Insider threat

Insider threat – we are committed to securing a more joined up and strategic approach to tackling corrupt insiders in critical domestic public sectors (prisons, borders, policing, defence and local government). This is another area where the analysis of the problem and the evidence base for how to tackle it need to be further developed.

Completion Status:
Partially fulfilled

Commitment filtering:

Specific:yes

This commitment is specific as it focuses on tackling the insider threat in selected domestic sectors, specifically in prisons, borders, policing, defence and local government. Monitoring of this commitment would focus on the UK’s response to this corruption threat in these sectors, which is narrow enough despite not concentrating on specific areas of corruption.

The focus of TI-UK’s monitoring of this commitment would be: i) on how successful the UK is in improving its “joined up” approach to tackling insider threat; and perhaps ii) whether the government is able, as a result, to improve its knowledge of insider threat. TI-UK is, however, not in a position to effectively assess the actual level of corruption threat in these sectors.

Measurable:yes

The section of the Anti-Corruption Strategy[1] entitled “reduce the insider threat in high risk domestic sectors” includes specific mechanisms and thematic areas that are measurable. Specifically, from point 1.1 to point 1.11, this commitment is divided in two sub-categories[2]:

Goal 1 on reducing the government’s vulnerability to corrupt insiders in four critical sectors (borders, prisons and probation, policing and defence) is measurable by assessing the Anti-Corruption Strategy for prisons and probation in England and Wales as well as ensuring that there is better intelligence sharing and training of Her Majesty’s Prison and Probation Service (HMPPS). A good proxy to monitor reduced government’s vulnerability to corruption would be through ensuring that the police barred list is up-to-date and up-to-standard along with the national register on police chief officers’ pay and rewards, gifts, hospitality and second interests. Improvements in police whistleblowers’ protection and the reform of the Independent Police Complaints Commission (now the Independent Office for Police Conduct) would also represent progress on this commitment. Moreover, the strategy pledges the establishment of a new independent team that would report to the permanent secretary in the Ministry of Defence responsible for checking the vulnerability posed by corrupt employees in the defence sector. Its creation and efficient functioning would represent progress.

Goal 2 on increased awareness of the insider threat across sectors is measurable by checking domestic collaboration among key actors, including the Centre for the Protection of National Infrastructure (CPNI)[3] and the National Cyber Security Centre[4]. Further progress could be monitored by ascertaining whether the findings of the Law Commission review of misconduct in public office[5] were considered by the UK government, which would be evidenced by its public response to the Commission’s report. This review is due to be published by the end of 2020, and the time of this assessment has not yet been released. Additionally, as explained in the Anti-Corruption Strategy year 2 update, CPNI “has developed a new assessment model to benchmark current good practice, identify gaps and challenges and develop programmes for personnel security to reduce risk”. While the main guide on reducing the insider risk seems dated to 2016[6], the CPNI is working to produce sector tailored guides on this model. For instance, they recently developed a guide to recognise terrorist threats.[7] Finally, reviewing the results of the government’s report on fraud and corruption risks in local government’s procurement[8] would be another way to measure this.

[1] See pp.31-34 of the national anti-corruption strategy section entitled Reduce the Insider Threat in High Risk Domestic Sectors 

[2] See sections 1.1 to 1.11 on pp. 45 to page 47 of the anti-corruption strategy year 2 update for more detail

[3] Centre for the Protection of National Infrastructure (CPNI), Cyber Security, no date, https://www.cpni.gov.uk/cyber-security

[4] National Cyber Security Centre, What We Do, https://www.ncsc.gov.uk/section/about-ncsc/what-we-do

[5] Law Commission, Review of Misconduct in Public Office, 5 September 2016,

[6] CPNI, Reducing Insider Risk, no date, https://www.cpni.gov.uk/reducing-insider-risk

[7] CPNI, Recognising Terrorist Threats, no date, https://www.cpni.gov.uk/system/files/documents/b8/40/CPNI%20-%20Threat%20Recognition%20Guide%20-%20WEBv2.pdf

[8] Ministry of Housing, Community and Local Government of the UK, Local Government Procurement: Fraud and Corruption Risk Review, 8 June 2020, https://www.gov.uk/government/publications/local-government-procurement-fraud-and-corruption-risk-review



Last updated: 30 November 2020
Share: twitter email twitter twitter print
Evaluation:

The commitment on the insider threat refers to commitments from 1.1 to 1.11 of the UK Anti-Corruption Strategy but also relates to commitments on local government scattered throughout the strategy (such as 3.1; 3.5; 3.6; 4.1; 4.11 mainly focused on fraud and procurement). It is specifically divided into prisons, police, defence, borders and local government.

Prisons: in December 2018, the HM Prison and Probation Service1 (HMPPS) developed an internal anti-corruption strategy for prisons and probation, which secured full funding as part of the recently announced £100m investment in prison security. According to the strategy update, this investment will support the agency’s efforts to tackle the insider threat by increasing their capability to protect staff from being drawn into corruption. The strategy will also support a review of recruitment and vetting procedures so that these processes are not exploited by criminals. The final processes of vetting and inducting staff should be completed by the end of March 2021. As a direct result of this recruitment HMPPS are now in a position to design and pilot the ‘Prevent’ offer as part of the 4 ‘P’ Strategy.2

In addition, HMPPS launched a counter corruption unit in April, alongside a communications campaign to encourage prisons and probation staff to report suspected corruption and wrongdoing. New memorandums of understanding to improve collaboration and intelligence sharing have also been agreed between the HMPPS and the National Police Chiefs’ Council and the National Crime Agency. Much of the detail regarding the above is unpublished, so it is hard to verify the information that was provided as part of the UK Anti-Corruption Strategy updates for years 1 and 2.

Police: 43 police units have been assessed since the launch of the Anti-Corruption Strategy in 2017. Yet a year-by-year breakdown is not available, so it is unclear which assessments have been carried out when. The Strategy’s year 2 update states that “initial findings have focused on the capacity of counter-corruption units, backlogs in ensuring baseline vetting for all staff and the patchy quality of forces’ strategic threat assessments of corruption”.3 Two-thirds of all the police stations have been assessed, and the last batch will be assessed in 2020. The annual, all-force inspections (PEEL assessments) are online.4

In the Anti-Corruption Strategy year 2 update, the government notes that “due to pressures on parliamentary time, it was not possible in 2019 to implement relevant provisions of the Policing and Crime Act 2017. This has meant a delay in implementing a number of strategy commitments on policing”.4 However, the relevant regulations were laid before in Parliament in early 2020,5 6 and so these commitments have now been implemented. They will be reported on in detail in the year 3 update of the UK Anti-Corruption Strategy.

Defence: for the defence sector, the government reports in the UK National Anti-Corruption Strategy Year 2 update that:

The government has revised the terms and conditions of the Strategic Crime Intelligence Forum to increase collaboration between the Ministry of Defence Police and partner agencies, national law enforcement and other policy partners. The forum meets bi-monthly to exchange, and apply, intelligence reporting and lessons learned. The government has also developed a short awareness film, which explains why some defence material is attractive to criminals and terrorist groups and the key roles individuals can take in denying them access to such materials. The government has also established regular checks and audits to ensure that such material is properly accounted for and discrepancies are investigated by a dedicated independent team. The government has increased the effectiveness and efficiency of insider threat investigations within MOD by providing the team focused on detecting insider threats better access to data and analysis.3

There is not much information online about the Strategic Crime Intelligence Forum or the film that was produced. The data may not be available to the public for security reasons, yet this prevents us from assessing whether the actions taken by the government have actually improved the understanding of the insider threat in the defence sector.

Borders: the government reports that:

They have been increasing their focus on the ports through better training of personnel, and better use of technology for detecting threat and information sharing.7 They are also piloting initiatives to deny, detect and deter hostile or criminal insider activity at a variety ports.

There is not much information online about the training provided to personnel at the UK ports. The data is not be available to the public for security reasons, yet this prevents us from assessing whether the actions taken by the government have actually improved the understanding of the insider threat in the borders sector.

The UK is also a signatory to the World Customs Organization (WCO)8 Arusha Declaration on governance and integrity9 and provides updates to the WCO on progress against the Arusha Declaration measures. The UK government has informed TI-UK that they provide updates, although we have been unable to independently verify this using public information.

Local government: in the summer of 2019, the government completed a review into the risks of fraud and corruption in local government procurement. Over 80 councils were represented at seven workshops, and 145 responses were received, as well as over 25 case studies and a number of examples of best practice in the local government sector. Relevant departments are discussing the review’s findings, and the results were published in June 2020.10

Overall, there is evidence that the government is making progress in this commitment; however, in the absence of more detailed information about its work to date on prisons, policing, borders and defence, we cannot conclude it is fulfilled.

Challenges to effective commitment implementation
Borders, police and prisons
– given the lack of transparency surrounding the implementation of these parts of the commitment, it is difficult to assess any challenges faced.

Local government – local authorities in England are now solely responsible for the conduct and standards of their councillors, and their standards committees are no longer supported by a national regulator. While the Localism Act 2011 still requires English local authorities to produce codes of conduct and provides minimum standards regarding the declaration and management of financial interests, the absence of a standardised and nationwide approach has led to a wide variety of practice. The Local Government Association (LGA) and its Planning Advisory Service (PAS) have produced guidance to advise councils on good practice standards in planning contexts. However, these are not mandatory requirements and local authorities in England are not obliged to comply with them. This means that there are a number of corruption risks that arise from the lack of mandatory procedures in the way councillors engage external stakeholders, in the way they declare (more often fail to declare) conflicts of interest, and generally their conduct, for instance, in the transparency (or lack of) in recording donations.

Opportunities to accelerate commitment implementation
Defence: the government is undertaking an integrated review of foreign, defence, security and development policy. This is an opportunity to further streamline anti-corruption efforts throughout the government’s defence, security, development and foreign policies.

Local government: local authorities in England have the power to review and improve their safeguards against corruption by councillors and staff, which are contained in policies, protocols and guidance. For example, on top of existing statutory offences, such as a bribery, councils can tighten their codes of conduct and planning protocols to help address risks around the exchange of gifts and hospitality for favourable decisions. Councils usually have a standards committee, which tend to be responsible for reviewing their codes of conduct periodically. These periodic reviews are an opportunity to reflect on recent evidence published by government and TI-UK, and implement any recommendations arising from this research.

Recommendations
Borders, police, prisons and defence:
government should provide more detailed information on its delivery of work regarding these critical sectors.

Local government:11 to help reduce the risk of corruption in the planning process, we recommend that local authorities:

  • Minute and publish all meetings with developers and their agents for major developments.
  • Prohibit those involved in making planning decisions from accepting gifts and hospitality that risk undermining the integrity of the planning process.
  • Increase transparency over gifts and hospitality.
  • Improve the management of councillors’ financial interests.
  • Prohibit all councillors from undertaking lobbying or advisory work related to their duties on behalf of clients.
  • Manage the revolving door between the elective office and private business.
  • Provide clear guidance and boundaries for councillors so they can better understand what is and is not acceptable behaviour.
  • Increase transparency over investigations and enforcement action

We also recommend that the UK government legislate to provide a meaningful deterrent for serious breaches of the code of conduct by re-introducing the power for councils to suspend councillors for particularly egregious misconduct, with a right to appeal.

 

Sources:
  1. ·
  2. Prevent is supposedly the last P of the 4Ps strategy https://www.justiceinspectorates.gov.uk/hmicfrs/glossary/4p/
    ·
  3. HM Government, UK National Anti-Corruption Strategy p. 13 of the year 2 update
    2017
  4. Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services, assessments of police and fire stations, https://www.justiceinspectorates.gov.uk/hmicfrs/
    ·
  5. UK Statutory Instruments, The Policing and Crime Act 2017 (Commencement No. 10 and Transitional and Saving Provisions) Regulations 2020, https://www.legislation.gov.uk/uksi/2020/5/made
    23 January 2020
  6. ·
  7. And also through the protective security regime at airports and ports overseen by the Department for Transport.
    ·
  8. ·
  9. WCO News, WCO Revised Arusha Declaration: Putting Integrity Back in the Spotlight, 2020, https://mag.wcoomd.org/magazine/wco-news-91-february-2020/wco-revised-arusha-declaration-putting-integrity-back-in-the-spotlight/
    ·
  10. Ministry of Housing, Communities and Local Government, Review into the Risks of Fraud and Corruption in Local Government Procurement 
    June 2020
  11. TI-UK, Permission Accomplished: Assessing Corruption Risks in Local Government Planning This is our latest local government report, contains all our recommendations.
    July 2020

(logged in as editor)