Social security: response to consultation on draft investigation of offences regulations

Annex of Relevant Legislation

83. As noted in the draft Code of Practice, any investigation into fraud is a law enforcement activity and is subject to a number of protocols and procedural codes normally associated with criminal investigations. Respondents were, in the main, broadly content that the legislation identified in Annex A of the draft Code of Practice was relevant and complete. However the Scottish Government agrees that the Proceeds of Crime Act 2002 is relevant and has amended the draft Code of Practice to reflect this. The Data Sharing Code of Practice that the Information Commissioner is obliged to produce under Section 121 of the DPA is also relevant and shall be added to the final Code of Practice before it is laid.

Content of the Code

84. While there was no overwhelming consensus from the consultation on whether the content of the draft Code of Practice for Investigations was appropriate, more respondents agreed with the content than disagreed. It was noted that the draft Code of Practice would be strengthened by explicitly uncoupling the link between fraud and error. As set out earlier in this response (paragraphs 71-72) the Scottish Government believes that this uncoupling is being achieved through the structure of the Social Security Scotland agency and the production of clear and distinct strategies for dealing with error and fraud.

85. Importantly, this is supported by the fact that the offences highlighted within the Act have been carefully framed to make sure that people who make genuine errors and mistakes will not be criminalised.

86. Although not specifically related to in the content of the draft Code of Practice, the impact of any stoppage of benefits was raised at this point in a consultation response by one respondent. The respondent noted the attendant impact upon individuals if benefits were stopped before a conclusion is reached as to whether or not fraud has occurred. The Scottish Government recognises that this is a complex issue and that the later benefits are stopped, the larger the overpayment which will potentially have accrued if it is decided that fraud appears to have occurred.

87. Where appropriate, a new determination of ongoing entitlement should be made as quickly as is reasonably practicable after sufficient evidence has been gathered to make findings of fact, and the individual has been given an opportunity to provide their own account of the circumstances. An individual's entitlement does not hinge upon whether an offence has been committed but on whether the criteria set out in relevant regulations continue to be met.

Code of Practice for Investigations

88. Section 76 of the Social Security (Scotland) Act 2018 places a duty upon the Scottish Ministers to publish a Code of Practice, keep it under review, and revise it from time to time. It was suggested that a strategy for that review should be published.

89. The Scottish Government is committed to doing this and will review the Code of Practice periodically in line with factors such as changes to legislation, operational policy or stakeholder feedback. However, a body of evidence must be available to inform that review. Investigations and prosecutions routinely take years to reach their conclusion therefore consideration will be given to be the most appropriate time to review the Code.

Investigation of Offences Regulations

90. One respondent commented that pressure may be put on legal aid budgets as a result of providing representation. The Scottish Government understands that Legal Aid Advice and Assistance are provided to a client, if requested, at any stage of a fraud investigation. As the majority of benefits that will be administered by Social Security Scotland are replacing an equivalent reserved benefit, the Scottish Government does not believe this will lead to significant additional representation being required. However, it will keep this under review and carefully consider any evidence that suggests otherwise.

91. A respondent to the consultation suggested that the proposals in relation to fraud are reactive rather than proactive and greater focus should be put upon the prevention of fraud as opposed to the investigation. The Scottish Government emphasises that the priority is to prevent fraud wherever possible. Social Security Scotland's approach to prevention is set out clearly in its Counter Fraud Strategy^[6]. However, the express purpose of both the Investigation of Offences Regulations and the accompanying draft Code of Practice is to set out the powers, and how the Scottish Ministers intend them to be used, where there is a suspicion that fraudulent activity may already have occurred.

Overarching Comments

92. The consultation offered respondents an opportunity to offer any final overarching comments that they wished to have noted at this stage. It was suggested that it would be beneficial to publish statistics upon the number of investigations undertaken and the proportions that result in either no action being taken or prosecution.

93. This along with continued engagement with stakeholders would assist in ensuring that fraud investigation policy remained aligned with the principles of dignity, fairness and respect and a rights based approach. The Scottish Government agrees that measurement of performance is key to creating a culture of openness and transparency and with this in mind, consideration is currently being given to what official statistics should be published.

94. One respondent noted that, as an executive agency of the Scottish Government, Social Security Scotland will be a 'competent authority' when processing personal data for the purpose of preventing, investigating, detecting or prosecuting a criminal offence. This will mean that it will be subject to the law enforcement provisions of the DPA, rather than the GDPR. The Scottish Government has taken account of this in the Code of Practice.

Data Protection

95. The Scottish Government appreciates the comprehensive response provided by Office of the Information Commissioner (ICO) in relation to the use of data in fraud investigations.

96. Although this was not referenced in the consultation document, a full Data Protection Impact Assessment (DPIA) of all fraud processes has been completed and the information provided by the ICO ensures this is compliant with all legislation including the General Data Protection Regulation and the Data Protection Act 2018.

Impact Assessments

97. As part of the consultation, respondents were asked to highlight any equality, business or regulatory impacts of both the draft regulations and draft Code of Practice that may require mitigation. The Scottish Government will take these into account in the development of its Equalities, Business and Regulatory Impact Assessments which will be published alongside the revised version of the Investigation of Offences Regulations and the final Code of Practice when they are laid in the Scottish Parliament later this year.