As PCN finances become increasingly complex, minor gaps can rapidly escalate into serious financial and reputational threats. Alex Ross and Laurence Slavin from medical accountants Ramsay Brown explain how PCNs can spot fraud risks early.
PCNs manage significant amounts of NHS funding and deliver services at scale. That makes them a vital part of the system, but also a potential target for fraud, particularly where governance, data quality, and financial controls have not kept pace with operational complexity.
Fraud in PCNs is no longer theoretical. Recent headlines about fraudulent Additional Roles Reimbursement Scheme (ARRS) claims – from six-figure ‘ghost employee’ schemes to a case involving more than £60,000 of false claims – underline the risk.
The risk is not simply that fraud has happened. It is that many PCNs may be operating with similar vulnerabilities.
ARRS funding alone can represent between £500,000 and £1m a year for many PCNs. That is a substantial flow of public money, often managed through processes that were not originally designed for this level of complexity.
A growing risk in a growing system
The NHS estimates that fraud costs the health service over £1 billion each year and PCNs are not immune.
Part of the challenge is that fraud in primary care doesn’t always look like fraud. It often sits alongside operational pressure, evolving guidance and stretched capacity.
Oversight is tightening. NHS England and ICBs are increasingly using data and analytics to identify outliers. Reporting requirements are becoming more detailed, and where issues are identified, recovery action is being taken.
That changes the risk profile for PCNs.
It is no longer enough to be comfortable that claims are broadly correct. The expectation is that they can be clearly evidenced and consistently supported.
And that leads to a simple question: could your PCN justify every ARRS claim if it were audited tomorrow? Not with explanation alone but with clear, documented evidence.
Why PCNs can be exposed
By design, PCNs bring together multiple practices to operate as a single network. That collaborative approach is central to service delivery, but it can also blur accountability for approvals, contracting and financial oversight.
At the same time, much of PCN funding is high-volume and rules based. Workforce reimbursement and service payments depend on eligibility criteria, supporting evidence and timely submissions. This creates opportunities for misstatement, whether deliberate or accidental.
Capacity also plays a role. In many PCNs, key transactional tasks such as payroll, claims and invoice processing sit with a small number of individuals, limiting independent review.
The rapid expansion of the workforce has added further complexity. The use of agencies, federations and shared services can increase complexity in employment checks and payment assurance.
Finally, payments and delivery assurance often depend on data: patient lists, workforce records, appointment activity and clinical coding. Weak controls or poor data quality in any of these areas can mask anomalies.
Common Risks
Most PCNs will read about fraud cases and assume it doesn’t apply to them. In terms of intent, they’re probably right.
But the more relevant issue is where risk builds unintentionally, often through a combination of complexity, pressure and inconsistent processes.
One of the most common areas is claiming for services that have not been delivered as specified. For PCNs, the risk is amplified where delivery is shared across sites, rotas change frequently, or evidence is held in multiple systems. The vulnerability is not limited to deliberate deception: weak documentation, inconsistent templates, or poor control can also lead to unsupported claims that later look like fraud.
Workforce reimbursement brings a different set of risks. ARRS and other reimbursed roles are time-sensitive and rule-driven, with eligibility criteria that can change and vary depending on employment models. This can lead to staff being claimed for who do not fully meet requirements, mismatches between contracted and claimed hours, or costs being claimed more than once. In more serious cases, claims may continue after a role has ended or where the individual is not delivering PCN activity.
Procurement and payroll processes also create exposure. PCNs rely on a wide range of suppliers and service providers, which opens the door to both external scams and internal control weaknesses. Invoice fraud, impersonation and fraudulent requests to change bank details are increasingly common, while internally, conflicts of interest, weak approval processes and payroll manipulation can lead to inappropriate payments.
Data adds another layer of risk. Many funding streams depend on patient lists, activity levels and clinical coding. Fraud risks include deliberately maintaining inaccurate list records or manipulating data used for assurance. Even where intent is absent, poor reconciliation processes can create avoidable overpayments and later recovery action.
Finally, risk increases where too much control sits with too few individuals. Where the same person is responsible for approving spend, managing payroll and signing off claims, the opportunity for error or misuse is significantly higher.
None of these issues necessarily begin with deliberate wrongdoing. But they do create exposure.
Warning signs worth investigating
In most cases, issues don’t appear as obvious fraud from the outset. They show up as inconsistencies.
- Claims submitted at the last minute with limited supporting evidence, or evidence that cannot be traced to source systems.
- Unexplained variances between HR records, payroll and claimed WTE/hours.
- Repeated changes to supplier bank details, or urgent payment requests that bypass normal approval routes.
- One person controlling the end-to-end process: setting up a supplier, approving an invoice and releasing payment; or preparing, approving and submitting a claim.
- High use of agency/temporary staffing without clear authorisation, rate cards or timesheet verification.
- Delivery data that looks “too perfect” (e.g., consistently hitting thresholds without natural variation) or that conflicts with appointment system extracts.
- Resistance to scrutiny, lack of transparency, or unusually defensive responses to routine assurance questions.
These do not automatically indicate fraud, but they do warrant scrutiny.
Practical controls that reduce fraud risk
A culture of transparency starts with governance. The PCNs that manage this well are not necessarily the largest or most resourced. They are the ones that have introduced structure and financial controls.
Clear accountability is a strong starting point. Defining who is responsible for authorising, submitting and evidencing claims, and maintaining that clarity during periods of change, reduces ambiguity and strengthens oversight. A documented scheme of delegation and a regular review of conflicts of interest are key.
Alongside this, basic financial controls remain critical. Separating responsibilities, so that no single individual controls the full process, provides an important safeguard. Regular reconciliation across payroll, accounts and claims helps identify discrepancies early, while maintaining a clear audit trail ensures decisions can be evidenced without relying on individual recollection.
Workforce assurance is another key area. Given the scale and complexity of reimbursement routes, PCNs need confidence that every role being claimed is supported by clear documentation, aligned to payroll and reflective of actual activity. Routine checks and up-to-date records make it far easier to respond to assurance requests.
Data also needs active management. Establishing a clear ‘source of truth’, restricting access to key systems, and carrying out regular reconciliation and data quality checks can prevent inaccuracies from becoming embedded over time.
PCNs are designed to deliver scale and consistency in primary care. The same features that enable that scale: shared delivery models, multiple funding streams, and complex assurance requirements, also increase exposure to fraud risk.
By tightening governance, separating duties, standardising evidence, and routinely reconciling workforce and activity data, PCNs can protect public funds while maintaining trust with patients, member practices, and commissioners.
A version of this article first appeared on our sister title Pulse PCN.
