National Fraud Initiative
The National Fraud Initiative (NFI), is a data matching exercise (‘data matching’ is explained below) that has been operated by the Audit Commission in England since 1996. The NFI assists audited public bodies (usually government departments or agencies such as SAAS) to prevent and detect fraud and error. The exercise also assists in the assessment of arrangements that NFI participants have in place to deal with fraud. The NFI was introduced by Audit Scotland in stages commencing in 2000 and SAAS has been an active participant since 2002.
The processing of data by Audit Scotland in a data matching exercise is carried out with statutory authority. Section 26A of the Public Finance and Accountability (Scotland) Act 2000 provides that Audit Scotland may carry out data matching exercises, or arrange for them to be carried out on its behalf. This power was added by Section 97 of the Criminal Justice and Licensing (Scotland) Act 2010. While the exercise does not require the consent of the individuals concerned under the Data Protection Act 1998, the NFI is subject to a Code of Data Matching Practice and the relevant provisions of the Data Protection Act 1998 are included in Appendix 3 of this code.
Level 2 Statement
Student Awards Agency Scotland is required by law to protect the public funds it administers. We will share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified but the inclusion of personal data within a data matching exercise does not mean that any specific individual is under suspicion. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The exercise can also help bodies to ensure that their records are up to date.
Audit Scotland currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to Audit Scotland for matching for each exercise, and these are set out in Audit Scotland’s instructions, which can be found at: http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative. The use of data by Audit Scotland in a data matching exercise is carried out with statutory authority, normally under its powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by Audit Scotland is subject to a Code of Practice. This may also be found at: http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative
For further information on Audit Scotland’s legal powers and the reasons why it matches particular information, see the full text privacy notice at:
or contact the SAAS National Fraud Initiative Key Contact at:
SAAS Counter Fraud Team
or by email at SAASCFT@gov.scot