TISCreport has a legal obligation to report risk indicators about companies and other legal entities to all public bodies. This is due to being a Specified Person for the Purposes of the Fraud Provisions in Section 56 of the Digital Economy Act 2017 (Schedule 8 Category 41). This FAQ explains what this means for members and non-members whose publicly available open data records we aggregate and hold.
What is Section 56 of the Digital Economy Act 2017 about?
Section 56 of the The Digital Economy Act 2017 is specific to the disclosure of information to combat fraud in the public sector.
This legislation allows certain specified individuals or organizations to disclose information they hold in connection with their functions to others in order to take action against fraud against public authorities. "Fraud against a public authority" is defined as a fraud offense that results in loss to a public authority or exposes the authority to risk of loss. "Taking action" includes preventing, detecting, investigating, prosecuting, bringing civil proceedings, and taking administrative action related to fraud against a public authority. The appropriate national authority has the power to modify the list of specified individuals or organizations, called Schedule 8, by adding, removing, or modifying entries, as long as certain conditions are met. These conditions include that the person or organization is a public authority or provides services to a public authority, and that they have a need for or potential to improve their ability to identify or reduce the risk of fraud, or have functions related to taking action against fraud against a public authority. The appropriate national authority must consult with certain individuals and organizations before making any changes to Schedule 8.
In the context of data and intelligence gathered by the TISCreport platform, our obligation relates to Section 56 part (2) part (b): the exposure of a public authority to a risk of loss. This aspect of the Act is managed by the DEA Fraud and Debt Data Sharing Secretariat.
What is meant by public sector fraud?
The International Public Sector Fraud Forum has a comprehensive description of what fraud constitutes in the context of public sector fraud in their Guide to Managing Fraud for Public Bodies. However there is also a fraud indicators checklist for the education sector which lists indicators that apply equally for other types of organisation.
We have built our platform and technologies to detect potential fraud risk indicators as well as other (non-financial) risk indicators of corruption and exploitation. Consequently, in our supply chain and compliance context, “fraud against a public authority” means a fraud offence which involves the exposure of a public authority to a risk of loss.
Examples of indicators of fraud risk include but are not restricted to the following:
- non-compliance and late compliance events for companies and subsidiaries/parents
- risk indicators relating to named directors
- risk indicators relating to shadow directors and other dotted line relationships
- risks relating to actions taken by regulatory bodies
- risks relating to buyers and suppliers
- risks related to pension fund investments
Does this mean TISCreport will be sharing confidential information of members to the authorities?
No. TISCreport will be reporting on risk indicators derived from the analysis of aggregated public, open data against the risk indicators specified by the public bodies themselves. Confidential data will remain confidential, and TISCreport neutrally reports data points with no judgement from the system itself. As a transparency organisation, we would do our best to alert organisations if they start to appear at higher risk of fraudulent activity prior to fulfilling data requests from the authorities.
What notifications will TISCreport send my organisation as an alert?
In the unlikely event that your organisation triggers one or more alerts, the system will send an email to your organisation depending on your settings and membership status. After this attempt, the data requested will be sent to the appropriate public body within the time frame agreed between TISCreport and that public body.
1) If the trigger relates to a data set you are subscribed to, you will get the details of the nature of the alert and which public body is requesting that information.
2) If there is no trigger but a public body is simply requesting verification of details you may have already sent them in relation to a procurement exercise or regulatory requirement, you will receive a notification of which public body has requested those details.
You will receive a notification that a public body has requested data from TISCreport along with a list of generic fraud indicators that your organisation will need to check. As the details of the specific data requested will not be shared with non-members, it will be up to the company representative receiving the alert to ensure that the compliance and risk management functions are notified.
How do I subscribe to receive alerts about suppliers?
If you have shared your supply chain data on a TISCreport dashboard and are subscribed to the relevant data set, you will receive an alert via dashboard and/or via email (depending on your alert settings).
Is it possible to receive alerts about my investments?
Yes. You will need to subscribe to an investment dashboard and add the companies within which you have holdings to it. By subscribing to data sets you deem to be relevant to the risk you wish to monitor, you will receive alerts relating to those data sets as they arise.
My organisation has received an alert. How much time do we have until the data is sent to my regulator?
Depending on the public body, anything between 28 days and 3 months. We are waiting to hear back from DCMS on how much time we can give our members to resolve issues prior to responding to a data request. If the issue is resolved, both the alert and the resolution of it will be shared with the public body making the request.
We have received an alert and resolved the issue. Will TISCreport still send details to our regulator?
Yes. This will enable whatever red flags have been triggered for your organisation to be removed by both our system and that of the public body requesting data.
We are not members of TISCreport but are receiving alerts. Why is this?
Our commitment to transparency applies whether or not your organisation is a contributing member. Consequently, in the unlikely event there is an alert relating to your organisation, our bots will alert your board and/or CEO will receive prior to requested data being sent to public bodies monitoring your company using TISCreport. There is no charge for receiving these alerts, however the level of detail you receive will be related to any data sets you have subscribed to.
What is the UK Digital Economy Act?
The UK Digital Economy Act is legislation passed in 2017 that aims to improve the UK's digital infrastructure and encourage the growth of the digital economy. It covers a range of issues including online piracy, broadband speeds, and digital skills.
How does the Digital Economy Act address online piracy?
The Act includes provisions for the blocking of websites that are found to be infringing on copyright laws. It also allows for the implementation of measures to reduce online piracy, such as the disconnection of repeat offenders from the internet.
How does the Act address broadband speeds?
How does the Act promote digital skills?
How does the Act impact businesses?
The Act is expected to have a positive impact on businesses by improving access to high-speed internet, encouraging the growth of the digital economy, and providing support for businesses to develop their digital capabilities. It is also intended to protect businesses from online piracy and provide a level playing field for all businesses operating in the digital economy.