of £1.73 billion in state-backed ‘hidden debts’, guaranteed without parliamentary approval and much of it diverted to enrich private individuals. This led to a protracted economic downturn. ODA fell from 17.5% to 12.4% of gross domestic product (GDP) between 2013 and 2018. This combined with cyclones, conflict in the north and the impact of COVID-19, slowed Mozambique’s progress. It remains sixth from bottom in the United Nations’ Human Development Index and is one of the most climate-vulnerable countries in the world.

Fraud and corruption are commonplace in Mozambique, including political, petty and grand corruption, embezzlement of public funds, and a deeply embedded patronage system. Mozambicans face a constant threat of fraud and corruption. We heard many typical examples such as citizens being required to pay bribes at police checkpoints, to register children at schools or obtain exam results, to access ostensibly free healthcare, or to obtain official documents such as a driving license. During our fieldwork, opposition groups were protesting about widespread municipal election irregularities that were highlighted by election observers and donors including the US, EU and UK.

UK aid to Mozambique

The UK still does not provide direct budget support to the Mozambican government. One of the five goals of FCDO’s country plan is “promoting freedom and democracy” which includes “strengthening inclusive, accountable, and democratic politics and institutions”. Six of the ten in-country ODA programmes, which are all FCDO-managed, focus on this, representing around 60% of the 2023-24 programme budget. Included in our sample were the Tax and Economic Governance (TEG) and Transparency and Accountability for Inclusive Development (TACID) programmes.

Strengths

We found that programmes had been designed to minimise fraud risk. Procedures were in place to manage risk during delivery which were embedded into partner selection.  For example, the Waala programme to deliver family planning products to girls and women involved using the United Nations Population Fund Sexual & Reproductive Health Agency (UNFPA) to undertake procurement outside the government systems and had built in stock checks along the delivery chain to ensure products arrived at remote clinics. The programmes, designed to promote freedom and accountability, directly tackle priority fraud and corruption challenges, including TEG which provides technical support to the government on public investment, debt and fiscal risk management relating to the growing extractives sector, and TACID, which includes funding the local affiliate of Transparency International, Centro de Integridade Pública (CIP).

Programme staff took fraud risk seriously and understood  FCDO’s Programme Operating Framework requirements. We saw examples where additional controls, such as spot checks, had been implemented, although this was more down to individual initiative than necessarily aligned to the risk. More importantly, however, we saw evidence of programme teams responding to potential risks. A payment was made to a partner from UK funds, rather than from other donor funds that the UK managed, which was permitted by the newly implemented Hera finance system. This was quickly rectified, and the Human Development, Climate Change and Humanitarian team subsequently implemented additional manual controls to mitigate this risk.

Programme staff demonstrated an understanding of the importance of their relationships with partners. Partners, for their part, took risks seriously. We saw examples of good practice, such as SNV, a partner delivering solar home systems for the UK-Sweden-funded Brilho programme (which means “shine” in Portuguese). SNV had developed an impact assessment framework that included randomly sampling customers, using their mobile phone numbers provided as part of the service, to assess the impact of the programme and ask whether they had to pay more than they should for the equipment. This identified instances of overcharging that SNV could then address.

Weaknesses and challenges

When the fraud liaison officer (FLO) left the team in January 2023, a new FLO was appointed, however, they did not receive a proper handover, training or support. Despite their attempts to get information on ongoing fraud cases and support on how to undertake their role from the central fraud team, staff turnover in the central team meant the FLO did not have the training or support needed to undertake the role effectively. Following our visit, FCDO Mozambique is looking to strengthen its counter-fraud capacity.

Programme staff informed us that FCDO’s ‘zero tolerance’ messaging was not always understood by partners to mean “zero tolerance for inaction to prevent and quickly rectify problems when they come to light”. They considered it likely that current zero tolerance messaging could disincentivise partners from raising fraud risks if not explained, and we noted examples where suspected frauds were investigated and addressed by partners before being reporting to FCDO. Very little fraud reporting occurs in Mozambique despite the high risks. Programme staff themselves were not aware of the International Public Sector Fraud Forum principle, adopted by the Public Sector Fraud Authority, that “Finding fraud is a good thing”, and some found this difficult to reconcile with the concept of zero tolerance to fraud as a communications tool and slogan.

FCDO Mozambique has a database of centrally managed programmes operating in the country, but noted that it finds it challenging to maintain full oversight of them, particularly those managed by some other government departments.  This means activities and meetings may be taking place that the high commission is not aware of. A 2023 internal audit identified this challenge, noting it is incompatible with a Head of Mission’s notional accountability for all UK delivery in their country. FCDO Mozambique is aware of the challenge, and informed us it is working to strengthen its engagement and oversight in this area.

Opportunities

FCDO Mozambique has robust counter-fraud controls within programmes but could develop a more strategic approach  to addressing corruption internally across its portfolio.  It has further opportunities to increase engagement with representatives of other government bodies (such as the British Council) and externally with partners and like-minded donors. Similarly, communications about fraud tend to focus on compliance with the PrOF, and lack events or ongoing initiatives that bring people together to make learning effective, such as peer stress testing. FCDO’s annual Fraud Week was a missed opportunity internally and externally.  FCDO emailed partners (only in English), disseminated materials to staff and held internal sessions for staff, but more could have been done to effectively engage staff and partners.

FCDO funds deep expertise in tackling fraud and corruption, including organisations such as CIP, and others that have substantial practical experience, such as SNV. At present, FCDO does not make use of this expertise to share learning across its own programmes or between partners. For example, the Waala programme has strong controls to ensure products get to clinics (dealing with direct fraud risks to UK ODA), but no checks to ensure girls and women are not having to pay bribes to access them. The implementing partner relies on government fraud prevention processes which include posters informing users that services are free of charge. SNV’s checks with solar home system customers could be adapted to address this. In general, FCDO could facilitate collecting and sharing data and information beyond programmes. This could be used to identify regions, institutions or transactions where fraud is particularly common, or where there are deliberate attempts to prevent accountability (such as efforts by some officials to sabotage a move to electronic payments) and support working with other stakeholders and government contacts to tackle it.

FCDO has good relationships with the multilateral organisations it funds, which helps FCDO to access more information than multilaterals strictly need to provide. However, the department could include better fraud monitoring as part of the programme design when commissioning programmes. This would give FCDO access to important information as part of the programme rather than having to ask for it later, which is particularly challenging with multilateral organisations. Good relationships should not replace FCDO oversight and, as also noted in a 2023 international audit, more physical visits to first tier and downstream partners would strengthen oversight of risks and mitigations in the delivery chain.

We are pleased to note that following our visit in  November 2023, FCDO Mozambique:

• arranged a partners’ day in January 2024, where partners including SNV and CIP were invited to present on fraud prevention
• advertised for a dedicated delivery excellence manager with a risk and counter-fraud background, which will incorporate the FLO role.

Case study sources are in Annex 2.

Country case study: Kenya

FCDO describes Kenya as “a beacon of stability and democracy” that plays an important role in regional global governance and investment, with a significant presence of multilateral organisations, international non-governmental organisations (NGOs), and private sector companies and investors. Despite good economic progress, poverty rates remain high and corruption is endemic. Kenya is ranked 126 out of 180 in the Transparency International Corruption Perceptions Index.

Kenya loses a third of its state budget to corruption according to its former Ethics and Anti-Corruption Commission chair. Corruption impacts every sector in Kenya, constraining the country’s development. Despite longstanding laws criminalising all types of bribery and corruption including facilitation payments, weak and corrupt public institutions undermine enforcement. Demands for bribes by officials, patronage and nepotism, procurement corruption and embezzlement, and mismanagement of funds are commonplace. FCDO anti-corruption specialists in Kenya told us that fraud and corruption is often subtle and sophisticated, including convincing false receipts and collusion.

UK aid to Kenya

FCDO sees Kenya’s development as critical for the East Africa region and the achievement of its wider sustainable development ambitions. Due to the high corruption risk, FCDO does not directly fund the public sector in Kenya. Anti-corruption programming is a key part of FCDO Kenya’s strategy and our sample of four programmes included the £3 million Kenya Anti-Corruption Programme and the Regional Economic Development for Investment and Trade programme (REDIT), which includes work to enhance trade transparency. During our visit, we also met with FCDO Somalia staff based in the high commission in Nairobi, Kenya. Somalia is ranked as the most corrupt country in the world.

Strengths

ODA programme delivery through the high commission in Kenya is supported by capable, often long-tenure locally  hired staff, many of whom are allocated to financial management or project manager roles that are key to fraud prevention. This contributes to FCDO’s management of fraud risk in-country, since these staff maintain continuity and institutional knowledge during turnover of staff from the UK, and their contextual knowledge is valuable to UK staff posted overseas. Programme staff execute processes well, often adding further checks and balances to reassure themselves that fraud is not taking place.

We noted good fraud risk management processes built into programme design which staff apply effectively. This focuses on prevention in line with the principles for public sector fraud. FCDO Kenya’s Accountability and Results Team (ART), comprising local staff with financial backgrounds (including the fraud liaison officer), review programmes from concept note to procurement stages with context-specific fraud risks, and the evolving Kenyan fraud landscape.

There are ambitious FCDO programmes in Kenya. Staff are realistic about the level of risks being taken and control for these. For example, the Conflict, Stability and Security Fund (CSSF) Borderlands programme promotes community led peace and stability at the Kenyan borders with Somalia and Ethiopia, where proscribed militant groups are active. Programme staff manage to visit the region – an essential part of programme oversight – despite the security and travel risks. This involves them travelling in a Kenyan police armoured personnel carrier. FCDO also continues to fund the Hunger Safety Net Programme, which provides regular and emergency financial support to vulnerable communities in the northern drought-affected regions. FCDO has worked with the World Bank to build fraud prevention systems into the programme, such as biometric and unique personal identification numbers, and FCDO staff conduct regular site visits to the programme.

FCDO is recognised as a leader in tackling fraud and corruption in Kenya. Delivery partners described FCDO as “highly involved” in day-to-day programme management and more engaged than most other donors on fraud. World Bank staff explained that FCDO is identifiable for its rigorous processes with downstream partners, who understand and accept that this is a necessary part of delivering FCDO-funded projects.

Weaknesses and challenges

FCDO Kenya’s biggest weakness is in its strategic oversight of fraud risks. While the development director has responsibility for portfolio risk management, and a programme board considers overall risk as part of its review and approval process, effective learning across the portfolio on fraud risk is not taking place. There are a lot of people doing a little on fraud risk management, and while it is important that everyone sees fraud risk management as part of their responsibility, there is no one at a senior level linking together the various activities to enable lesson learning and knowledge sharing or inform strategic decision-making. For example, the mission runs an anti-corruption programme that seeks to build evidence and develop innovative and practical interventions to address corruption in Kenya, yet its tools and research outputs are not proactively shared across programme delivery teams. Similarly, other government department staff have good relationships with FCDO staff but tend not to share learning or experience of fraud risk management.

Despite good processes around fraud, fraud reporting is low in FCDO’s programmes in Kenya. The senior management team recognise this, and programme staff engage frequently with downstream partners to encourage openness and emphasise that FCDO’s ‘zero tolerance’ approach to fraud means zero tolerance to inaction and poor processes around fraud, rather than a default to punitive measures. However, there are still perceptions of negative consequences of finding fraud, particularly among smaller NGOs, that discourage openness.  A further challenge is that fraud can be seen as too entrenched or beyond the scope of programmes to address, such as ‘thank you’ payments by recipients of aid to agents distributing it. These may be bribes, facilitation payments or extortion, but their payment is so normalised that they are challenging to tackle, and staff would welcome further practical guidance on how and when to tackle them.

The volatility of the ODA budget in Kenya – cut from around £100 million to £24.6 million with little notice and is due to rise to £81 million in 2024/25 – presents a challenge for fraud risk management. Staff are concerned about the impact this has both on fraud risk and their ability to oversee and properly control it.

FCDO Kenya is aware of 102 centrally managed and other government department programmes active in Kenya. The high commission does not consider itself ultimately accountable for these programmes, which it does not have the capacity to oversee, but has begun work to identify and rank them by risk rating to help it prioritise how to engage with programmes and manage reputational risks.

FCDO’s problematic global rollout of the Hera finance system led to delays of up to six months in paying downstream partners. Staff in Kenya report that few effective controls were in place for a period of around six to eight weeks, during which the office relied on trusted staff to invent and apply controls manually using spreadsheets and offline record-keeping. Programme staff expressed concern about how easy it would have been to defraud the system during this time. HERA continues to confuse and frustrate, consuming disproportionate amounts of staff time that could otherwise be spent on managing programmes.

 Opportunities

FCDO Kenya and much of FCDO Somalia are both based in the UK high commission in Nairobi. There is good interaction between the counter-fraud leads of both offices, and some examples of coordinated learning. For example, while FCDO Kenya did very little with its partners during Fraud Week, which came shortly after a major royal visit which caused staff to be overstretched, the Somalia team invited Kenyan partners to its training events. There is potential to build upon this cross-department engagement, also including key contacts in other government departments, arms-length bodies and other entities. For example, we saw opportunities for FCDO to learn from experienced staff in the British Council and British Chamber of Commerce but also a need for other government department representatives to have a better understanding of fraud and corruption risks which they could learn from FCDO.

In response to the UK’s ODA budget reductions, FCDO Kenya cut monitoring, evaluation and learning components from most programmes. FCDO Kenya is currently designing a  cross-cutting programme to support monitoring, evaluation and learning across all of its programmes. This kind of approach, drawing on the counter-fraud expertise of FCDO Kenya’s governance advisors and counter-fraud specialists, has the potential to promote a more strategic and proactive approach to tackling fraud across the Kenyan portfolio and in the wider aid delivery system. This should bring good practice and knowledge from FCDO Kenya’s anti-corruption programming to support its programmes in all sectors.

Staff suggested that counter-fraud training could be improved with more engaging, context-specific, scenario-based learning to bring the reality of fraud risks relevant to the country programmes to light and share lessons across teams. Staff described current training on fraud risk management as being largely generic, individual online training. There is also potential to collect and share learning and data on fraud to deepen FCDO’s understanding of fraud types and prevalence in the sectors it operates and the impact of fraud on people expected to benefit from its programmes. There is further potential for better sharing of learning and data with other donors to inform collective action while also encouraging openness and discussions around fraud more generally.

Case study sources are in Annex 2.

Country case study: India

India is the world’s largest democracy with a population of more than 1.4 billion. It is the third largest economy and one of the UK government’s highest foreign policy priorities. India has made significant progress in reducing extreme poverty from 48% of the population in 1993 to 10% in 2019. The last decade has also seen more effective government and improved regulatory quality and control of corruption, according to World Bank indicators, but also a decline in civil liberties and rule of law.

Indian legislation criminalises “attempted corruption, active and passive bribery, extortion, abuse of office and money laundering” although it does not outlaw facilitation payments. On one hand, private sector companies have been pushed to tighten their compliance processes, on the other, authorities have been accused of selective enforcement of anti-corruption laws. Corruption remains endemic in India, affecting all levels of governance across the public and private sectors. India has the “highest overall bribery rate” and the “highest rate of citizens using private connections” in Asia according to Transparency International. Petty corruption, grand corruption, procurement fraud, patronage networks and nepotism, including caste-system based nepotism are commonplace.

UK aid to India

As India’s economy has grown, and despite there being more than 140 million people still in extreme poverty, the UK has transitioned away from traditional aid programmes towards a partnership based on mutual national interests agreed with the Indian government. The UK’s Official Development Assistance (ODA) to India is now focused on providing technical assistance, research partnerships and equity investments which aim to achieve development objectives alongside financial returns. British International Investment (BII) is the UK’s main development finance institution, making commercial investments in low and lower-middle income countries in Africa and Asia, including India. However, FCDO India’s ODA portfolio is unique within FCDO’s network in making its own development capital investments. Compared to to BII, FCDO India invests in earlier stage, higher risk companies that it considers have high development impact potential – especially in terms of tackling climate change and job creation. Our sample of five programmes included two capital development funds with a combined budget of £172 million and $1 billion (around £790 million) loan guarantee to enable increased lending from the World Bank to the Indian government.

Strengths

The high commission in India has a more integrated structure than our other core case study countries. All UK staff,  such as those from the Department for Business and Trade, and arms-length bodies, such as the British Council, as well as FCDO, are included in one organisational structure with some departments having direct reporting lines to the Head of Mission (BII staff are not included in this network, although it does have a large presence in India). We saw positive examples of engagement across programme areas, including sharing knowledge about risk management in capital investments,  for example.

Development capital is deployed through professional asset managers following due diligence by FCDO on the asset managers. FCDO has an oversight role as a member of the governance committees (which could include one or more of investment, advisory or development committees) for the funds it invests in, giving it a role in ensuring appropriate investment policies and fund performance. We found that FCDO programme staff had a strong understanding of the regulatory framework in which investments were deployed and of FCDO’s programme management processes. They also demonstrated an awareness of challenges caused by the problematic implementation of the Hera finance system, including approvals by individuals with limited knowledge of programmes or outside the line of accountability and lack of visibility of financial information, and developed offline controls where deemed necessary.

FCDO India has a Delivery Unit designed to help the India network deliver UK government priorities including supporting programme delivery. This includes the fraud liaison officer (FLO) role and facilitating learning across the department; for example, to help teams determine how to apply FCDO’s Programme Operating Framework rules and guidance to investments. The Delivery Unit does not look for fraud but does help ensure good governance practice by undertaking spot checks of risk registers to promote compliance and consistency across the portfolio. Following a recommendation in a 2023 internal audit, the Delivery Unit has begun to incorporate a review of programme agreements and due diligence assessments into its spot checks.

Weaknesses and challenges

In high fraud-risk countries, FCDO tends to have  anti-corruption programmes due to the higher significance of tackling corruption to safeguard development objectives. FCDO India’s focus on technical assistance and capital investments, however, means it does not have any  anti-corruption programmes. Despite being the largest UK delegation with over 700 staff from 15 government departments and seven regional deputy high commissions,  as well as a large high commission in Delhi and having one of the largest ODA budgets, FCDO India does not have a governance advisor or other deep anti-corruption expertise.

The FLO in India did not receive any formal training after being appointed, and was not aware of the FLO job description until recently. The FLO role is a 10% time commitment of a UK staff member who splits their time between the UK and India and will be rotating to another country shortly. The FLO has some previous programme management experience but does not have a financial background and has had to learn on the job. They are supported by a financial manager with good programme finance experience and a deputy FLO role has recently been created. The team has worked diligently to manage reported fraud concerns but felt insufficiently supported by the central counter-fraud team.

Due to its focus on capital investments, FCDO India considers the risk of fraud losses attributable to ODA to be low. This is because gains or losses in investments depend on multiple factors and only crystallise on the sale of shares. Fraud can reduce the value of investments, such as if a company is fined or loses business, but it may also increase the value, for example, if a company pays bribes or benefits from nepotism to win contracts. Outsourced asset managers are strongly focused on ensuring regulatory compliance prior to investment, and also work to strengthen governance systems within investees, which will help to mitigate risks. FCDO has also strengthened its environmental, social and governance framework for asset managers with a view to strengthen controls and ensure regulatory compliance. However, little is done to understand the wider fraud and corruption landscape in which investees operate, which is extremely high. As the 2023 internal audit noted, FCDO is exposed to delivery, financial and reputation risks if systematic frauds are not identified and dealt with appropriately.

The internal audit also highlighted risks relating to low staff morale and recruitment challenges. Low morale can disincentivise openness about concerns, including about fraud. In our interviews, we heard an example of recent improvements in leadership that made raising concerns more acceptable. However, staff reiterated challenges around morale and recruitment, especially relating to FCDO’s inability to attract skilled, locally hired finance and programme management staff due to low pay compared to the market.

Despite good practice relating to the integrated governance structure at the strategic level, noted above, we identified gaps in relation to fraud risk management. For example, a Deputy Head of Mission had been deployed without any introductory training for over six months. Similarly, we heard from Home Office officials managing programmes through FCDO’s finance system that appeared to have fallen between the gaps, with no knowledge of the Programme Operating Framework and not being required to undertake counter-fraud training by either department.

Opportunities

FCDO’s PrOF, which sets out rules and guidance for all FCDO programmes, is written with traditional aid programmes in mind, and is therefore not easily applicable to capital investment programmes. FCDO noted that the requirements of other investors, needs of investees and investment market regulations need to be duly considered when determining good practice for fraud risk management throughout the investment lifecycle. FCDO India’s Development Unit is working with the central PrOF owners to develop guidance for capital investment programmes. Such guidance has the potential to clarify:

• where FCDO’s responsibilities lie in capital investments through asset managers
• how to mitigate residual risks where fraud risk management is outsourced
• where and how FCDO should engage with the wider fraud and corruption risks that companies in India commonly face.

Based on recent learning, FCDO has the opportunity to strengthen its contracts with partners. A fraud occurred in a programme managed through a memorandum of understanding (MOU) rather than a contract or grant.  The MOU has no legal obligation for the partner to return fraud losses and has resulted in a drawn-out negotiation. The 2023 internal audit also identified contracts with no fraud reporting clauses and at least one instance where procurement fraud had not been reported up the delivery chain. The Delivery Unit is working to address these gaps,  and gaining legal advice for appropriate contract clauses.

Case study sources are in Annex 2.

Efficiency: How efficiently does the UK government deploy resources to ensure robust country-level fraud risk management in the aid delivery chain?

Programme staff are efficiently allocated to manage fraud risks in-country, although there are threats that need to be addressed

4.2 FCDO staff in-country are either hired locally or contracted in the UK and posted overseas. Locally hired staff are on local salaries. This is usually cheaper, while also bringing local knowledge and, if retained, can build long-term capability within the country. UK staff posted overseas have UK contracts, salaries and benefits, and are posted typically for periods of two to three years. These staff are usually more expensive but build knowledge and experience across the FCDO’s global network.

4.3 Across our sample, senior responsible owners (SROs) were predominately UK staff posted overseas, whereas programme responsible owners (PROs) and other programme management team-members were usually locally hired staff. This mix enables cost-effective long-term knowledge-building among locally hired staff with day-to-day programme management responsibilities, while rotation of SROs introduces an important counter-fraud control at the oversight level.

4.4 When deployed effectively, as for most of our sample, this is an efficient way to manage fraud risks in programme teams. However, it takes time for SROs to get up to speed, so if postings are less than three years, which we saw in several instances, this can become inefficient and introduce risk. This challenge can be exacerbated when SRO postings become synchronised in a country, as was the case in Kenya.

4.5 The typical split between UK staff posted overseas and local hire roles can also create a two-tier culture. We heard of an example whereby a locally hired staff member had abused her position to encourage others to use salary advances to loan her funds to pay school fees for her children. As the school fees increased, the scheme collapsed, resulting in severe distrust between the leadership (comprising UK staff posted overseas) and locally hired staff that took years to normalise. During our discussions with programme staff, we found their day-to-day experiences of corruption were not always fully understood by UK staff posted overseas, when this knowledge could provide important insights for programme delivery. Overall, however, we found that staff from the UK and locally hired staff had constructive working relationships.

Counter-fraud and programme teams face recruitment and retention challenges in competitive markets

4.6 FCDO’s first line of defence – SROs, PROs and other programme staff – had a strong understanding of their risk management responsibilities. Locally hired staff, in particular, had strong knowledge of the local fraud landscape and were relied upon by SROs to build a rapid understanding of risks at the start of their deployment.

4.7 Since 2020, FCDO has faced short-notice ODA budget reductions from £11.8 billion in 2019 to £7.6 billion in 2022, due predominantly to a 28% reduction of total ODA as a proportion of gross national income alongside burgeoning expenditure of ODA on refugees in the UK, of around £3.5 billion in 2022, primarily through the Home Office. This has caused major challenges in managing risk, discussed later in this report. It also means many FCDO countries now have a higher ratio of programme management staff compared to spend, even after reductions in local staffing levels. It is important to recognise that smaller programmes do not necessarily require proportionally less programme management resource, and that reducing budgets can require more, rather than less management time. However, countries such as Mozambique, Kenya, Lebanon and Myanmar reported healthy staffing levels.

4.8 In more competitive markets, it has been harder to attract and retain skilled staff. UK-based teams, including FCDO Syria, which is partially based in East Kilbride, and FCDO India reported challenges hiring and retaining experienced programme staff due to below-market salaries. Other factors reported to us by FCDO that make it harder to recruit included perceived instability of jobs due to ODA budget reductions, enhanced vetting requirements and delays in completing these, and restrictions in external recruitment. FCDO Kenya is about to increase its ODA spend from £25 million to £81 million in a year, requiring staff recruitment in another competitive marketplace. FCDO is also imposing restrictions on external hires for UK contracts, vastly limiting the talent pool available for relatively niche areas such as counter-fraud.

4.9 In several of our interviews, low morale was highlighted as a concern for retaining high-quality staff. Internal audits raised concerns about low morale and high rates of reported bullying, harassment and discrimination in FCDO’s annual ‘people survey’ in relation to staff retention in specific countries. Globally, the FCDO people survey demonstrates stubbornly high rates of reported bullying, harassment and discrimination. These issues can impact fraud risk management by threatening continuity, disincentivising openness about issues such as fraud, and potentially providing a motivation for permitting fraud (see Figure 6).

There is a strong reliance on third-party risk management, which may not be good value for money

4.10 Like many donors, FCDO designs and oversees programmes but usually outsources their delivery to partners – companies, non-governmental organisations or multilateral institutions. For larger programmes, the first-tier partner’s main role is often to manage multiple downstream partners. This results in FCDO outsourcing key risk management processes such as due diligence and results monitoring, while – according to FCDO’s Programme Operating Framework (PrOF) – SROs remain accountable for programme risk management and PROs are responsible for day-to-day risk management. In practice, this means FCDO programme teams assess the first-tier partner to gain assurance that they have the capacity and systems to manage risks in the delivery chain. This can result in pushing responsibility for risk down the delivery chain and in partners covering the cost of fraud losses. We highlighted this in our 2021 review where we recommended FCDO conduct more work to understand who bears the cost of fraud and the potential negative consequences of this. This remains a challenge for many partners, although we did see good examples, including in Syria, of where FCDO had written-off losses where it considered partners were not at fault.

4.11 Outsourcing to partners is an expensive way of managing risk that can lead to duplication and gaps. It creates an additional layer of programme management in first-tier partners, which may also pay higher salaries than FCDO and require contribution to partners’ costs and profit. This approach also results in multiple, divergent approaches to due diligence, reporting and whistleblowing. As noted in our 2021 report, this distances FCDO from downstream partners and can make it harder to learn of fraud and corruption concerns. While first-tier partners often have robust processes in place, these are not fool-proof, as in the example in Box 3. FCDO programme staff often referred to partners as being “tried and tested” as a control for fraud, suggesting a risk of complacency.

4.12 HM Treasury limits how much FCDO can spend on its staff, which incentivises outsourcing even if it is more expensive. In 2023, FCDO introduced a new PrOF rule (Rule 27) that sets out how FCDO staff costs can be allocated to programme budgets instead of outsourcing. At present, however, while the PrOF rule requires proof that it is better value for money to “insource” programmatic roles, it does not require equivalent proof that outsourcing is better value for money and it remains the default option.

FCDO’s central second line of defence is under-resourced

“Fraudsters, both organised and opportunistic, target public expenditure, often using new technology to do so. […]”

Gareth Davis, Head of the National Audit Office

“Government needs up to date intelligence on what’s happening in these areas and well-targeted defences to prevent, detect and recover as much as possible.”

Public Accounts Committee

4.13 FCDO’s central second line of defence has been under-resourced since at least 2022 when ICAI first raised concerns about severe counter-fraud resource shortages following the merger to form FCDO. This under-resourcing is partly due to the recruitment and retention challenges mentioned in paragraphs 4.8 and 4.9 above. FCDO counter-fraud staff report that while the operating context has become more complicated and challenging, “staffing levels have remained too low to deliver effectively”. Increased complexity and challenge come from the external context (discussed in paragraphs 4.36 to 4.40) and strengthened cross-government standards and scrutiny overseen by the Public Sector Fraud Authority (PSFA). A 2023 PSFA assessment of FCDO referred to a “concerning drop” in its central counter-fraud resource. FCDO’s third line of defence is comparatively better resourced but still reported being stretched, and several country teams noted delays and lack of response in managing fraud cases. Of the £1.56 million budget for counter-fraud in 2021-22, £1.24 million went to third-line investigations, with £0.35 million spent on the central second line. This compares to FCDO’s £7.6 billion aid spend in 2022. PSFA notes that for every £1 FCDO spends on counter-fraud, it detects £2.82, prevents £55.71 and recovers £2.70, but also that “the amount of fraud detected, prevented and recovered appears low given the risks FCDO face”.

“You could characterise FCDO’s current position [on tackling fraud] as being as minimal as possible.”

“We are fighting to stand.”

Perspectives of FCDO counter-fraud officials

4.14 Chronic under-resourcing has resulted in FCDO’s second line taking a reactive, rather than proactive, approach to fraud detection and learning. FCDO’s self-assessment against the cross-government functional standard on counter-fraud – which the Head of Control and Assurance described as a useful exercise – found key weaknesses in proactive detection and measurement. This is consistent with FCDO’s lack of progress against ICAI’s 2021 fraud recommendations (see Box 1). FCDO has made limited progress in engaging with partners to streamline whistleblowing or address concerns about procurement. While it has begun to address ICAI’s recommendation to strengthen data collection on fraud risks, as one official explained, FCDO is “struggling even to resource that as it is an add-on for an already stretched team”. The central second-line counter-fraud team has recently made additional hires and is developing an Intelligence Hub, which is promising, but this is still only at the feasibility stage and the hire is to replace a vacant role, not grow the team.

4.15 FCDO’s lack of central second line capacity has two concerning consequences. The first is that as fraudsters evolve and become more sophisticated, FCDO risks being left behind in areas such as cybercrime, artificial intelligence and the use of big data. The second, as reported across our case study countries and discussed later in this report, is that in-country FLOs and programme staff are insufficiently supported or monitored.

FCDO’s in-country second line of defence is under-developed

4.16 The FLO role has the potential to provide valuable second-line support to programme teams but is largely a missed opportunity. Despite their role description including promoting counter-fraud good practice, analysis and learning, many FLOs are primarily focused on administering reported fraud cases. Most FLOs reported that having only 10% of their time allocated to the role meant they were spread too thin to be effective. In some countries, such as Lebanon, a larger allocation of time was given, which the FLO considered appropriate. The level of financial training of FLOs varied substantially, from a strong audit background in Lebanon and Myanmar to limited financial background in India and Mozambique. Formal qualifications, where FLOs had them, had been acquired before joining FCDO and not offered as part of the role. Syria – which has higher volumes of fraud reporting than any other country in our sample – does not have an FLO, with the responsibility shared between SROs (FCDO informed us this was a temporary solution). In most countries, the FLO is a locally hired member of staff. This has the advantage of building capability in a country and, as was the case of Lebanon following escalating conflict in the region in 2023 and other countries during the COVID-19 pandemic, means the FLO can remain in the country when UK staff posted overseas are evacuated. In contrast, India’s FLO is a UK member of staff, based predominantly in London, who will rotate soon to another country (see Figure 5).

4.17 FLOs consistently reported a lack of availability of the central second line of defence and, in some cases, third-line teams to provide timely support. While development directors have a second line of defence role (see Figure 4) and are often delegated by Heads of Mission to oversee high-level risk across the ODA portfolio, they do not typically have deep counter-fraud expertise. Where country staff have been able to access central support, it has been highly regarded, and we saw examples of where training provided during internal audit visits had been effective at communicating key messages, such as encouraging openness about fraud challenges and why “finding fraud is a good thing”. However, these instances were rare. In two countries, FLOs had not received any training or guidance on what the role entailed for more than six months after starting the role, despite requesting support. FCDO’s global forum for FLOs, intended to provide two-way learning between FLOs and central fraud specialists, has not been operating regularly due to central resourcing challenges.

4.18 FLOs and other programme staff in-country do not have good opportunities or incentives to develop professional counter-fraud skills. This, combined with reports of uncompetitive salaries for counter-fraud and programme management professionals, suggests counter-fraud capability is under-valued in FCDO. FLOs and programme staff described the mandatory training they do receive as too generic and not sufficiently tailored to the contexts in which they operate to help them with the real-life challenges they and their delivery partners face. The PSFA leads a cross-government counter-fraud profession, launched in October 2018 to develop counter-fraud capability across government.⁷⁴ FCDO central counter-fraud staff are engaging with the profession and intend to assess its appropriateness for FCDO programme staff, but anticipate it will be several years before this is a viable solution for professionalising counter-fraud in FCDO country teams. FCDO central counter-fraud staff also anticipate the PSFA’s expectations for counter-fraud capability will vastly exceed FCDO’s current resourcing and budget levels.

Poor implementation of the Hera finance system has caused inefficiencies

4.19 More than six months after the delayed implementation of Hera (see paragraph 3.27) programme teams consistently reported challenges using Hera for programme management. Programme staff described Hera as unintuitive, and said training has been mostly online videos which were too generic and insufficient to answer their questions. Former DFID staff contrasted this with the implemention of ARIES, where trained ‘floor-walkers’ would provide face-to-face support. Staff reported that the training they had received did not meet their needs. This has led to costs in terms of lost programme staff time and duplicated effort to try to understand how to use Hera for their programmes, and in the offline controls and processes that teams have felt the need to introduce to ensure risks are managed. In Mozambique, for example, a payment was made to a partner from UK funds, rather than from other donor funds that the UK managed as intended. In this case the error was discovered and rectified, but it illustrates a concerning control weakness and caused the programme team to implement manual, offline controls to mitigate it. We heard of numerous other offline controls being adopted to manage actual or perceived weaknesses in Hera, creating a mix of inconsistent controls across FCDO.

4.20 System changes always involve a learning curve; however, more than six months after Hera’s implementation, staff reported ongoing major challenges. The Hera team informed us that the move to Hera was a significant change for former DFID staff in particular, who were used to a much more tailored system. Programme staff informed us that trying to understand Hera or design and manage workarounds was still making significant demands on their time which was contributing to having less time for important fraud risk management activities, most notably visiting partners and conducting monitoring visits. The impact of the Hera implementation on the effectiveness of fraud risk management is discussed further in paragraphs 4.36 to 4.40.

Conclusion on efficiency

4.21 We found that first-line programme management teams make good use of the skills and resources available. At their best, programme teams build long-term local knowledge through locally hired staff, while UK staff posted overseas periodically rotate to bring cross-learning and refreshed scrutiny. This can be undermined, however, if UK staff rotate too frequently and where FCDO struggles to compete for local talent. We also identified some areas of potential inefficiency. FCDO’s delivery model relies on outsourcing risk management processes to delivery partners, which may not always be good value for money. In addition, as noted in Box 5 later in this report, there is also scope to save time by managing multiple, related, small fraud cases in aggregate.

4.22 FCDO has failed to invest in building its second line of defence both centrally and in-country after the merger between DFID and FCO in 2020. Its network of FLOs is a missed opportunity and those appointed as FLOs often lack the seniority and counter-fraud experience to be effective. This aligns with the Public Accounts Committee’s findings that in UK government departments “counter-fraud staff often lack the credibility and authority needed to exert influence at senior levels”. Central counter-fraud capability is under-resourced and has been unable to take a proactive approach to tackling fraud. This has made incountry counter-fraud capability vulnerable. Similarly, the lack of investment in tailored and in-person training for programme staff on Hera has led to inefficiencies and increased risk.

4.23 A strong second line is essential to support, monitor and challenge the first line of defence. FCDO risks relying on the accumulated skills and capabilities of former DFID programme management staff and being left behind in the battle against fraudsters.

Effectiveness: How effective are the UK’s overseas teams at identifying and responding to fraud allegations and concerns in aid delivery?

FCDO has good fraud risk management processes focused on preventing fraud

4.24 ICAI’s 2023 rapid review of The FCDO’s Programme Operating Framework (PrOF) found it to be a credible way to manage aid programmes. The PrOF sets out clear rules, supported by guidance, but empowers Heads of Mission, SROs and PROs to decide how to apply them according to their understanding of the local context. The PrOF is a key tool for reducing fraud risk (see Figure 3), and we saw good compliance by programme teams with the rules and spirit of the PrOF in relation to fraud risk management. Fraud and corruption risks were taken seriously in the design of our sample of programmes and we were impressed with the seriousness that programme teams gave to managing fraud risks to UK aid. They sought support to address concerns, and tailored controls based on their experience and learning within their programmes.

4.25 In contrast, our 2023 review of the PrOF highlighted a lack of understanding of, and buy-in to, the PrOF by Heads of Mission. Our interviews with programme staff suggested the “tone from the top” communicating how programme management is valued as a skillset and encouraging openness about fraud challenges still requires improvement. We did hear some encouraging examples, however, such as a better culture of openness in one country following a change in Head of Mission, and clear messaging from another Head of Mission about the importance of supporting and not punishing teams who find fraud. Following our review of the PrOF, FCDO is implementing mandatory training for Heads of Mission, which is a good step towards comprehensively addressing weaknesses in leadership.

4.26 A notable gap in PrOF guidance, as we found in our India case study, is a lack of clarity about how to apply it to investments. At present, only FCDO India use this mechanism. British International Investments (BII), an arm’s length body owned by FCDO, is the UK’s development finance institution. BII does not use the PrOF, but the India team is engaged with BII to help understand how it can better manage risks in the FCDO India portfolio. Notably, BII has a Business Integrity team which straddles the first and second lines of defence. It is a centrally managed team with individuals in priority countries who report to the head of the Business Integrity team, but who directly participate in the investment decision-making process. This team comprises individuals with a strong finance background and makes up 28 of the approximately 600 BII headcount.

4.27 Some countries have dedicated teams to help ensure risks are managed. In Kenya, for example, the Accountability and Results Team (ART) reviews programmes at each stage of the design for fraud risk-related red flags and suggests adaptations. FCDO Kenya sees the value in ART and is expanding its remit to cover non-programme spend. This is a positive development, but resource levels will need to match the widened scope, especially as FCDO Kenya’s ODA budget is about to increase four-fold.

4.28  Box 4 shows an example of how having a formal governance or oversight role in a delivery partner can help to ensure transparency. This is not a common model for ODA contracts and grants, but does occur where the UK makes significant core funding to multilateral organisations or where ODA is invested through asset managers, as with FCDO India and BII.

Programme staff understand the importance of relationships and field visits, and they want to be able to do more

4.29 Programme staff understand the importance of building relationships with partners and make significant efforts to emphasise the importance of fraud risk management and encourage them to raise concerns around fraud. As a result, the partners and other donors we spoke with saw FCDO as a leader in this area. FCDO Syria has the highest volume of fraud reporting in our sample thanks to these relationships, despite FCDO’s staff’s inability to travel in the country (see Box 5).

4.30 Programme staff in-country describe the importance of field visits in identifying and monitoring fraud risks. These visits can be challenging, often involving time-consuming travel to remote locations or to high security risk areas where additional protection and sign-off is required. Staff make admirable efforts to overcome these difficulties, emphasising their importance in not only monitoring risks but also signalling the UK’s diplomatic presence. For example, in the Kenya Borderlands programme, senior staff, including the high commissioner, have visited the border regions with Somalia on multiple occasions, requiring liaison with the Kenyan security services and travelling in armoured personnel carriers in the most insecure areas. This programme had taken several years to establish through building relationships with local communities and on-the-ground delivery partners, as well as gathering intelligence on physical and fiduciary threats posed by militant groups operating in the region. Local communities highly valued these visits, which gave FCDO staff additional assurance of delivery in the field.

4.31 In many cases, however, staff could not conduct as many in-person visits as they would have liked. They gave several reasons for this:

• COVID-19 travel restrictions prevented visits for long periods and normalised remote working.
• FCDO’s appetite for security risks associated with field visits is lower than DFID’s used to be.
• The Hera transition has absorbed substantial staff time, leaving less for field visits.
• Budget reductions and uncertainty require more engagement with the first-tier partner and make it difficult to plan what to visit.

Good processes and relationships are not enough; FCDO does not proactively look for fraud

4.32 While there are good measures to try to prevent fraud from occurring, FCDO finds virtually no fraud compared to its spend. Processes such as due diligence are important prevention measures but only provide a snapshot in time. Programme teams often over-rely on first-tier partners’ track records and on external audits as evidence that fraud is not occurring when such audits do not set out to find fraud. FCDO’s assessment against the cross-government counter-fraud standard highlighted weaknesses in key areas of proactive fraud risk management, especial in fraud risk assessments, proactive detection and measurement. We heard of other agencies that use externally commissioned forensic resources to look for occurrences of fraud. Research into fraud and corruption takes place within anti-corruption programmes, but not on fraud and corruption in, or related to, FCDO’s portfolio. FCDO’s second line of defence (centrally and in-country), to the extent it is able to, is geared to support teams to apply processes but does not proactively look for fraud. This contrasts with the British Council which has a regional ‘fraud hunter’ tasked with finding fraud and conducting governance spot checks on programmes.

Public sector organisations that have ‘near zero’ levels of fraud raise concern for the PSFA. It shows they are either not dealing with fraud they have, or they have implemented such tight controls that the quality of service to citizens is compromised. Neither of these scenarios offer value for the taxpayer.

4.33 Fraud controls in programmes tend to focus on fraud that could be attributable to UK ODA but often neglect the risk of fraud to recipients of aid. In several programmes we reviewed, staff and partners were aware of “skimming” and unofficial taxation at the end of the aid delivery chain, similar to that in Syria in Box 5, but it was either considered outside the scope of the programme, too difficult or too minor to deal with. It was neither reported nor researched. Box 6 gives more detail on contrasting practices observed in our Mozambique case study.

The FCO-DFID merger, budget cuts, Hera implementation and COVID-19 have created an environment of heightened fraud risk

4.36 Three key factors affect the likelihood of fraud being committed, known as the ‘fraud triangle’. These are:

• opportunity (such as weak controls or too much trust)
• motivation (such as to service debts or pressure to meet targets)
• rationalisation (such as feeling underpaid or thinking ‘everyone else is doing it’).

4.37 Since our 2021 Tackling fraud in UK aid review, FCDO’s counter-fraud context has evolved. Prolonged COVID-19 restrictions prevented travel and UK staff posted overseas were evacuated, increasing reliance on remote verification of programme delivery. Severe, unplanned ODA budget reductions damaged relationships with partners and resulted in cuts to many monitoring, evaluation and learning activities to protect frontline delivery. The Hera implementation distracted staff, delayed payment to partners and undermined controls. The merger of FCO and DFID resulted in the loss of knowledgeable staff and depletion of the second line of defence which has remained under-resourced. Each of these affects fraud risk, as shown in Figure 6.

“Implementing the merger during the COVID-19 pandemic made organisational change more difficult, and managing further crises and reductions to the aid budget also affected progress.”

National Audit Office

Figure 6: How FCO-DFID merger, budget cuts, Hera and COVID-19 have created a perfect storm for fraud risk

Source: Fraud risk management, Windham Brannon, link

4.38 While the merger, budget reductions and COVID-19 were outside FCDO’s control, the lack of appropriate and tailored Hera training for programme staff has added an additional layer of risk at a challenging time. As one staff member commented, “it would have been easy to defraud FCDO during the Hera transition” referring to the confusion and distraction caused during its implementation. In addition to the issues noted in paragraphs 4.18 to 4.19, programme teams saw Hera as overly complex and not well-suited to their needs, such as a lack of visibility of programme-level financial information. Staff gave examples of approvals being required from individuals outside of the chain of accountability, who had little knowledge of programmes. This either resulted in delays or approvals being signed off without knowledge or challenge, especially where individuals were a bottleneck for approvals. Further controls weaknesses that staff reported to us included:

• the ability to use Hera without having any training
• the ability to create purchase orders even if there is no budget
• lack of controls over who can load or change budgets
• “people signing off things they don’t understand”.
  • During the Hera implementation, programme teams could not pay partners for several months. Invoices posted to ARIES just before the Hera integration were lost, resulting in payment delays of up to six months and raising concerns about the risk of duplicate invoices not being spotted.

Delays in implementing Hera meant its integration with the programme management platform (AMP) that FCDO inherited from DFID took longer than originally planned. As we found in the 2023 PrOF review, AMP is a good tool for managing programme risks that is user-friendly and aligned to the PrOF. However, former FCO staff required upgraded laptops to access it and many former FCO staff involved in managing ODA programmes still did not have access during our field work, including key second-line counter-fraud staff. This was only resolved when ICAI raised the issue directly with the AMP team. FCDO informed us that from February 2024, all staff now have access to AMP.

• We understand from the Hera team that although Hera will not stop a requisition exceeding a budget, there are various controls over programme spend. These include, for larger programmes, needing to have a business case approved and funds allocated in line with the business case and approved by a programme manager or line manager. Our review did not include testing the Hera system, but did seek to understand challenges faced by programme staff in effectively managing financial risks in their programmes. Issues relating to Hera were consistently raised across our sample countries.

Conclusion on effectiveness

4.41 FCDO has good fraud risk management processes that staff understand and apply effectively. Programme teams recognise the importance of building good relationships to encourage openness about fraud. FCDO is recognised as taking fraud risk management seriously by partners, although programme teams do not travel to project sites as much as they would like and a lot of reliance is placed, sometimes unduly, on due diligence assessments, third-party reporting and audits.

4.42 Processes are focused on preventing fraud, which is important, but not on finding it. The second line of defence, both centrally and in-country, is better at supporting teams to implement processes than searching for problems. The message that “finding fraud is good” is beginning to get through, but many staff and partners are wary and virtually no fraud is reported compared to FCDO’s spend.

4.43 A range of major influences, including the FCO-DFID merger, COVID-19, ODA budget reductions and the Hera implementation, have increased the risk of fraud while also distracting programme staff. It is a testament to teams that they have maintained good programme management practices, but this is not enough to effectively tackle fraud.

Coherence: How well does the UK work across different UK government teams, departments and bodies (internal coherence), and with external partners (external coherence), to tackle fraud in aid delivery?

The UK is seen as a leader and has the opportunity to coordinate with other donors and actors

4.44 Thanks to FCDO’s strong processes and diligent programme staff managing fraud risk in its own programmes, and the strong anti-corruption programming FCDO funds, donors and aid agencies see FCDO as a leader in taking fraud and corruption seriously. This comes in a context, as we heard from a range of experts, where increased ODA and funding from Russia, China and other non-traditional donors can undermine good governance, and many traditional donors are increasingly prioritising political over anti-corruption or development objectives.

“DFID had a big brand. FCDO less so, but it is still big. But no one would try to bribe FCDO or to get a bribe either.”

Local counter-fraud specialist in Mozambique

“If you [tell downstream partners] its UK aid, then they understand why we are intervening so much.”

First-tier multilateral partner in Kenya

4.45 Promoting coherence across donors is challenging due to the different priorities of each donor, as demonstrated in Box 7. FCDO has the opportunity to use its reputation to bring together other likeminded donors and actors to help tackle fraud and corruption across the sectors in which it operates.

Intelligence-sharing between donors is largely informal and there is a reluctance to systematically share

data for data protection and commercial reasons. Aggregating data and sharing anonymised analysis may provide a way to improve data sharing and promote coherent approaches to tackling fraud in the aid delivery chain across agencies.

Hostile environment training funded by FCDO may undermine its efforts to encourage fraud reporting

4.46 FCDO requires formal Security Awareness in Fragile Environments (SAFE) training for its UK staff and contractors working in 41 countries, which includes the largest recipients of UK aid. This is known outside FCDO as Hostile Environment Awareness Training (HEAT). Many aid agencies and businesses also require staff to complete HEAT before travel or while in-country. FCDO required our team to complete HEAT for our visits to Kenya and Mozambique. We joined 16 others from four organisations. All organisations are FCDO delivery partners and FCDO was covering the cost of the course for more than half of the participants. Contexts where bribes are requested were included at various points during the course, including anecdotes about paying bribes under the threat of violence or to avoid delays. Roleplays included passing through a checkpoint where an armed guard requires a bribe which needs to be negotiated safely. These are all common scenarios in many countries. The main objective of HEAT is personal safety, which was well covered. However, at no point was there any guidance on when and how to report these incidents, and there was direct acknowledgement that usually this cost would need to be borne by the individual and probably kept quiet.

4.47 We later interviewed FCDO and the CEO of a HEAT provider and both confirmed that no guidance is given to external training providers about how FCDO would like fraud to be treated. After we raised it with FCDO, it sent a reminder to its own provider, however, and our discussions with others who had recently undertaken HEAT suggest some training providers do cover fraud reporting. The CEO emphasised the importance of distinguishing between situations where individuals judge they are at personal risk or face substantial inconvenience if they do not comply – such as not being permitted through a checkpoint or never receiving an official document – and programme-related fraud where there is no threat to delivery staff. This suggests that treating all fraud as equal risks victim-blaming people who pay bribes and facilitation payments when under the threat of violence or substantial inconvenience. This undermines oversimplified messaging such as ‘zero tolerance to fraud’ and can make it harder for people to report. The CEO said that in many cases, local drivers would pay the bribes out of their own pockets which “keeps the aid work clean”. This potentially minimises the amount paid and becomes incorporated into the cost of doing business as a driver for an aid agency. This also means it is the person at the bottom of the chain who may be most exposed to fraud. The CEO confirmed that although HEAT training must prioritise personal safety, it would be easy to include discussion on how to report fraud. They welcomed the opportunity to engage with FCDO on the topic through a workshop and regular communications, and suggested it could be a good way to share learning in both directions.

“[Reporting fraud] should help, not hinder, delivery. It needs to make people’s lives easier and more understandable. Otherwise, they will just pay lip service.”

CEO of Hostile Environment Awareness Training company

Coherence on fraud risk across UK aid delivery teams is poor

4.48 In 2011, ICAI recommended that “[I]n any country assessed as having a high risk of corruption, DFID should develop an explicit anti-corruption strategy, setting out an integrated programme of activities and dialogue processes.” While FCDO India does not have any anti-corruption programmes, we saw excellent counter-fraud programmes in Mozambique and Kenya, which support civil society-led accountability, engage with host governments to strengthen governance systems and target problem areas, and invest in research to understand the fraud landscape better. These programme teams have strong anti-corruption expertise and, although we did not evaluate the impact of the programmes, they were designed to tackle both grand and petty fraud.

4.49 Despite this expertise and investment, learning across programmes is minimal. We did not see any examples of partners specialising in anti-corruption being invited to events and activities involving other programme teams or partners across FCDO’s country portfolios.

4.50 FCDO held its annual, organisation-wide Fraud Week in November 2023. This was also largely a missed opportunity for engaging staff and partners in real-life fraud challenges. Generic emails about the importance of fraud were disseminated to partners, but no external events were held by FCDO in our core case study countries. We did see some efforts to go beyond this minimal engagement. In Mozambique, the British Council had run an event bringing together its partners, but this had not involved FCDO. For FCDO Somalia, Fraud Week coincided with an internal audit visit and the FCDO Somalia team hosted events in Nairobi which included some FCDO Kenya partners and were well received. FCDO Kenya did not actively participate, however, as this came just after the state visit by King Charles III and Queen Camilla to Kenya, which had diverted a great deal of staff time to manage and staff were catching up on their immediate responsibilities.

4.51 There is substantial potential to join the dots between pockets of expertise in FCDO counter-fraud programmes, bodies such as BII, British Council and the British Chamber of Commerce, and other government departments that operate in this space, such as Home Office counter-forgery expertise. There is a huge appetite for this too. Programme staff find the current training and communications too generic. The central fraud team notes that the PrOF counter-fraud and anti-bribery guide includes some frequently asked questions and that training does incorporate some practical examples. Staff however, said they wanted more real-life examples, role-plays, guidance on the grey areas between cultural norms and corruption, and training tailored to their country’s contexts. Learning to deliver this training exists, but is not being shared. As noted in the Kenya case study, there is the potential to provide counter-fraud support, challenge and learning across the country’s portfolio through a cross-cutting programme. Several FCDO staff observed that it is often easier to ensure objectives are delivered when they are included in programmes rather than support functions whose budgets are often squeezed.

4.52 As noted throughout this report, the lack of resource and reactive nature of the central second line of defence undermines FCDO’s ability to coordinate cross-country learning and coherence or advise on cross-cutting initiatives within countries.

FCDO does not capture data on fraud losses in pooled funds

4.53 Fraud cases that involve pooled funds are reported and investigated by FCDO’s third line of defence. For example, we noted a case where a multi-donor fund administered by a multilateral organisation had identified a procurement fraud totalling over £1.5 million. The UK contributed 17% to the fund. The multilateral organisation led the investigation and FCDO’s investigations team worked with the FCDO country team to review and quality assure the findings. In this case, the funds were eventually repaid. However, according to internal audit’s usual procedures, this amount should not be captured as a recovered loss, because pooled funds are considered not reportable as ODA losses. A large number of FCDO’s closed cases involved pooled funds, but the total losses are not tracked and the losses to the UK are not estimated. This makes it hard to track and understates the amount of fraud found in FCDO programmes. Even if values cannot be attributed to FCDO, losses in pooled funds to which the UK contributes should be captured for monitoring, learning and transparency purposes.

Accountability lines with FCDO and across government are unclear

4.54 FCDO Head of Mission are ultimately responsible for in-country risk management, yet understanding of what this means in relation to centrally managed programmes (CMPs) or other government department programmes (OGDPs) that operate in their country varies substantially. In some countries, FCDO leadership felt they had responsibility for any UK government activity in their countries, noting the reputational risk. In other countries, the FCDO leadership was of the view that any programmes they do not manage are the sole responsibility of the director in charge of the programme, although they did still want visibility of major programmes.

4.55 One of the biggest challenges for Heads of Mission is that it is not easy to gain a complete list of the CMPs operating in their countries using Hera or AMP, let alone finding all the OGDPs which are managed on different systems and with different protocols. During our review, we were unable to obtain a complete list of ODA programmes and amounts delivered in our case study countries. FCDO has introduced PrOF guidance that encourages FCDO staff designing CMPs to notify country offices of all new programmes, which may help improve visibility of CMPs. The PrOF, however, does not apply to OGDPs.

4.56 Different country offices had implemented a range of measures to try to manage risks associated with CMPs and OGDPs according to their interpretation of their responsibilities. India’s more integrated structure in-country gave greater visibility of OGDPs. FCDO Kenya had undertaken an exercise to map 102 CMPs and OGDPs and rank them gold, silver and bronze according to the level of engagement needed. FCDO Somalia had implemented a ‘dual key’ policy, whereby a FCDO Somalia SRO had to sign off any activity in Somalia along with the SRO of the CMP or OGDP. Such an approach is more likely to be successful in a country like Somalia, where travel is likely to require embassy support, compared to countries like Kenya, Mozambique and India.

Conclusion on coherence

4.57 FCDO has a strong reputation for taking fraud seriously with partners and donors, which gives it an opportunity to play a leadership role in promoting better coherence in tackling fraud. There are barriers to systematic data and intelligence sharing, but co-operation among like-minded actors is all the more important in a shifting geopolitical landscape.

4.58 FCDO has a huge amount of experience of tackling fraud and corruption in its anti-corruption programming, and pockets of expertise elsewhere in its network, including its arm’s length entities British Council and BII, and across the other UK bodies and government departments. However, FCDO is not using this knowledge to help promote a coherent approach to fraud across all of the UK’s aid delivery.

4.59 Heads of Mission do not have clear visibility of the centrally managed and OGDPs that operate in their countries and there is significant variation in Heads of Missions’ understanding of their responsibility for risk in these programmes. FCDO teams in-country are working to address this, but each country is doing it in their own way.

5. Conclusions and recommendations

5.1 The UK has a strong reputation for taking fraud seriously among its partners and other donors. Foreign, Commonwealth and Development Office (FCDO) programme staff understand and follow FCDO’s Programme Operating Framework, which provides rules and guidelines that incorporate good counter-fraud practices into the programme management cycle. Other government departments have their own frameworks, however, which may not be as well-suited to overseas aid delivery. Programme teams make good use of both local and international experience and knowledge, and recognise the importance of building positive relationships with partners to encourage openness about fraud. We saw evidence the “finding fraud is good” message is beginning to get through to staff and some partners. Many staff and partners, however, remain wary of the potential negative consequences of finding and reporting fraud concerns.

5.2 While FCDO has good processes for fraud prevention and to investigate cases that are reported, it does little to research risk areas or to proactively look for fraud. There is an over-reliance on due diligence assessments, third-party reporting and audits, while fraud identification initiatives are neglected. FCDO’s second line of defence is under-resourced and reactive. Very little fraud is ever found. As the UK’s Public Sector Fraud Authority notes, the amount of fraud FCDO detects, prevents and recovers is low compared to the risks it faces.

5.3 There are impressive pockets of counter-fraud expertise within FCDO, its arms-length body, the British Council, British International Investment and other government departments. These are, however, not very well joined up and there is limited learning about counter-fraud across FCDO country portfolios and between UK departments. There is significant potential to make use of this knowledge and experience, however, as staff based in-country consistently ask for more practical training and real-life case studies.

5.4 FCDO’s new finance system, Hera, is not well-suited to programme team’s needs and its implementation has not been accompanied by sufficient, tailored training for programme staff. This has resulted in inefficiencies, duplicate and inconsistent offline controls. The implementation also initially led to delayed payments to partners. Staff reported that these challenges continued to make significant demands on their time, resulting in less time for key risk mitigation activities, such as field visits. This, combined with the impacts of the merger to form FCDO, COVID-19, and aid budget volatility and uncertainty, has further heightened fraud risk.

5.5 Overall, FCDO is not doing enough to match its counter-fraud capability to evolving risks faced by programme staff in the field. While it has strong counter-fraud processes and diligent programme staff who have good relationships with partners, it places insufficient value on the professional development of in-country counter-fraud and programme staff, and has under-invested in its central and in-country second line of defence. The lack of robust second-line capacity has two concerning consequences. The first is that as fraudsters evolve and become more sophisticated, FCDO risks being left behind in areas such as cybercrime, artificial intelligence and the use of big data. The second is that in-country staff are not properly supported. FCDO risks relying on the accumulated skills and capabilities of former Department for International Development programme management staff rather than adapting to meet the ever-changing fraud landscape.

Recommendations

Recommendation 1: FCDO should take a substantially more robust and proactive approach to anticipating and finding fraud in aid delivery.

Problem statements

• FCDO finds virtually no fraud compared to its spend, despite the risks it faces.
• FCDO’s second line of defence is under-resourced and reactive.
• As the fraud landscape changes, FCDO risks being left behind, including in areas such as cybercrime, artificial intelligence and the use of big data.
• FCDO does little to actively investigate and research risk areas, or to proactively look for fraud in its portfolio.
• FCDO pays insufficient attention to wider fraud risks in aid delivery.
• FCDO does not collate data and information on losses in pooled funds to which the UK contributes.
• FCDO and other government departments do not make good use of their counter-fraud knowledge and data to support learning and action within FCDO, across the UK government, or with partners and likeminded donors.
• FCDO is not effectively implementing Public Sector Fraud Authority guidance to develop intelligence capability, include in programme design counter-fraud communications campaigns and post-event assurance to detect fraud and error, or share learning with international and local partners.

Recommendation 2: FCDO should strengthen its second line of defence in the top 20 ODA recipient countries, allocating dedicated, well-trained and sufficiently senior resources to manage fraud risks.

Problem statements

• The UK is not using expertise across the UK government to promote a coherent and proactive approach to fraud across all the UK’s aid delivery.
• FCDO’s fraud liaison officer network is not well used for providing advice, raising awareness, supporting analysis or risk management.
• FCDO’s Fraud Week activities and counter-fraud training (which are second line of defence activities) are too generic and do not provide opportunities for staff and partners to engage in real-life fraud challenges relevant to them.
• FCDO programme staff are still wasting significant time dealing with Hera, while online training is too general and not sufficiently tailored to programme staff needs.
• FCDO does not do enough to support the professional development of its in-country counter-fraud staff and programme managers.
• Some major ODA-spending countries do not have a governance advisor or equivalent anti-corruption expertise.
• FCDO does not provide competitive commercial terms for qualified counter-fraud professionals in some markets.

Recommendation 3: FCDO should develop specific guidance on capital investments within its Programme Operating Framework.

Problem statements

• Fraud risks in investment portfolios can be as high as in grant portfolios.
• FCDO does not have guidance for how to apply the FCDO’s Programme Operating Framework to capital investments.
• FCDO has minimal direct engagement with investees on tackling fraud beyond regulatory requirements, despite their significant exposure to corruption.

Recommendation 4: FCDO should increase Head of Mission oversight of and accountability for fraud risks relating to centrally managed programmes and other government department programmes that operate in their country.

Problem statements

• The UK lacks fraud risk oversight across its country portfolios.
• FCDO Heads of Mission do not have a consistent understanding of their accountabilities and responsibilities for fraud risks in centrally managed and other government department programmes in their countries.
• FCDO and other government departments systems do not enable easy access to data about where programmes are being delivered, even to those with risk responsibilities.

Annex 1: Differences in published aid data

Annex 1: Differences in published aid data

The UK publishes its official development assistance (ODA) expenditure on its Development Tracker website (devtracker.fcdo.gov.uk) – known as ‘DevTracker’ – as part of its commitment to aid transparency. FCDO’s Annual report and accounts contain the audited figures for ODA spent by FCDO whereas DevTracker contains the aggregate sum of programme budgets published on DevTracker for FCDO and other government departments. Department-level figures may differ for the reasons set out below according to FCDO.

• DevTracker is a live system which FCDO considers to accurately reflect current plans for specific programmes but which may change during the financial year, whereas the annual accounts provide the formally approved allocations for each country for that year.
• The way in which centrally managed funds are allocated to different countries may be different in DevTracker compared to the annual accounts.
• Where programmes are deemed by FCDO to be too sensitive to publish on DevTracker, their data may not be included in the country total whereas it should be included in the annual accounts.
• Where expenditure is lower than budgets, DevTracker may reflect the budgeted amount and therefore be higher than the annual accounts.
• Errors can occur in DevTracker data, such as from forecasts that are not subsequently amended, that should not be present in the annual accounts.

The table below shows the difference in spend data between DevTracker and the annual accounts for our case study countries.

Table 2. Comparison of FCDO country-level ODA in DevTracker compared to annual accounts

Annex 2: Case study sources

Country case study: Mozambique

• Human development insights, UN Development Programme, accessed 5 March 2024, link.
• Corruption Perceptions Index 2023: Mozambique, Transparency International, accessed 5 March 2024, link.
• Bribery incidence – Mozambique, World Bank, accessed 5 March 2024, link.
• FCDO ODA spend is based on the published accounts for FCDO. This differs from the data published on the UK government’s Development Tracker website for reasons explained in Annex 1. Other government department data is taken from the Development Tracker website.
• Fraud found figures are based on closed cases recorded in internal FCDO reporting. Note that fraud is not necessarily found in same year as it occurred. Additionally, FCDO does not capture fraud that occurs in pooled funds to which it contributes, as discussed in the report.
• UK-Mozambique development partnership summary, Foreign, Commonwealth and Development Department, 17 July 2023, link.
• Mozambique’s “hidden debts”, World Bank, 19 April 2022, link.
• The fallout from Mozambique’s debt scandal reaches a London court, The Economist, 12 October 2023, link; The visible costs of Mozambique’s hidden debts scandal, Transparency International, 2019, link.
• Mozambique’s “hidden debts”, World Bank, 19 April 2022, link. 
• Mozambique’s “hidden debts”, World Bank, 19 April 2022, link.
• UK-Mozambique development partnership summary, Foreign, Commonwealth and Development Department, 17 July 2023, link.
• Overview of corruption and anti-corruption in Mozambique, U4, 5 March 2012, link. ^m NGOs & risk: managing uncertainty in local-international partnerships, Interaction, 2019, p. 30, link.
• Tackling fraud in UK aid through multilateral organisations, Independent Commission for Aid Impact, March 2022, link.

Country case study: Kenya

• Human development insights, UN Development Programme, accessed 5 March 2024, link.
• Corruption Perceptions Index 2023: Kenya, Transparency International, accessed 5 March 2024, link.
• Bribery incidence – Kenya, World Bank, accessed 5 March 2024, link.
• FCDO ODA spend is based on the published accounts for FCDO. This differs from the data published on the UK government’s Development Tracker website for reasons explained in Annex 1. Other government department data is taken from the Development Tracker website.
• Figures for fraud found are based on closed cases recorded in internal FCDO reporting. Note that fraud is not necessarily found in same year as it occurred. Additionally, FCDO does not capture fraud that occurs in pooled funds to which it contributes, as discussed in the report.
• UK-Kenya development partnership summary, Foreign, Commonwealth and Development Department, July 2023, link.
• Corruption Perceptions Index 2023: Kenya, Transparency International, accessed 5 March 2024, link.
• Third of Kenyan budget lost to corruption: anti-graft chief, Reuters, 10 March 2010, link. The Ethics and Anti Corruption Commission chair resigned in July 2016 after being accused of corruption which he denied, see Kenya’s anti-graft chief, accused of conflict of interest, quits, Reuters, 31 August 2016, link.
• Kenya risk report, GAN Integrity, 2020, link.
• Kenya risk report, GAN Integrity, 2020, link; Corruption and devolution in Kenya, U4, pp. 6-10, link. Corruption Perceptions Index 2023: Somalia, Transparency International, accessed 5 March 2024, link.
• UK-Kenya development partnership summary, Foreign, Commonwealth and Development Office, July 2023, link.

Country case study: India

• Human development insights, UN Development Programme, accessed 5 March 2024, link.
• Corruption Perceptions Index 2023: India, Transparency International, accessed 5 March 2024, link.
• Bribery incidence – India, World Bank, accessed 5 March 2024, link.
• FCDO ODA spend is based on the published accounts for FCDO. This differs from the data published on the UK government’s Development Tracker website for reasons explained in Annex 1. Other government department data is taken from the Development Tracker website.
• Figures for fraud found are based on closed cases recorded in internal FCDO reporting. Note that fraud is not necessarily found in same year as it occurred. Additionally, FCDO does not capture fraud that occurs in pooled funds to which it contributes, as discussed in the report.
• Integrated review refresh 2023, HM government, March 2023, p. 24, link. India is the third largest economy by gross domestic product (GDP) based on purchasing power parity (PPP) and the fifth largest by nominal GDP – see GDP based on PPP, International Monetary Fund, accessed 5 March 2024, link.
• Freedom in the World 2023, Freedom House, March 2023, pp. 12 & 17, link; Modi’s India is moving in an illiberal direction, Financial Times, 25 July 2023, link; World Bank indicators can be downloaded at Worldwide governance indicators, World Bank, accessed 5 March 2024, link.
• Overview of corruption and anti-corruption developments in India, Transparency International, 2022, pp. 3 & 15, link.
• Overview of corruption and anti-corruption developments in India, Transparency International, 2022, p. 1, link.
• Overview of corruption and anti-corruption developments in India, Transparency International, 2022, pp. 3 & 5, link.
• Overview of corruption and anti-corruption developments in India, Transparency International, 2022, pp. 3 & 5-6, link.
• UK aid to India, Independent Commission for Aid Impact, March 2023, p. iv, link.