A Cabinet Office report completed in 2023 found that billions in British taxpayer money — spanning foreign aid, pandemic loans, and welfare payments — had reached terrorist groups, criminal networks, and hostile states through fraud and systemic gaps. It was withheld from the public. Until now.

This image is used for illustrative purposes only.

At a Glance

• Nearly £28 billion (over €32 billion, or approximately $34 billion at current exchange rates) in British public funds — drawn from foreign aid, Covid emergency loans, and welfare programs — flowed through fraudulent channels to terrorist groups, criminal networks, and hostile regimes between 2015 and 2021, according to an internal government report described by the Daily Telegraph.

• That Cabinet Office report was withheld from Parliament and the public following its completion in 2023, according to sources cited by the Telegraph. The government has not officially confirmed its contents.

• The scandal points to a systemic breakdown in spending controls across multiple programs — not a series of isolated incidents.

A report that was meant to stay buried

The numbers alone are staggering. Between 2015 and 2021, £28 billion in British government funds — spanning foreign aid grants, pandemic emergency loans, and routine welfare payments — reached, through fraud and systemic gaps, members of the Islamic State militant group, Eastern European criminal networks, companies the report allegedly linked to China’s People’s Liberation Army (PLA), Russia-connected businesses, and organizations promoting anti-Western ideologies.

These were not heists. The money moved through official channels — channels whose verification procedures contained structural weaknesses that organized actors were able to exploit at scale. That is what makes this case extraordinary: not just the scale, but the mechanism.

The Daily Telegraph obtained access to an internal Cabinet Office report — produced by the body that coordinates the work of the British government — commissioned in 2023 following the discovery of widespread fraud in pandemic-era loan programs. According to sources cited by the Telegraph, the report was withheld from public release to avoid political embarrassment; the government has not officially confirmed either the report’s existence or its figures. Its findings were never presented to Parliament, in contrast to a separate report on Covid-specific fraud alone, which was made public and presented to Parliament in December. That narrower report already documented losses of £10.9 billion (approximately $13.8 billion) from fraud and errors in pandemic lending alone.

A remarkably broad cast of hostile actors

The list of unauthorized recipients reconstructed by the Telegraph‘s reporting covers a strikingly wide range of actors with interests hostile to the United Kingdom — though it bears noting this picture derives from a security risk assessment, not a completed judicial investigation.

According to the report as described by the Telegraph: Islamic State members received Covid emergency loans through UK-registered businesses or identities; grants intended for private companies benefited entities with documented ties to Russia; public research funding was awarded to companies linked to China’s military; and funds explicitly designated to counter terrorism reportedly went to organizations promoting anti-Western ideologies.

In parallel, criminal groups — including an Eastern European network that also allegedly facilitated illegal migration into the UK — collected legitimate welfare benefits through fraudulent identities and shell structures. According to the Telegraph‘s sources, this network may have received logistical support from a hostile state, which was not identified in the reporting.

How the system failed: when process becomes vulnerability

Tom Hayhoe, the UK’s Covid fraud commissioner, identified two root causes in the public report on pandemic-era fraud: poor data quality used to vet recipients, and insufficiently rigorous grant-allocation procedures.

These two factors — data integrity and procedural robustness — sit at the heart of the systemic failure. In a pandemic emergency, the British government, like many others, deliberately loosened eligibility checks to accelerate payments. That choice, understandable in its intent, may have opened a wide window of exploitation for organized actors with the resources to construct convincing fraudulent structures.

What distinguishes this affair from ordinary Covid fraud, if the Telegraph‘s account holds, is the alleged involvement of structured networks — potentially with state backing — which would elevate what might otherwise be an administrative failure into a possible influence and economic destabilization operation.

Analysis: the cost of institutional opacity

A withheld report is a policy choice

The fact that the Cabinet Office commissioned this report in 2023, received its conclusions, and chose not to make them public is not an omission — it is an active decision to withhold information from taxpayers and Parliament. Rishi Sunak’s Conservative government was in office at the time. Its Labour successors, who came to power in July 2024, inherited the file and also declined to release it — until the Telegraph forced the issue. This continuity in discretion, across a major change in government, suggests that the instinct for institutional self-protection transcends party lines.

A national security question, not yet an answered one

The prospect of £28 billion flowing, even partially and through fraud rather than design, to actors linked to hostile states and terrorist organizations raises questions that go beyond ordinary fiscal mismanagement. Whether any of these flows constituted a deliberate security threat — or were primarily opportunistic exploitation of administrative gaps — remains unresolved: this is a risk assessment, not a verdict. The British government has not addressed this dimension publicly, and no judicial proceedings have been announced.

A post-Brexit governance question

The United Kingdom left the European Union arguing, in part, that it could better control its own spending and its own borders. This affair suggests that claim deserved more scrutiny: domestic control mechanisms proved inadequate on a scale without precedent over the period in question. The contrast with the spending-control standards embedded in EU regulations — which the UK chose to leave behind — could fuel an uncomfortable political debate in the months ahead.

The real divide here is not between Labour and the Conservatives. It is between a governing class that prefers to manage crises quietly, and taxpayers who, had they known, might have had something to say about where their money went.

The Bottom Line

The British government says it has recovered more than £7.5 billion in fraudulent funds over the past year, describing its anti-fraud efforts as “unprecedented.” That figure, significant as it is, does not answer the harder question: how does a democracy lose track of £28 billion — some of it, allegedly, to its own enemies — and then spend two years deciding whether the public deserves to know?

Sources: The Daily Telegraph · Cabinet Office (internal report, 2023, as reported by the Telegraph) · Tom Hayhoe, public Covid fraud report (December)