I confirm that Ordnance Survey (OS) does hold some of the information you have requested. Where the information is not held or exempt from disclosure this is stated.
Taking each request in turn, I confirm the following:
1. When are you next going through an audit of the national fraud initiative?
I confirm that Ordnance Survey does not hold the information you have requested.
It is not a requirement for OS to participate in an audit of the national fraud initiative and we do not currently have any plans to participate in the future. Please see our website for corporate and governance information.
2. What current procedures do you have in place such as confirmation of payee against fraud?
I confirm that OS does hold internal documentation detailing our current procedures with regard to confirmation of payee against fraud, however, we consider this information to be exempt from disclosure, as explained:
Section 31(1) (a) (Law Enforcement)
Information is exempt if its disclosure would or would be likely to prejudice the prevention and detection of crime. In this case, we have withheld this information since it is an internal working documentation detailing our internal processes and business procedures. Disclosure of this information could expose OS to attempts of fraud since it contains details of our sign off process and live bank details.
This is a qualified exemption, and we are required to consider the public interest. OS recognises the need for transparency; however, disclosure of this information would mean that our financial systems and bank detail information could be used to facilitate the possibility of fraud, making OS more vulnerable to fraud. We do not consider there to be a wider public interest in this information.
Section 40 (2) (Personal Information)
Our internal documentation contains, for example, names and valid bank details, and we consider this to be exempt from disclosure under section 40(2) (personal information) of the FOIA, as the information constitutes personal data which is not already in the public domain.
Section 40(2) provides that personal data is exempt information if one of the conditions set out in section 40(3) is satisfied. In our view, disclosure of this information would breach the data protection principles contained in the General Data Protection Regulation and Data Protection Act 2018.
Section 40(2) is an absolute exemption and therefore not subject to the public interest test.
Advice and Assistance
However, under the duty to provide information and assistance in accordance with section 16 of FOIA, we can provide the following summary of our bank verification process which may assist you in this matter:
OS receives notification of supplier’s bank details; our Accounts Payable team independently verify this information via a different method to that on the notification provided. A request is made to obtain bank details on company headed paper, with a valid authorising signature and this is matched to the independently verified confirmation. The Senior Finance Officer/ Finance Operations Manager review the changes in our finance system and compare the validity of changes evidenced. Approval or rejection is initiated. Bank changes are further validated in our finance system on completion of payment proposal and either approved or rejected.
3. What is your current confirmation of payee software incumbent product & the renewal date of the contract.
OS uses the standard solution available with our online banking. This is a solution provided and maintained by our bank with no additional charges incurred.
We do not hold a contract renewal date.