ECC0064
Written evidence submitted by the City of London Police
Introduction
- City of London Police is the National Police Chiefs’ Council Lead for Economic and Cyber Crime and National Lead Force for Fraud. City of London Police operates Action Fraud and the National Fraud Intelligence Bureau, funded by the Home Office, which is the national reporting and recording centre for fraud and financially motivated cyber-crime. It investigates serious, complex and cross-border fraud which is beyond the capability of local policing. It also provides training and continuous professional development for the police and private sector workforce through its Economic Crime Academy.
- The City Police and the City of London Corporation as police authority, have a unique role to play in the fraud landscape, providing a bridge for law enforcement into financial institutions and, importantly, also into the fintech sector. With the support of the City Corporation and stakeholder groups such as UK Finance, the Force has consistently shown how it can harness and work with the private sector in the pursuit and prevention of the perpetrators of fraud. This has included working through the Insurance Fraud Enforcement Department (IFED), the Dedicated Card and Payment Crime Unit (DCPCU), and internationally with Microsoft and Indian Authorities. Further areas of engagement include Cyber Griffin, which promotes cyber resilience in financial services companies. The City Police’s credibility with these institutions is pivotal not just in seeking funding but also in sharing expertise and data so that threats are disrupted and prevented at an early stage.
- National Lead Force responsibilities also help contribute to the City of London’s ability to attract inward investment and, more widely, its status as a world leading financial centre. This is something that is likely to become even more important as the UK develops new trading relationships. Highlighting the City Police’s expertise in fraud and protective security is a vital component of promoting the UK as a place to invest and do business, given the strong demand from business for secure and well-regulated operating environments.
Action Fraud
- The City of London Police notes the concerns raised about the Action Fraud service in the Committee’s report last year[1]. Last year the Police Authority Board of the City of London Corporation commissioned an independent review led by former Deputy Commissioner of the Metropolitan Police Sir Craig Mackey[2]. The report makes 15 recommendations. Work has commenced to progress a number of these recommendations, a number of which have funding implications.
- The review found that “Action Fraud and the NFIB [the National Fraud Intelligence Bureau] have potential to serve policing well in the UK.” However, the review noted that operations were hampered by:
- An operating system delivered by IBM that is not fully functional
- Resourcing levels that have not kept pace with increased reporting
- Lack of prioritisation for fraud investigation by police forces in England & Wales
- The review suggests that transformational change is needed at three levels to bring fraud into check and serve victims well:
- Action Fraud and the NFIB need adequate resources
- Action Fraud and the NFIB need a dependable ICT platform
- Multi-skilled economic crime teams should be created at a regional level with forces responding to local threats and supporting victims in their communities.
- The City of London Police is currently developing a high-level design for transformation of Action Fraud and the National Fraud Intelligence Bureau. The design has been informed through consultation with over 60 external stakeholders, including a number of other police forces, the National Economic Crime Centre, National Cyber Security Centre, victim support groups and bulk users of the service including the banking sector. The design has also drawn on fraud and cyber-crime victim research commissioned by Home Office Analysis and Insight and Action Fraud Live Victim Feedback analysis and current performance data. Discussions with the Home Office for securing investment for the service are ongoing.
COVID-19 Fraud Threat
- Centralised national reporting of fraud (and cyber-crime) through Action Fraud provides a detailed understanding of emerging threats including those linked to COVID-19.
- As at 22 November, there have been 3,743 COVID-19 related fraud and cyber-crime reports to Action Fraud with estimated losses of £20.2m. COVID-19 related fraud and cyber-crime reports peaked in April when the country first went into lockdown but have steadily decreased over the last 6 months. COVID-19 related fraud and cyber-crime equated to 0.1% of crime reported to Action Fraud in October 2020.
- There have been changes to the frequency of particular types of fraud since COVID-19. Levels of computer software service fraud have been lower than normal (currently 19% lower than 2019 average). This can be attributed to lockdown measures in India where this type of fraud has previously originated. However, compared with 2019 average reporting levels, there has been an increase in frauds facilitated through online channels. This includes online shopping and auction fraud (22% increase) although only a small proportion is COVID-19 related (eg purchasing testing kits, protective face masks or hand sanitiser that do not exist or do not work), and romance fraud (34% increase). There has also been a 26% increase in investment fraud. There have been over 21,000 COVID-19 related phishing reports for the period 1 March to 31 October 2020.
- It is anticipated criminals will continue to take advantage of the pandemic, by exploiting people’s financial concerns. This may include fraudulently applying upfront fees to bogus loans, offering high-return investment scams, and targeting pensions.
Improving the police response to fraud
- The City of London Police has been working with policing to implement the National Fraud Policing Strategy agreed by National Police Chiefs’ Council in October 2019. 18 of the 30 deliverables in the implementation plan have been put in place. These have resulted in:
- new governance and coordination structures across national, regional and local policing
- improvements to victim care processes across Action Fraud and police forces
- improvements to performance reporting so police and crime commissioners can monitor force outcomes against NFIB disseminations
- a virtual network and online platform for sharing good practice and information across the policing community
- e-learning training programmes for fraud and cyber-crime to upskill law enforcement and the wider law enforcement community
- The City of London Police has been working as part of the multi-agency National Economic Crime Centre to enhance the law enforcement response to fraud since October 2019 (Project Otello). The objectives of Otello were to:
- deliver an immediate surge followed by a sustainable operational increase in the pursue response to fraud
- identify and disrupt highest harm fraudsters and Organised Crime Groups by targeting intelligence resources upstream
- protect victims and reduce their vulnerability to fraud through increased public awareness and raising confidence in the law enforcement response
- test concepts that support work to design and deliver a ‘step change’ to the entire system on fraud
- In December 2019, a “voluntary tasking”[3], was submitted to the National Strategic Tasking Group. It was only the fourth tasking issued by the National Crime Agency. It was a joint submission from the Director General of the National Economic Crime Centre (hosted by the National Crime Agency) and City of London Police. It secured commitment from policing and other law enforcement partners to resource and support four intensification campaigns against fraud threats affecting vulnerable people during 2020. It also secured commitment to action up to 5 intelligence packages a month, referred by the National Economic Crime Centre.
- In January, the City of London Police led the first of these intensification campaigns in response to courier fraud, a high harm fraud affecting vulnerable and elderly citizens. The approach developed has provided a template for coordinating the pursue and protect response to COVID-19 fraud and a recent intensification campaign on romance fraud.
- The operational activity led by City of London Police and delivered by policing under Project Otello has resulted in:
- Over 100 arrests for courier fraud since January 2020
- 30 arrests for COVID-19 fraud during the first lockdown
- Campaigns delivering protect messaging to over 13 million social media accounts
- Identification of and support for vulnerable victims
- Repatriation of over £1m of victim losses that would not otherwise have been returned including £140,000 to victims of romance fraud
- Launch of a suspicious email reporting service in May 2020 (a partnership between City of London Police and the National Cyber Security Centre) which has led to 2.4 million reports and the removal of more than 9,000 scam sites and 22,000 URLs including those linked to COVID-19
- The City of London Police has recently established a Lead Force Operations Room to embed the new model of operational coordination established under Project Otello. The Ops Room will deliver a networked approach to dealing with high harm threats by mobilising and supporting resources from across policing. It will provide improved accountability for and transparency of NFIB disseminations and performance across policing.
- While there is more that can, and is, being done centrally, tackling the volume of fraud currently perpetrated in the UK will need greater priority being placed on fraud at a local level. While significant work is underway to improve capabilities and capacity of the NFIB, too few of the 24,104 cases disseminated to local forces have reached a judicial outcome. Simply increasing capacity and capability centrally will not address the substantial shortfall in local resources to take cases forward. There needs to be a drive to boost local capacity and ensure consistency of approach. The Home Office review of the Strategic Policing Requirement provides an opportunity to address this.
The legislative and regulatory framework
- The Online Harms White Paper and Draft Bill provides an opportunity to help protect citizens, including some of the most vulnerable, from harm. The City Police is concerned about the exclusion of fraud from the scope of this new legislation and submit that including fraud within the draft legislation is essential in protecting the public.
- In 2019/20, social media featured in more than 39,000 crime reports to Action Fraud with attributed losses of £120.2m. There has been a notable increase in the number of investment fraud victims who have been contacted via social media. Social media companies and internet service providers often remove websites and accounts promoting investment frauds too late to prevent the public investing.
- Online shopping and auction fraud is often promoted through social networking sites and accounts for a fifth of all fraud reported to Action Fraud (66,000 reports with a value of £57.2m in 2019/20). Romance fraud continues to increase year on year, a majority of which is perpetrated online (£60.2m in reported losses on 6,000 reports in 2019/20).
- Enablers of digital piracy include internet service providers, social media platforms, online marketplaces, content delivery networks, streaming services (IPTV), cyberlocker search engines and dedicated server providers. Online marketplaces and some social media sites are regularly used to sell illicit streaming devices from China and the Ukraine to UK residents.
- Some of these enablers also aid the anonymisation of the offender. There should be tighter legislation around the use of spoofing techniques that criminals can use to hide their identity. The legitimacy of online anonymity tools, such as spoofing services, should be examined to determine whether they are a useful service to the public or more aligned to criminality.
- Telecommunications continues to be an enabler for fraud with the use of prepaid and unregistered SIM cards used by criminals and mass phishing through SMS used to victimise the public.
- A broader offence for failing to prevent economic crime would incorporate a wider range of companies that enable fraud such as telecommunications. The City Police welcomes the expert review by the Law Commission of a corporate offence for failure to prevent economic crime. It is the City Police’s view that this offence would provide much needed encouragement for companies to take responsibility for protecting their customers and implement counter-fraud strategies, and would provide law enforcement with the necessary powers to prosecute those who do not. The City Police saw an unprecedented demand for training on bribery and corruption following the introduction of the Bribery Act offence of failure to prevent. It led to the development of the BS10500 Anti-Bribery Management Systems standard and ISO37001 International Standard (the development of which the City of London Police contributed to). Before the introduction of this offence, anti-bribery controls and measures would rarely have been on the agenda of executive boards.
- For many years banks have accumulated monies suspected or known to be the proceeds of crime. These monies are frozen and held in separate, non-personal accounts. Once trapped in these accounts, most of the money remains indefinitely. The funds remain the property of the account holder, who is often untraceable and has no desire to be identified. These accounts will never be classified as dormant and therefore will never be used for any positive causes. New legislation is required to allow these funds to be released and invested in law enforcement without risk of further litigation where there is clear evidence of links to criminality.
- Improved due diligence by Companies House on information provided for company registration including identity and criminal records checks on directors will help prevent the use of UK companies to facilitate fraud and money laundering. It will also prevent disqualified directors and offenders who have been previously prosecuted for fraud to continue to register companies in their name and defraud members of the public. We welcome planned reforms to Companies House processes.
- Money laundering controls would be improved by regulating escrow agents and requiring them to undertake ‘know your customer’ due diligence. Financial institutions have a responsibility to protect their industry and conduct effective know your customer due diligence. Correspondent banks that facilitate the flow of monies on behalf of overseas businesses that do not have a UK bank account are unable to verify the origins of the monies received or undertake effective ‘know your customer’ checks.
- A key area of reform required is in respect of information sharing by the private sector with law enforcement. Legal gateways for information sharing related to prevention and detection of crime should be harmonised to allow banks and law enforcement to freely pass information amongst each other without risk of prosecution.
Fraud prevention and role of the private sector
- There are key steps individuals can take to protect themselves. Greater public awareness of risks will help reduce fraud and the associated impact on policing. While there are hundreds of different methods of defrauding the public, the main routes for reaching potential victims and their information are the telephone (home and mobile), the internet (including email, websites and pop-ups), the letterbox (post) and the doorstep. The core protect message for all of these routes is to verify unsolicited contact and never assume any cold contact is genuine.
- The City Police provides crime prevention advice based upon the latest reporting trends. Through Action Fraud its prevention advice was seen around 40 million times on social media. Advice is delivered across a range of media channels (print and online) as well as direct alerts tailored to individual preferences. National crime prevention messages and campaigns are disseminated through individual police forces and partners including the financial services sector, Age UK, Neighbourhood Watch, Citizens Advice and other partners.
- Industry is a key partner in the fight against fraud, particularly in relation to fraud prevention through secure by design and dissemination of prevention messages to their customers. Financial institutions have a role and are very engaged with the counter fraud community. They are working with government and law enforcement to share intelligence, design out fraud, and develop and disseminate crime prevention advice. Through UK Finance, the banking sector provides over £2m per annum in funding for a City of London Police and Metropolitan Police Service taskforce (Dedicated Card and Payment Crime Unit) to tackle payment crime. Other sectors also have an important role to play such as telecommunications, retailers and online marketplaces, and internet service providers.
- Victims of fraud are often persistently targeted. The City of London Police’s Economic Crime Victim Care Unit is designed to identify vulnerability and support the unique needs of fraud victims. It signposts victims to support services, provides tailored advice and prevents repeat victimisation. The model is being rolled out across policing and supported nearly 25,000 victims in 2019/20.
December 2020
Page 6
[1] Economic Crime: Consumer View, HC 246, House of Commons Treasury Committee, Third Report of Session 2019, November 2019.
[2] Published January 2020: https://www.cityoflondon.gov.uk/about-the-city/about-us/Documents/action-fraud-report.pdf
[3] as defined in Section 5(1) of the Crime and Courts Act 2013 (CCA)