TISCreport has a legal obligation to report risk indicators about companies and other legal entities to all public bodies. This is due to being a Specified Person for the Purposes of the Fraud Provisions in Section 56 of the Digital Economy Act 2017 (Schedule 8 Category 41). This FAQ explains what this means for members and non-members whose publicly available open data records we aggregate and hold.
What is Section 56 of the Digital Economy Act 2017 about?
Section 56 of the The Digital Economy Act 2017 is specific to the disclosure of information to combat fraud in the public sector. In the context of data and intelligence gathered by the TISCreport platform, our obligation relates to Section 56 part (2) part (b): the exposure of a public authority to a risk of loss. This aspect of the Act is managed by the DEA Fraud and Debt Data Sharing Secretariat.
What is meant by public sector fraud?
The International Public Sector Fraud Forum has a comprehensive description of what fraud constitutes in the context of public sector fraud in their Guide to Managing Fraud for Public Bodies. However there is also a fraud indicators checklist for the education sector which lists indicators that apply equally for other types of organisation.
We have built our platform and technologies to detect potential fraud risk indicators as well as other (non-financial) risk indicators of corruption and exploitation. Consequently, in our supply chain and compliance context, “fraud against a public authority” means a fraud offence which involves the exposure of a public authority to a risk of loss.
Examples of indicators of fraud risk include but are not restricted to the following:
- non-compliance and late compliance events for companies and subsidiaries/parents
- risk indicators relating to named directors
- risk indicators relating to shadow directors and other dotted line relationships
- risks relating to actions taken by regulatory bodies
- risks relating to buyers and suppliers
- risks related to pension fund investments
Does this mean TISCreport will be sharing confidential information of members to the authorities?
No. TISCreport will be reporting on risk indicators derived from the analysis of aggregated public, open data against the risk indicators specified by the public bodies themselves. Confidential data will remain confidential, and TISCreport neutrally reports data points with no judgement from the system itself. As a transparency organisation, we would do our best to alert organisations if they start to appear at higher risk of fraudulent activity prior to fulfilling data requests from the authorities.
What notifications will TISCreport send my organisation as an alert?
In the unlikely event that your organisation triggers one or more alerts, the system will send an email to your organisation depending on your settings and membership status. After this attempt, the data requested will be sent to the appropriate public body within the time frame agreed between TISCreport and that public body.
1) If the trigger relates to a data set you are subscribed to, you will get the details of the nature of the alert and which public body is requesting that information.
2) If there is no trigger but a public body is simply requesting verification of details you may have already sent them in relation to a procurement exercise or regulatory requirement, you will receive a notification of which public body has requested those details.
You will receive a notification that a public body has requested data from TISCreport along with a list of generic fraud indicators that your organisation will need to check. As the details of the specific data requested will not be shared with non-members, it will be up to the company representative receiving the alert to ensure that the compliance and risk management functions are notified.
How do I subscribe to receive alerts about suppliers?
If you have shared your supply chain data on a TISCreport dashboard and are subscribed to the relevant data set, you will receive an alert via dashboard and/or via email (depending on your alert settings).
Is it possible to receive alerts about my investments?
Yes. You will need to subscribe to an investment dashboard and add the companies within which you have holdings to it. By subscribing to data sets you deem to be relevant to the risk you wish to monitor, you will receive alerts relating to those data sets as they arise.
My organisation has received an alert. How much time do we have until the data is sent to my regulator?
Depending on the public body, anything between 28 days and 3 months. We are waiting to hear back from DCMS on how much time we can give our members to resolve issues prior to responding to a data request. If the issue is resolved, both the alert and the resolution of it will be shared with the public body making the request.
We have received an alert and resolved the issue. Will TISCreport still send details to our regulator?
Yes. This will enable whatever red flags have been triggered for your organisation to be removed by both our system and that of the public body requesting data.
We are not members of TISCreport but are receiving alerts. Why is this?
Our commitment to transparency applies whether or not your organisation is a contributing member. Consequently, in the unlikely event there is an alert relating to your organisation, our bots will alert your board and/or CEO will receive prior to requested data being sent to public bodies monitoring your company using TISCreport. There is no charge for receiving these alerts, however the level of detail you receive will be related to any data sets you have subscribed to.