How Fraudsters Have Abused UK's Pandemic Relief Efforts

By Cameron Brown and Kabir Sondhi
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Corporate Crime & Compliance UK newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!



Law360 (May 19, 2021, 6:42 PM EDT )
Cameron Brown
Kabir Sondhi
Just over a year into the COVID-19 pandemic in the U.K., its deleterious economic and financial effects are coming into ever sharper focus.

One of the most significant issues hitting the headlines has been the apparent proliferation of frauds taking place against the backdrop of the pandemic. Indeed, the National Cyber Security Centre recently reported that it had taken down more scams in the last year than in the previous three years combined — a massive fifteenfold increase.[1]

The U.K. action fraud team has stated that £34.5 million has been stolen in such scams since March 1, 2020.[2] This is not simply a case of frauds being more discoverable in times of economic hardship. Rather, the pandemic has provided new and unprecedented opportunities for fraud to take place — opportunities of which fraudsters appear to have readily taken advantage.

Types of Fraud

There have been reports[3] of widespread and flagrant abuse of the emergency financial measures brought in by the government in order to assist the U.K. public and businesses through the pandemic.

These measures, rushed in to assist those left in dire financial straits when the various restrictions and lockdowns prevented normal work and trade, sacrificed rigorous vetting when assessing loans in favor of speed of completion.

In addition, changes in people's behavior and habits caused by the pandemic have also given rise to further opportunities for fraud to take place.

Lastly, there are also concerns with regard to potential abuse of funds under public contracts as the government scrabbled to secure sufficient healthcare and other pandemic-related resources.[4]

Frauds Exploiting Coronavirus Assistance Measures

Coronavirus Job Retention Scheme


The Coronavirus Job Retention Scheme, or furlough scheme, was set up by the government in order, essentially, to preserve jobs and businesses.

The scheme operated by providing up to 80% of a worker's wages where the worker was temporarily not working, or working reduced hours, and had agreed to be furloughed. The aim of the scheme was laudable — to prevent mass job losses as businesses sought to protect themselves from the slump in income caused by the pandemic by laying off staff.

A related scheme for self-employed workers — Self-Employment Income Support Scheme, now withdrawn — gave payments to those whose businesses had been adversely affected by the pandemic. To date, more than £61 billion has been claimed through the CJRS, supporting some 11.5 million furloughed jobs.

It is easy to see how frauds can, and have been, perpetrated against this scheme, and high profile examples of furlough frauds have already hit the criminal justice system.[5]

The first type is perhaps the most obvious — those where a business claims furlough pay for employees who were no longer or had never been on their books.

Less easy to prove will be those frauds involving allegations that a business had not been adversely affected by the pandemic in a meaningful sense, and those where a business claims furlough pay for workers who were in fact working full hours or more hours than they declared, thereby enriching the business by having the government pay the wages that it should be paying to its employees.

It may well be that such fraud will be difficult to detect and prosecute, particularly when the furloughed worker is complicit in the abuse of the scheme.

Coronavirus Business Interruption Loan Scheme and Coronavirus Large Business Interruption Loan Scheme

The Coronavirus Business Interruption Loan Scheme,[6] now withdrawn, allowed businesses with an annual turnover of no more than £45 million to borrow up to £5 million interest-free for 12 months under a British Business Bank scheme.

The government provided the lender with an 80% guarantee for each loan and covered the cost of the first 12 months interest. The business had to be based in the U.K. and have an annual turnover up to £45 million. Applicant businesses needed to prove that they would be viable but for the pandemic and that the business had been adversely impacted by the coronavirus.

A similar scheme existed for large businesses — the Coronavirus Large Business Interruption Loan Scheme,[7] now withdrawn, which allowed businesses with an annual turnover between £45 million and £250 million to borrow up to £25 million from a commercial bank, with the government guaranteeing 80% of the finance to the lender. Businesses with a turnover greater than £250 million could borrow up to £50 million.

The potential frauds against these schemes are clearly of a different scale of magnitude — and would likely involve a greater degree of complexity — than frauds against other coronavirus assistance measures.

Given the large amounts of money involved, and the hoops through which businesses had to jump to secure a Coronavirus Large Business Interruption Loan Scheme, it is less likely that frauds have taken place against these schemes.

However, it may well be that any such frauds will only become apparent if businesses start to default on these loans. Such defaults will inevitably lead to an analysis of the honesty of representations made by the businesses when they applied for the loans in the first place and, again, may be difficult to prosecute.

Given the potential high value and commercial complexity of any such frauds, such cases may well fall within the remit of the Serious Fraud Office for investigation and prosecution.

Bounce Back Loans

The coronavirus scheme perhaps most vulnerable to fraud has been the Bounce Back Loan Scheme,[8] now withdrawn. The scheme was introduced as a direct result of criticisms of the Coronavirus Large Business Interruption Loan Scheme, which was not getting money to the smaller businesses that needed it quickly and, at only 80% guarantee, was not providing a sufficient level of comfort for businesses in financial trouble.

On April 27, 2020, the government announced the Bounce Back Loan Scheme as a fast-track scheme for small businesses, allowing them to apply to lenders for a loan worth up to 25% of their turnover, up to a maximum of £50,000, guaranteed 100% by the government, with no repayments within 12 months and with the government covering the first 12 months of fees and interest.

Access to the requested sums was intended to be granted within a very short period of time — the government said, at the time, that the loans should be with the business within 24 hours of approval. Application was by a short, standardized online form to a lender, with only a self-certification/declaration of eligibility required.

The accelerated nature of the scheme, involving the removal of credit checks, meant that lenders did not go into detail about the provenance of the claims, leading to a high risk of fraudulent claims for loans including misrepresentations in the application, identity theft and the use of shell companies as fake businesses in need of the money.

The National Investigation Service[9] and the police appear to have taken on the mantle of investigating offenses of fraud against the Bounce Back Loan Scheme, although other agencies may become involved depending on the size of any fraud. Given the potentially limited value of each instance, it is likely that any prosecutions arising would be undertaken by the Crown Prosecution Service.

Lenders

As can be seen from the above, while coronavirus assistance measures were put in place by the government, they relied heavily on private lenders to actually provide the money which the government was guaranteeing.

While fraud against the coronavirus schemes would not normally be within the remit of the Financial Conduct Authority, there is still need for some caution from lenders and other relevant regulated financial institutions as to whether, in the crucible of the ever-shifting measures brought in by the government over the first year of the pandemic, they have kept up with their regulatory obligations.

One particular area of concern could be with the lack of effective systems and controls to prevent financial crime and money laundering when lending; another could be the facilitation of laundering of the proceeds of fraudulently claimed loans.

While regulators have recently emphasized the need for banks and financial institutions to comply rigorously with their anti-money laundering obligations,[10] this has been offset by a less rigorous approach to reporting requirements and relaxation of the insolvency rules.[11]

Frauds Exploiting Changes in Behavior

It is going to come as no surprise that there have been reports of an increase of frauds against individuals that can be linked to changes in behavior caused by the pandemic — the NCSC received nearly 4 million reports of suspect emails between April 2020 and May 2021, and removed more than 700,000 online scams, totaling 1.4 million URLs.

The NCSC also took down more than 11,000 U.K.-government-themed phishing[12] campaigns, with Her Majesty's Revenue and Customs being the most phished government brand. These types of fraud are unlikely to be anything that the experienced fraud practitioner has not seen before — they are variations on a theme — but many will be linked to the pandemic.

Online Fraud

The pandemic has pushed many aspects of life into the online world. With restrictions and lockdowns came the shift to working, socializing, learning and shopping remotely at home via the internet.

With regard to retail, people have moved their shopping online when previously they would have conducted transactions in-store.

This has, in turn, led to an increased exposure of many people to various different types of cyber frauds — from simple cases of websites offering nonexistent goods and services, to more sophisticated website spoofing (e.g., the creation of a website with content and a domain name that is very close to that of an online retailer, luring unsuspecting shoppers into thinking that they are shopping on the legitimate retailer's website and thereby obtaining personal and financial information).

A related species of fraud that has come to the fore involves fraudsters sending communications regarding rearranging parcel deliveries, obtaining sensitive financial information that way and using it to obtain money from a victim's account.

With regard to work, the shift to online working has meant an increase in potential exposure of businesses to online risks such as phishing scams, whereby workers can unwittingly download malware or give fraudsters access to a business' internal system or network, allowing fraud to perpetrated by, for instance, the issuing of false invoices.

What will exacerbate the problem, no doubt, will be the fact that many of those forced to move their lives online are inexperienced or not confident when operating in a virtual environment, leaving them even more vulnerable.

National Health Service 

Aside from the increased potential for online fraud, fears and uncertainty surrounding the pandemic have also led to increased opportunities for the commission of fraud.

The National Health Service has been a particular focus — in 2020, the NCSC's Active Cyber Defence Programme detected 122 phishing campaigns using NHS branding, compared to 36 in 2019. Among the lures were the vaccine rollout and fake NHS test and trace mobile apps, including 43 removals from the Apple and Google app stores.

In one notable example,[13] it is alleged that the defendant fraudulently offered a coronavirus vaccine to an elderly person in exchange for cash. While such an example may be particularly egregious, it does serve to illustrate how an individual's frailties regarding the pandemic have been, and may still be, exploited.

Similar alleged coronavirus related scams have involved fake messages inducing people into making donations to the NHS for the purchase of personal protective equipment, when such things were in short supply, or inducing people into payments of fines for fictitious breaches of lockdown restrictions.

Other frauds have involved no supply or defective/counterfeit supply scams of coronavirus related equipment on both the large and small scale, driven by the high demand for such products.[14]

Such frauds are not limited to the U.K. — the U.S. Department of Justice recently filed its first enforcement action against COVID-19 fraud, relating to the offering of vaccines for a small shipping charge, and took action against those engaged in hoarding of personal protective equipment to sell on at exorbitant prices.[15]

A cyberattack in the Czech Republic in 2020 resulted in the postponement of urgent surgeries and rerouting of acute patients to an alternative hospital.[16]

Sufficiency of the U.K. Response 

Concerns about a surge in fraud were first raised by the center-right Policy Exchange think tank in a report in July 2020, which estimated that fraud and error would cost between £1.3 billion and £7.9 billion.

It stated that this was a "serious squandering of public finances and properly resourced post event assurance will be required to reassure the public that every possible step has been taken to reduce this level of fraud."

It reported that HMRC had already received 1,868 reports of CJRS fraud by May 2020 and it called for the creation of a new Minister for Fraud to oversee the response, with a joining up of counter-fraud measures.

In September 2020, Her Majesty's Revenue and Customs told the Public Accounts Committee that it was working on the assumption that the money paid out under the furlough scheme was subject to a 5% to 10% error and fraud rate, with a 1% to 2% assumption on the related self-employed scheme.

Based on the £61 billion distributed on the CJRS alone, that is some £6.1 billion, demonstrating that the PE think tank's estimates were not far off the mark.

It has, however, clearly raised enough concern to have necessitated specific countermeasures from the government. In his March 2021 budget speech,[17] Chancellor Rishi Sunak announced the creation of a £100 million HMRC task force to tackle CJRS and other frauds, involving some 1,265 investigators, although it was not clear whether this would be new staff or moving existing staff into the task force.[18]

It is certainly arguable that the response is insufficient. While £100 million appears an attractive headline, it is clearly dwarfed by the scale and complexity of the possible fraud. While funds may have been allocated to HMRC, it is not clear whether the Crown Prosecution Service, charged with prosecuting such new cases brought by HMRC and the police, has also benefited from a fresh injection of funds.

As set out above, such cases may not be easy to prosecute, with the use of shell companies and government support monies being laundered through multiple accounts, both in the U.K. and abroad, resulting in lengthy, complex trials.

Furthermore, as has been well-documented, the criminal court system is currently beset from years of underinvestment, resulting in significant delays to trials already in the system.

Recovery of public funds in those circumstances may take many years, if it is possible at all. Ultimately, while the need to get public funds quickly to those legitimately and desperately in need of them at the height of the coronavirus pandemic was entirely understandable, the price of doing so may be one that is never fully met.



Cameron Brown QC is a barrister at Red Lion Chambers.

Kabir Sondhi is a barrister at 9 Bedford Row.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.


[1] https://www.ncsc.gov.uk/news/ncsc-release-acd-year-4-report.

[2] https://www.bbc.co.uk/news/technology-56499886.

[3] https://www.bbc.co.uk/news/uk-england-birmingham-53351271.

[4] https://www.nao.org.uk/work-in-progress/investigation-into-greensill-capital/.

[5] https://www.bbc.co.uk/news/uk-england-leeds-57027046.

[6] See https://www.gov.uk/guidance/apply-for-the-coronavirus-business-interruption-loan-scheme.

[7] See https://www.gov.uk/guidance/apply-for-the-coronavirus-large-business-interruption-loan-scheme.

[8] See https://www.gov.uk/guidance/apply-for-a-coronavirus-bounce-back-loan.

[9] See https://www.natis.police.uk/about-us.html.

[10] See https://www.devonshires.com/publications/companies-house-response-to-covid-19-extension-for-filing-accounts-and-same-day-service-suspended/.

https://www.fca.org.uk/news/press-releases/fca-starts-criminal-proceedings-against-natwest-plc.

https://www.fca.org.uk/news/speeches/importance-purposeful-anti-money-laundering-controls.

[11] https://www.gov.uk/government/news/government-introduces-legislation-to-relieve-burden-on-businesses-and-support-economic-recovery.

[12] Phishing — sending emails containing malicious content or pretending to be from a legitimate source in order to lure the recipient into providing sensitive or valuable information.

[13] See https://www.bbc.co.uk/news/uk-england-london-56032484.

[14] https://www.europol.europa.eu/newsroom/news/rise-of-fake-'corona-cures'-revealed-in-global-counterfeit-medicine-operation.

[15] See https://www.justice.gov/opa/pr/justice-department-files-its-first-enforcement-action-against-covid-19-fraud.

https://www.justice.gov/opa/pr/department-justice-and-department-health-and-human-services-partner-distribute-more-half.

[16] See report from Europol — Pandemic Profiteering — March 2020: https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/.

[17] Speech delivered on 3rd March 2021 (see https://www.gov.uk/government/speeches/budget-speech-2021).

[18] March 2021 budget at paragraph (see https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/966868/BUDGET_2021_-_web.pdf).

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!