Cifas Ethics and Corporate Social Responsibility Policy
Integrity is the primary value that guide the decisions we make as a business both on a long-term strategic basis and in our daily conduct.
As joint data controllers for the National Fraud Database and Internal Fraud Database we take our responsibilities under Data Protection legislation seriously and are conscious that we are guardians of sensitive data about the conduct of individuals and of victims of fraud. To that end we have in place robust data governance procedures and extensive security and information management systems to protect that data.
We use the data we obtain from our membership to prevent and detect fraud and financial crime, and other unlawful or dishonest conduct, and always strive to do the right things, for the right reason, and in the right way.
In making decisions about how we run the business our approach on questions of integrity is informed by The Navigation Wheel (see below). The Executive are also held to account by a Board and a member-led Advisory Board, who scrutinise how we operate the National and Internal Fraud Databases, collate, disseminate intelligence, and deliver learning.
Statutory and Non-Statutory Obligations
Cifas strives to ensure that it complies with all its statutory obligations, and where it is not subject to statutory obligations to follow best practice and observe more general obligations to our fellow citizens, society, and the planet. We seek to make a positive contribution to our communities and society more generally over and above our mission to prevent fraud and financial crime.
Modern slavery, including illegal practices such as compulsory and forced labour, servitude, and human trafficking, violates human rights, and destroys communities. As a small company, Cifas is not required to make an annual statement regarding the Modern Slavery Act 2015, however, as a company we uphold the principles of the Act and seek to ensure that the providers of services and goods to Cifas are provided free from slavery and human trafficking. Our main suppliers are committed to upholding the tenets of the Modern Slavery Act and to do so through their supply chains.
Although we are not a regulated entity under any money laundering legislation, and neither are we a registered body under Financial Services or Consumer Credit legislation, we take steps to know our customers and conduct relevant due diligence checks on potential members and suppliers.
We meet and observe the PCI DSS standards for all card transactions.
Anti-Bribery and Corruption
Cifas seeks to conduct business in an honest and ethical manner and so takes a zero-tolerance approach to bribery and corruption. An Anti-Bribery and Corruption policy is in place and Cifas will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which it conducts business.
Cifas is a joint controller with members over the personal data in our data sharing systems. This means that we are responsible, in conjunction with our members, for ensuring that personal data is used in a fair, transparent, and lawful manner in accordance with data protection legislation.
A Cifas member must operate within the terms of the relevant Handbook – a guide that sets out eight Principles of use with accompanying guidance. These Principles and guidance describe the controls in place to protect the data on the database and ensure that the highest possible level of fairness and transparency are observed. We have published our legitimate interests assessment for the National Fraud Database and the Internal Fraud Database.
Cifas is certified to ISO/IEC 27001:2013, the international standard for operating an information security management system, and to Cyber Essentials, the online security scheme run by the Government’s National Cyber Security Centre. Our databases run in the Microsoft Azure UK cloud, which is itself certified to ISO/IEC 27001:2013 and many other international security standards, and so benefits from the Microsoft global incident response team. Cifas commissions regular penetration testing of all systems by independent experts approved under the CREST scheme.
Cifas takes its responsibilities towards minimising its environmental impact seriously. Cifas encourages good working practices to encourage a more sustainable working environment and company culture of reducing carbon emissions and our carbon footprint. These practices and policies include the move to a paperless office, going digital, energy efficiency lighting and heating, recycling disused electronic equipment, and sourcing fair trade products and local food.
We have also introduced remote working and a cycle to work scheme to reduce staff travel, and only engage with suppliers and partners who are ethical, respect the environment and have excellent working practices for their staff.
Giving Something Back
Under our corporate social responsibility programme, we aim to ensure that our volunteering and charitable initiatives lend value to the vulnerable or under-represented members of society. Cifas has established an annual calendar of volunteering activities and fundraising days. We have also created a forum for staff to volunteer or fundraise for our Charity of the Year and encourage staff to use their paid volunteering day for their own chosen charity or cause. Our adopted charities are MIND, RSPCA, and Barnardo’s.
Equality, Diversity, and Inclusion
Cifas aims to be an inclusive place to work and for our members to have assurance that we are strongly committed to equality, diversity, and inclusion. We also ask that all our members and external parties are committed to adhering to the same approach.
We aim to create opportunities and reduce barriers for everyone, particularly under-represented groups. We are committed to making sure there is no unjustified discrimination in our processes for recruitment and selection, performance management and pay, and that promotion and retention is fairly granted across all our operations. This also extends to our external partners and members.
To achieve these aims Cifas has implemented an inclusive company culture supported through awareness initiatives, speak-up polices and zero tolerance for any adverse behaviour. We carefully monitor compliance, and any breach is thoroughly investigation and appropriate action taken.
Health and Safety
Cifas adheres to the Health and Safety at Work Act 1974 to ensure the health, safety, and welfare of its employees. We have a Health and Safety policy in place which sets out how we manage health and safety in the workplace. We adhere to statutory requirements and continually review existing practices to ensure a healthy and safe working environment for our employees. Staff are encouraged to understand their responsibilities through regular information and annual refresher training.
London Living Wage
Cifas is committed to providing its employees with a fair wage giving them and their families enough to afford essentials and save. As costs of living are higher in the capital, we are committed to implementing the recommended London Living Way for our workers who work in our London office.
Speak Up Policy
Cifas encourages all employees who have a concern about any activity in the company or by the company to speak up and report their concerns. We have a Speak Up policy and a mechanism that allows any employee or contractor to report any wrong-doing, concern of a lack of integrity, or acting outside of our ethics policy, to an independent Speak Up Champion, who has access to the CEO and the Board of Directors.