The
chancellor and the then Home Secretary were looking at the environment for
SARs, after the events of 7 July 2005, and worried about how to make the
system work better. They lighted on the comments that were coming in
from the City about SARs, and decided they wanted a review. We’ve had
a review every five minutes on this thing, and the Home Office suggested
I should do it, in part because the organisation of which I was chairman
[SOCA] was going to have a big part in getting the thing to work.
There
are problems with arrangements as they had been working and I set those out
here, without trying to be too unpleasant to anybody.
You
wouldn’t come away from reading my report (Review of the Suspicious
Activity Reports Regime - The
SARs Review - March 2006) thinking
everything in the garden was rosy. I think there were three major difficulties.
One was the uneven behaviour of the reporters [the name given to financial
institutions required by the Proceeds of Crime Act to participate in the
SARs process] which was a fault of the regime as a whole.
There
was a very passive view of the responsible owner of the activity, namely
the National Criminal Intelligence Service (NCIS), about their duties, which
wasn’t irrational. It came from the FATF (Financial Action Task Force)
recommendations. There was a very uneven performance in law enforcement about
doing something about the resulting data. There were difficulties at each
stage.
The
fundamental conclusion I came to was that there was no one centre of responsibility.
Everyone could always blame someone else. Being the owner of the database
meant that you had to take some oversight responsibility for the whole thing.
That needed to be handled in a way that engaged with other people who would
then feel party to the whole thing.
The
principal organisational recommendations are how to secure buy-in both by
the buyers of the information and the users of the information to a more
deterministic approach. You must do something. The law requires these regulated
sectors to do this. They must do it. There’s an onus on law enforcement
to give it good welly, to make proper use of the resulting material.
The
requirement from FATF is to provide information to law enforcement. It is
not to process it and do added things to it. It’s my judgement that
that is necessary to get best value. So I am adding to the requirement. That
is about the nature about this jurisdiction. It is about the volumes.
In
European terms we are the big end of the league. We also have a long history
of relations between government and banks and national institutions. We get
quite a lot of reporting. We will have over 200,000 SARs this year.
Sheeping
and goating
You
won’t get best value out of that from our police service, unless there
is some value-added, some sheeping and goating with some of that material
by the centre. This will separate out those which are more likely to produce
operational benefit from those which are less likely.
Reporting
sector
Part
of the problem of uneveness of behaviour by the reporting sector is that
some people report things that aren’t worth reporting and others don’t
report things that are. We need to work hard to get better quality in. I
am really clear that this [the SARs process] is a very powerful piece of
machinery.
Public
duty on reporters
It
is a public duty issue. Parliament has created a very intrusive piece of
legislation that interferes in the business process and in a contract between
a banker or a financial institution and its customers. The Crown has imposed
on the reporting sectors duties to report information or seek consent. There
is a duty on the authorities to put in place an arrangement to make good
use of that. There is a public duty.
In
law enforcement terms, these [ie SARs] are free goods. They are these leads,
200,000 a year, to crime, where quite a lot of the preparatory work has been
done by somebody else. There is a cost and benefit issue. The cost and benefit
issue works really well if the information is useful. This comes back to
the quality of the reporting. We’ve been doing a lot of analytical
work on the data to see what degree of reliance we can place on it.
There
is cross-matching with other data to see if we already know this person’s
a crook. That would validate the suspicion.
This
enables us to look at whole data base or at a large segment of it and find
connections between reports that were not visible to the naked eye, or not
visible at the point of receipt.
Something
between 40 and 50% of these reports relate to genuine evidence of crime.
In these cases, some follow-on action by law enforcement would be both appropriate
and useful. That is a very large number of free leads for law enforcement.
That means that we have 100,000 a year of free leads where we are into some
useful knowledge about criminal assets. That is very powerful.
The
issue is to turn that very high degree of precision in the reporting into
outcomes in the real world, which constrain criminal property or the financing
of terrorism. These are very important public goods.
More
analytical and processing in the centre
We’ve
taken the view (and we’ve staffed the team, more or less) to put additional
analytical and processing effort in the centre, to extract those patterns,
to give the value added to the law enforcement community. That’s the
overall approach. We are very bullish about the potential of this to make
a difference.
We
can’t deliver law enforcement to make them do things, that’s
not the way the system works. We can just say, here you go, we think this
is worth pursuing, and it’s down to you.
What
we give to law enforcement is more transparently useful. The FATF recommendations
presume that the FIU (Financial Intelligence Unit) database material is held
by a separate organisation outside of law enforcement. There is a flat relationship
with between the FIU and law enforcement, so when law enforcement get the
stuff, they pass it onto the relevant person.
We
think we have to do some value added to get the best value. We have to help
the reporters raise their quality and we have to do something to make the
material more easily usable.
We
have 52 police forces, Customs and other law enforcement organisations, all
different customers, slightly different requirements, we think this has a
lot of potential. We think there is potential for law enforcement to come
to us and say, we have this set of events, is there anything in the database
that helps illuminate that. There has been very little of this historically.
We
want law enforcement to use the database and check. They start an enquiry,
and they light upon some suspect. They need then to look into the database
to see if a bank or financial institution has reported a suspicion about
this person’s money.
How
access to the database is structured. We receive data from reporters here,
through the Egmont channels. [The Egmont group is a collective of Financial
Intelligence Units]. The data is accessible by law enforcement agencies in
the UK who have access through remote terminals. They can make their own
enquiries of the data. We are encouraging them to use it in a broader, more
imaginative way than before.
We
are trying to develop our own analysis of the data to identify interesting
links, by comparing it with other data sets, by using more sophisticated
data mining tools, to develop intelligence packages which we will also pass
out. We are intending to take queries from them [law enforcement groups],
where we have more sophisticated capabilities than they have locally.
We
are saying: here is a huge data set, with 200,000 to 250,000 reports a year,
which is immensely valuable in terms of law enforcement in the UK, not just
around financial crime, but it also has value in terms of other work. This
should be a mainstream data set.
SOCA
differs from NCIS in that we are end-users of the data, we use it for own
purposes. We develop leads and operations based on intelligence that comes
through. [Use of these databases] has been very inconsistent. Some forces
do it a lot and some don’t.’
Inside
the church
We
have put in place some management structures that have brought [the reporting
sectors] inside the church. Representatives of the reporting sectors will
get greater visibility of what is going on and are consulted and are told
what is going on and get some better view. So that even if they can’t
say, “that operation came from a SAR from this bank”, they can
at least say to their community, that things are going on. It gives them
a degree of confidence.
We
have been speaking to the senior people in the banks in a general way. The
big banks are the bulk numbers, even if they are not likely to come across
the most serious crimes. The boards of the banks are happy to do this. They
see the requirement; they recognise the public duty issue; certainly one
or two make a virtue of doing their duty.
Grump
in the banks
You
can overstate the degree of ‘grump’ about this among the reporting
institutions. It [the grump] is not the fact of spending money and putting
the systems in place and they are working. There is some spin-off for themselves
and their risk departments because they have had to put in place software
and that produces leads for them in terms of suspect accounts.
It
is not that they are unhappy about the systems. They are unhappy about particularly
the lack of any sense of it having added value in the real world. There is
grump about the reality.
Convincing
the board
Senior
MLROs [money laundering reporting officers) would tell you that things are
changing and changing quite speedily. The key issue is around our dialogue
and feedback. It was important for us to convince not just the MLRO community
who are already on-side, this is their day-job, they believe in this stuff,
they are convinced that it is important.
It
is convincing the board that this is good value for money, and we are making
best use of the material that’s available [the material reported to
the FIU in the SARs]. We have the mechanisms for doing that now. But also
for giving some sort of feedback -- albeit where the material is anonymised
-- so front line staff in banks can see the worth of their activity.
If
you create a chain of action that leads to a SAR, you ask, was it worth it? Did
law enforcement do anything with it? So we have mechanisms to give feedback
at that level.
What
the reporting sector also wants is a means to improve their systems, how
they can improve the quality of the SARs that they make, how they can use
intelligence that we can provide them with to identify further risks for
themselves.
The
SARs Committee
We
have created a high-level committee, The SARs Committee, which is chaired
by Paul Evans [SOCA’s Director for Intervention], which involves very
senior representatives from the regulated sector and law enforcement
and from the regulators, to whom we report progress on recommendations within
the report.
The
SARs Vetted Group
I
have established a group which sits below that, called the ‘SARs vetted
group’. This is composed of individuals who more concerned with operational
activity. We are intending to share intelligence with that group in a way
that has never been done before, thanks to the information gateways provided
by the SOCA legislation.
Thirdly,
we have increased the number of staff in the ‘dialogue team’.
It is their job to give regular feedback and receive feedback from the various
institutions that are reporting about quality of feedback, what’s been
done with the information, about how their systems can be improved.
There
will be an annual report, first one to be published in October 2007, which
reports on the use of the system and what end-users do with the information.
There
is a project approach to delivery of the recommendations. We are on line
and on track for delivering on time.
Contracting
out?
I
raised the possibility [in the Lander report mentioned above] of us buying
in expertise to do some of the IT heavy lifting. The problem is that we are
a new organisation with pressing IT needs. We inherit 65 different IT systems,
none of which talk to each other. They include Customs, NCIS, Crime Squad,
Immigration Service… When you merge organisations they all have their
own special systems, only some of which we have direct access to.
There
is in the private sector a lot of expertise about the management of large
volumes of data and the extraction from it of non-obvious patterns, fuzzy
logic systems. The question for us was, shall we buy the expertise as a package,
in effect outsource that piece of processing, or shall we try to replicate
it in-house by buying in that piece of software and training up staff and
so on. That is a judgement that is not for me to recommend. It is an operation
and delivery issue. The team here have decided a way forward on that. We
have put an RFI (Request for Information) out for companies to express interest
and we have decided to do some in-house and some by getting in outside expertise.
That is being judged on utility and value for money grounds.
There
is no question of us giving someone else the data, because, as the FIU, are
responsible for data, we can’t give away the responsibility. But we
can get in expertise and buy, in effect, part of the processing, by people
with expertise that we would have to develop for ourselves and haven’t
got.
List
X arrangements
We
would only do this with companies on List X arrangements, who have classified
contracts. This is standard business. There is nothing unusual about private
companies doing classified or sensitive government contract work. There are
well established procedures. If people who are not our employees have access
to the data, they have to be vetted to the same standards as our employees
and subject to the same controls and restrictions on the use of the data.
The
vetted group: people with whom we sit down and talk and discuss more sensitive
matters are security-cleared to the appropriate level.
This
raises, in terms of access to sensitive data, no issues that are not raised
in hundreds of contracts in government. We are not close to it. We have gone
for a twin-track approach. We are delivering some quick wins using some of
our internal resources and some of those are very evident and obvious. Lots
of things have changed. The more complicated piece is the subject of a developing
business requirement and discussions. Hopefully we will take a decision on
the way forward at some time in the New Year. It will be a matter for the
SOCA board to decide.
More
funding
This
(The FIU) is an organisation with a resource budget of £400m, depending
on which day of the week it is, and whether everybody has paid up. I am in
the process of saying to the Home Office, it would be nice to have some more
money for this please. If we don’t, we’ll just move slightly
slower. I am not worrying about the money for this thing [the working of
the SARs process], it is so evidently very important. It will be high up
our priorities. Proceeds of crime is very, very important in dealing with
organised crime. It [financial gain] is the purpose for which the crimes
are committed. We see it as an extremely important part of our business.
The
value of the proceeds of organised crime in the UK?
Organised
crime costs between £20 billion and 40 billion. That includes the knock-on
costs. We estimate, out of that, £5.5 billion might be described as
profit. It is subsequently available for investment. Roughly half of that
stays in the UK and half goes overseas.
In
terms of the money laundering regulations and this regime, the target for
criminal property, criminal assets that is available to be seized, criminal
property, as the law defines it, is £5.5 billion a year.
Targets
for recovery
POCA
(The Proceeds of Crime Act) is relatively new legislation. It is not yet
mainstreamed in law enforcement. SOCA’s contribution itself will be
a part of the UK contribution. The Asset Recovery Board has been set up to
manage this process nationally. [The Asset Recovery Board is not to be confused
with the Asset Recovery Agency, which uses civil law processes to recover
the proceeds of crime].
The
ARB reports to Ministers. It’s an issue for the board and all the agencies
to make more use of the legislation. There are very challenging targets.
This is both opportunity territory and necessity.
£96m
was seized from criminals in the UK at financial year ended 31 March 2006.
The amount of confiscation orders awarded at court is significant higher
than that. This is money taken away from and collected. It takes 3 years
from charge to getting the money off people. We are talking about a pipeline
put in place just after the legislation was passed, when nobody was using
it.
If
this figure doesn’t go up in future years, we are all for the high-jump.
It ought to. We are a fresh start, we haven’t got any pipeline. We
have a bit of a pipeline from one of the predecessor agencies, but not much.
We are starting with a clean sheet of paper.
Powerful
legislation
ur
piece of the bag is people doing something for money. They are causing a
lot of harm to our country for illegal profit. The legislation is powerful
with a very clear and well articulated description of what the profit of
a crime is. Criminal property is very clearly defined. It is almost anything
that results from crime, any money or asset, we all have a duty to make that
tell against criminals, and we have a particular duty because of the
SARs regime.
How
well is the reporting sector doing?
They
produce a lot of very useful data. Their behaviour is uneven. There are some
under-reporters.
And
solicitors…
Solicitors
are in a different business to bankers. Bankers are a transaction- based
activity and each transaction might give rise to a suspicion. Solicitors
are an advisory activity and the solicitor may have a relationship over the
long term with a individual client and it may be certain set of circumstances
that give rise to suspicion. Therefor the sort of reporting you get and the
sort of leads you get are different. You’d expect them to be different.
The
quality of reporting by banks
Some
of the banks are particularly good at reporting particular types of predicate
crime. Things involving money they are particularly good at. They’ve
been particularly good at detecting carousel frauds, that’s been helpful.
They’ve become quite good at detecting the proceeds of fraudulent acquisition
of tax credits, both of which have been very helpful.
Solicitors
contrariwise deal with assets of a bigger nature, buying and selling property,
and sometimes that gives rise to these issues. There is uneven behaviour
across all sectors. But in a general way, we think we are getting good material.
Sectors can do a bit better. What we are getting is not largely duff, it
is largely usable.
Part
of the dialogue process is to help those who are under-reporting, or under-reporting
on profile for their sector, to help them look at their systems to see why
this may be the case. It’s a two-way process.
One
institution wasn’t doing one of the reporting things available, and
they now are. They were doing it on an informed basis, using an interpretation
of the law we thought it was fallacious and we told them what we thought.,
The
key thing for us is to be open and transparent. We need to be more prepared
to come out from behind our screen and say what about this. That’s
helped by having the vetted unit and the representatives if the institutions
on the management committee.
Accessing
bank information
What
you get with this [the SARs] regime is the expertise of the institutions
applied to their own business, identifying what in their own judgement we
could never detect, because we are not bankers. Identifying what in their
judgement is suspicious or unusual. We get out of it, even with an unevenly
operating system, material of such high potential value.
Their
expertise is being applied in a purposeful manner. We could never do that
after the event.
We
can get production orders and go round and get all the papers. Quite often,
the first thing we get is a SAR. Then we do some work; then we go round and
get the papers evidentially, so we can use them in court.
Organised
crime is principally about illegal profit. Your key vulnerability is how
you process that money. Your key point of vulnerability is the point at which
you intersect with the normal, legitimate economy. Here are the bankers and
solicitors who are experts and have some understanding about business behaviour
and they are better equipped to detect the anomalous and the suspicious,
which is what they are required by law to do. It is their subjective judgement.
They are qualified and we are not.
Fraud
Report
The
pressure on police forces in the field has been street crime. Until this
organisation, there has been a diffuse national response to the organised
end to it. Fraud has been the cinderella of law enforcement. There are no
brownie points for a police force when someone comes through the door and
says I have been defrauded by somebody doing X.
The
natural and understandable response is ‘your first remedy is a civil
one’, there is a question of contract. You need to go away and try
that. That may still be the right answer for quite a lot of low-level fraudulent
activity. But where it is systematic and organised, systemic, then that is
an issue of some significance.
The
law has changed the terms of engagement. It doesn’t say ‘this
thing’s called financial crime’, it says there’s stuff
called ‘criminal property’. Criminal property is the proceeds
of a crime. The definitions in POCA are very important. It changes the whole
terms of engagement.
There
isn’t such a thing as financial crime. By definition, a crime that
has a profit is financial crime, so all acquisitive crime becomes subject
to these regulations. We might be pursuing some drugs gang and we find that
one of them has a Rolex, that is the proceeds of crime. That is criminal
property.
To
have a concept of drugs crimes and financial crimes is false. They are not.
There are crimes that produce criminal property and that is forfeit subject
to the predicate crime being proved. That is a very powerful formulation.
That is why this legislation has yet to be fully exploited.
We
think financial crime and significant fraud is an important issue and we
want to do some things about it.
Under
the legislation that preceded POCA, there were various statutes that had
provision for confiscating the proceeds of crime, the Misuse of Drugs Act,
for example. But they were targeted at high level offenders. The POCA is
an all-crimes approach and can be applied equally to the street robber who
has half a dozen expensive tracksuits and a stereo in his bedroom. The thrust
of the legislation is to use it as a crime reduction tool and to demonstrate
that crime doesn’t pay. That’s the philosophy that runs through
this and it applies equally to the national/international level of criminality
where there are multi-millions of profit made, huge property portfolios.
It applies to low level criminals who operate on a local basis. We are keen
to encourage law enforcement to use the legislation.
The
beauty of the legislation is its conceptual clarity. When you know a lemon
you know a lemon. It is not difficult when you are pursuing criminal conspiracies
that involve acquisition of property and value, to be clear when the bad
people are arrested and prosecuted, that there is criminal property involved
and that the legislation impinges. By definition, their possession of that
criminal property is a money laundering offence in its own right. You don’t
need to be a financial investigator or a qualified account to understand
the clarity of that. You may need some financial skills to get to the last
pennies, but the law is quite powerful. In some contexts it puts the onus
on the criminal to own up to their assets. They are in contempt of court
if they tell porkies. The risk is on them rather than the Crown.
Forensic
accountancy skills require skills we don’t possess, we don’t
easily possess. We have a bit of it. It would be nice to have more and it
is expensive. It isn’t mission critical. You need intelligent and skilful
people, you need to be able interplay a predicate criminal investigation
with a money laundering understanding. But the law is quite powerful in this
area and you can get the information and we can do production orders on people.
There are compellability powers in the new legislation, we can go to people
and demand information which they have to supply.
We
can lay orders on somebody in prison here to repatriate their own assets
and they are in contempt of court if they don’t do it. It is imperfect
but it is pretty bracing. I don’t feel we are under-equipped. We can
always do with more skills in any organisation, and we are starting with
a mix of skills. If we were starting with a totally clean sheet and could
have everybody we wanted, it wouldn’t be quite the way it is. But we
have a lot of skills.
Problem
with the police forces
We
don’t control UK law enforcement and there will be uneven behaviour
after October last year. We will do our best to make that as little as possible
and to make visible to ACPO (Association of Chief Police Officers) who is
doing well and who isn’t doing well, to put moral pressure to perform
better. We have no control.
We
will help to do better, we will do our best to make it easier for them, but
we can’t direct, nor do we want to, by the way, direct chief officers
what priority they attach to this work. That is not our business. We cannot
guarantee to deliver someone else over whom we have no control. With the
reporting sectors, I am somewhere in between the two extremes. Most people
want to behave properly and will find it helpful to be given advice as to
what is helpful and what isn’t. If we can make it easier for them to
report, we will do so. That is the purpose of new forms and guidance.
The
person who is sceptical of delivery is right to be anxious because there
have been false dawns before. But I am very confident about our own end of
it, subject to small details like money and IT.
I
hope that our other partners will come to the challenge. We will do all that
can to support them to come to the challenge. We are providing briefings
to law enforcement users on how they might get the best from the tools we
have given them access to. We are giving them case studies on how best to
apply the tools and techniques to use. We are talking to HM Revenue and Customs. We
will be doing all we can strategically to turn this around. But at the end
of the day it will be the chief constables who decide on how engaged they
are. And rightly so
This
is a holistic system. This is a regime. All participants have slightly different
pieces of the action. We have put ourselves into the centre and we are in
two relationships. One of the things we do ourselves and that is both provide
the services to other and to use the information for ourselves. We will be
using the information for ourselves in two different ways.
We
will do our very best to help them perform their part of this piece . But
we cannot deliver their behaviours because in law and practice they are responsible
for themselves. If that is taken as being anxious about them, it is not,
it is just reality.
Using
the SARs material
We
get two benefits from this material. One is case specific. This leads to
a criminal investigation which allows us to prosecute and financially eviscerate
organised criminals who are damaging this country. It also helps us put together
programmes of work that will make the criminal environment less easy for
the criminals to prosper. We have two types of investigative activity. One
is case specific: investigating particular crimes by particular individuals,
that is people (criminal), focused.
The
other is project-focussed - to look at aspects of the criminal environment
to make it more difficult. We have work going on in both of those to decide
what resources to put into each of those if we are going to make an impact
on n organised crime which is an enormous scale. Casework won’t do
it and the projects on their own wont do it. But the two together just might.
The
Elmer database
The
database is available for police forces to search for themselves. They can
go in there and look for all their postcodes. If they have any sense, whenever
they find a new identity, they go and look if there’s something on
the data base already.
Those
100,000 leads could be early analysis we’re doing. We may link 30,
40, 50 SARs together to a single piece of intelligence. Some will be adding
material to existing operations or investigations. So they might be historical.
You can’t say there are 100,000 leads. It’s more complicated
than that. The idea that there’s lots of really useful information,
if only it could be taken into account, is right.
Elmer
is the vehicle for getting at the information and that is where the IT questions
come in.
Terrorist
funding
The
Terrorism ACT 2000 (part three) is about terrorist funding. The reporting
regime is the same. Institutions in the regulated sector report to the FIU
on things about terrorism and we have a little team who look at that and
look at the money laundering stuff and see if it is terrorist related. Anything
we have any sniff about, we pass to Scotland Yard where there is the NTFIU
(National Terrorist Financing Intelligence Unit).
Terrorism
is not our bag. We don’t do terrorism. We support others doing it a
bit. It is not an organised crime we are dealing with. It is done by other
people.
The
arrangements for terrorism here are complicated; they are the result of a
long drawn-out war between intelligence agencies and the police which were
drawn up more or less to no-one’s satisfaction in 1992.
Despite
all of that it works extremely well and is better than anyone else’s
anywhere in the world. There is a culture clash, in our opinion. It works
and it has been very successful.
Nobody
believes me; it has been very successful by international standards. You
fiddle with it at your peril. The fundamental difference between Counter-Terrorism
and the rest of organised crime is that Counter-Terrorism is not about crimes
for profit, it is about something else. A whole lot of other issues about
nation states and politics come into play that don’t come into play
in acquisitive crime. Conceptually, they require different mindsets and different
approaches. Fundamentally, the same issues arise about knowledge and action.
You make the most impact on criminal problems by having the best understanding
on what the problem is. The dynamic of good understanding, good knowledge,
good intelligence is very important. It is the same with terrorism; it is
the same with organised crime. In all other respects the two are different. |
