Posted: 23rd May 2018
On 13th May 2018, the National Crime Agency (NCA) released their National Strategic Assessment of Serious and Organised Crime. The report provides a single picture to prioritise and understand the UK threat.
The NCA role is to protect the UK from the serious and organised crime. The NCA categorises these threats into three pillars:
- Vulnerabilities – Child sexual exploitation and abuse, organised immigration crime and modern slavery and human trafficking
- Prosperity - Money laundering, fraud and other economic crime, bribery, international corruption, sanctions evasion and cybercrime
- Commodities – Firearms and drugs
This update focuses on prosperity and the threat to businesses operating in the UK.
The NCA is unable to provide an accurate and reliable figure of the total value laundered through the UK, however, they acknowledge that there is a realistic possibility the number is in the hundreds of billions of pounds. Lower level laundering is being accumulated into more substantial sums to be sent overseas through more sophisticated methods including retail banking and money service businesses (MSBs). Overseas jurisdictions impact the money laundering threat such as Russia, China, Hong Kong, Pakistan, and the United Arab Emirates, particularly those countries attractive financial sectors.
UK companies can be easily opened and can provide an appearance of a legitimate business for criminal activity. The report acknowledged these companies are used extensively to launder the proceeds of crime in the UK and overseas. UK markets are also exploited for money laundering such as capital markets, property markets, FX trading and APBs (Alternative Banking Platforms).
Accounting and legal professionals were noted to be a continued threat, particularly those involved with trust and company service providers. These services were noted to be occasionally used to set up corporate structures for high-end money laundering.
Trade-based money laundering also impacts the UK and worldwide. Trade deals involving items, such as gems and precious metals are used to launder the proceeds of crime by hiding funds within businesses that have a naturally high turnover.
Cash still provides anonymity to criminals by breaking the audit trail. Therefore, cash-intensive businesses and MSBs are an attractive method, as noted within the report. UK banks are continuing to de-risk in this area, and it is expected that criminals will use other ways and means of transferring money. A small number of criminals use cryptocurrencies to conceal their identity, which is noted as becoming an increasing threat.
Fraud and other economic crime
The report acknowledges that fraud is the most commonly experienced crime in the UK, and an issue of under-reporting hampers the wider understanding of fraud. Information from data breaches is sold online with cryptocurrencies being the primary method of payment. Action Fraud reported that the majority of frauds were cheque, plastic card and online banking frauds, application fraud (exc. mortgages), online shopping frauds and advanced fee frauds. Business email attacks facilitating mandate fraud, CEO fraud and conveyancing fraud are also common. Phishing emails are still a major problem and are used to compromise email accounts for fraud.
Market Abuse with the misuse of insider information; the manipulation of markets; and the issuing of misleading statements is challenging to separate from legitimate trade; making the overall scale of market abuse challenging to measure. Cyber criminals are noted to be targeting market-sensitive information known as ‘outside-trading' negating the need for insiders with financial and legal firms as the primary targets.
International Bribery, Corruption and Sanctions Evasion
The UK was noted to remain a prime destination for foreign corrupt Politically Exposed Persons (PEPs). Overseas PEPs that invest in the UK are commonly from Russia, Nigeria and Pakistan. The London property market and companies registered in British Overseas Territories and other offshore jurisdictions continue to be used to disguise ultimate beneficial ownership and launder money. The ease of opening UK companies means they are frequently used to enable corrupt activity. Companies based in British Overseas Territories are also used both to disguise ownership and to conceal corrupt payments.
Some UK registered companies were noted to pay bribes overseas to conduct business. Agents remain the most common method through which UK entities pay bribes overseas. Some intermediaries gain significant power in their local region rather than merely receiving facilitation payments.
The scale of financial sanctions breaches are unknown. The expansion of high profile international sanctions supported by the UK (e.g. Democratic People's Republic of Korea) has increased the UK risk of sanction evasion.
UK cyber crime continues to rise in scale and complexity, such as the Wannacry ransomware attack on the NHS. Distinguishing cyber-attacks between nation states and criminal groups are becoming more blurred. Russian speaking cyber crime groups continue to pose a threat to the UK.
The underreporting of cyber crime hinders the authorities to assess the true scale and cost of network intrusions. In a survey, only 38% of people were confident with the law enforcement response to cyber crime.
The diverse threat of cyber crime ranges from internationally-connected organised crime groups to individuals including teenagers with low-level technology. However, these individuals pose a significant risk, i.e. Mirai botnets attacks on the UK banking industry in 2016. The main areas of cyber crime in the report are financial trojans, network intrusion, ransomware, DDoS attacks, exploits and kits, botnets, social engineering, crypto mining malware and spamming and phishing.
Considerations for firms
The threat of serious and organised crime is a global phenomenon that affects society and damages businesses and societal structures worldwide. Organised crime groups can share criminal intelligence easily and will react quickly with different methodologies to infiltrate individuals and firms and launder the proceeds of crime.
Firms can however build defences against these risks with a robust financial crime framework covering anti-bribery and corruption, cyber security, anti-money laundering and effective fraud prevention, detection and controls. Building these controls requires a comprehensive enterprise risk assessment that includes all areas exposed to the threat of organised crime. Firms that act proactively and respond before an incident occurs will become more adaptable to the evolving threat and this report should be used to inform the individual risk assessment process within firms.