TGS


His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services Report (Dan Tomlinson, Member, Finance (No. 2) Bill Committee)

Today, His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services has published its report on how effectively HMRC prevents and investigates insider risk, following an inspection in January and February 2024. I take the findings of this report extremely seriously and have been clear to HMRC that the findings needed to be acted on.

This independent inspection was commissioned by HMRC in recognition of the importance of security and resilience. The Department has been clear that it has a zero-tolerance approach to insider threat and, where criminal wrongdoing is identified, it takes swift action including dismissal and will pursue criminal prosecutions.

It is important to set out the context for this report: the fieldwork took place in January and February 2024, and the findings reflect the position more than two and a half years ago. All of the case studies referenced by inspectors had already been identified and dealt with by HMRC’s Internal Investigations before being shared with HMICFRS.

Senior officials have assured me that the department has taken appropriate and proportionate action in all case studies, based on its policies. All of these decisions were taken in 2023.

HMRC is effective at detecting and taking action against internal fraud. Since the period covered by the report, the Department has taken significant steps to strengthen its controls and capability. HMRC has substantially completed 20 of the 22 recommendations, with further work underway on the remaining two.

These improvements include expanding and strengthening its Internal Investigations function, including increasing staffing and enhancing its ability to identify and respond to risks. The Department has introduced new systems, including a dedicated case management and intelligence platform, to improve the speed and effectiveness of investigations.

HMRC has also implemented a broader programme of reform that goes beyond the report’s recommendations. This includes establishing a dedicated Insider Risk Management Service to coordinate activity across the Department, strengthening governance through senior-level oversight, and enhancing data sharing between security, HR and investigative functions.

In addition, HMRC has placed greater emphasis on prevention and organisational culture. They have introduced mandatory training on internal fraud, bribery and insider risk for all staff and require managers to actively assess and manage risks within their teams.

The Government has committed significant further investment in the resilience and security of HMRC’s systems, including funding announced at the Spending Review to modernise IT and data infrastructure.

I am happy with HMRC’s progress against the report’s findings, but I was disappointed that three recommendations made by HMICFRS in 2012 were not acted on at the time. This included assigning a member HMRC’s Executive Committee to lead this vital work, which has now happened.

While the report highlights areas where improvements were needed, it also demonstrates that HMRC is effective at identifying and addressing insider risk. The Department has already acted on the vast majority of recommendations and has gone further in strengthening its approach.

HMRC employs around 70,000 staff, the vast majority of whom act with integrity and professionalism. The public can be confident that HMRC will continue to take robust action to protect taxpayers’ data and ensure that those who abuse their position are held to account.

https://www.theyworkforyou.com/wms/?id=2026-07-15.hcws265.0

seen at 10:36, 16 July in Written Ministerial Statements.