Prevention measures are critical for mitigating external fraud risks in social benefit programmes (SBPs), but there will always be vulnerabilities in the control environment as motivated individuals or groups find new ways to exploit the system. Contributing to this is the changing landscape of payment systems and technological advancements in the distribution of SBP entitlements. When human intervention in terms of preventive measures and controls fail, automated detection strategies and tools can help SBPs to counter external fraud. The following actions are key to strengthening fraud detection in SBPs:

• Investing in data analytics approaches and tools – With the wealth of data that government agencies hold on claimants of SBPs, there are numerous opportunities for enhancing fraud detection. Investing in data analytics tools and capabilities can contribute not only to fraud detection, but can also facilitate real-time decision-making and responsiveness.

• Using audit findings to target detection activities and promote a lessons-learned approach – Internal and external audit bodies in the public sector can pinpoint vulnerabilities in fraud prevention measures and identify opportunities for improvement. To take full advantage of insights from audit bodies, including supreme audit institutions and internal audit functions, public organisations can develop approaches for compiling and analysing pertinent data from audit reports, and thereby build institutional knowledge and targeted detection activities.

• Facilitating detection by making it easier for employees and the public to report fraud – Given the number of suspected cases of reported fraud, governments can highlight the broader impact of fraud to reduce the perception that it is a victimless crime and motivate the public to report suspicions of fraud in SBPs.

Technology has revolutionised the way that governments access, share and use data to meet policy objectives, design and deliver services, and streamline processes across the public sector. The digitalisation of government has also transformed how governments manage and oversee SBPs. Readily available and structured data on recipients and their claims provide opportunities for analysis and innovation through redesign. The redesign possibilities include using data to enhance service delivery and improve compliance, thus reducing fraud and error rates, and ensuring correct payments. Governments can also use analytical methods to turn raw SBP data, such as declared income, household size or place of residence, into valuable insights to improve service delivery.

Governments may also use data to improve oversight and how they detect and investigate fraud in SBPs. For example, in the United States, the Social Security Administration (SSA) maintains a ‘Death Master File’ of social security numbers of deceased persons. The United States Department of Agriculture (USDA) Office of Inspector General (OIG), which monitors the food stamp programme, can compare the social security numbers of applicants against this file to check for fraudulent information in the application. In a report released in January 2017, the USDA OIG entity found that 10% of applicants had used the social security number of a deceased person (Aussenberg, 2018[21]). See Box ‎3.1 for examples from other countries.

The ever-increasing availability of data and diverse analytical techniques create opportunities to design controls for processes where fraud risks are more likely to materialise, as well as to employ new tools to enhance detection measures. In one study, organisations using data analytics techniques to fight fraud reduced the financial impact of fraud schemes by 52%, and reduced the duration by 58% as a result of detection measures (Association of Certified Fraud Examiners, 2018[23]).

In addition to facilitating detection techniques, there are other implications for fraud detection in SBPs when using data as a strategic resource. For example, making better use of data can facilitate anticipatory governance and oversight by enabling real-time decision-making and responsiveness. SBPs by nature are traditionally inflexible due to the complexity of entitlement rules and the number of claimants they serve. With techniques such as data matching, entities responsible for SBPs can detect changes in claimants’ circumstances in real time, drawing from automatically declared income changes. Using algorithms to automate controls, these red flags form a feedback loop to inform control activities in response to patterns that raise concern. Increasing analytical and intelligence capabilities to detect fraud within SBPs can also reduce burdens for claimants and render programme delivery more efficient (Box ‎3.2).

While technology brings myriad opportunities for public organisations dealing with fraud, there are some challenges that governments face. As outlined in Box ‎3.1, data sharing among public organisations is vital when leveraging data for fraud prevention. As such, this requires a whole-of-government approach to data access and sharing, which requires strong data governance as a foundation for applying data-driven approaches to fraud detection in SBPs (see Figure ‎3.1). This may require addressing legacy challenges resulting from outdated legal and regulatory frameworks, or a lack of infrastructure for such technology.

To enhance the use of data for fraud prevention and detection in SBPs, governments can envision taking the following steps:

• Adopt an explicit policy and strategy focused on SBP optimisation through the access, sharing, use and analysis of data.

• Implement and/or revise laws, regulations or protocols allowing entities to access and share pertinent data while ensuring data protection, security and privacy. Such an approach could benefit from following an agile approach whereby stakeholders involved in the management of SBPs can better understand the legal and regulatory implications, as well as challenges associated with sharing data and providing access to data.

• Clarify institutional arrangements and responsibilities across all relevant bodies involved in the management of SBPs. This may include establishing dedicated units or teams with the necessary skills and expertise to access and process data.

• Ensure that beneficiaries of SBPs are aware of how their data are used and processed in automated SBP systems. This requires ensuring a certain level of transparency in decision-making processes related to the use of data, alongside awareness-raising initiatives to improve understanding of data-driven approaches used in SBPs.

Internal and external audit bodies in the public sector play a role in preventing and detecting fraud in SBPs. Internal audit functions provide independent, objective assurance and advice to improve the efficiency and effectiveness of an organisation’s operations (The Institute of Internal Auditors, 2019[25]). Auditors are expected to evaluate the potential for fraud and how an organisation manages fraud risk. This can involve identifying fraud risk factors through their activities, with the use of analytical techniques such as data mining or data matching to highlight control weaknesses and trends that may suggest fraudulent activity or abuse in SBPs. As its mandate usually covers the processes and procedures of the organisation as a whole, internal audit is well-placed to identify common characteristics of fraud schemes or fraud risk indicators, evaluate the effectiveness of controls to prevent or detect fraud and recommend further action, including investigations. Where fraud has occurred, internal audit can provide insights on how controls failed and identify opportunities for improvement.

Although external audit bodies, or Supreme Audit Institutions (SAI), are traditionally known for their oversight of public expenditure, they are increasingly taking a broader view on reliability, effectiveness, efficiency and economy of government policies and programmes (OECD, n.d.[26]). Regarding SBPs, SAIs undertake different types of audits and activities that can contribute to fraud detection. For example, a number of SAIs have undertaken specific studies and reports to take stock of fraud and error prevention measures within public organisations, and to draw attention to sometimes systematic deficiencies in anti-fraud practices within SBPs (National Audit Office, 2015[7]) (National Audit Office, 2020[27]) (Government Accountability Office, 2018[28]).

Public organisations responsible for SBPs can leverage audit findings to improve fraud detection. Given the volume of funds that governments channel through SBPs, these programmes are typically subject to regular scrutiny by both internal and external audit functions. To take full advantage of insights from audit bodies, public organisations can develop approaches for compiling and analysing pertinent data from audit reports, and thereby build institutional knowledge and target detection activities. This includes gaining insights from the fraud risks uncovered by the government entity responsible for the SBP in question, as well as data on how effective their controls have been at preventing and detecting fraud over time. The DWP enacted the measures outlined in Box ‎3.2 because of audit findings produced by the NAO in previous years. As a result, the Department has invested in data analytics tools to detect fraudulent activity. Crucially, analysis of audit data, along with data from other internal and external sources (detection tools, reporting mechanisms, media reports), allows managers to prioritise controls, improve detection measures and take corrective actions where necessary (Government Accountability Office, 2015[29]).

Another example from Australia shows how audit can help uncover deficiencies in control systems and fraud prevention measures. The Auditor-General of Western Australia commissioned an audit that involved the application of data analytics techniques to four million transactions made by twelve state entities, with a total value of approximately AUD 7.5 billion (Office of the Auditor General Western Australia, 2016[30]). The audit uncovered systemic weaknesses in some of the entities control systems, revealing cases of fraud, overpayments and error. As a result, the public organisations in question reviewed their internal controls and enacted changes based on the Auditor-General’s findings.

Information from the public can provide leads for public organisations on potential cases of fraud in SBPs. Although reports made via hotlines or online portals do not always result in the discovery of fraud, reports from the public can draw attention to certain cases that may otherwise go undetected. Strategies to promote reporting should be evidence-based to identify which reporting methods individuals consider convenient, to obtain information about the public’s understanding of fraud, and the circumstances under which they would be willing to report suspected fraud. Surveys of the public are one method of obtaining such information. Other methods are focus groups with individuals who have reported fraud in the past, or interviews of officials who have received reports from the public about alleged fraud. Public organisations may also provide trainings for staff about red flags for fraud that can help them identify when to report suspicious activity.

To facilitate reporting of fraud in SBPs, public organisations should consider the following actions:

• Putting in place multiple reporting channels, e.g., email, text, phone, post, online, or via an application;

• Designing communication campaigns to inform the public on how to report suspicions of fraud, as well as raising awareness about what constitutes fraud;

• The option of anonymous reporting to encourage those who are reluctant to disclose their identity. This may be particularly relevant in cases of SBP fraud, which is likely to be detected by people close to the perpetrator;

• Timely following-up and responding to complaints to reassure individuals that their report is being treated seriously;

• Putting in place a policy within public organisations to encourage reporting by employees. Such a policy should clearly outline what reporting procedures must be followed, as well as which investigative actions will be undertaken upon receipt of a complaint.

In many cases, fraud in SBPs appears to have no tangible or direct impact on others; the victims are taxpayers, but such types of fraud are often considered as victimless crimes that do not directly harm others. These perceptions are strengthened by the fact that perpetrators often use false identities. However, beyond the direct financial losses for taxpayers, fraud schemes can deprive other claimants of vital services, which can be particularly serious in the case of healthcare services. Public organisations that provide SBPs should ensure that communication materials and campaigns convey the message that these are not victimless crimes, and that individuals can make a difference if they report their suspicions.

In cases where an individual directly suffers as a result of fraud, they have an incentive to report it. Using tools that collect data on clients’ experiences can help detection, such as customer satisfaction surveys via email, text, post, or phone. In the private sector (such as the airline, hotel or banking industries), these surveys are often done automatically by a computer programme that contacts clients directly. Responses typically involve a rating out of 10 so the programme can add these numerical data to databases for automated analysis. Although such IT tools can be costly, they can optimise data collection and enable public organisations to reach a large number of claimants.

Following a fraud case in the United States involving faulty wheelchairs, several states have started surveying claimants to enquire about products or services provided by private companies. This information is compared to the data provided by the private providers to ensure that they had claimed the correct amount in rebates. A government entity in one state now sends surveys to claimants including photographs of wheelchairs and mobility scooters and asks them to circle the type they received. Investigators follow up on discrepancies by making on-site visits to verify the equipment (Department of Health and Human Services, 2008[31]).