The National Crime Agency ("NCA") has published its annual National Strategic Assessment of Serious and Organised Crime ("the Assessment"), which evaluates the threat of serious and organised crime in the UK.
The Assessment examines the impact of the Covid-19 pandemic and the subsequent Government restrictions on the methodology of serious organised crime within the UK. The findings include an increase in cyber-enabled fraud, with offenders commonly using encryption to hide their communications and cryptocurrencies to launder the proceeds. The Assessment also concludes that greater numbers of employees working from home has led to "dramatic increases" in ransomware attacks.
The Assessment estimates that over 12 billion of criminal cash is generated in the UK annually with the scale of money laundering, including through corporate structures and financial institutions, running into "hundreds of billions of pounds annually".
According to the Assessment, the Covid-19 pandemic has forced criminals to adopt new methods for laundering the proceeds of crime. In particular, there has been an acceleration in the use of cryptocurrencies, coupled with an increased used of sophisticated encryption tools and privacy wallets. A study by Elliptic, published in December 2020, similarly concluded that at least 13% of all criminal proceeds in bitcoin passed through privacy wallets (up from 2% in 2019).
The transposition of the EU's 5th Anti-Money Laundering Directive on 10 January 2020, via the Monday Laundering and Terrorist Financing (Amendment) Regulations 2019, brought Virtual Currency Exchange Platforms and Custodian Wallet Providers within the scope of the UK anti-money laundering regime for the first time. Cryptoasset providers must now comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, including registering with the Financial Conduct Authority ("FCA"), or risk enforcement action. However, the FCA recently warned that "a significantly high number" of cryptocurrency firms are not meeting the required standards. In particular, the FCA is concerned that firms are failing to implement adequate systems to spot money laundering and terrorist financing.
The Assessment also observes that the use of UK companies to launder illicit funds generated overseas continues to be a concern and complex business structures are frequently used to obscure ownership of property in the UK. The use of UK companies to launder the proceeds of crime was highlighted in the leak last year of the US Treasury FinCEN files, which classified the UK as a "higher risk jurisdiction" and listed over 3,000 UK companies as having appeared in Suspicious Activity Reports.
Bribery and Corruption
The Assessment concludes that Covid-19 has heightened the insider threat to businesses, particularly as increased levels of home working has reduced the ability of employers to monitor staff and identify unusual behaviour. The NCA observes that procurement contracts, both in general and specifically relating to Covid-19, have been particularly vulnerable to bribery and corruption. A report published by the Government in June 2020, highlighted the corruption and fraud risk in local government procurement processes and estimated this to cost in the region of £275 million a year.
The Assessment further observes that the UK's departure from the EU, has led to an increase in UK entities considering trade opportunities in alternative jurisdictions outside of the EU, some of which carry a higher risk of corruption.
The Assessment estimates that the cost of fraud to the UK is "in the billions and is increasing". The past year has also seen great fluctuations in pricing, in part down to an escalating demand for certain goods and services in the pandemic. These variations have proved challenging to financial institutions attempting to distinguish between illicit and genuine payments.
The NCA acknowledges that the most effective way to prevent economic crime is to "target the technologies and capabilities that enable them". As such, companies should ensure that their security software is well maintained and kept up-to-date. Similarly, employees should be made aware of sector specific red flags and be encouraged to report any unusual transactions to management.