Deterring Serious Organised Crime in Scotland Detective Inspector Ricky Hutton Chartered Institute of Internal Auditors 16 November 2017
Aims • Raise awareness of threat from SOC • Introduce Scotland’s SOC Strategy – DETER • Highlight common SOC / Corruption themes • Highlight SOC indicators during audit • Illustrate importance of aligning key risk with audits
SOC / Corruption / Bribery / Fraud Setting the scene….. • £1Billion Universities projects • £330 Million investment in health and education • £439 Million motorway projects • £46 Billion North Sea decommissioning • £ Multi-million energy programmes?
Grenfell Tower: insulation was not certified for use with flammable cladding
Demolition - Risk / Reward Profile?
Scotland … • Population 5.4 million • 32 Local Authorities • 542,200 public sector employees
• 232 SOCGs, 3700 members • 18000 Police officers • Emerging threats??
So what is SOC? • Involves more than one person
• Involves control, planning and the use of specialist resources • Causes, or has the potential to cause, significant harm
• Involves benefit to the individual(s) concerned, particularly financial gain
Definition of Corruption? No specific definition or crime in Scots Law
“Corruption is the abuse of entrusted power for private gain. It hurts everyone who depends on the integrity of people in a position of authority” (Transparency International)
SOC Risk Business Types • • • • • •
Security Taxis Public houses Scrap metal dealers Car Hire/ Recovery Garages / MOT / Car hire / recovery • Tan / Nail / Hair salons • Waste / Environmental
• • • • • •
Nursery / Soft Play Car wash / Valeting Restaurants / Catering Construction Industry Demolition Property sale / development • Letting agencies • Landlords
Police response to crime
Punitive measures applied
Traditional Criminal Justice Cycle
Reporting of offenders
Crime investigation
Arrest of criminal
Scotland's SOC Strategy Refreshed in 2015 Aim To reduce the harm caused by SOC Highlights Partnership Working Information Sharing Financial Investigation
Not just for Police!
• Deter
• Detect Deter - SOC by supporting organisations to protect themselves and others Divert People from SOC and using its products
• Divert
Detect - By identifying and prosecuting SOCG members Disrupt SOC by targeting specific enablers
• Disrupt
Scotland’s Serious Organised Crime Strategy Safer Communities Deter (National Co-ordination)
Library of research material, good practice & case studies
NPRG / SIOs
Internal Deter / Partnership SPOCs
External Deter / Partnership SPOC’s
Public Sector key groups
3rd Sector Key Groups
SOC Prevention Course • Evolved from 3 day residential course at Police College • SOC / Corruption / Bribery / Fraud • Focus on key Public Sector disciplines
• Internal / external speakers • Case studies / workshops • Establish networks
Partnership ‘products’ •
Business exploitation document
•
SOC legislation
•
DONI
• SOC checklist • Procurement checklist •
Modern Slavery guidance
Public Sector - Observations • Common SOC / Corruption themes • Power / Influence / Authorisation • Individual / Organisational vulnerabilities • Growing threat from 3 key groups
SOC
Weak Processes
PUBLIC SECTOR New Threats
Knowledge Gaps
Insider Threat
Rogue Businesses
of insider incident Individual Types vulnerabilities…… Disclosure of information - 47% Process corruption 42% Facilitating access 6% Electronic/Physical sabotage - 5%
Motivations for insider incident Individual vulnerabilities – Motive Financial Gain 47% Ideology - 20%
Recognition - 14% Loyalty to others 14% Revenge - 6%
Insider threat – Dundee City Council
‘Crook who stole £1m from Dundee City Council told he is going to prison’
Organisational vulnerabilities Poor systems of internal control caused by:• • • • • • • •
Out of date procedures & policies Insufficient Supervision / training Knowledge gaps Excessive authority levels Excessive access levels No segregation of duties Poor physical security of assets No SEA
Growing threats from SOC 1. Money Laundering 2. Cyber crime 3. Modern Slavery 4. Use of specialists 5. Fraud
Cybercrime Growth • Cyber-dependent crimes use malware to hack and DOS attacks
• Cyber enabled crimes are committed on line Eg; Fraud, abuse, drugs supply etc. • Cyber criminals target organisations for profit • Availability of cyber tools
Modern slavery is a serious crime in which people are exploited for little or no pay.
Exploitation includes, but is not limited to, sexual exploitation, forced or bonded labour, forced criminality and domestic servitude
Modern Slavery – Typical statement “This Organisation has a zero tolerance policy towards modern slavery and human trafficking. We are committed to conducting all business dealings and relationships in an ethical and transparent manner, and to implementing and enforcing effective systems and checks to ensure the Organisation is not contributing to modern slavery in any way”
Modern Slavery – What can we do? • Reports • Remote and On Site audits • Surveys and questionnaires • E-Learning and training • Collaborative work
Use of specialists / associates • Accountants / Financial / Property • Legal teams / Researchers • Money launderers • Transport • Identity / Employment
Bank mandate fraud Mandate fraud is requesting you to change a direct debit, standing order or bank transfer mandate, by purporting to be an organisation you make regular payments to • Elicitation • Use snippets of info • Targeting organisations
Complex preparation? • Research / Elicitation to identify target • Profiled on social media • Malware email introduced
• Email exchanges • Direct contact / assumed identity • Switch tempo
RAID ON HOSPICE – “Cyber crooks who stole £1million from Hamilton Accies scammed £500k from Highland hospice in Inverness”
“Cops confirmed a web gang who raided the footie club had already swindled cash raised to help dying patients”
Eagle-eyed bank worker foiled £2.3 million council fraud • THE actions of a vigilant bank worker prevented a local authority losing almost £2.3 million an online scam. checks
Common Procurement Fraud • • • •
Collusion among vendors in industry Collusion between employees and vendors Vendors defrauding organisation Employees defrauding the organisation
Data suggests that bribery, bid rigging , embezzlement and submission of false invoices are the most common schemes
North Lanarkshire Council suspends three staff amid 'corruption probe' 3 October 2016
North Lanarkshire Council has suspended three members of staff amid an ongoing investigation into corruption claims. The investigation began in April after an anonymous letter made "serious allegations of corruption" about the council's procurement processes.
Integrity Model Legal
Human Resources
Risk manager
Finance
Service Heads
Employee – John Smith (Integrity / Corruption Alert)
Internal Audit
Media
Procurement
Mapping Key SOC / Corruption Risks COMMUNITY SERVICES
CORPORATE & NEIGHBOURHOOD SERVICES
DEVELOPMENT SERVICES
EDUCATION SERVICES
FINANCE SERVICES
SOCIAL WORK SERVICES
I CEM ETERIES / CREM ATION
I HOUSING & HOM ELESSNESS
I BUILDING DESIGN
I PRE-FIVE EDUCATION & CARE
I
I CRIM INAL JUSTICE
COM M UNITY EDUCATION
BUILDING M AINTENANCE
BUILDING STANDARDS
PRIM ARY EDUCATION
INTERNAL AUDIT
FAM ILY SUPPORT
CULTURAL SERVICES
PRIVATE SECTOR HOUSING
CONSUM ER PROTECTION
SECONDARY EDUCATION
PAYROLL / PENSIONS
HOM E CARE
LIBRARY SERVICES
ESTATES M ANAGEM ENT
COUNTRYSIDE RANGERS
ADD. SUPPORT FOR LEARNING
REVENUES
VULNERABLE CHILDREN
PARKS & RECREATION
CATERING / SCHOOL M EALS
DEVELOPM ENT PLANNING / M GT
TREASURY & INVESTM ENT
RESIDENTIAL CARE
SPORT & LEISURE
CLEANING
ENVIRONM ENTAL PROTECTION
VULNERABLE ADULTS
BUSINESS SUPPORT
FACILITIES M ANAGEM ENT
WORKPLACE FOOD / SAFETY
HOUSING WITH CARE
STRATEGIC PROJECTS
FLEET SERVICES
LICENSING
WELFARE BENEFITS
EM PLOYM ENT / TRAINING UNIT
GROUNDS M AINTENANCE
RISK M ANAGEM ENT
ASSET M ANAGEM ENT
REFUSE COLLECTION
ROADS DESIGN
STREET CLEANING
ROADS M AINTENANCE
WASTE DISPOSAL
SCHOOL CROSSING
PROCUREM ENT
TRANSPORT PLANNING
COM M UNICATIONS
WASTE STRATEGY
CORPORATE POLICY / PLANNING HR & CONTACT CENTRE ICT
ACCOUNTANCY
SOC / Corruption Prevention Strategy Anti- Corruption Policy Guidance
Corruption Risk Management
Employee Screening
Secondary Employment
Conflicts of Interest
Gifts, Gratuities Hospitality & Sponsorship
Bribery
Fraud
Cyber Crime
Guidance Documentation, Self Assessment Checklists and Scenarios
Information Security
Whistle Blowing
Summary of presentation • Talked about threat from SOC • SOC Strategy & approach • Individual / Organisational weaknesses
• Importance of emerging threat assessments • Reinforced through case studies • Possible solutions
Conclusions • Flags / Communicate / raise awareness / share lessons • Holistic SOC / Corruption risk based approach • SEA essential to close loopholes • Prevent SOC - through improved resilience • Audit is a conduit and sounding board
Questions?
NOT PROTECTIVELY MARKED
Contact details
Richard Hutton, Detective Inspector
Police Scotland Safer Communities (Divert / Deter) Fettes, Edinburgh Office: +44(0)131 311 3223
E-mail:
[email protected]