DAVIES GROUP LIMITED

Data and Compliance Software

Enables regulated-sector digital compliance and onboarding (AML & KYC) processes, optimal CX, regulatory penalty avoidance, and minimized risk and fraud exposure.

We offer access to multiple data processes via single-platform SaaS Veriphy web UI, batch submission, or API.

This enables flexible RPA-friendly workflow and result cascades, or simple manual input.

Features

  • Compliant instant secure eIDV checking of individuals/companies for KYC/AML
  • Aligns with risk-assessment via database and biometric checking options
  • PEP/Sanctions checking integrally or standalone with monitoring option
  • Allows for document validation via algorithm and scanning processes
  • Permits granular data use to build optimal workflow solutions
  • Batch checking options permit cost-effective remediation or client base screening
  • Source and proof of funds checking via open-banking powered checks
  • Business intelligence/screening via instant UK and overseas corporate reports
  • Employee and candidate background screening by online DBS/HR checking
  • Multiple data propositions via technically and commercially efficient unitary source

Benefits

  • Enable your perfect compliance solution by configuring ideal check workflow
  • Comply with 5MLD, GPG45, GDPR and full AML regulations
  • Simple set-up permits rapid integration with existing systems
  • Benefit from full activity audit trail by agent and case
  • Onboard with maximum speed and optimal customer experience
  • Underpin your compliance regime with an operationally resilient system
  • Manage your sanctions/PEP monitoring processes to provide compliant CLM
  • Mitigate risk of loss/fraud by screening bad actors and entities
  • Access all your compliance checks within a single digital space
  • Use the channel with best-fit: API, web UI, secure batch

Pricing

£0.70 to £99 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at DTS.Tendering@davies-group.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

4 9 3 6 5 4 2 2 5 2 5 1 8 1 8

Contact

DAVIES GROUP LIMITED Adam Griffiths
Telephone: 01554 700371
Email: DTS.Tendering@davies-group.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Users are required to be within the regulated sector and will be subject to due diligence. API integration assumes familiarity with Web Services and concepts such as SOAP, XML and hierarchical data structures.
System requirements
  • Internet access
  • Up to date browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within an hour Mon-Fri 9-5
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support level to all clients for no additional charge.
We also offer AML training on a per student basis.
On site support/training charged on case basis.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Online demo, user guide collateral, guidance call if required, technical assistance for integration as required
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data may be downloaded from the reporting interface.
End-of-contract process
Data export upon request free of charge.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There is no difference in functionality of web UI Veriphy SaaS
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
Icon-accessed input forms within selectable menu
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Beta testing with VI users
API
Yes
What users can and can't do using the API
API integration may be directly into your firm’s own systems or through a third party, such as a case management firm, without the need for costly platform fees from multiple suppliers.
Data elements may be used as required within workflows.
C#, VB, Java, PHP, Ruby, Python are supported, allowing flexibility of implementation.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users may integrate check elements at granular or product level.

Service codes are available for all.

Customisation is available to all integrators.

We also have complementary offerings in Davies Group from our colleagues within the Consulting and Technology division, including: Contact Management, Bespoke Application Development, Intelligent Automation, Voice of the Customer (VoC), RegTech, and Analytics. Often, working with a single vendor across multiple disciplines and business areas can have wide-ranging benefits to all initiatives. So, please do get in touch if you have questions regarding how these elements can work together to provide even greater benefit.

Scaling

Independence of resources
Our cloud host (Azure) provides load scaling to ensure resource availability.

Analytics

Service usage metrics
Yes
Metrics types
We provide reports on usage by product, date, input, result and individual user.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data may be downloaded from within the management interface as csv, xls or pdf.
Data export formats
  • CSV
  • Other
Other data export formats
  • Xls
  • Pdf
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The Azure-based service offers comprehensive 99.99% SLAs which covers the guarantees for throughput, consistency, availability and latency.
Service extensions can be provided at a percentage of a total contract period for any degradation in service below these set parameters.
Approach to resilience
Available on request.
Outage reporting
Email alerts and platform message centre.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All users have unique logins and all actions are logged and identified.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Perry Johnson Registars, Inc.
ISO/IEC 27001 accreditation date
04/03/2021
What the ISO/IEC 27001 doesn’t cover
All controls are included in the scope of the certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
SecurityMetrics
PCI DSS accreditation date
02/04/2022
What the PCI DSS doesn’t cover
Non vulnerability issues
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
SecureTrust

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We operate to ISO27001 standards. All policies are managed by an internal InfoSec and Governance team under our CISO. Staff training is conducted bi-annually or in the event of policy change. Training is delivered via online courses and assessments and is mandatory for every employee as a part of their employment contracts.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All development cycles include functional testing in a dedicated test environment. Once approved, changes are merged onto a Pre-Production environment to mirror Live as closely as possible, where a second wave of functional and regression testing takes place. Once changes are released to Live, testing is once again carried out to ensure functionality works as expected.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Internal assessments involve all relevant parties, including clients. If a threat is detected, we deploy hot fixes to address and resolve it as quickly as possible. We assess in accordance with both industry standards and relevant project requirements. We employ active monitoring processes to highlight issues as soon as they occur. Additionally, we employ network hardware and software to protect our systems.
Penetration testing is undertaken by a third party.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We identify potential compromises, network attacks and/or breaches via manual checks as well as software and supplier alerts. If a compromise is detected we raise issues with senior management and instigate detailed investigations and associated threat assessments immediately. If any deployments are required to resolve compromises these are done immediately as a hot fix.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents are categorised as one of the following:
• Minor incident – a weakness, event or incident which cannot significantly impact confidentiality or integrity of information, and cannot cause long-term unavailability
• Major incident – an incident which can incur significant damage due to loss of confidentiality or integrity of information, or may cause an interruption in the availability of information and/or processes for an unacceptable period

An internal reporting protocol is in place.

Incident Reporting to clients is managed by internal process with delineated responsibility.

Reporting to suppliers is managed by the Chief Technology Officer or senior VP.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Davies is a professional and environmentally conscious company, which acknowledges the impact that our operations may potentially have on the environment. Davies has a clear set of objectives to minimise any impact on the environment and fight climate change by: • Preventing pollution, reducing waste and ensuring, wherever practicable, that measures are implemented to protect and preserve natural habitats, flora and fauna. • Considering the effects that our operations may have on the local community. • Taking action to eliminate or reduce, as far as practicable, any potential adverse environmental impacts. • Promoting environmental awareness amongst our suppliers, contractors and partners by the implementation of environmentally conscious operational procedures. • Seeking to work in partnership with the community by behaving in a considerate and socially responsible manner. • Ensuring effective and expedient incident control, investigation and reporting. • Measure, manage and report on our greenhouse and carbon footprint, as required by legislation with the aim of reducing it in line with the UK Government’s target to achieve net zero status by 2050. • For owned offices, new contracts / renewal of contracts for energy will look for the supply to be a minimum 75% from renewable energy sources. Davies will fully comply with the duties placed upon us within the requirements of legislation, whilst at all times complying with, as a matter of best practice, the requirements and duties set out within approved guidance as issued by the Environmental Agency and other organisations. Davies will take practical steps to ensure that potential hazards and risks to the environment are identified and that suitable and effective preventive and control measures are implemented. All employees will be provided with the necessary resources, equipment, information, instruction and training to fulfil the requirements of our policies, individual and business responsibilities to fighting climate change.
Covid-19 recovery

Covid-19 recovery

Davies regularly updates staff on Government advice and guidelines to support the business’s recovery from covid. As an organisation we support colleagues affected by covid and ensure that we continue to monitor the impact, whilst also ensuring that we provide a safe working environment for colleagues. As we gradually return to office, all offices are undergoing a review of workspace with more hotdesking facilities, spaced working areas and reviewing our cleaning arrangements. Our agile working policy ensures that staff’s personal and professional needs are taken into consideration when reviewing working patterns and not all staff are expected to return to offices full time with more WFH opportunities as part of our hybrid working commitment. It remains important to us that employees notify managers of any positive cases of covid to continue to monitor the situation and enable us to identify where there may be pockets of rising cases, so we are able to take the appropriate action. The Group Risk and Compliance Covid Steering Group are currently working on a strategy to ensure a smooth transition to a new BAU for all staff.
Tackling economic inequality

Tackling economic inequality

Davies aims to tackle economic inequality in employees by ensuring that policies are fair, transparent and that all staff are treated fairly and equally and reducing inequalities as much as possible. Davies ensure investment is given to developing systems to support health, education, social protection and ensure that a range of roles at various levels are available to support jobs for young people, migrants and refugees and other vulnerable communities.
Equal opportunity

Equal opportunity

Davies values the differences and benefits that a diverse workforce brings to the business. Davies will not discriminate on the grounds of any differentiating factor including age, disability, gender reassignment, marriage and civil partnership, race, including colour, nationality and ethnic or national origins, religion or belief, gender identity, sexual orientation, body shape or neurodiversity. Davies commitment is that every: • Employee is entitled to a working environment which promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated. • Workplace environment promotes transparent, open and fair working practices • Individual is entitled to receive a service from Davies that is free from bias and any unreasonable barriers. • Employee, customer, and supplier is entitled to expect equality of opportunity in all aspects of their employment, training and engagement with us, including its terms and conditions. • Potential employee are entitled to expect the recruitment and selection process to be free from bias • Employee will be provided training and development opportunities to support their understanding and commitment to equal opportunities • Policy, procedure, working practice and comply with and promote the Equality Act 2010 • Employee is treated fairly and has equal rights to promotion opportunities
Wellbeing

Wellbeing

Davies places employee wellbeing at the heart of our business culture and ensures that staff have access to support and guidance through several initiatives. Davies has invested in an employee assistance programme, WeCare hosted by external consultants Canada Life. This 24/7 service gives support, guidance and information on mental health, health, wellbeing and healthy living and financial and legal wellbeing. The Davies Foundation our Charity hold regular staff events with fitness challenges, healthy living weeks, green weeks, wellness challenges throughout the year which support employee mental health while raising money for community causes. Davies continues to support staff post pandemic in regular communications on Government changes, safe working in returning to the office and an agile working policy which allows managers to agree with staff a better work life balance to support wellbeing.

Pricing

Price
£0.70 to £99 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We offer sandbox access with test data

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at DTS.Tendering@davies-group.com. Tell them what format you need. It will help if you say what assistive technology you use.