FOI/202600515393 Review of 202500493969 · FOI · not held
Student Awards Agency Scotland policies, guidance and statistics: FOI Review
Information requested
SECTION A — POLICIES, PROCEDURES & GUIDANCE
1. Policies for DSA Travel Claims
All internal policies and guidance relating to:
verification of taxi journeys acceptable evidence for cash taxi payments use of private hire or independent taxi providers evidence assessment criteria contacting external parties during verification
2. Counter Fraud Team Policies
All policies or guidance on:
determining fraud vs insufficient evidence applying the “balance of probabilities” standard documenting decisions escalation procedures contacting third parties
3. Complaint & Appeal Handling Guidance (DSA-related)
All guidance used between 2020/21 and 2024/25.
4. Restricted Funding Policy
All current and previous versions (2020/21–2024/25) of the Restricted Funding Policy, including:
criteria for sanctions partial vs full restriction maximum/reduced terms definition of “severity of the action” standard of proof authorisation levels guidance to panel members
5. Equality Impact Assessments
Equality Impact Assessments relating to:
DSA travel processes fraud investigations the Restricted Funding Policy funding restriction decisions
SECTION B — STAFF TRAINING & OPERATIONAL MATERIALS
6. Training Materials
Training materials (2020/21–2024/25) provided to:
Counter Fraud Team Complaints Team Case Handlers Senior Managers/Executives who handle complaints, Restricted Funding and appeals
Specifically including training on:
DSA claims evaluating taxi evidence handling cash evidence fraud investigation sanctions under the Restricted Funding Policy disability and reasonable adjustments
7. Internal Manuals & Guidance
Any staff manuals or internal operational guidance relating to:
fraud investigations restricted funding decisions Restricted funding sanctions panel processes
8. Guidance to cash paying DSA students
Any guidance issued to students relating to:
How students should have an audit trail of their cash payments Specific criteria SAAS expect in order to accept a cash paying claim from a DSA student
SECTION C — STATISTICS & MONITORING (2020/21–2024/25)
9. DSA Travel Claim Outcomes
Per academic year:
claims submitted claims approved claims rejected referred to Counter Fraud insufficient evidence determination fraud determinations
10. Taxi Verification Outcomes
Per academic year:
cases rejected due to non-verification cases where cash receipts/withdrawals were accepted as evidence cases where cash receipts/withdrawals were rejected
11. Restricted Funding Register & Sanctions
Per academic year:
students added to the register funding stopped (loan & tuition) discretionary funding stopped recovery action taken refusal of current-year reimbursements combined sanctions applied
12. Overturned Decisions
Per academic year:
fraud decisions overturned after complaint fraud decisions overturned after appeal fraud decisions overturned after SPSO involvement
SECTION D — INTERNAL AUDITS & QUALITY ASSURANCE
13. Internal Audits or Reviews
All internal audits (2020/21–2024/25) relating to:
DSA travel processing fraud investigation processes sanctions decisions restricted funding register
14. Internal Concerns
Any documented concerns, recommendations, or issues raised internally or externally relating to:
Counter Fraud Team processes taxi verification staff training sanctions procedures
(I do not seek personal data about other students.)
SECTION E — SANCTIONS PANEL DECISIONS & APPLICATION OF GUIDANCE
For each academic year from 2020/21 to 2024/25, please provide:
15. Application of Restricted Funding Policy
Number of cases where:
a partial restriction was applied a full restriction was applied the maximum 6-year term was applied a reduced term was used the sanction was limited to one element of funding multiple sanctions were applied simultaneously
16. Cases Where All of the Following Were Applied Together
Please provide counts per year of cases where SAAS applied the full combination of sanctions:
stopping all living-cost support stopping tuition fee support blocking discretionary/hardship funding placing student on the restricted funding register requiring repayment of previous-year payments refusing reimbursement for current-year costs
SECTION F — EARLY PANEL CONVENING & REPRESENTATION RIGHTS
For each academic year (2020/21–2024/25):
17. Panel Timing
number of cases where a panel convened within less than 2 weeks of notifying a student of the fraud determination (the two weeks the student is given in writing to make representations) number of cases where a panel convened before the student could provide representations
18. Representation Period Compliance
number of students not given the full 2-week window number given less than 2 weeks number given no opportunity to provide representations
19. Timing Data
the average time between fraud notification and panel meeting the shortest time recorded
Response
Thank you for your correspondence, dated 25 February 2026, requesting a review of the handling of your recent Freedom of Information request. This letter is supplemented with an Annex and documents which are attached separately.
As per my acknowledgement letter to you, dated 28 April 2026, I have reviewed the application of sections 17 (information not held), 29(1)(a) (formulation of policy) and 35(1)(a) (law enforcement), including whether relevant information is held, whether these exemptions were correctly applied, and whether any additional information can be disclosed, in whole or in part. I have also reviewed the handling of the initial request to consider it’s compliance with FOISA.
I have laid out this correspondence in a way which will give you my overall decisions on your request for review against each of the exemptions applied, as well as outlining how I have undertaken the review. This helps me to give you assurance that I am discharging my functions under FOISA s.15, which is a duty to provide advice and assistance.
I have also included an annex to this letter (Annex A) which breaks down each part of your request that falls within the scope of your review request, alongside my assessment of whether it was handled in full or not; whether it was handled in line with legislation; and provided any additional information to meet your initial request.
Review Process
To address your queries, I have looked at your original request and responses, as they relate to the queries outlined in your review request.
In terms of my actions in conducting this review, I have examined the case file, including the original request that was sent to key business contacts within SAAS, as well as the subsequent replies generated from the SAAS teams. I have discussed responses with key business contacts and Subject-matter experts within SAAS.
I have asked the original responders from within SAAS to share with me their search templates and associated search strings / criteria, as well as asking them to undertake new searches with the parameters in your request, where I have felt it was needed.
I have also examined what FOISA exemptions were applied and asked the responders to explain their rationale for applying those exemptions. In reviewing the initial response to you, I have also looked at the guidance for each exemption applied, and considered the public interest test when doing so.
Request for FOISA Review
The table below summarises the specific points raised in your request for internal review, together with a high‑level summary of the actions taken in response to each point. My specific findings, including reference to any additional material identified through the review, are set out in Annex B (attached).
Review Request Review Actions Section 17(1) “information not held” – statistical questions Please confirm what data SAAS does hold that relates to these questions (e.g., fields held within case management, recovery, restricted funding, or complaints systems; reporting extracts; management information; dashboards; standard reports). I examined what recorded information SAAS holds that is relevant to the statistical elements of the request This included confirming, with system owners and relevant business areas, the way cases were processed and the nature of data fields held within operational systems, and whether any existing reporting extracts, management information, dashboards or standard reports are produced that could answer the questions without creating new information. I explored the level to which reasonable efforts could be made to extract data from these systems. Please see Annex B sections 9, 10, 11, 12, 15, 16, 17, 18 and 19 for detailed findings. Please clarify whether SAAS holds any data with fields such as (non-exhaustively): year, academic year, claim type, reason codes, fraud allegation type/outcome, recovery status/outcome, restricted funding outcome, and review/appeal outcomes. I considered at a high level what types of data are recorded within relevant operational systems and confirmed with relevant business areas whether structured fields or existing reports capture the categories referenced (e.g. outcomes, academic year, claim type). SAAS holds data across a number of databases and systems, in with some of the fields described here are present; and others are not. I did not undertake a detailed field‑by‑field analysis of system databases, as FOISA does not require authorities to analyse or interpret how individual data fields might be combined to generate new statistical outputs. I have, however, explained in reasonable detail why many of the statistical data you have requested cannot be extracted without analysis, interpretation and processing that would require producing new data to answer. I have also sought to provide data in the format that it is held, where it is within the scope of your request and I have judged that it may go some way to answering your request. Please see Annex B parts 9, 10, 11, 12, 15, 16, 17, 18 and 19 for detailed findings. If SAAS does hold relevant data but not in the precise format requested, FOISA expects authorities to provide information it does hold, including where it can be obtained by reasonable extraction from existing systems. If the issue is that the request was framed too narrowly or would exceed reasonable cost/time, the appropriate approach would normally be to provide advice and assistance to refine the request rather than defaulting to section 17. I considered whether any relevant information is held in an existing recorded form that aligns with the request. I also explored, to what extent information could be obtained by reasonable extraction from existing systems without undertaking new analysis. I considered whether advice and assistance had been provided where appropriate. In most cases, I was satisfied that the information requested is not Review Request Review Actions held in the format sought and that providing the requested breakdowns would require analysis and interpretation of underlying data, amounting to the creation of new information, which FOISA does not require. In cases where I found that further data could be reasonably extracted, I have summarised these findings in the next section, as they relate to specific parts of your request. I also considered the extent to which advice and assistance on how to refine the request should be provided under FOISA. When information is not held, we must respond accordingly advising requesters that what they have asked for is not held. Part of our explanation as to why information is not held may include advice as to what is held. However, this is all context specific as it is not always clear when information is not held what information may be held that is also of interest to a requester. Given the breadth and complexity of the original request, and the absence of existing recorded outputs that align with the requested breakdowns, I am satisfied that further refinement would require detailed analytical work to determine how the request might be re‑framed and that the advice and assistance provided was sufficient, although better explanations of the rationale for that would have benefited you I have, therefore by way of further advice and assistance, provided detailed explanations as to why the data as requested is not easily reported on; and I have sought to provide figures that we do have where they fall within the scope of your request. 2) Section 29(1)(a) – EIAs and internal audits/reviews Please confirm whether SAAS holds any EIAs (or equivalent equalities analysis) relating to current DSA travel processes, fraud/recovery handling, restricted funding decisions, or evidential requirements for travel reimbursement (including cash payment scenarios), even if revisions are paused. Please see Annex B, Section A – 5 (attached). If EIAs or internal reviews exist for current arrangements, please explain why they are properly characterised as relating to live “policy development” rather than evaluation/assurance of an existing process. Please see Annex B, Section A – 5 (attached). Please provide a fuller public interest test analysis that addresses the strong public interest in transparency around: disabled students’ access to support, safeguards around fraud allegations and sanctions, consistency of evidential requirements, and fairness in recovery/restricted funding decisions. Please see Annex B, Section A – 5 (attached). 3) Section 35(1)(a) – internal manuals/guidance (fraud/restricted funding) I request review on the basis that this exemption appears to have been applied too broadly. Even where some operational details could prejudice investigative techniques, there is likely a substantial amount of higher-level content that can be disclosed without such prejudice, including (for example): Please see Annex B, section B – 7 (attached).
Review Request Review Actions governance and decision-recording standards, fairness/procedural safeguards, escalation pathways and review stages, evidential evaluation principles (at a general level), quality assurance arrangements. Please confirm whether SAAS considered: partial disclosure, and/or disclosure of higher-level process standards with redaction of genuinely sensitive tactical details. Please also provide a more detailed explanation of the prejudice claimed and why that prejudice is substantial and likely, not merely possible, in the context of the particular information withheld. Please see Annex B, section B – 7 (attached). 4) Advice and assistance Where SAAS considers any part of the original request is not answerable as framed, please provide meaningful advice and assistance to help refine the request so that it can be answered (e.g., identifying what standard reports/fields exist and what breakdowns can reasonably be produced). As part of the review, I considered whether further advice and assistance could reasonably be provided to help refine the request. Given the breadth and complexity of the original request, which comprised multiple parts and sub‑questions spanning several systems and functions, I am satisfied that identifying alternative framings or narrower formulations would require detailed analysis and interpretation of underlying data and system structures. FOISA does not require authorities to undertake substantive analytical work in order to redesign a complex multi‑part request. I have, however, sought to provide figures in the format and categorisations in which they are held, where they are within the scope of your request, and explain why information is not held where that is the case. 5) Outcome sought As a result of the internal review, I seek: disclosure of any additional held information falling within scope, clearer and fuller explanations of searches undertaken and why information is said not to be held, reconsideration of the application of sections 29 and 35 (including partial disclosure/redaction), and a revised response providing the closest available held information where exact breakdowns cannot be provided. The review considered the outcomes sought, including whether additional information could be disclosed, whether explanations of searches and conclusions could be clarified, and whether sections 29 and 35 were correctly applied, including consideration of partial disclosure. Following this review, I am broadly satisfied with clarifications around section 17(1) application. Section 17(1) was used in good faith. In challenging its use, some limited additional disclosure can be provided, while the remainder of the response remains correct and compliant with FOISA, in respect of the application of Section 17(1). In my response, I have provided explanations as to why I have found Section 17(1) to be correctly applied. With regards to the use of Section 35(1)(a) exemption, I found this to have been applied largely correctly. In challenging its use, some limited additional disclosure can be provided, while the remainder of the response remains correct and compliant with FOISA, in respect of the application of Section 35(1)(a). In respect of the use of Section 29(1)(a) exemption, I found that, while there were some areas where this could correctly apply, the exemption was applied too broadly to the items of your initial request. Further disclosure can be provided in respect of these areas.
Handling of the Initial Request
In considering whether SAAS handled your original FOI request in accordance with legislative requirements and internal procedures, I am satisfied that the request was handled appropriately and in good faith.
The internal review has identified that the primary areas of disagreement relate to the interpretation and application of exemptions, rather than to any failure to engage with the request or to undertake reasonable enquiries. While exemptions were applied with the intention of complying with FOISA, I found that, in some instances, they were applied too broadly and without sufficient explanation.
In particular, I concluded that section 35(1)(a) was applied more widely than necessary. While this exemption continues to apply to significant portions of internal fraud guidance, I found that some higher‑level procedural material could be disclosed without prejudicing the prevention or detection of crime.
I also found that section 29(1)(a) was applied too broadly in the original response. There was a strong basis for withholding Equality Impact Assessments and internal material directly related to live policy development on DSA funding. However, this did not justify extending the exemption to all material falling within the scope of the request. Each element of the request should have been considered individually against the exemption.
With regard to section 17, I examined the approach taken to determining whether information was held. In some areas, reliance was placed on the professional judgement of subject‑matter experts who were confident that certain data was not collected or recorded and therefore could not exist. I am satisfied that this was a reasonable approach. FOISA requires that adequate and proportionate searches be conducted, and I am satisfied that this was the case in the handling of this request.
As part of my review, I spent time with subject-matter experts of the systems involved in the statistical information you requested. Their explanations of how the data was held, and the steps that would be needed to satisfy your request, provided me with sound rationale for the determination that the information you have requested is not held in order to allow us to respond to many parts of your request.
I did, however, request that SAAS share whatever figures could be provided within the scope of the request.
To ensure that reliance on subject‑matter expertise did not inadvertently exclude information that should have been disclosed, I requested additional searches to be undertaken around internal guidance, EQIAs, and Audits. Where those searches identified information falling within scope, this has now been disclosed, where possible, as part of the review outcome.
SAAS operates on the presumption of disclosure where possible, providing explanations where information is not held or where exemptions apply. The review has identified that, in some instances, more granular considerations of where those exemptions apply; and clearer and fuller explanations of the application of exemptions would have been helpful. These have been addressed in this revised response.
About FOI
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at https://www.gov.scot/foi-responses.
Detected exemption language
As per my acknowledgement letter to you, dated 28 April 2026, I have reviewed the application of sections 17 (information not held), 29(1)(a) (formulation of policy) and 35(1)(a) (law enforcement), including whether relevant information is held, whether these exemptions were correctly applied, and whether any additional information can be disclosed, in whole or in part. I have laid out this correspondence in a way which will give you my overall decisions on your request for review against each of the exemptions applied, as well as outlining how I have undertaken the review. This helps me to give you assurance that I am discharging my functions under FOISA s.15, which is a duty to provide advice and assistance. I have also examined what FOISA exemptions were applied and asked the responders to explain their rationale for applying those exemptions. In reviewing the initial response to you, I have also looked at the guidance for each exemption applied, and considered the public interest test when doing so.