Design fraud and corruption resistant policies

Fraud and corruption risks can undermine the objectives of every Australian Government entity in all areas of their business, including policy-making, regulation, delivery of services and programs, and internal procedures.

Our Countering Fraud and Corruption by Design Toolkit helps Australian Government entities to effectively consider fraud and corruption risks when designing and implementing new government initiatives. It gives principles and tools they can use to help strengthen integrity.

Countering fraud and corruption in new government initiatives

The Australian Government’s legislative and policy framework requires entities to take all reasonable measures to prevent, detect and respond to fraud and corruption. This includes when designing and implementing new government policies, programs or projects.

Certain factors may lead to programs being at a high risk of fraud. These include:

• The need to deliver a program quickly, such as in response to emergencies – this can often make it difficult to put in robust up-front controls. Post-event assurance activity is integral to effectively managing payments in emergency management scenarios.
• The program is managed across different government portfolios, service providers and/or jurisdictions – this can lead to a lack of clear governance processes, oversight and accountability for risks and controls.
• The program requires someone to verify or authenticate their identity, particularly online – if not designed well, this can lead to identity fraud and significantly harm members of the Australian public.
• The program has low thresholds for verifying eligibility or evidence for payments – these programs are susceptible to common methods used by fraudsters, such as deception and fabrication. This can lead to systemic fraud.

Taking fraud and corruption into account in the development of policy and programs helps to prevent them from occurring before they cause harm.

Principles to follow

To counter fraud and corruption in new policy design, Australian Government entities should consider and apply the following principles:

• There will always be a risk of fraud and corruption in government programs, as there will always be people motivated by money or influence to act dishonestly.
• To fight fraud and corruption, we first need to find them. If you don’t identify the opportunities for fraud or corruption, you can’t protect your policy, program or initiative against it.
• The most cost-effective way to control fraud and corruption is always prevention.
• Fraud and corruption are ever changing. Entities must be agile to deal with these evolutions.
• There is no one solution to countering fraud and corruption. We need holistic approaches that combine influencing behaviours, primary prevention, early detection and responsive correction.

How to build risk management into new policy processes

There are steps you can take throughout the policy lifecycle to identify and minimise fraud and corruption risks.

Identify and assess fraud and corruption risks

Understand what the risks are. When officials have a clear and specific understanding of the fraud and corruption risks, they can make better decisions about how to manage those risks.

In collaboration with risk and/or fraud control experts, policy officials can use an Initial Fraud Risk Assessment to make a high-level assessment of the risks and potential impacts of a new policy, program or initiative.

Learn about conducting an Initial Fraud Impact Assessment.

Think like a fraudster

When people commit fraud they take on one or more 'personas'. By exploring these personas and how they operate, officials can better understand how their new policy might be vulnerable to fraud. This understanding will help them minimise opportunities for fraud and corruption across the policy lifecycle.

Learn about the different types of fraudsters.

Understand the Australian Policy Cycle

Fraudsters, programs and the outside environment continually adapt and evolve, and therefore vigilance is needed across a policy lifecycle.

Learn about managing fraud and corruption risk across the Policy Cycle in the Countering Fraud and Corruption by Design Toolkit.

Introduce controls

Poor policy design can lead to the creation of significant fraud vulnerabilities. While we can’t prevent all fraud, taking fraud into account when designing and implementing Commonwealth policies can help you put appropriate controls in place to frustrate most fraudulent actions and prevent systemic fraud.

The catalogue of common fraud controls contains 70 different types of fraud controls that can help Australian Government officials prevent, detect and respond effectively to fraud and corruption.

Learn about the key controls to consider up front when designing and implementing new initiatives in the Countering Fraud and Corruption by Design Toolkit. Key controls include:

• Establish governance arrangements up front and maintain accountability and oversight over processes, decision-making and program risks.
• Provide clear public communication to help prevent citizens and businesses falling victim to scams or slipping into non-compliance, while also deterring fraud and corruption.
• Include clauses about fraud, corruption and privacy in applications, disclaimers, deeds or contracts
• Have clear, specific and verifiable eligibility requirements outlined in legislation or policy, and implement systems and processes that only approve requests or claims that meet the requirements.
• Make sure the data your entity collects and maintains is as accurate and comprehensive as possible. This will assist in decision making, data analytics, and any necessary compliance and fraud investigations.
• Verify request or claim information provided by claimants with an independent and credible source.
• If sufficient evidence cannot be collected up-front, make sure processes are in place to collect it at a later date through post-event assurance or compliance activity.
• Be aware that controls can be breached and therefore it is important to have clear response protocols as part of fraud and corruption prevention, including being able to disrupt, contain, communicate and report incidents.
• Get advice from your entity’s governance/fraud/risk area or other fraud and corruption control experts regarding relevant fraud and corruption risks.