AFSA Fraud Control Plan 2022 – 2024

Chief Executive foreword

Fraud is criminal conduct that impacts on all Australians. It has the potential to seriously damage public confidence in the personal insolvency and the personal property securities (PPS) systems and AFSA’s reputation as the administrator and regulator of these systems.

AFSA continues to have a zero tolerance to fraud. We are committed to minimising fraud through the identification and management of fraud risks and the development, implementation and review of fraud prevention and detection strategies.

We are committed to maintaining confidence in Australia’s personal insolvency and PPS systems by being a firm and fair regulator and a world-class government service provider. Preventing, detecting and responding to fraud and corruption is an important part of meeting that commitment.

The Fraud Control Plan (FCP) outlines our approach to managing fraud and corruption risks and complies with the Commonwealth Fraud Control Framework. The FCP recognises the important fraud control role that is undertaken by everyone who works in AFSA. All AFSA staff and contractors must report all suspected cases of fraud or corruption. The FCP outlines how to report fraud and where to get further information, and how AFSA’s governance structure assists in reducing the risk of fraud.

The FCP is reviewed every two years and details staff fraud control responsibilities, our fraud preventions initiatives and controls, and AFSA’s detection and response strategies to fraud and corruption.

AFSA encourages all staff and stakeholders to engage with the ever-present risk of fraud and to report concerns, working with us to maintain confidence in the personal insolvency and PPS systems.

Tim Beresford

Chief Executive, Inspector-General in Bankruptcy and Registrar of Personal Property Securities

Introduction

We recognise that not all fraud and corruption risks can be avoided or prevented. This means that, despite AFSA’s best efforts with respect to monitoring and intelligence gathering activities, fraud is not easy to uncover early without help from others.

AFSA has a zero-tolerance attitude towards fraud. This means AFSA will:

  • promote awareness of fraud, corruption, and ethics to staff
  • assess and, where appropriate, investigate all allegations of fraud and corruption
  • recover losses caused by illegal activity through proceeds of crime and civil recovery processes
  • criminally prosecute where appropriate
  • apply appropriate civil, administrative, or disciplinary penalties including termination of employment.

Fraud defined

Fraud is defined in the Commonwealth Fraud Control Framework as “dishonestly obtaining a benefit or causing a loss by deception or other means”. 

Fraud can be committed by AFSA staff (internal fraud) or by people external to AFSA (external fraud). It may also be committed jointly between an employee and outside party. Offences of fraud against the Commonwealth may be prosecuted under several Commonwealth laws.

Fraud includes:

  • theft or misuse of information (including procurement information and personal records)
  • accounting fraud (e.g. false invoices, misappropriation)
  • misuse of credit cards (e.g. for private taxi trips)
  • unlawful use of property, equipment, material, or services (e.g. using an AFSA photocopier to print weekly sport club newsletters)
  • causing a loss, avoiding, or creating a liability
  • providing false or misleading information to the Commonwealth or failing to provide information where there is an obligation to do so
  • misuse of Commonwealth assets, equipment, or facilities, making or using false, forged, or falsified documents
  • wrongfully using Commonwealth information or intellectual property (e.g. providing AFSA templates or precedents to a friend who works for a private trustee)
  • release or use of misleading information for the purpose of deceiving, misleading or to hide wrongdoing.

For AFSA, the definition of fraud includes theft of, or damage to, property under the custody and control of AFSA as well as regulatory fraud. This latter category may be best understood in the AFSA context as dishonesty related to:

  • offences under the Bankruptcy Act 1966 by people who are bankrupt, debtors, creditors, registered trustees and their staff and other administrators the administration of the Personal Property Securities Act 2009.

Fraud can also constitute offences under the Criminal Code Act 1995 or the Crimes Act 1914 and, as noted above, can be perpetrated by staff (internal fraud) or those outside the organisation (external fraud), or by collusion of staff and outsiders. It can involve financial and non-financial incidents that impact on AFSA’s operations, delivery of services, collection of revenue, and undermine public confidence in AFSA, the personal insolvency system and the Personal Property Securities Register (PPSR).

Corruption defined

AFSA defines corruption as ‘dishonest or fraudulent conduct by a Commonwealth public official in the course of their duties to achieve some personal gain or advantage for themselves, or for another person or entity’. Typically, it can involve bribery or the transfer of some form of benefit in exchange for the dishonest conduct. 

Examples of corruption include:

  • abuse of position (e.g. provision of AFSA-held information to facilitate external fraud committed by others, biased decision making)
  • nepotism (e.g. favouritism towards friends or family members during a recruitment)
  • collusion for personal gain (e.g. failing to follow procurement processes, giving preferential treatment to a third-party provider to achieve a financial or personal advantage).

Non-compliance defined

Non-compliance is a broad term for any failure to comply with legal requirements. These requirements may be in the form of legislation, regulation, funding agreements, administrative rules, and licensing conditions. One example is the requirement for all APS employees to act in accordance with the APS Code of Conduct, which is set out in section 13 of the Public Service Act 1999.

This includes where parties try to comply but make mistakes (accidental non-compliance) or where parties exploit ambiguities or opportunities that are non-compliant (opportunistic non-compliance).

Unethical behaviour defined

The APS Values and Code of Conduct describe a work ethic expected of the public service that includes honesty, diligence, avoidance of conflict of interest, and proper use of information. Breaches of this code of conduct may involve unethical behaviour and AFSA has formal procedures for examining any potential breach.

Fraud and corruption risks

Managing and mitigating the threat of fraud and corruption is a significant focus of AFSA’s approach to risk management. By including fraud and corruption as one of AFSA’s key risks, we ensure that it is managed through structured and systematic processes. This risk is regularly considered by AFSA staff designated as being in key roles, including the ‘Risk Owner’, who make use of relevant information to inform decision making. We also regularly use opportunities to raise awareness and discussion through other risk management mechanisms, such as risk walkthroughs and staff information sessions. Further details of how this risk relates to AFSA’s enterprise risk management are described in Managing Risk at AFSA.

Regular assessments of fraud and corruption risks and implementing proportionate mitigation strategies are critical to preventing fraud and corruption from occurring, as outlined in the Public Governance Performance and Accountability Act 2013. AFSA conducts regular risk assessments and reviews to ensure we maintain appropriate systems of fraud and corruption risk management.

There are a range of internal and external factors that influence the level of fraud risk to AFSA. This includes external environmental drivers such as the state of the economy and internal drivers like unethical standards of employees.

External and internal fraud risks

AFSA’s ongoing fraud risk assessment measures deal with the business-as-usual operational issues, focusing on areas where opportunistic fraud that can occur including:

  • undeclared real or perceived conflicts of interest
  • corruption (e.g. bribery of AFSA staff)
  • exploitation of administration processes (e.g. official procurement processes and procedures not adhered to)
  • unauthorised access or misuse of AFSA systems and facilities
  • release of information including unauthorised access to systems and data.

Regulatory fraud risks

Regulatory fraud risks relate to AFSA’s regulatory work and threats to the operation of both the personal insolvency and personal property securities systems. These threats and risks are treated through AFSA’s Regulation Strategy and Regulation Compliance Framework.

Insider threat

Malicious insiders are staff or contractors who are self-motivated or may be targeted by external parties (e.g. organised crime) to take advantage of legitimate access to information, methodologies, technology assets and premises. This conduct can enable fraudulent behaviour.

Our control measures include pre-employment screening, requirements to declare conflicts of interest (real and perceived), security clearances and the sharing of intelligence information.

Fraud and corruption control framework

AFSA’s fraud and corruption framework is built around the basic principles of prevention, detection, response and evaluation. The framework includes a range of fraud control strategies which are designed to protect AFSA and its staff.

Prevention

Fraud prevention strategies include proactive measures designed to reduce the risk of fraud and corruption occurring by increasing fraud prevention awareness, encouraging reporting of suspected incidents, and ensuring the right mitigation controls are in place. To be effective, fraud prevention requires several interdependent control strategies including:

  • an effective fraud risk management approach
  • a robust ethical organisational culture that does not tolerate fraud
  • a strong awareness of fraud among staff and suppliers
  • an effective internal control framework.

Key components of AFSA’s fraud and corruption strategy are:

  • Compliance with relevant policies and procedures including:
    • development and implementation of the Fraud Control Plan
    • promotion and adherence to the APS Code of Conduct
    • conflict of interest and probity requirements for all relevant staff
    • an ethical behaviour and culture led by management
    • making compliance easier for users of our systems
  • Risk management including:
    • a sound fraud risk management
    • program design and preventative controls against fraud
    • robust systems of relevant controls with regular reviews and reporting
    • robust pre-employment screening
    • robust ICT security controls
  • Communications and training
    • a clear awareness amongst AFSA staff of what fraud is and how to report suspected instances of fraud, including an intranet page dedicated to fraud awareness
    • regular fraud awareness training and communication about updates and changes to fraud-related policies
    • making information available to all parties participating in the personal insolvency and personal property securities systems to ensure they understand their rights, obligations and responsibilities
    • media releases highlighting the consequences of committing dishonesty-related offences and contraventions of the Bankruptcy Act and PPS Act.

Detection

Despite AFSA’s best preventive strategies, not all fraud risks can be eliminated. Principle detection measures include:

  • training and support for staff to help them identify and report fraud and corruption
  • regular management reviews
  • quality assurance reviews
  • internal and external audits
  • fraud reporting mechanisms such as tip-offs and public interest disclosures (PID)
  • risk profiling
  • disclosures about changes in circumstances and external interests (security clearance holders)
  • sharing intelligence with and collaborating across government
  • analysis of fraud referrals to identify trends

Response

Any alleged fraudulent or corrupt behaviour that is reported to or detected by AFSA will handled appropriately, including:

  • assessing all allegations to determine an appropriate response
  • when an investigation is deemed appropriate, undertaking investigations in accordance with the Australian Government Investigations Standards (AGIS)
  • pursuing disciplinary, administrative, civil, or criminal actions as appropriate
  • pursuing recovery of fraudulently or criminally obtained benefits where appropriate
  • referring to the Australian Federal Police (AFP) or other law enforcement agency as appropriate

Evaluation

AFSA’s monitoring, evaluating, and reporting includes:

  • review of fraud management practices
  • review of the FCP
  • strategic and annual internal audit plans
  • reporting to external parties as required.

Monitoring, evaluating, and reporting fraud

This includes:

  • ongoing monitoring of all controls, coupled with an as-needs-be adjustment of specific controls to meet new or emerging circumstances
  • continual improvement of fraud and corruption control processes and systems.

All strategies are reviewed on a regular basis to ensure approaches remain appropriate, cost effective and proportionate to relevant risks.

Reporting fraud and corruption

Awareness and culture

All new AFSA staff, including contractors, consultants and secondees must complete fraud awareness training as part of the induction program and annually thereafter. AFSA also maintains regular communications targeted at promoting fraud awareness and an ethical organisational culture that supports reporting.

Fraud reporting mechanisms

Suspected fraud related to AFSA can be reported in one of the following ways:

  • Submitting an anonymous tip-off via the AFSA website
  • mailing a cross-agency team who provide line of sight relating to alleged staff misconduct to ensure consideration and action, where appropriate, integrityteam [at] afsa.gov.au 
  • completing the alleged offence referral form in relation to allegations relating to the Bankruptcy Act
  • completing the PPSR misuse form in relation to allegations relating to the Personal Property Securities Act
  • Posting a letter to GPO Box 548 Sydney NSW 2001
  • emailing to enforcement [at] afsa.gov.au
  • phoning 1300 364 785 and asking to speak to AFSA Enforcement
  • for current and former AFSA employees in relation to the Public Interest disclosure scheme (PID – see below), emailing pid [at] afsa.gov.au
  • contacting the Australian Public Service Commissioner
  • making an online complaint to the Commonwealth Ombudsman
  • for current AFSA staff:
    • discussing it with your manager
    • submitting an Fraud Incident Report from AFSA’s intranet submitted to the National Manager, Enforcement and Practitioner Supervision

When making a report of suspected fraud, you are encouraged to include the following information:

  • information about the AFSA employee, contractor and/or contractor or relevant area that you suspect is involved in fraud. Include as much detail as you can.
  • details of the alleged fraud including how, when and where it occurred.
  • your contact details (optional).

Public interest disclosure (PID)

PIDs can be made orally or in writing:

  • by an employee to their supervisor
  • to an Authorised Officer
  • to pid [at] afsa.gov.au.

For more information, please refer to AFSA’s public interest disclosure procedures.

Management of reports

AFSA maintains appropriate systems to securely store, record, report and analyse allegations of fraud to ensure appropriate response and satisfactory resolution. All reported allegations are recorded and documented in accordance with Commonwealth requirements.

Privacy

AFSA ensures the confidentiality of the information received from anyone wishing to report a suspected case of fraud. All reports are managed in accordance with AFSA’s Privacy Policy and the Privacy Act 1988 (Cth). Any personal (and other) information provided to AFSA when reporting suspected fraud is collected and used only for the purpose of investigating, and responding to, reported fraud allegations.

Where the report may be more appropriately considered by another agency or organisation, we may disclose this information (including your personal information) to that agency or organisation. This includes a federal, state/territory agency, department, or authority, and federal or state/territory Minister as relevant.

ASFA fraud reports

Regular reporting is an important part of effective governance and assurance. The following internal and external reporting occurs:

  • quarterly to the AFSA Audit and Risk Committee
  • quarterly reports to the AFSA Management Board on the Enterprise Risk of fraud and/or corruption
  • annually to the Australian Institute of Criminology
  • as required to the Commonwealth Ombudsman in accordance with the requirements of the Public Interest Disclosure Scheme.

Key responsibilities for fraud and corruption control

All AFSA staff should understand what constitutes fraud and what to do if they suspect fraudulent activity. All AFSA staff are expected to comply with legislative requirements and internal policies, behave in accordance with the APS Values and Code of Conduct, and identify and report fraud and corruption risks.

SES employees also have an additional responsibility to demonstrate strong leadership by fostering and supporting a culture of integrity, awareness, and reporting. Fraud awareness and prevention training is included as part of the induction package for all new staff, with annual refresher training for existing staff.

The following bodies and positions have key roles:

  • Chief Executive – as the accountable authority is responsible for taking all reasonable measures to prevent, detect and deal with fraud relating to AFSA.
  • AFSA Management Board – monitors the conduct of fraud risk assessments and the maintenance of fraud risk registers in each division
  • AFSA’s Audit and Risk Committee – reviews and provides independent advice about AFSA’s fraud risk management arrangements
  • AFSA’s Integrity Team which ensure consideration and action, where appropriate in relation to alleged staff misconduct,
  • the risk owner and critical control owners – for the AFSA Enterprise Risk of fraud and/or corruption
  • National Manager, Enforcement and Practitioner Supervision – co-ordinates the implementation of the Fraud Control Plan
  • Senior Executives – provide strong leadership and foster and support a culture of awareness and reporting
  • Executive Level staff – ensure risk management is applied in the operation of their respective divisions and teams
  • all AFSA staff and contractors – identify and report fraud and corruption risks which are likely to impact AFSA and/or the personal insolvency and personal property securities systems and ensure related policies and procedures are adhered to.

Monitoring and review

AFSA’s Fraud and Corruption Control Plan is a strategic document which is reviewed and updated every two years.