Key Benefits:
Publics concerned: organizations within the old age branch of the general regime; social insurance.
Subject: creation of a personal data processing called "national fraud management system".
Entry into force: the text comes into force on the day after its publication.
Notice: The decree authorizes the establishment of a national system for the management of fraud committed against the organizations of the pension branch of the general regime. This national system, composed of an alert management tool (OGEDA) and a national fraud reporting base (BNSF), aims to improve the management of these frauds and their reporting to other partners (other social welfare agencies, tax services, labour inspection, etc.). It also aims to provide better knowledge of the risks of fraud (risk mapping) and to enable the production of statistics.
References: The decree is available on the website Légifrance (http://www.legifrance.gouv.fr).
The Prime Minister,
On the report of the Minister of Social Affairs and Health,
Vu le Social Security Codeincluding articles L. 114-9, L. 114-10 and L. 114-16-1;
Vu la Act No. 78-17 of 6 January 1978 modified in relation to information technology, files and freedoms, including articles 27 and 29;
Having regard to the advice of the Board of Directors of the National Old Age Insurance Fund dated 21 March 2012;
Having regard to the deliberation of the National Commission on Informatics and Freedoms of 12 April 2012;
The State Council (Social Section) heard,
Decrete:
It is authorized to establish, by the National Insurance Fund for Employees, a personal data processing system called the "national fraud management system". The national fraud management system is made up of an alert management tool and a national evidence base.
1° The purpose of the alert management tool is to collect information to be controlled in the context of the fight against fraud in the general regime of the old age branch, in order to improve the targeting of control actions;
2° The national fraud reporting base meets four purposes:
(a) The management of proven frauds in the general regime of the old age branch in order to strengthen the monitoring of control actions and prevent recurrence;
(b) The development of a fraud risk mapping. This mapping aims to improve the prevention and detection of fraud by establishing a case targeting approach to be monitored;
(c) Reporting of proven frauds. For this purpose, they shall be transmitted:
― the information referred to in Article 3 of this Decree, to officials of the State or social welfare bodies mentioned inArticle L. 114-16-3 of the Social Security Code ;
the information referred to in Article 3 of this Decree, after anonymization, to the competent authority of the State in application of theArticle L. 114-9 of the Social Security Code ;
(d) Production of the synthesis report planned for theArticle L. 114-9 of the Social Security Code.
I. ― The registration in the national fraud management system by the agencies responsible for managing the old-age risk of the general regime is triggered by the observation of actions such as the production of false statements, falsified documents or counterfeit documents, or the intentional omission of a change of situation, aimed at:
1° Obtain or attempt to unduly obtain the payment of any benefit or allowance served by the organization concerned;
2° To obtain or attempt to unduly obtain the payment of any benefit or allowance served by the organization concerned, even without being the beneficiary.
II. - The information to be controlled from the general regime of the old age branch and state services or organizations referred to in Article L. 114-16-3 and second paragraph of Article L. 114-16-1 of the Social Security Code. The information to be monitored concerns fraud attempts and fraud, suspected or proven, from insured persons, their rightful persons, employers, agents or any other third party, or agents of the General Old Age Insurance Plan.
III. - Registered in the national fraud reporting base the proven frauds committed against old age insurance regardless of the authors: insured persons, their rightful persons, employers, agents or any other third party, agents of the general old age insurance scheme. Only are viewed as proven and can be recorded in this database the facts constituting a fraud found by an authorized and sworn control officer within the meaning of theArticle L. 114-10 of the Social Security Code.
I. ― The categories of personal data and information contained in the alert management tool are, depending on the nature of the information collected:
1° The identification data of natural or legal persons responsible for the alleged fraud, which includes:
(a) The registration number on the National Register for the Identification of Physical Persons (NIR);
(b) The surname, and, where applicable, the marital or use name, and the surnames;
(c) The date and place of birth;
(d) For legal persons: the social reason, the SIRET identifier;
(e) The residence address or address of the head office;
2° Information describing the characteristics of alleged fraud, including:
(a) The benefit concerned;
(b) The period to which the facts relate;
(c) The date of discovery of the facts;
(d) The field of risk;
(e) The type of fraud;
(f) The nature of the document(s) involved;
(g) The assessment of the amount of harm suffered or avoided;
(h) Identification of the concerned third parties (especially as a victim, witness to the facts, accomplice or potential co-author) when this information is useful to the needs of the investigation.
II. • Personal data and information contained in the national fraud reporting database are:
1° The identification data of natural or legal persons responsible for fraud, which includes:
(a) The registration number on the National Register for the Identification of Physical Persons (NIR);
(b) The surname, and, where applicable, the marital or use name, and the surnames;
(c) The date and place of birth;
(d) For legal persons: the social reason, the SIRET identifier;
(e) The residence address or address of the head office;
2° The information describing the characteristics of fraud, which includes:
(a) The benefit concerned;
(b) The period to which the facts relate;
(c) The date of discovery of the facts;
(d) The field of risk;
(e) The type of fraud;
(f) The nature of the document(s) involved;
(g) The amount of harm suffered or avoided;
3° Information on actions taken by the General Old Age Insurance Plan and decisions taken:
(a) The nature of the action involved;
(b) The authority seized;
(c) The word "in progress" or "closed";
(d) If applicable, the mentions "scheduling without suite", "non-place" or "leather".
I. ― Users of the Alert Management Tool and the National Fraud Reporting Base are officers individually authorized by the Director of each agency responsible for the management of the General Plan's Old Age Risk.
II. ― Are recipients of the data contained in the National Fraud Reporting Base to the General Old Age Insurance Plan:
1° State agents or social welfare organizations mentioned in theArticle L. 114-16-3 of the Social Security Code individually authorized by the director of the body or administration concerned;
2° The competent authority of the State, after anonymization of the data, pursuant to the first and third paragraph of Article L. 114-9 of the same code.
I. ― The data stored in the alert management tool is kept for three years.
II. ― Data recorded in the national fraud reporting database are retained:
1° A year for files classified without action by the organization or having been the subject of a non-place or relax decision from the date of this decision;
2° A year for files filed without action by the Attorney of the Republic unless they are still subject to an administrative sanction procedure;
3° Three years, from the closing date of the proceedings by the judicial authority or the date of the administrative decision made pursuant to theArticle L. 114-17 of the Social Security Code.
III. ― National Fraud Reporting Base data is then archived for a period of five years with the exception of files filed without action.
IV. ― Information on the identification of officers who have access to the alert management tool and the national fraud reporting base, as well as the dates and times of such access, is kept for three years.
Individually, individuals or legal entities whose personal data are registered in the national fraud reporting database are notified of the registration by mail of the director of the body responsible for an obligatory old age insurance scheme.
Where precautionary measures are necessary, in particular to prevent the destruction of evidence relating to the alert, the information of that person comes after the adoption of these measures.
The rights of access and rectification provided to Articles 39 and 40 of the Act of 6 January 1978 referred to above practising with the National Old Age Insurance Fund.
The Minister of Social Affairs and Health is responsible for the execution of this Order, which will be published in the Official Journal of the French Republic.
Done on 29 October 2012.
Jean-Marc Ayrault
By the Prime Minister:
Minister of Social Affairs
and Health,
Marisol Touraine
