Publication - Strategy/plan

Social Security Fraud: Code of Practice for Investigations

Published: 14 Feb 2020
Social Security Directorate
Part of:
Equality and rights, Law and order, Money and tax

Document setting out how Social Security Scotland will conduct investigations into benefit fraud and use the Social Security Assistance (Investigation of Offences) (Scotland) regulations 2020.

Social Security Fraud: Code of Practice for Investigations
Chapter 1

Chapter 1

Powers to Investigate and Safeguards

Social Security Offences

15. Sections 71 to 73 of the Social Security (Scotland) Act 2018 provides for three specific types of offences that may be committed – by both individuals and organisations. These are: Trying to obtain assistance by deceit (through providing false or misleading information);

  • Failing to notify a relevant change of circumstances without a reasonable excuse; and
  • Causing another person to fail to notify a change of circumstances.

16. Section 74 of the Act provides that individuals within an organisation can be held responsible for an offence committed by the organisation, where there is active involvement or neglect by a senior member of the organisation. The offences are those provided for by the Act under sections 71 – 73, and any that are introduced by regulations made under it.

17. Section 75 of the Act enables regulations to be laid before Parliament providing for the investigation of the offences created by sections 71-74, as well as new offences relating to obstruction and delay of investigations. These are the Social Security Assistance (Investigation of Offences) (Scotland) Regulations 2020.


18. The purpose of an investigation is to gather evidence to decide whether there are reasonable grounds to conclude that an offence has been committed, and by whom. In most cases where a suspicion has arisen, Counter Fraud Officers will need to gather evidence from a range of people and organisations to establish the facts.

19. Any investigation will be based on the principle that everything Counter Fraud Officers do must be proportionate. They will only carry out activities that are strictly necessary to collect enough information to help them decide whether an offence has been committed.

20. Counter Fraud Officers can only request information within the limits permitted by law. For example, they can only do so where it is necessary for the prevention and detection of crime and the request is linked directly to the investigation. They must also ensure all the information they receive is transferred and held securely and confidentially. Information can only be disclosed where it is lawful to do so and in accordance with the Data Protection Act 2018.

Evidence will be gathered in the least intrusive way appropriate. There are a number of ways this might be done:

Open Source

21. Depending on the type of information required, Counter Fraud Officers may be able to get what they need from open or public sources of information such as the electoral roll, Registers of Scotland or where appropriate, sources on the internet. This will only be done in accordance with the relevant guidelines on covert online activity. A record will be kept of all searches undertaken and these will always be carried out in a way that provides an audit trail.

Other Organisations

22. Social Security Scotland is recognised in the Data Protection Act 2018 (Schedule 7, paragraph (2)) as a 'competent authority' processing personal data in compliance with the law enforcement provisions under Part 3 of the Data Protection Act 2018 for the purpose of preventing, investigating, detecting or prosecuting criminal offences. Counter Fraud Officers may make requests to Data Controllers of other organisations to ask them to disclose information they hold where it will be used in connection with the prevention or detection of crime or the apprehension or prosecution of offenders.

23. The decision to release the information rests with the Data Controller who must satisfy themselves that there is a lawful basis to share requested information. Once released this information will be subject to the Law Enforcement Processing[10] provisions in Part 3 of the same Act.

24. Section 85 of the Act[11] and section 34 of the Scotland Act 2016[12] also allow Scottish public authorities, as well as DWP, to share some types of data with Social Security Scotland to help carry out its functions, including the investigation of possible offences.

Information-gathering powers under the Act

25. Counter Fraud Officers will always aim to get the information they need quickly and discreetly with the least inconvenience to those that have it. However, in defined circumstances, where it is not possible to get the information from open sources or other organisations, Social Security Scotland has powers to compel individuals and organisations to provide information.

26. The Social Security Assistance (Investigation of Offences) (Scotland) Regulations 2020 set out a process for authorising certain investigators (known as Authorised Officers) to use the powers requiring that information is provided by individuals and organisations, in defined circumstances. The authorisation process is an important safeguard against their misuse.

27. Justification for requiring any information will have to be clearly documented. It is intended that Authorised Officers will only use the powers where they have grounds to suspect that the information held is relevant to the investigation of the possible commission of an offence under section 71, 72, or 73 of the Act.

28. In practice this means where an Authorised Officer suspects:

  • a person has committed or is committing, a benefit offence;
  • a person has helped or is helping someone else to commit a benefit offence;
  • a person is being misrepresented as part of a benefit claim made on their behalf;
  • a fraudulent act against Social Security Scotland has been committed

29. The regulations also set out that where an Authorised Officer has reasonable grounds for suspecting that a body or person may have, or can access information relevant to any matter that may be investigated, they can by giving notice require that they that provide information.

30. The types of information and bodies from which information may be required will vary depending on the circumstances of the case and the nature of the benefit. Examples may include bank statements, employment information, customer account information, household utility bills or electronic information. Where the information required is held electronically, the regulations allow Authorised Officers to make arrangements to obtain electronic access and entitles them to make copies of, and to take extracts from those records.

31. While circumstances may dictate that information is required from a range of sources, the regulations excludes some bodies from the obligation to provide information. These exclusions serve as a protection for specific organisations assisting individuals in exercising their human right to social security, consistent with the principles of the Social Security (Scotland) Act 2018. Their ability to provide confidential advice is safeguarded.

32. Where an Authorised Officer is considering obtaining information using the information gathering powers provided under the Investigation of Offences Regulations, they will always have to consider the circumstances of the case and whether use of these powers is necessary and proportionate. For example, the officer will need to be able to show that the requirement to provide information is not speculative but is linked to the suspicion of a particular offence, and that the type of information required cannot be obtained from anywhere else. This will provide further assurance that these powers are not open to abuse.

Duty on Information Providers

33. Written information may be required from organisations or individuals. For example, this could include service providers, charities, employers, businesses, mail delivery companies, utilities or sole traders.

34. Authorised Officers should always approach information providers in writing, and the regulations set out what must be included in that notice. They should give clear instructions about what is needed, why and what the law says, even where they have already spoken with the information provider face-to-face.

35. Information must always be gathered with the right legal permissions, be relevant and be in proportion to the suspected offence. Officers should never ask for information unless it is needed. They should cause the least disruption possible, except where a particular course of action would put the investigation at risk.

36. Where a person or organisation has been asked by an Authorised Officer to supply information in terms of regulations made under section 75 of the Act, they will be required by law to comply with a request within a period specified in the notice. A minimum of ten working days should be allotted for the information to be provided.

37. If the person providing the information asks for more time, the Authorised Officer may agree to an extension of the deadline. This will depend on the kind of information that has been asked for, the urgency, and complexity of the investigation.

38. Information providers will be told about their legal obligation to provide information. They will always be given reasonable opportunity to supply the information. Where a failure to comply with a written request is considered obstruction of an investigation, it could be an offence under the regulations. On summary conviction, a penalty may be imposed in the form of a fine not exceeding level 3 on the standard scale (currently up to £1000).

39. Requests will involve asking for information about a person whose name will be given. If their full name is not known, as much information will be provided as possible to help the information provider identify who the request is about. Care will always be taken to avoid inadvertently requesting information about innocent third parties who are not under investigation. Information provided which was not requested will be referred to a manager to seek confirmation of retention before being retained as an archived item until close of the investigation.

40. If the detail provided by the Authorised Officer in their request for information is not specific enough to allow the information provider to confidently identify whom the request is about, this may be considered a valid reason for failure to provide the required information. No offence would be committed in these circumstances. However, the request can be repeated, adding or changing the personal details where further specific information becomes available. Information about other people within a family can be requested only where their circumstances are directly relevant to the benefit claim being investigated.

41. Information providers will only be required to provide information that they can reasonably be expected to hold and that they keep as part of their normal business. If the information is not held or is no longer available, the person from whom it is requested cannot be committing an offence. The regulations also underline that no person is required by a notice under regulation 4 to provide any information that incriminates, or tends to incriminate, either the person or the person's spouse or civil partner

42. Information should not be required which relates to communications between a client and legal adviser giving or seeking legal advice, and a person cannot be committing an offence by failing to supply it. If communications are about seeking or giving legal advice, the person holding them has no obligation to provide them.

43. It is likely that much of the private information gathered by the methods described in this code will be personal data. Where this is the case, the Data Protection Act 2018 will apply to the processing of that data until it is securely destroyed.


44. In some cases, Counter Fraud Officers may also need to interview witnesses. These could be employers, people who work with the person under investigation, family members, friends, and neighbours, others in the local community or other public officials. As part of their training, they will take account of the fact that it can be worrying and difficult for a witness giving evidence about someone they know.

45. Investigations will always be handled discreetly, recognising that the key purpose is to gather the information necessary to indicate whether an offence has occurred. A person will only be asked to provide assistance if it is believed they have information to progress that aim, but in a way that does not disclose sensitive information about the person being investigated.

46. Where witnesses are interviewed, a witness statement may be drafted and signed by the witness. The purpose will be made clear and that, in the event of the findings of the investigation leading to an appeal tribunal or being referred to the COPFS, the information they provide will be included.

47. While witness statements are given voluntarily, if someone does give a statement there will be a written record and they could be required to appear before the First-tier Tribunal or a Court if cited in a criminal prosecution at a later date.

Visiting Premises

48. In some circumstances, it may be necessary for an Authorised Officer to visit premises to make inquiries, question people or collect evidence. The regulations give Authorised Officers the ability to enter and search a premises either alone or accompanied, in certain circumstances. There is no right of entry. An Authorised Officer must request permission to enter from the person occupying the premises. If permission is given to enter, separate permission must be requested to search the premises. This should only be sought where the carrying out of a search is considered appropriate in relation to any of the matters that may be investigated under the officer's authorisation.

49. If the occupier refuses permission for either or both entry or search, the Authorised Officer is not entitled to enter and/or search. An Authorised Officer is not permitted to enter any premises which is a dwelling house, or any part of premises used solely as living accommodation, even if given permission to do so. Where premises are unoccupied, the permission of the owner will be required.

50. Permission will only be requested to enter and search at a reasonable time of day. Only investigators who have been authorised under the regulations will be able to conduct visits to premises. Where premises are entered, no person may be required to provide information which would tend to incriminate the person themselves or their spouse/civil partner, or which relates to communications between a client and legal adviser giving or seeking legal advice.

51. While in most cases prior notice will be given, there may be circumstances where this is not possible. If an un-notified visit is the most appropriate course of action, for example if there is a particular urgency with the investigation, the authorised officer will record their reasoning.

Covert Surveillance

52. Counter Fraud Officers may also seek an authorisation by the Chief Executive of Social Security Scotland to carry out directed surveillance in Scotland under the Regulation of Investigatory Powers (Scotland) Act (RIP(S)A) 2000[13]. This directed surveillance may encompass physical and/or online covert observation. There are a number of important safeguards to ensure a person is treated with dignity, fairness and respect, particularly because, by definition, covert surveillance means a person will not know it is happening.

53. RIP(S)A provides a regulatory framework, which ensures that the use of those powers is compliant with the European Convention on Human Rights (EHCR). Covert surveillance will only ever be carried out as a last resort and where it is necessary and proportionate to do so. This must be clearly demonstrated in a robust business case, where authorisation will be sought from the Chief Executive of the Agency. In addition, Social Security Scotland will be subject to independent oversight and regular inspection by the independent, judicially led Investigatory Powers Commissioner's Office.

54. RIP(S)A also sets out that authorised surveillance has to be part of a specific investigation or operation and all surveillance will be carried out in accordance with the relevant RIP(S)A code of practice[14]. It provides guidance on when an authorisation may be appropriate and the procedures that must be followed before and while the activity is taking place. It also sets out how information from surveillance should be treated, how it should be examined, retained, destroyed and how and when it can be disclosed.

Common Interest Investigations

55. In more serious or complex cases of fraud, for example multiple benefits or organised crime, it may be appropriate to investigate with other law enforcement agencies or with other public bodies to prevent wider fraud or make sure that all of the offences are prosecuted together. These may include bodies such as DWP, Her Majesty's Revenue and Customs (HMRC), Local Authorities, the Home Office or the Police. This may mean information gathered during an investigation will be shared between these organisations, but this will always be done in accordance with the relevant law.

56. Where Social Security Scotland engages in a Common Interest Investigation it will only do so on the basis that this done in accordance with the social security principles, the Charter and this Code. However, in circumstances where an investigation is led by the police, these will not apply to their activities.

57. All investigations will be undertaken in accordance with requirements set out in other relevant legislation. This includes the Criminal Procedure (Scotland) Act 1995, the Criminal Justice and Licensing (Scotland) Act 2010, the Criminal Justice (Scotland) Act 2016, the Regulation of Investigatory Powers Act 2000, the Regulation of Investigatory Powers (Scotland) Act 2000 ("RIP(S)A"), the DPA and the GDPR. All relevant Codes of Practice including this one should be followed. Investigations must also be carried out in a way which gives effect to the requirements of the ECHR, particularly Article 6 which is the right to a fair hearing and Article 8 which is the right to respect for private and family life. All relevant legislation is listed in the Annex to this document.