Designing fraud resistant policies
Poor policy design can lead to the creation of significant fraud vulnerabilities. Taking fraud into account in the development of Commonwealth policies helps prevent fraud occurring. It is important that entities understand the risks that may impact policy development and are aware of key areas that may lead to vulnerabilities.
Entities are encouraged to include fraud prevention techniques and red flags in any policy or program development training for officials.
The following list provides examples of factors that may lead to fraud vulnerabilities in policies:
- Policies developed in isolation from the area responsible for implementation
- Policies developed without a critical analysis of vulnerabilities
- Systems managed across different government portfolios, service providers and/or jurisdictions
- Opportunities for exploitation by professional facilitators, e.g. brokers and agents
- Programs creating new opportunities for unregulated industries
- Programs significantly expanding a regulated industry to new provider
- Programs requiring verification/authentication of identity, particularly online
- Programs involving electronic claims, submissions, assessments, verification and/or payments
- Programs providing assistance to vulnerable people
- Programs with low verification thresholds
- Programs needing to be delivered quickly that prioritise customer convenience.
Key tips for policy developers
- Understand that while the majority of people are honest, there will always be some dishonest people in society
- Understand that organised crime and certain groups actively target government programs to exploit them
- Learn from previous experiences (including failures) of other programs, both internal and external to your entity, and implement adequate countermeasures to mitigate the opportunity for fraud to occur
- Ensure policy, legislation and systems have appropriate safeguards against fraud
- Be aware that fraud countermeasures can be breached, and therefore it is important to have clear response protocols as part of fraud prevention
- Determine responsibility for fraud response, especially in cross-entity or cross-jurisdictional programs
- Build in measures to ensure entities are able to collect and share information about fraud, investigate suspected matters and establish criminal conduct, such as:
- measures to ensure entities can review current fraud prevention design as a whole
- measures to ensure that the preventative measures being implemented are effective
- Get advice from your entity’s governance/fraud/risk area or other fraud control experts regarding relevant fraud risks.
Entities are also encouraged to include fraud prevention techniques and red flags in any policy or program development training for officials.
Explore further measures and strategies to help you design fraud resistant policies.
International Public Sector Fraud Forum, A Guide to Managing Fraud for Public Bodies [February 2019], available at:
AGD, Resource Management Guide No.201 — Preventing, detecting and dealing with fraud [August 2017], available from: