ANTI-BRIBERY POLICY AND ANTI-FRAUD POLICY AND RESPONSE PLAN

Transcription

1 University for the Creative Arts Financial Regulations: Appendix K ANTI-BRIBERY POLICY AND ANTI-FRAUD POLICY AND RESPONSE PLAN INDEX 1. Introduction 2. Definitions 3. Culture 4. Responsibilities and Reporting a Potential Bribery or Fraud 5. Notifying the Funding Body and Other External Parties 6. Recording of the Incident Annex 1 Extract from the HEFCE Audit Code of Practice Annex 2 Key features of the Bribery Act 2010 Appendix 1 Bribery and Fraud Response Plan Update Approval: November 2014 Board of Governors

2 APPENDIX K ANTI-BRIBERY POLICY AND ANTI-FRAUD POLICY AND RESPONSE PLAN 1 INTRODUCTION 1.1. The University is committed to an effective anti-bribery, anti-fraud and corruption strategy designed to encourage prevention, promote detection and clarify responses through a defined plan which incorporates investigatory action The main responsibility for preventing and detecting fraud lies with management Fraud is an ever present threat to resources and hence must be a concern to all members of staff. As such all staff have a responsibility to raise any concerns that they have in relation to fraud and bribery that involves the University in any way at all Fraud may occur internally or externally and may be perpetrated by staff, students, suppliers, consultants or University partners, individually or in collusion with others. 2. DEFINITIONS The Bribery Act 2010 makes it a criminal offence to give, promise or offer a bribe or to request, agree to receive or accept a bribe in the UK or abroad. There is also a separate criminal offence to bribe a foreign public official. Key features of the Bribery Act 2010 are set out in Annex 2 of this policy. Bribery is the offer, promise, giving, demanding or acceptance of an advantage as an inducement for an action which is illegal, unethical or a breach of trust. The Fraud Act 2006 sets out three different ways of committing fraud: By false representation; this includes making a gain for themselves or another and causing a loss to another or to expose another to a risk of loss. A representation can be stated by words or conduct and is defined as false if it is untrue or misleading and the person making it knows that it is, or might be, untrue or misleading.

3 By failing to disclose information; and By abuse of position. For the purposes of this policy, fraud is taken to include, but is not limited to: Theft of money and other University assets (eg laptops, intellectual property, etc) Inappropriate use of University resources for personal benefit Bribery and corruption 3 CULTURE 3.1 The University expects all students and members of staff to act with integrity and lead by example by ensuring adherence to policies and procedures and that all practices are beyond reproach. The University is determined that the culture of the organisation is one of honesty and opposition to bribery, fraud and corruption. 3.2 The University also expects individuals and organisations that it comes into contact with will act towards the University with integrity. The University recognises that certain cultures around the world may view business practises differently, staff who work overseas must risk assess the vulnerability of the University to these practises. 3.3 The University has a high degree of external appraisal of its affairs by a variety of bodies and needs to act in all matters with probity and propriety. 3.4 All students and staff are encouraged to raise concerns. Staff are encouraged to read this policy and to review the three papers in the document store on the intranet site Docshare What is Bribery?, What is Fraud? and What to do if you suspect bribery or fraud 4 RESPONSIBILITIES AND REPORTING A POTENTIAL BRIBERY OR FRAUD 4.1 Irrespective of the amount involved, the Financial Regulations require all members of staff and the Board of Governors to notify the Director of Finance immediately, whenever any matter arises which involves, or is thought to involve irregularity, including bribery, fraud, corruption or any other impropriety. If the Director of Finance is unavailable or is himself suspected of irregularity, all references to the Director of Finance shall instead be made to the Deputy Vice-Chancellor (Corporate Resources). If both the Director of Finance and the Deputy Vice-Chancellor (Corporate Resources) are unavailable or under suspicion, an approach should be made to the Chair of the Audit and Risk Committee, via the University Secretary and Clerk.

4 4.2 The University in its Financial Procedures has suitable guidance, procedures and controls to safeguard itself against bribery, fraud and theft. 4.3 The University communicates its Anti-Bribery and Anti-Fraud Policy through the document store on the intranet site Docshare. 4.4 Suspicion of bribery, fraud or irregularity may be captured through a number of means including the following: Requirement on all personnel to immediately notify the Director of Finance whenever any matter arises which involves, or is thought to involve, irregularities concerning, inter alia, cash, stores, or property of the University. Public interest disclosure procedure (whistleblower s charter). Planned audit work. Operation of proper procedures. 4.5 The Director of Finance will prepare an annual report to the Audit and Risk Committee on bribery, fraud and theft. 4.6 The University, on suspicion of fraud or bribery, will carry out a rigorous, independent and prompt investigation in accordance with the Bribery and Fraud Response Plan which defines authority levels, responsibilities for action and reporting lines in the event of a suspected bribery, fraud or irregularity and is detailed in Appendix A. The Director of Finance will inform the Deputy Vice-Chancellor (Corporate Resources) of the incident in order that he may notify the HEFCE Chief Executive and other agencies as required: see section 5 below. 4.7 The University may take disciplinary action in accordance with its Disciplinary Policy and Procedure, against managers and supervisors where their failures have contributed to the commission of the bribery or fraud. 4.8 All managers have day to day responsibility for the prevention and detection of bribery and fraud and are responsible for: Identifying the risks on an on-going basis to which systems, operations and procedures are exposed; Developing and maintaining effective controls to prevent and detect bribery and fraud; and Ensuring that controls are complied with.

5 4.9 Internal Audit, through the University Secretary and Clerk, is available to offer advice and assistance on control issues All staff are responsible for acting with propriety in the use of the University s resources. 5 NOTIFYING THE FUNDING COUNCIL AND OTHER EXTERNAL PARTIES 5.1 The circumstances in which the University must inform the HEFCE about actual or suspected frauds are detailed in the HEFCE s Audit Code of Practice (an extract is included in Annex 1 below). The Deputy Vice-Chancellor (Corporate Resources) is responsible for informing the Chief Executive of HEFCE of any such incidents. 5.2 Depending on the nature of the irregularity there may be a need to notify other external parties, e.g. external auditors, Health and Safety Executive. The Deputy Vice- Chancellor (Corporate Resources) is responsible for informing relevant external parties of the incident. A press statement will be prepared in case the fraud or bribery becomes public knowledge and will be released if necessary by the Deputy Vice-Chancellor (Corporate Resources). 5.3 The Director of Finance will inform the police if a potential criminal offence has occurred. 6 RECORDING OF THE INCIDENT 6.1 Any incident matching the criteria in the HEFCE s Audit Code of Practice (as in paragraph 5.5 above) shall be reported without delay by the Deputy Vice-Chancellor (Corporate Resources) to the Vice-Chancellor and the Chairs of the Governing Body, the Audit and Risk Committee and the Employment & Finance Committee, having due regard to any ongoing criminal investigation. 6.2 Any variation from the approved Bribery and Fraud Response Plan, together with reasons for the variation, shall be reported promptly to the Chairs of both the Board of Governors and the Audit and Risk Committee. 6.3 On completion of an investigation, a written report shall be submitted to the Audit and Risk Committee and the Chair of the Board of Governors containing: a description of the incident, including the quantification of any monetary and

6 reputational loss, the people involved, and the means of perpetrating the bribe or fraud, progress with recovery action, disciplinary and criminal action; the measures taken to prevent a recurrence; and any action and timescale needed to strengthen future responses to bribery or fraud, with a follow-up report on whether or not the actions have been taken. 7 REFERENCES FOR EMPLOYEES DISCIPLINED OR PROSECUTED FOR BRIBERY OR FRAUD Any request for a reference for a member of staff who has been disciplined or prosecuted for bribery or fraud shall be referred to the Director of Human Resources. The Director of Human Resources shall prepare any answer to a request for a reference having regard to employment law. 8 REVIEW OF BRIBERY AND FRAUD RESPONSE PLAN This plan will be reviewed for fitness of purpose at least annually or after each use. Any need for change will be reported to the Audit and Risk Committee for approval. Approved by the Board of Governors : 26 November 2013 Revised for the Board of Governors: 26 November 2014 Next review September 2017

7 APPENDIX A BRIBERY AND FRAUD RESPONSE PLAN 1 PURPOSE The purpose of this Plan is to define authority levels, responsibilities for action and reporting lines in the event of a suspected bribery, fraud or irregularity. 2 INITIATING ACTION AND FORM ATION OF A P ROJECT GROUP 2.1 All actual or suspected incidents should be reported without delay to the Director of Finance, who will, in turn, inform the Vice-Chancellor as soon as practical. The Director of Finance will conduct an initial assessment of the allegation and within 2 working days from the date of notification, if appropriate, hold a meeting of the following Project Group to decide on the initial response: Director of Finance (Chair) Assistant Director of Finance Director of Human Resources Substitutions or additions (e.g. IT Manager, Health and Safety Manager) to the membership can be made by the Chair as seen necessary. 2.2 Depending on the nature of the case and outcome of the initial assessment by the Director of Finance, the police may be contacted at this stage and any further action taken by the University will be made with full regard to a potential criminal investigation. 2.3 The Project Group has a duty of care towards all persons involved in the incident, including: the accused, witnesses and the Investigator. This includes safeguarding the right of the people involved in the incident, to a thorough, objective, fair and expeditious investigation. An Internal Investigator must be provided with the necessary and timely support by the Project Group. 2.4 The Chair will brief the Project Group of its purpose to: i. assign responsibility for investigating the incident, establish circumstances in which external specialists should be involved and keep all personnel with a need to know suitably informed about the incident and the University s response; ii. iii. prevent further loss or irregularity, which may require the suspension of staff in accordance with the University s Disciplinary Policy and Procedure: timing must be considered to prevent the suspects from removing or destroying evidence; ensure the security of the University and evidence by supervising the departure of

8 suspects from University premises and by obtaining advice on the best means of preventing further access to premises and to IT systems; iv. establish and secure evidence necessary for recommendations in respect of criminal and disciplinary action and establish lines of communication with the police; v. be familiar with the University s Disciplinary Policy and Procedure so that appropriate evidence requirements are obtained during the investigation; vi. vii. viii. ix. review the reasons for the incident, the measures taken to prevent a recurrence, and any action needed to strengthen future responses to bribery or fraud to prevent further loss both monetary and reputational; recover monetary losses. Where these are substantial, legal advice should be obtained to see if the suspect s assets can be frozen and losses recovered through the civil court; advise the Director of Human Resources if they are not part of the Project Group of the outcome of the investigation, if applicable, in order that they may, if necessary, initiate the Disciplinary Procedure and/or deal with requests for references for employees disciplined or prosecuted for bribery or fraud; receive reports from the Director of Human Resources in respect of any disciplinary action taken; x. maintain regular contact with the police if appropriate; xi. xii. xiii. record instances where personal data is supplied to third parties e.g. to police, or the Investigator; recommend a reasonable timetable for carrying out the investigation, including the timetabling for reporting to the Leadership Team; prepare a report in accordance with the Anti-Bribery and Anti-Fraud Policy: a. a description of the incident, including the quantification of any monetary and reputational loss, the people involved, and the means of perpetrating the bribe or fraud, progress with recovery action, disciplinary and criminal action; b. the measures taken to prevent a recurrence; c. any action and timescale needed to strengthen future responses to bribery or fraud, with a follow-up report on whether or not the actions have been taken. 2.5 The Project Group will decide whether to appoint an investigator or decide that no further

9 action is taken. A formal note will be made and retained of the decision reached by the Project Group. The decision by the Project Group to initiate an investigation by Internal Audit shall constitute authority to Internal Audit to use time provided in the Internal Audit plan for Special Investigations, or contingency time, or to switch Internal Audit resources from planned audits. The Investigator(s) internal or external should be appointed without delay. 2.6 Unless the Project Group believes the investigation will be compromised, they will inform the accused and witnesses that an investigation is being carried out and provide them with the names and contact details of the Investigator(s). 3 APPOINTMENT OF AN INVESTIGATOR 3.1 The Project Group will determine whether to appoint an internal or external investigator or both with regard to the following criteria. 3.2 The Investigator must be fully independent and free from conflicts of interest. 3.3 The Investigator will be experienced in the conduct of investigations. Where an Internal Investigator is appointed, they will be provided with necessary and timely support by the Project Group. Where there is doubt that the University has a member of staff with the appropriate skills to be an Internal Investigator then an external agency must be engaged. 3.4 Where criminal proceedings are a possible outcome the Investigator must be familiar with and follow the rules on the admissibility of documentary and other evidence. 3.5 The Chair of the Project Group will brief the Investigator on the University s anti-bribery and anti-fraud policies and procedures, the nature of the role, the investigation file and the role of any external specialist agency. The Chair will be the point of contact with the Investigator or the external specialist agency although the Investigator will, on request, be required to attend Project Group meetings. 4 ROLE OF THE INVESTIGATOR, THE CONDUCT OF THE INVESTIGATION AND REPORTING REQUIREMENTS 4.1 An Investigator must be familiarise themselves with the Anti-Bribery and Anti-Fraud policy before they commence the investigation and if they believe they will not be independent or free from conflicts of interest or do not believe they have the necessary skills to carry out the investigation then they must decline the appointment.

10 4.2 The Investigator is required to thoroughly investigate the allegations in a timely manner. The Project Group will agree a timetable of reporting with the Investigator. 4.3 The Investigator will familiarise themselves with the University s Disciplinary Policy and Procedure and will follow the Formal Procedure in Section B of the Disciplinary Procedure assuming the authority to interview the accused in place of a line manager or another member of management. 4.4 The Project Group and any appointed Investigator has the authority to require any member of staff for access to documentation and systems if they suspect it will aid the investigation and may have provided the opportunity to misappropriate University assets or commit bribery. The Project Group and the investigator must keep data secure and only retain data necessary for the investigation in accordance with the University s Data Protection and Information Security Policies. Any decision taken to release personal data to third parties must be recorded as part of the audit trail. 4.5 The Investigator will decide whether there is a need to recover data from IT systems and will contact the appropriate IT System Administrator or the external party who provides the software. The University Secretary and Clerk will maintain a list of the University s external support contacts for its IT systems. 4.6 The Investigator will be required to establish the facts of the case by: gathering written and electronic evidence, carrying out interviews with the accused and witnesses as appropriate. The Investigator should have a written record of interviews and must ask the interviewee to confirm that the record is accurate by signing the record. It is essential that the Investigator is thorough when doing this to enable an accurate conclusion to be reached. 4.7 The evidence may be required in a disciplinary hearing or in a court case so the Investigator must ensure that evidence obtained must be admissible including for example recording when and where the evidence was obtained. 4.8 If the accused admits carrying out a criminal act, the Investigator must record the confession and ask the accused to sign it: if the accused refuses, this must be recorded. The Chair of the Project Group and the police must be informed without delay of the confession. 4.9 The Investigator will report on the evidence, citing corroboration or differences in the information discovered. The final written report will include: a description of the investigation, a record of the evidence reviewed and the interviews that have taken place. The report should state how a conclusion was reached The Investigator will quantify, as far as they are able, the losses incurred by the University. If the Investigator is unable to quantify the losses they should seek advice

11 from the Director of Finance Findings of the Investigator will remain confidential to the Project Group, the Disciplinary hearing, the Leadership Team, Audit and Risk Committee and the Board of Governors. The Investigator may disclose information to a statutory body for example the Health & Safety executive or the police if in their judgment the body should be informed and this has not been done by the Deputy Vice-Chancellor (Corporate Resources) or the Director of Finance The Project Group may decide to appoint an external specialist agency to support the work carried out by an Internal Investigator, in this instance the External Specialist Agent will direct the work of the Internal Investigator.

12 Annex 1 Extract from the HEFCE Audit Code of Practice (commences at point 14) 14. In the event of any material adverse change in an institution s circumstances such as a significant and immediate threat to the HEI s financial position, significant fraud or major accounting breakdown the Accountable Officer must inform, without delay, all of the following: the chair of the HEI s audit committee the chair of the HEI s governing body the HEI s head of internal audit the external auditor the HEFCE Chief Executive. 15. On receiving any such notification, the Chief Executive will discuss what response to make with the HEI s governing body or Accountable Officer, including any action to be taken. If a matter requiring report is discovered by external or internal auditors in the normal course of their work and the Accountable Officer refuses to make a report, the auditors must report directly to all of the following: the chair of the HEI s audit committee the chair of the HEI s governing body the HEFCE Chief Executive. This is to ensure that the HEI has taken appropriate action. 16. Below, we provide an indicative list of what should be reported to HEFCE. The Accountable Officer, in agreement with the governing body, or in urgent cases the chair, may judge that there are other circumstances that warrant notification: any financial loss or reduction in income or working capital which is significant enough in the Accountable Officer s judgement to materially impact on the financial outturn or the cash position; any new decision to invest or expend funds which in the Accountable Officer s judgement will have a material impact on the forecast position as reported to HEFCE in the most recent annual accountability exercise; any new or changed risks which in the Accountable Officer s judgement are significant enough to affect the institution s future sustainability; any theft, fraud, loss of charity assets or other irregularity where the sums of money involved are, or potentially are:

13 in excess of 25,000 (this figure aligns with reporting requirements for charities and we will keep it under review and notify changes through our annual accounts direction); or where the particulars of the fraud, theft, loss of charity assets or other irregularity may reveal a systemic weakness of concern beyond the institution, or are novel, unusual or complex; or where there is likely to be public interest because of the nature of the fraud, theft, loss of charity assets or other irregularity, or the people involved. 17. There may be cases of fraud, theft, loss of charity assets or other impropriety or irregularity, that fall outside this definition. In these cases or any others, HEIs can seek advice or clarification from the HEFCEAS. In view of the public interest, HEIs should normally notify the police of suspected or actual fraud. Where the police are not notified, management should advise the institution s audit committee of the reason.

14 Annex 2 KEY FEATURES OF THE Bribery Act 2010 It is a criminal offence to give, promise or offer a bribe in the UK or abroad It is a criminal offence to request, agree to receive or accept a bribe in the UK or abroad It is a separate criminal offence to bribe a foreign public official which does not require evidence of improper performance (to ensure full compliance with the OECD Convention) It is immaterial whether an offence is committed in the UK or abroad. If abroad, the law will be applied to all British citizens, UK companies and businesses, non-uk companies and businesses with a presence in the UK and anyone resident in the UK It is a corporate offence to fail to prevent bribery by persons working on behalf of but necessarily employed by a business Sentences are up to 10 years imprisonment and/or unlimited fines. Corporate offences may incur an unlimited fine and potential prosecution or civil recovery against those deemed negligent There is no de minimums limit on the value of the bribe Lack of knowledge or consent by senior officers will not be a defence for commercial organisations A senior officer will also be guilty of the same offence if it was committed with that person s consent A defence to the corporate failure offence exists if it can be shown adequate procedures were in place The burden of proof rests with the organisation Procedures will need to be evidenced in practice The involvement of the organisation s top management in the failure will be taken into account when assessing the adequacy of the procedures in place.