Tackling public sector fraud: what can we learn from approaches in banking?

In contrast, fraud losses in UK banking are around £1.1 billion annually, broadly stable despite rising attack volumes. In both sectors, fraud is driven by common pressures: the digitisation of services, the scale and complexity of transactions, and increasingly sophisticated criminal tactics.

To respond, banking firms have invested heavily in counter fraud capabilities over the past decade, driven by regulatory pressure, reimbursement requirements and direct financial exposure. This has led to measurable improvements, underpinned by more effective use of data, advanced analytics and AI, and a shift towards proactive sand embedded risk-based controls.

There is clear value in transposing these approaches into the public sector context. By adopting proven practices from banking, government can strengthen prevention, detection and response, and deliver more effective and sustainable counter fraud outcomes.

Here are five practical recommendations:

1. Build a cross-government data led intelligence approach

Banks recognise that fragmented data enables fraud to go undetected. Since the rise of digital banking and the adoption of cloud-based platforms, many banking institutions have invested heavily in enterprise-wide data integration, allowing for effective mining and interpretation of vast datasets owned by the bank. This enables more effective detection, faster pattern recognition, and more accurate and accurate decisioning.

Public sector bodies, often face structural challenges – interoperability challenges, fragmented data sets, incomplete data sharing agreements, and funding constraints – which can limit the ability to take a holistic view of fraud risk across departments. True cross-department data sharing presents a significant opportunity for government departments, Moody’s has identified this as the single biggest contributor to fraud prevention.

Practical steps include:

• Building on the work done through the Digital Economies Act and National Fraud Initiative, establishing a cross-government facility to enable data sharing, featuring departments with high degrees of fraud losses.
• Creating cross-functional data governance structures to prioritise quality, completeness and interoperability.
• Addressing fragmentation in data through embedded network analytics approaches.
• Using privacy‑preserving technologies, such as data‑matching and secure multi‑party computation, to share intelligence without compromising personal data protections.
• Mapping fraud risk journeys end‑to‑end and identifying data that can reveal anomalies.

This shift allows fraud teams to transition from reactive investigations to proactive identification and prevention.

2. Adopt dynamic risk‑based controls rather than uniform safeguards

Banks rarely apply identical controls to every customer or transaction. Instead, they use risk‑based strategies – adjusting friction, monitoring intensity and authentication requirements depending on behaviours, patterns and known threats. This improves security, provides proportionality, enables a tailored view of risks pertaining to the individual and minimises undue impact on customer experience. The FCA has long advocated for banks to apply a risk-based approach but there has been recent focus towards promoting proportionality, encouraging firms to focus on the nature of products, services and geographies when assessing risks.

The UK Public Sector faces a far less uniform challenge, with fraud threats being incredibly diverse from department-to-department – highlighting the need for proportionate efforts. The National Audit Office statistics highlights that fraud losses are highly concentrated within a small number of departments, reinforcing the need for significantly stronger and more resilient controls in those higherrisk areas.

An effective approach includes:

• Understanding the specific risks and typologies in more granular detail, including the matching of key enablers and indicators.
• Introducing tiered fraud controls, applying enhanced authentication and scrutiny to high risk activities (such as large transactions or critical decisions) while maintaining a lower friction approach for lower risk interactions.
• Applying behavioural analytics to identify anomalies and outliers in claims, applications or account usage.
• Continuously and proactively adjusting rules and models in response to threat intelligence, rather than relying solely on periodic policy reviews.

This approach will enable organisations to reduce fraud loss without compromising accessibility.

3. Invest in dedicated counter‑fraud capability alongside digital delivery teams

Banks treat fraud as a specialised discipline and adopt agile operating models, through cross-functional digital and operational teams, enabling the timely enhancement of fraud defences when facing new threats. Designing fraud functions to cover risk and capability holistically through training and recruitment, will result in more robust and adjustable defences. By combining intelligence analysts, behavioural scientists, technologists, fraud investigators and policy experts with digital delivery and modern tooling, fraud defences are nimble as new threats develop. This is underlined by the need for a timely response to a constantly changing threat.

Public sector bodies often face significant resource pressures, but they can still adopt a more capability‑focused model by:

• Designing service-led approaches which combine fraud professionals and digital delivery, built around specific fraud typologies and problem statements.
• Creating multidisciplinary counter‑fraud hubs that sit across departmental boundaries, adopting organisational agile principles.
• Upskilling DDaT teams in counter fraud management, and counter fraud functions in core technical competencies.

Fraudsters continually innovate; counter‑fraud capability must too.

4. Foster a prevention‑first culture supported by strong leadership

In banking, financial losses, regulatory penalties and reputational damage drive leadership teams to champion fraud prevention as a strategic priority. 87% of financial institutions say fraud prevention saves more money than it costs and organisations detecting fraud early (onboarding or first interaction) suffer substantially lower losses.

Public sector organisations can apply the Government Functional Standard (GovS13: Counter Fraud) to ensure that counter fraud practices are embedded into programmes and schemes. This encourages a prevention first approach and enables departments to “design out” fraud from their programmes. By placing prevention at the forefront, leaders can shift organisational mindset and reduce long‑term loss.

Effective steps include:

• Embedding fraud risk assessments into policy design, procurement and programme management from the outset, embedding lessons learned into the process.
• Setting clear organisational accountability for fraud outcomes, supplemented with clear reporting and a regular cadence of governance.
• Using regular reporting and dashboards to give leaders visibility of metrics, threats, outcomes and trends.
• Encouraging staff to report suspicious activity and providing safe mechanisms to do so.

5. Embrace responsible artificial intelligence to strengthen defences

Banks have long used advanced analytics and, more recently, AI‑powered models to detect fraud patterns and complex typologies that human reviewers would struggle to spot. These models enable real‑time risk scoring, anomaly detection and automated decisioning at scale, as well as more streamlined investigations – allowing banking institutions to stop fraud before funds move. A recent global study showed AI systems achieve between an 87 and 94% fraud detection rate.

While some advancements have been made in the use of GenAI in unstructured data, and case summarisation – these tools are not adopted en masse. For good reason, public sector bodies often approach automation cautiously, constrained by legacy policies and risks, and concerns about explainability.

That said, AI can be utilised effectively by:

• Resolving foundational data silos and challenges to ensure that digital teams can build effective detection.
• Adopting existing AI use cases at scale, including the digestion of unstructured data and the use of AI in investigations.
• Updating policy frameworks to distinguish between high‑risk decisions requiring human oversight and low‑risk, high‑volume decisions that can be safely automated.
• Using transparent explainable AI detection and prevention that provides interpretable risk factors rather than opaque “black boxes”.
• Establishing governance structures that allow for AI experimentation, controlled deployment and continuous performance monitoring, creating clear escalation routes so staff can review.

These steps will support departments and government to adopt more effective fraud defences.

The public sector is in a unique position to tackle the threat. Unlike with the private sector, there is the power to develop cohesive and coordinated strategies and policies, enable more effective data sharing, and enforcement powers which do not exist in banks.

By combining these strategies with proven approaches from banking institutions, public sector organisations can strengthen resilience, better protect public funds, and build greater confidence among the citizens they serve.