1 - Why is the Staff Fraud Database necessary?

Staff fraud is a growing threat and can cause severe financial losses, reputational damage, regulatory action and negatively affect an organisation, its customers and its staff.  Staff who have been identified as being involved in fraud (who may or may not have been dismissed) tend to move from one employer to another with the possibility of perpetrating further frauds.  Moreover, staff fraud is significantly under-reported. In addition, deterioration in the value of references and inadequate levels of vetting has exacerbated this problem. The CIFAS Staff Fraud Database allows Members to report these frauds to protect other organisations and also acts as a useful vetting tool.  Participating in the Staff Fraud Database is also a useful deterrent, as fraudsters turn their attentions to organisations with fewer safeguards. 

2 - Is the CIFAS Staff Fraud Database another “big brother”?

Not at all. The Staff Fraud Database is simply a way of sharing information about staff who have been involved in fraudulent activity, thus limiting their opportunities for perpetrating further frauds with a new and unsuspecting employer. This is done with the aim of safeguarding the personal data and financial wellbeing of individual citizens and is a responsible and conscientious response to a very real threat.

3 - Is the database effectively an “employee blacklist”?

The database is not an “employee blacklist”. Indeed, it would not be reasonable to state that any applicant may be refused employment solely on the grounds of the existence of a database record. The database simply informs the prospective employer about the previous conduct of an applicant. Organisations that participate in the database are required to consider each application on a case-by-case basis, referring to their own employment policies and making a judgement call on the suitability of an applicant for the specific role that they are being considered for.

Many people with serious criminal records are successful in obtaining employment and there is no reason why someone who has been involved in fraud, should not be able to do likewise by persuading an employer that they no longer represent a risk.   

4 - What happened to the principle of “innocent until proved guilty”?

The principle of “innocent until proved guilty” remains intact. The CIFAS Staff Fraud Database is strictly crime-based. A record cannot be filed on the database unless a Member has undertaken a thorough investigation and the record satisfies the relevant 'standard of proof'.

In addition, every individual filed on the database has the opportunity to respond to the allegations made against him or her, either through the standard disciplinary procedures, or through new procedures established by Members as a result of their participation in the database.

5 - What type of staff fraud cases can be filed?

A Member can file a variety of types of fraud and theft cases.  They have been grouped in the following categories:

• Employment application fraud – an application for employment or to provide services with serious material falsehoods in the information provided
• Unlawful obtaining or disclosure of personal data – the use of personal data where the data is obtained, disclosed or procured without the consent of the data controller
• Account fraud – unauthorised activity on a customer account by a member of staff knowingly and with intent to obtain or attempt to obtain a benefit for themselves or others
• Unlawful obtaining or disclosure of commercial data – the use of commercial/business/company data where the data is obtained, disclosed or procured without the consent of the data owner
• Dishonest action by staff to obtain a benefit by theft or deception – a person knowingly, and with intent, obtains or attempts to obtain a benefit for themselves and/or others through a dishonest action or through theft
  

6 - What is the evidential standard required to file fraudsters on the Staff Fraud Database?

• Information must be factual and accurate
• The criminal offence must be identifiable
• The Member must have sufficient clear evidence of wrongdoing to have reasonable grounds to press criminal charges
• The Member must be willing to make a full report to the police, although it is not mandatory to make such a report
• Suspicions and hearsay must NOT be filed to the database
  

7 - Is explicit consent required to file an individual to the Staff Fraud Database and, if so, does this mean that all staff will have to sign amended contracts?

The CIFAS lawyers have advised that it is not a requirement of data protection law to obtain explicit consent from a member of staff to be filed on the Staff Fraud Database. As explicit consent is not required, this removes the need for existing employees to sign new contracts providing consent. Members will be required to notify staff that the database exists, however, and that their details would be stored on it in the event of them committing a fraud. This is usually done by means of a Fair Processing Notice/Privacy Notice.

8 - If a member of staff resigns prior to disciplinary proceedings, or before the requisite standard of proof exists, may a filing still be made to the Staff Fraud Database if subsequently an investigation identifies fraudulent activity?

Yes, provided that the correct notification procedures are followed and the requisite standard of proof exists. Members may file individuals on the Staff Fraud Database even if the Member who has suffered the fraud no longer employs the individual identified.

9 - What checks are there to ensure that employers don’t just sack someone because they have a vague suspicion about an employee?

See Q4 above.

Every CIFAS Staff Fraud Member must comply with the relevant employment law in this area. CIFAS ensures that, before ever using the database, each participating organisation is properly trained in what is – and what is not – an acceptable case for filing.  In addition, compliance with procedures is scrutinised rigorously by trained compliance staff on an annual basis.

10 - How can an individual find out what information about them is held on the Staff Fraud Database?

For a fee of £10 you are entitled to request a copy of any information held about you by any organisation on computer or in some manual files. This is known as a Subject Access Request.  If you wish to request a copy of any data held about you by CIFAS, please follow the procedure as explained on the Subject Access Request Form, which can be downloaded here.

11 - Does CIFAS have a complaints process so that staff may challenge the validity of filings?

Please click here for further information about the CIFAS complaints procedure.

12 - What is the potential impact of disciplinary appeals, employment tribunals or court cases on Staff Fraud Database filings?

It is acceptable to file a staff fraud as long as the requisite standard of proof exists and the correct notification procedures have been followed, even if the case is subject to an appeal, tribunal hearing or court case. The staff fraud record should not be amended or deleted unless the findings of the appeal, tribunal or jury affect the standard of proof used by the Member to justify the filing. If the findings or decision do not negatively affect the justification for the filing, e.g. they uphold a complaint regarding the disciplinary or dismissal procedure that was followed, there is no requirement for the Member to amend the staff fraud record.

13 - Are Members able to file agency/temporary staff on the Staff Fraud Database?

A Member is able to file any individual staff member who is supplied by agencies/third parties or others who provide services to them as long as the standard of proof is satisfied and the correct notification procedures are followed.  The notification procedures are similar to those issued to directly employed staff.  However, the Member must obtain and retain confirmation that the initial notification was received, e.g. by a way of a signed form.