Require the completion of declarations or acknowledgements
Summary
Use declarations or acknowledgments to both communicate and confirm that a person understands their obligations and the consequences for non-compliance. The declaration could be written or verbal, and should encourage compliance and deter fraud.
Why this countermeasure matters
Not requiring declarations or acknowledgements may lead to:
- staff, customers and third parties committing reckless acts of fraud or error because they are not aware of their obligations and the consequences for non-compliance
- applicants providing false information or misleading statements to support a request or claim
- applicants concealing or withholding information that would affect their entitlement.
How to put this countermeasure in place
Some ways to implement this countermeasure include:
- requiring clients to complete a declaration when submitting a claim or request such as 'I declare the information provided is true and correct and I acknowledge the consequences for providing false or misleading information'
- requiring staff to sign a confidentiality declaration or acknowledgement confirming the applicant has read and understood privacy and information access policies
- requiring a statutory declarations to be provided with a claim or request.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by using the following methods:
- Confirm declarations and acknowledgements exist on relevant forms.
- Confirm the completion of a declaration or acknowledgement is mandatory and/or has legal effect.
- Review the content and wording to make sure it clearly encourages compliance and deters fraud.
- Check where/how records of completed declarations or acknowledgements are kept.
- Consult behavioural insights experts about the declarations and acknowledgements.
- Ask staff about their understanding of the declaration and the consequences for non-compliance.
Related countermeasures
This type of countermeasure is supported by:
Legislation and policy can help prevent, detect and respond to fraud, such as by outlining clear rules, regulations and criteria, allowing entities to collect, use and disclose information and allowing entities to enforce penalties and recover fraud losses.
Require and support staff and third parties to self-disclose gifts, benefits, incidents, mistakes and real or perceived conflicts of interest.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Provide help and support to customers, staff and third parties to help them follow correct processes and encourage them to comply with rules and processes and meet expectations.
Make sure requests or claims use a specific form, process or system for consistency.
Authenticate client or third party identities during each interaction to confirm the person owns the record they are trying to access.
Have clear and specific eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Make sure forms or system controls require mandatory information to support claims or requests.
Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.
Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.
These are penalties for customers, staff or third parties that commit fraud or do not comply with rules, processes and expectations.