Counter corruption: Getting to the root of insider threats
The threat from corrupt insiders has never had a higher profile in law enforcement, than today. This has been exacerbated by a small number of recent high-profile cases where criminal actors, within law enforcement, have carried out vile, shocking, and depraved offences against victims.
Beyond these extreme examples, organisations must guard against a wider spectrum of criminal or corrupt behaviour, within the construct of the insider threat. These include the misuse of systems, theft, and fraud, organised criminal infiltration, the abuse of a position of trust, or other predatory behaviour.
As I will outline later, a key element of the national policing response will be an extensive data exercise utilising the Police National Database (PND) – this will be conducted at pace and scale. It will be complemented by the development of a new automated platform to carry out continuous PND checks, to ensure that emerging intelligence about offending or behaviour of concern is identified and addressed at the earliest possible opportunity.
The threat from corrupt insiders has never had a higher profile in law enforcement than it does today
This article is based on my experience in overseeing Anti-Corruption, Vetting, Security and Professional Standards in a law enforcement context. It also draws upon our experience at Clue in supporting a wide range of clients operating in police, law enforcement and government integrity.
I will explore factors that contribute to effective counter corruption capabilities, considering the current pressing challenges. I will also outline how the rapidly increasing demand, complexity, and pressure on the teams responsible, will require improvements in their technical capability, to keep pace.
Before I do that, however, I would like to first pay tribute to the highly dedicated professional and hard-working teams that operate in this challenging sphere, who have achieved a great many successes over the years – successes that are rarely seen or celebrated.
I would like to first pay tribute to the highly dedicated professional and hard-working teams that operate in this challenging sphere, who have achieved a great many successes over the years
The context
In times of high operational demand the allocation of scarce resources will always be under intense scrutiny. Where cost savings must be made, or when new demand must be addressed, teams not associated with core operational delivery are often at the greatest risk of being de-prioritised.
Likewise, when the subject matter is hidden, or clandestine, and therefore not immediately obvious without looking for it, this can contribute to such work being overlooked. Teams involved with insider threat, counter corruption or vetting, within law enforcement and government departments, have therefore been at risk historically of losing out in investment and resources terms, in favour of more visible requirements.
For some organisations with an enhanced risk of infiltration, these risks may be lessened by their operating environment and their need to provide assurance against penetration by bad actors with malign intentions.
The capability to structure, connect, triage, develop and share information received … is critical. It is essential to identify bad actors early, take action to intervene and to resolve the risk…
But for other organisations, this type of work has not always occupied the high-priority status that it deserves. This is clearly changing at pace, however, and with good reason.
In the same vein, some teams have suffered with legacy or sub-optimal technical capabilities to support their work. This is important because as the highest profile cases have shown, having an accurate intelligence picture and a single unassailable record of the truth, is vital to protect future victims from criminal behaviour and to protect the integrity of the organisation.
The capability to structure, connect, triage, develop and share information received, including incidents, confidential reporting, alerts from linked data sources, and all-source intelligence, is critical. It is essential to identify bad actors early, take action to intervene and resolve the risk via criminal, conduct or HR outcomes.
But the teams responsible frequently operate in a constrained technology environment, without access to a complete and comprehensive ‘end to end’ intelligence and investigative system. That functionality is important both to mitigate the ever-present risks of intelligence failure and to deliver against the demands of complex intelligence-led investigations, to a criminal standard.
Contemporary challenges and opportunities
As part of a package of measures to utilise the PND to better identify risks officers could pose to the public, the National Police Chiefs Council (NPCC) has committed to checking all staff against the database by the end of March this year.
The PND contains intelligence and information, including reports of domestic abuse, child abuse, crimes and police custody details. “Checks of all officers and staff will ensure we are turning over every stone in our efforts to rid policing of abusers and corrupt individuals,” said NPCC chair Martin Hewitt.
In addition, The NPCC has also announced its intent to develop a platform to facilitate regular automated checks against the PND, providing professional standards teams a “fast-time feed of intelligence” to quickly spot and act on concerns.
This vitally important work will undoubtedly create substantial additional information that requires triage and assessment. This is essential to ensure that no leads or indicators are being missed, that could be used to act decisively, and early, to reduce risk for the organisations involved.
However, new inputs of data, at scale, will exacerbate further the challenges caused by information overload, meaning teams are at risk of being overwhelmed.
New inputs of data will exacerbate further the challenges caused by information overload, meaning teams are at risk of being overwhelmed
And this tranche of data will be received on top of existing sources and streams of information. Responding to the complexity and volumes of data will likely require additional staff to be surged into the teams in question.
However, organisations are also highly likely to need a reassessment of their technology capabilities, to ensure that they are optimised, for example:
- Ensuring that critical data is curated in one controlled location, where it can also be structured and linked to other material
- Encouraging victims and whistleblowers to come forward by implementing secure and confidential reporting mechanisms
- Enabling data insights to be identified at pace, thereby facilitating earlier intervention
- Highlighting connections in the data, surfacing these insights and enabling visualisation
- Providing a guided workflow and audit trail for case integrity
- Delivering a flexible platform that empowers organisations to adapt
- Operating across a secure platform, with sophisticated permissions to ensure operational security in this sensitive area of operations
- Introducing opportunities for automation, thereby reducing unnecessary workflows and releasing time for higher value activity in support of the insider threat, counter corruption and police integrity mission
Next steps
As organisations prepare their response to the new streams of police integrity data that will flow from the PND data matching exercise and the future development of a new automated platform to conduct continuous PND checks, I am keen to support their capability needs.
Members of my network that would value a conversation on this are welcome to reach out to me to start the discussion.
In a field where data sharing and collaboration is vital, operational efficiency and intelligence are so frequently hampered by partners and systems that cannot ‘talk’ to each other.
It is vital that technology suppliers supporting the police, law enforcement and government integrity mission, including vetting, anti-corruption, and professional standards, work together to deliver interoperable systems. In a field where data sharing and collaboration are vital, operational efficiency and intelligence are so frequently hampered by partners and systems that cannot ‘talk’ to each other.
Interoperability forms a key component of the Digital Policing Strategy. It is also a central consideration of our work at Clue; my colleague Clare Elford is the newly appointed chair of the TechUK Interoperability in Policing Working Group (IPWG), a forum dedicated to driving forward interoperability in the policing sector by seeking to “change commercial behaviour and mindset.”
Finally, all participants in this vital work, whether operational, leadership, policy or technology must support each other and work together to enable a ’fit for purpose’ model where all opportunities to identify wrongdoing early, to act with confidence and decisively, are taken.
However, that can only be achieved with the right technology being deployed across the value chain.
Follow Matt on LinkedIn for regular economic crime insights, and learn more about Clue for Economic Crime.
Related Resources
Clue welcomes NHS Scotland Counter Fraud Services
NHS Scotland Counter Fraud Services provides a comprehensive service to reduce the risk of fraud and corruption in the Scottish healthcare system.
Learn moreInfographic: The Clue user threat landscape
Our latest visual highlights the expanse of evolving threats Clue users face daily.
Learn moreSanctions, kleptocracy, and the malign influence of hostile states
In his latest column, Clue's Director of Intelligence and Investigations, Matt Horne, explains why robust and effective sanctions enforcement demands a techn...
Learn more