Deterring Serious Organised Crime in Scotland Detective Inspector Ricky Hutton Chartered Institute of Internal Auditors 16 November 2017

Aims • Raise awareness of threat from SOC • Introduce Scotland’s SOC Strategy – DETER • Highlight common SOC / Corruption themes • Highlight SOC indicators during audit • Illustrate importance of aligning key risk with audits

SOC / Corruption / Bribery / Fraud Setting the scene….. • £1Billion Universities projects • £330 Million investment in health and education • £439 Million motorway projects • £46 Billion North Sea decommissioning • £ Multi-million energy programmes?

Grenfell Tower: insulation was not certified for use with flammable cladding

Demolition - Risk / Reward Profile?

Scotland … • Population 5.4 million • 32 Local Authorities • 542,200 public sector employees

• 232 SOCGs, 3700 members • 18000 Police officers • Emerging threats??

So what is SOC? • Involves more than one person

• Involves control, planning and the use of specialist resources • Causes, or has the potential to cause, significant harm

• Involves benefit to the individual(s) concerned, particularly financial gain

Definition of Corruption? No specific definition or crime in Scots Law

“Corruption is the abuse of entrusted power for private gain. It hurts everyone who depends on the integrity of people in a position of authority” (Transparency International)

SOC Risk Business Types • • • • • •

Security Taxis Public houses Scrap metal dealers Car Hire/ Recovery Garages / MOT / Car hire / recovery • Tan / Nail / Hair salons • Waste / Environmental

• • • • • •

Nursery / Soft Play Car wash / Valeting Restaurants / Catering Construction Industry Demolition Property sale / development • Letting agencies • Landlords

Police response to crime

Punitive measures applied

Traditional Criminal Justice Cycle

Reporting of offenders

Crime investigation

Arrest of criminal

Scotland's SOC Strategy Refreshed in 2015 Aim To reduce the harm caused by SOC Highlights Partnership Working Information Sharing Financial Investigation

Not just for Police!

• Deter

• Detect Deter - SOC by supporting organisations to protect themselves and others Divert People from SOC and using its products

• Divert

Detect - By identifying and prosecuting SOCG members Disrupt SOC by targeting specific enablers

• Disrupt

Scotland’s Serious Organised Crime Strategy Safer Communities Deter (National Co-ordination)

Library of research material, good practice & case studies

NPRG / SIOs

Internal Deter / Partnership SPOCs

External Deter / Partnership SPOC’s

Public Sector key groups

3rd Sector Key Groups

SOC Prevention Course • Evolved from 3 day residential course at Police College • SOC / Corruption / Bribery / Fraud • Focus on key Public Sector disciplines

• Internal / external speakers • Case studies / workshops • Establish networks

Partnership ‘products’ •

Business exploitation document

•

SOC legislation

•

DONI

• SOC checklist • Procurement checklist •

Modern Slavery guidance

Public Sector - Observations • Common SOC / Corruption themes • Power / Influence / Authorisation • Individual / Organisational vulnerabilities • Growing threat from 3 key groups

SOC

Weak Processes

PUBLIC SECTOR New Threats

Knowledge Gaps

Insider Threat

Rogue Businesses

of insider incident Individual Types vulnerabilities…… Disclosure of information - 47% Process corruption 42% Facilitating access 6% Electronic/Physical sabotage - 5%

Motivations for insider incident Individual vulnerabilities – Motive Financial Gain 47% Ideology - 20%

Recognition - 14% Loyalty to others 14% Revenge - 6%

Insider threat – Dundee City Council

‘Crook who stole £1m from Dundee City Council told he is going to prison’

Organisational vulnerabilities Poor systems of internal control caused by:• • • • • • • •

Out of date procedures & policies Insufficient Supervision / training Knowledge gaps Excessive authority levels Excessive access levels No segregation of duties Poor physical security of assets No SEA

Growing threats from SOC 1. Money Laundering 2. Cyber crime 3. Modern Slavery 4. Use of specialists 5. Fraud

Cybercrime Growth • Cyber-dependent crimes use malware to hack and DOS attacks

• Cyber enabled crimes are committed on line Eg; Fraud, abuse, drugs supply etc. • Cyber criminals target organisations for profit • Availability of cyber tools

Modern slavery is a serious crime in which people are exploited for little or no pay.

Exploitation includes, but is not limited to, sexual exploitation, forced or bonded labour, forced criminality and domestic servitude

Modern Slavery – Typical statement “This Organisation has a zero tolerance policy towards modern slavery and human trafficking. We are committed to conducting all business dealings and relationships in an ethical and transparent manner, and to implementing and enforcing effective systems and checks to ensure the Organisation is not contributing to modern slavery in any way”

Modern Slavery – What can we do? • Reports • Remote and On Site audits • Surveys and questionnaires • E-Learning and training • Collaborative work

Use of specialists / associates • Accountants / Financial / Property • Legal teams / Researchers • Money launderers • Transport • Identity / Employment

Bank mandate fraud Mandate fraud is requesting you to change a direct debit, standing order or bank transfer mandate, by purporting to be an organisation you make regular payments to • Elicitation • Use snippets of info • Targeting organisations

Complex preparation? • Research / Elicitation to identify target • Profiled on social media • Malware email introduced

• Email exchanges • Direct contact / assumed identity • Switch tempo

RAID ON HOSPICE – “Cyber crooks who stole £1million from Hamilton Accies scammed £500k from Highland hospice in Inverness”

“Cops confirmed a web gang who raided the footie club had already swindled cash raised to help dying patients”

Eagle-eyed bank worker foiled £2.3 million council fraud • THE actions of a vigilant bank worker prevented a local authority losing almost £2.3 million an online scam. checks

Common Procurement Fraud • • • •

Collusion among vendors in industry Collusion between employees and vendors Vendors defrauding organisation Employees defrauding the organisation

Data suggests that bribery, bid rigging , embezzlement and submission of false invoices are the most common schemes

North Lanarkshire Council suspends three staff amid 'corruption probe' 3 October 2016

North Lanarkshire Council has suspended three members of staff amid an ongoing investigation into corruption claims. The investigation began in April after an anonymous letter made "serious allegations of corruption" about the council's procurement processes.

Integrity Model Legal

Human Resources

Risk manager

Finance

Service Heads

Employee – John Smith (Integrity / Corruption Alert)

Internal Audit

Media

Procurement

Mapping Key SOC / Corruption Risks COMMUNITY SERVICES

CORPORATE & NEIGHBOURHOOD SERVICES

DEVELOPMENT SERVICES

EDUCATION SERVICES

FINANCE SERVICES

SOCIAL WORK SERVICES

I CEM ETERIES / CREM ATION

I HOUSING & HOM ELESSNESS

I BUILDING DESIGN

I PRE-FIVE EDUCATION & CARE

I

I CRIM INAL JUSTICE

COM M UNITY EDUCATION

BUILDING M AINTENANCE

BUILDING STANDARDS

PRIM ARY EDUCATION

INTERNAL AUDIT

FAM ILY SUPPORT

CULTURAL SERVICES

PRIVATE SECTOR HOUSING

CONSUM ER PROTECTION

SECONDARY EDUCATION

PAYROLL / PENSIONS

HOM E CARE

LIBRARY SERVICES

ESTATES M ANAGEM ENT

COUNTRYSIDE RANGERS

ADD. SUPPORT FOR LEARNING

REVENUES

VULNERABLE CHILDREN

PARKS & RECREATION

CATERING / SCHOOL M EALS

DEVELOPM ENT PLANNING / M GT

TREASURY & INVESTM ENT

RESIDENTIAL CARE

SPORT & LEISURE

CLEANING

ENVIRONM ENTAL PROTECTION

VULNERABLE ADULTS

BUSINESS SUPPORT

FACILITIES M ANAGEM ENT

WORKPLACE FOOD / SAFETY

HOUSING WITH CARE

STRATEGIC PROJECTS

FLEET SERVICES

LICENSING

WELFARE BENEFITS

EM PLOYM ENT / TRAINING UNIT

GROUNDS M AINTENANCE

RISK M ANAGEM ENT

ASSET M ANAGEM ENT

REFUSE COLLECTION

ROADS DESIGN

STREET CLEANING

ROADS M AINTENANCE

WASTE DISPOSAL

SCHOOL CROSSING

PROCUREM ENT

TRANSPORT PLANNING

COM M UNICATIONS

WASTE STRATEGY

CORPORATE POLICY / PLANNING HR & CONTACT CENTRE ICT

ACCOUNTANCY

SOC / Corruption Prevention Strategy Anti- Corruption Policy Guidance

Corruption Risk Management

Employee Screening

Secondary Employment

Conflicts of Interest

Gifts, Gratuities Hospitality & Sponsorship

Bribery

Fraud

Cyber Crime

Guidance Documentation, Self Assessment Checklists and Scenarios

Information Security

Whistle Blowing

Summary of presentation • Talked about threat from SOC • SOC Strategy & approach • Individual / Organisational weaknesses

• Importance of emerging threat assessments • Reinforced through case studies • Possible solutions

Conclusions • Flags / Communicate / raise awareness / share lessons • Holistic SOC / Corruption risk based approach • SEA essential to close loopholes • Prevent SOC - through improved resilience • Audit is a conduit and sounding board

Questions?

NOT PROTECTIVELY MARKED

Contact details

Richard Hutton, Detective Inspector

Police Scotland Safer Communities (Divert / Deter) Fettes, Edinburgh Office: +44(0)131 311 3223

E-mail: [email protected]