Information for bodies working with the National Fraud Initiative, including the process, obligations around data and contact details.
The National Fraud Initiative (NFI) matches electronic data within and between public and private sector bodies to prevent and detect fraud. These bodies include police authorities, local probation boards, fire and rescue authorities as well as local councils and a number of private sector bodies.
Public sector bodies are required to submit data to National Fraud Initiative on a regular basis. View data requirements and data specifications for the public sector. NFI also provides additional services for the public sector.
The NFI offers a number of services that are available to all types of private sector organisations. View National Fraud Initiative: private sector services to see how the NFI could help your organisation and how to get involved. You can also read case studies.
If you already have access, log in to the secure National Fraud Initiative web application to:
- watch training videos
- update contact details
- upload data
- submit confirmation of privacy notices
View National Fraud Initiative: timetables for information about important deadlines and milestones.
Privacy notices and current data protection legislation applicable in the UK
The Data Protection Act 1998 requires NFI participants to tell individuals that their data will be processed. Providing this information is known as a privacy notice. The GDPR together with the Data Protection Bill, both of which will come into force in May 2018, will still have this requirement, although the exact requirements of privacy notices will change. You should refer to the Information Commissioner’s guidance on this as amended from time to time
The key contact for each body also needs to submit a declaration via the secure NFI application confirming that they are following privacy notice requirements.
If certain exemptions within the Data Protection Act 1998 apply, data controllers are not required to provide fair processing information. An example is the section 34 exemption, where there is a statutory requirement to make personal information available to the public.
Contact nominations and responsibilities
Senior Responsible Officer role in the participating organisation
The director of finance, or equivalent will act as the senior responsible officer (SRO) for the NFI. The SRO is responsible for ensuring that the body taking part in the NFI meets the statutory requirements. They should:
- nominate a key contact
- ensure the key contact has access to the matches, via the secure NFI web application, when they become available
- ensure that the key contact fulfils all privacy notice requirements
Key contact role
The key contact is responsible for:
- fulfilling the organisation’s privacy notice requirements – they should be in direct communication with their organisation’s data protection officer or equivalent
- ensuring that the data formats guidance and data specifications are followed
- nominating appropriate users to upload data submissions, investigate the matches and act as the point of contact for other bodies about a match (preferred dataset contact)
- coordinating and monitoring the overall exercise
- ensuring that outcomes from the investigation of matches are recorded on the web application promptly and accurately
Watch training videos within the NFI web application for more information.
The user responsible for submission of the data should ensure that
- the data meets the specifications, contains a header row and is in the correct format
- they submit the data via the data file upload facility (DFU)
- the data is received by the required deadline(s)
Investigating the matches
The key contact will set up a user or number of users with access to the NFI web application so that they can review and investigate the matches. They may also be responsible for responding to enquiries from other matched bodies if this role is delegated to them by the key contact.
Once the data-matching process for each exercise is completed, the NFI will make the output available to the relevant participating body for consideration and investigation via the secure NFI software. Participating bodies are then responsible for investigating any matches.
The NFI will provide guidance with the data matching output: it’s essential to consider this as it will help with prioritising reports and the matches within them.
Making the process more efficient
There are a number of measures that the senior responsible officer/key contact can take to make the process more efficient. These include:
- making sure participants access the relevant training videos via the secure NFI application
- ensuring that all contact details are up to date
- reviewing the data quality reports from the previous year to identify any improvements that can be made for the next data submission
- making sure that appropriate staff review all documentation before submitting data
- planning in advance what investigative resources are needed, based on specific expertise and knowledge – this means matches can be dealt with promptly (eg it may be best for a nominated person in Internal Audit or Accounts Payable to deal with trade creditor duplicate matches)
Read details of the statutory framework under which Cabinet Office carries out data matching exercises.
External auditors (where applicable) will continue to be involved in the NFI. They will be able to use the output from the exercise to help them assess the arrangements that audited bodies have in place to prevent and detect fraud.
To discuss your requirements or sign up to take part please email firstname.lastname@example.org or call 0845 345 8019.