Cifas Ethics and Corporate Social Responsibility Policy
Cifas is often approached by members, suppliers and other stakeholders about our policies and processes. To enable us to respond consistently to these requests, we have prepared some standard responses to frequently asked questions below. The positioning statements set out in this document can be used either as written below, or they can be used as the basis for a bespoke response as appropriate.
NB. Given the size of Cifas and the number of our members, we are not able to respond to individual requests to due diligence questionnaires. The positioning statements in this document should provide sufficient assurance for members and others that Cifas has robust policies and controls in place.
About Cifas
Cifas is the UK’s leading fraud prevention service. We are a not-for-profit company and a membership organisation. Cifas operates the largest database of fraud risk data in the UK. Our members are organisations from across multiple sectors, who share data, intelligence and knowledge to help prevent the harm and loss caused by fraud.
Key Information
- Cifas is a membership organisation. Members sign up to our terms and conditions (not the other way around)
- Cifas is a Data Controller
- Cifas does not store or process data on behalf of our members
- Cifas does not have access to members’ infrastructure
- Cifas members do not have employees working on site at Cifas
- Cifas is externally validated by BSI to ISO 27001
- Cifas Company Number: 2584687
- Cifas VAT Registration Number: 524 3433 70
- Cifas DUNS Number: 766629497
Standard responses
Modern Slavery
Cifas is not required to make an annual statement under the Modern Slavery Act 2015. However, we uphold the principles of the Act, and all our services and goods are provided free from slavery and human trafficking.
Business Ethics and Anti-Bribery
Cifas has a zero-tolerance approach to bribery and corruption. In accordance with the Bribery Act 2010, we regularly monitor the effectiveness of our policies, taking account of their suitability, adequacy and effectiveness. Such policy applies to all employees working at Cifas, as well as third party organisations, actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers and government and public bodies. Any gifts or hospitality received by employees are recorded in the Gifts and Hospitality Register which is reviewed on a quarterly basis by the Cifas Senior Leadership Team.
Whistleblowing
Cifas has a robust ‘Speak-up’ policy and internal process in place to deal with issues and concerns relating to malpractice. All staff are briefed on this process at their induction and
periodically thereafter. We have appointed an independent Speak-up Champion for situations where staff may feel it appropriate to approach an individual external to Cifas.
Bullying and Harassment
At Cifas we are committed to fostering an inclusive and respectful environment that is free from discrimination, harassment or bullying for all employees, including those with protected characteristics as outlined by the Equality Act 2010. We recognize and value the diversity of our workforce and community, and we are dedicated to ensuring that everyone is treated with dignity and respect. We comply with all relevant legislation, including the Equality Act 2010, and is committed to upholding the rights of individuals with protected characteristics. We ensure that our policies and practices are in line with legal requirements and best practices in equality and diversity. Our policies on Bullying and Harassment are designed to give our people the confidence and support they need to raise concerns. We will take all such complaints seriously and have
processes in place that ensure any concerns are dealt with swiftly, appropriately and fairly.
Sustainable Workplace
Cifas takes its responsibilities towards minimising its environmental impact seriously. We have a suite of policies in place to foster a more sustainable working environment. These practices and policies include on lighting, heating, electrical equipment, water, recycling, fair trade products and travel.
Data Protection
Please see separate Statement of Data Protection Assurance document.
Facial Matching
Our facial matching service is only available to Cifas members. It allows them to search for a face that matches with existing records in the National Fraud Database. Following a search, the
uploaded image is held within the system temporarily to allow for manual validation of the match. The ability to match faces helps improves the prevention and detection of fraud by our members.
Information Security
Please see separate Statement of Information Security Assurance document.
Business Continuity
Cifas has business continuity plans in place. These are reviewed and tested at least once each year. They cover a number of scenarios including power and water failure, transport strike, loss of telecommunications, cyber-attack and loss of access to the Cifas office. The plans set out key roles and responsibilities, as well as timelines for recovery and plans for communicating to Cifas members and other stakeholders.
Third Party Management
Cifas Procurement Policy and Cifas Authorisation to Sign Contracts Policy ensure that strict controls are in place to make certain that staff engaging with suppliers remain within strictly defined rules guardrails. They also ensure that our suppliers meet specified standards listed. Suppliers are regularly reviewed.
Physical Equipment
Cifas has insurance cover for physical loss and damage (including property damage, computer hardware and software, money and business interruption). Cifas’ Office Combined Insurance and Computer Insurance is updated and renewed on annually.
Financial Auditing
Statutory external and independent audits are carried out by Crowe UK LLP. Audited Accounts are available both on the Cifas website and through Companies House.