Cifas Homepage
NewsroomCareersContact Us

Cifas Intelligence Service Principles

The Cifas Intelligence Service provides a framework to share Risk Conduct information that cannot be shared through other Cifas Databases, information that can be used by our members to reduce exposure to Risk Conduct and inform decisions according to your organisation’s risk appetite.

 

Intelligence Service Handbook

To use the Intelligence Service, a Cifas member must operate within the terms of the Intelligence Service Handbook – a guide that sets out eight Principles of use with accompanying guidance. These Principles and guidance describe the controls in place to protect the data used by the Intelligence Service and ensure that the highest possible level of fairness and transparency are observed.

The Handbook allows you and your organisation an appropriate degree of flexibility – there will be many ways for you to achieve the outcomes it describes. It also helps you maintain the quality and integrity of the data for the benefit of all members. By observing the Handbook and engaging with our compliance process your organisation will be compliant and can enjoy the benefits of the Intelligence Service.

Principles of use

The Intelligence Service is a data sharing arrangement where members are alerted to potential Risk Conduct by Cifas as a result of the collection and analysis of data and information it receives from members or other third parties.

Both Cifas and its members have equal responsibility for the quality, protection and lawful use of the data submitted and used by the Intelligence Service. Cifas has responsible for the accuracy of the Intelligence reports it publishes, and together with members have a responsibility for the proportionate use of the data held in the Intelligence Service.

We want the data we hold on behalf of our members to be used to the maximum benefit in protecting themselves from fraud and financial crime. We also have a responsibility to ensure that the rights of the citizen are balanced with the legitimate interests of our members; therefore, the Intelligence Service Principles are closely aligned to data protection legislation.

The Principles are as follows:

Principle 1: Reciprocity

The Cifas Intelligence Service complements and does not replace other Cifas Databases. A member with sufficient data and evidence to be able to file to the relevant Cifas Database needs to do so, rather than just referring the information to the Intelligence Service.

Members can make a submission to the Intelligence Service where data and information held falls outside of the criteria for filing to the Cifas Databases. Cifas will then decide if it can be shared with other members via the Intelligence Service.

Principle 2: Purpose Limitation

Information and data from the Intelligence Service can be used in a wide range of situations for the purpose of the prevention, detection, and investigation of Risk Conduct. It must not be used as part of the justification to withdraw or reject a product, service, or employment, or to support civil or criminal proceedings.

Principle 3: Transparency

Subjects have a right to know how data will be used and how any decisions related to them have been made.

Principle 4: Lawfulness (Searching & Submitting an Intelligence Referral)

Subjects must only be searched and included in an Intelligence Referral if they have been legally informed of how their data may be used via a Fair Processing Notice.

Principle 4: Lawfulness (Acceptance and Dissemination Thresholds)

The submission of data by a member to the Intelligence Service as part of an Intelligence Referral must meet the Acceptance Threshold. The Acceptance Threshold is met when the following statements are deemed likely to be true: 

Only those Intelligence Referrals that meet the Dissemination Threshold for publication can be published. The Dissemination Threshold is met when the following statements are likely to be true:

Principle 5: Fairness (Proportionality)

The Intelligence Service provides Intelligence to highlight grounds to investigate possible Risk Conduct and enable members to direct their counter fraud resources and Investigations more effectively.

Principle 5: Fairness (Protecting innocent parties)

Members who make a submission to the Intelligence Service have a responsibility to ensure that an Innocent Party is only included in an Intelligence Referral where this is necessary to demonstrate the Risk Conduct and support the referral. Innocent parties included in an Intelligence Referral must be clearly distinguished from any other Subject.

Principle 6: Accuracy

It is the responsibility of each member to ensure that the information submitted to Cifas as an Intelligence Referral is accurate.

Principle 7: Integrity (Security)

Access to the Intelligence Service is restricted and all members must have adequate policies, procedures, and technical measures in place to protect the data.

Principle 8: Data Minimisation

The Cifas Intelligence Service is designed to ensure that the processing of personal and non-personal data contained in Intelligence is minimised and limited to that which is required for the purpose of Risk Conduct prevention and detection. Members may retain a copy of the personal data contained in an Intelligence Report if this is part of an active Investigation. Once it is no longer strictly necessary to retain the personal data it must be deleted securely and permanently.