National Fraud Database Principles
The National Fraud Database is the UK’s largest repository of fraud risk information: information that can be used by our members to reduce exposure to fraud and financial crime and inform decisions according to your organisation’s risk appetite.
National Fraud Database Handbook
To use the database, a Cifas member must operate within the terms of the National Fraud Database Handbook – a guide that sets out eight Principles of use with accompanying guidance. These Principles and guidance describe the controls in place to protect the data on the database, and ensure that the highest possible level of fairness and transparency are observed.
The Handbook allows you and your organisation an appropriate degree of flexibility – there will be many ways for you to achieve the outcomes it describes. It also helps you maintain the quality and integrity of the data for the benefit of all members. By observing the Handbook and engaging with our compliance process your organisation will be compliant and can enjoy the benefits of the database.
Principles of use
The National Fraud Database is a reciprocal data sharing arrangement where members commit to provide data and file cases of fraud. In return, members receive the benefit of searching the database.
Both Cifas and its members have equal responsibility for the quality, protection and lawful use of the data submitted to and held on the National Fraud Database. Every member is responsible for the accuracy of the cases filed, and for the proportionate use of the data returned from a search.
We want the data we hold on behalf of our members to be used to the maximum benefit in protecting themselves from fraud and financial crime. We also have a responsibility to ensure that the rights of the citizen are balanced with the legitimate interests of our members; therefore the National Fraud Database Principles are closely aligned to data protection legislation.
The Principles are as follows:
Principle 1: Reciprocity
The National Fraud Database relies on member data. Members must contribute their own cases to receive benefit from the data shared by other members.
Principle 2: Purpose Limitation (Legitimate reasons for searching)
Data from the National Fraud Database can be used in a wide range of situations for the purpose of the prevention, detection and investigation of fraud and financial crime.
Principle 3: Transparency
Subjects have a right to know how data will be used and how any decisions related to them have been made.
Principle 4: Lawfulness (Searching and filing)
Subjects must only be searched and filed if they have been legally informed of how their data may be used via a Fair Processing Notice.
Principle 4: Lawfulness (Standard of Proof)
Cases filed to the National Fraud Database must be supported by evidence and meet the ‘four pillars’ of the Standard of Proof. The Standard of Proof is:
- That there are reasonable grounds to believe that a Fraud or Financial Crime has been committed or attempted;
- That the evidence must be clear, relevant and rigorous;
- The conduct of the Subject must meet the criteria of one of the Case Types;
- In order to file the member must have rejected, withdrawn or terminated a Product on the basis of Fraud unless the member has an obligation to provide the Product or the Subject has already received the full benefit of the Product.
All Subjects involved that meet the Standard of Proof, must be filed to the National Fraud Database.
Principle 5: Fairness (Proportionality)
Members must ensure that the data is interpreted in a proportional manner according to their own risk appetite and the product being assessed.
Principle 5: Fairness (Protecting innocent parties)
Innocent parties should be filed to the National Fraud Database for their own protection and be clearly distinguished from any other Subject involved in the Case.
Principle 6: Accuracy
All data that is captured must be accurate.
Principle 7: Integrity (Security of the National Fraud Database)
Access to the National Fraud Database is restricted and all members must have adequate policies, procedures and technical measures in place to protect the data.
Principle 8: Data Minimisation
Members must be able to retrieve the evidence to support a case filed to the National Fraud Database but they must not hold data indefinitely. Once it’s served its purpose, it must be deleted securely and permanently.