How to POCA Hole in Telecoms Crime

I recently presented ‘Telecoms Crime, Terrorism and Money Laundering’ to the Risk & Assurance Group (RAG) Summer Conference, and this article is intended to raise further awareness amongst TelCos because this issue isn’t going away and it won’t fix itself. I want to encourage TelCo victims – especially those in the UK – to share their experiences in confidence, help law enforcement understand the problem and provide input to develop new responses. If we can fix the problems in the UK then maybe we’ll also set an example that other nations can follow. Let me tell you about the problem, why the current approach isn’t working and suggest an alternative way to fight fraud. Intrigued? Then read on…

My RAG presentation covered the scale of global telecoms crime and provided evidence of its exploitation for money laundering and terrorist funding; it’s available to RAG members and membership is free here.

So What’s The Problem?

For anyone who doesn’t appreciate the scale of telecoms crime, the CFCA survey estimates global losses of $38 billion. For many years there has been an industry consensus that we could significantly reduce losses caused by revenue share fraud if we could withhold payment to the fraudsters. Early during the RAG presentation, an audience poll showed that 92% of responding delegates believed we should prevent payments reaching the fraudsters. The reasoning is simple – if there’s no reward there’s no motive for the crime; and if there’s no motive, there’s no crime.

payments-to-fraudsters

The problem is that whilst a TelCo majority believes we should stop payments, there has been a marked lack of agreement on how this can be achieved. For a number of years, I worked with other mobile operators and carriers to establish common contract terms and a supporting process which would allow us to stop payments related to fraud. Whilst we could agree the principles, a workable process was more elusive. I also worked on the industry response to the EU Telecoms Regulators who attempted to create their own guidelines with the ‘BEREC Process’. That was a waste of time as only one Regulator, COMREG in Ireland, made any effort to apply the guidelines and actively prevent outpayments to fraudsters – shame on you regulators!

Why aren’t the police dealing with telecoms crime? I’ve met and worked with some great officers over the years but have often struggled to get the police to investigate telecoms crime and I know I’m not alone. The reasons vary, so take your pick from these:

  • they don’t want to record the crimes because it makes the stats look worse;
  • it’s not one of the Chief Constable’s priorities;
  • it’s seen as a victimless crime;
  • they don’t understand telecoms crime; or
  • it’s fraud, so it will suck up resources with a long and complex investigation and court proceedings.

And, if it’s an international fraud you can add the jurisdiction objection: ‘it’s not my crime’.

However, there is one area which has enjoyed a degree of success. Most UK domestic traffic interconnects with British Telecom (BT) at some point and is subject to a well-established process which means that TelCos which identify Artificial Inflation of Traffic (AIT) can raise a retention notice under Annex E of the interconnect agreement so they don’t pay for fraudulent traffic.

AIT

Under this process, BT retains approximately £1m per month on behalf of victim TelCos, so why do we need anything else? The answer is that:

  • not all frauds are identified;
  • not all claims are upheld; and
  • this process doesn’t operate for traffic which originates outside UK.
POCA and Telecoms

In the diagram below, the green arrows depict the money flow relating to an international call. If the call is fraudulent, the originating network receives no payment but is contractually obliged to pay its interconnecting carrier, which, in turn, is also obliged to pay, etc.

proceeds-of-crime

In my view, Telecoms crime isn’t materially different to any other crime, and, six years ago, I argued that TelCos which made payments knowing or believing they related to fraud were at risk of being charged with money laundering. That caused a stir, especially when it was backed by Counsel’s Opinion which stated that, “It follows that the revenue generated by such criminal activity would fall within the definition of “criminal property” (Proceeds of Crime Act s 340(3))”.

On the basis of that legal advice, one UK operator advised its trading partners that it would be withholding monies which appeared to be the proceeds of crime – it looked like we were finally getting somewhere. Except that other UK TelCos then sought their own legal opinions and these differed from the first advice. After the initial excitement, it all ended with a consensus view that it was unlikely TelCos would be charged with money laundering where they were merely part of the payment chain. So everything stayed the same and TelCos continue to pay the proceeds of crime onwards to the fraudsters, having first taken their share of profit from the loot. When the TelCo board signs off its glossy Corporate Social Responsibility Report, does it realise that whilst it trumpets its good works, the business is profiting from, and perpetuating, organised crime? How responsible is that in an age when telecoms fraud has been used to raise terrorist funding?

The problems around roaming and international fraud continue and since we haven’t been able to find a solution where the TelCo wins and the fraudster loses, maybe we should focus on delivering a ‘lose’ outcome for the fraudster – and don’t waste time talking about locking them up; that’s not a deterrent. The fraudster becomes a loser if his/her income is seized under the Proceeds of Crime Act (or equivalent legislation in other jurisdictions) and I tested the RAG audience response to this idea with another poll.

support-poca

OK, so there’s support for the idea, but how do we turn it into reality?

Why Isn’t POCA Working?

In the UK, the Home Office states that:

The aim of the asset recovery scheme in POCA is to deny criminals the use of their assets, recover the proceeds of crime, and deter and disrupt criminality.

And, helpfully, the House of Commons Home Affairs Committee have just published an excellent review of POCA – here are a few key points:

  • in 2013, the National Audit Office reported that of every £100 of criminal proceeds, the amount confiscated was 26 pence;
  • confiscation orders have been issued for £1.6 billion but only £203 million is likely to be enforceable; and
  • enforcement agencies collected £155 million from confiscation orders in 2014–15; the cost of collection was estimated to be more than £100 million.

That summary doesn’t look very encouraging, so how can we make it work for telecoms when so many able and dedicated people are struggling to make recoveries from other crimes?

POCA provides four means of recovering criminal proceeds.

  1. Criminal confiscation as part of sentencing.
  2. Civil recovery in the absence of a criminal conviction.
  3. Cash forfeiture via a civil process, where there are reasonable grounds to suspect that it is the proceeds of crime.
  4. Revenue powers to tax income where there are reasonable grounds to suspect it is the proceeds of crime.

Of these, the primary means of enforcing POCA is criminal confiscation – and that’s the problem. Criminal investigations can be long and complex and, too often, insufficient priority is placed on securing criminal assets which then disappear before any conviction. It’s clear that we need a different solution which is fast enough to secure property before it takes flight; that solution is civil recovery.

Telecoms + Police + POCA = Recoveries

Civil recovery via the High Court enables the recovery of property obtained through unlawful conduct. The proceedings are against the property, not against a person and the civil standard of proof applies, so we need to satisfy the court, on the balance of probabilities, that property is the proceeds of unlawful conduct. It’s sufficient to prove that the property was obtained through a particular type of offence (e.g. fraud) and it isn’t necessary to show that the person in possession of the property was responsible for the unlawful conduct.

For civil recovery to be effective under POCA we will need to:

  • identify who’s in possession of the proceeds;
  • provide a victim statement and evidence of the offence (and possibly a crime report); and
  • have the enforcement authority serve a claim in the High Court.

Anyone with experience of investigating telecoms crime is now wondering how we’ll find a policeman to serve the claim as telecoms crime has often been on the ‘too difficult’ pile, so what’s different now? I think the concept has a couple of factors in its favour.

  1. If the TelCo is providing ready packaged claims, including the victim statement and data evidence, it’s a comparatively quick and easy process – much less resource than an investigation.
  2. Law enforcement has recovery targets and these recoveries count towards them.

What value could UK law enforcement recover using POCA? At RAG, the majority audience view was that the UK is terminating £50-100 million telecoms fraud per year. Even a modest slice would be a substantial contribution to POCA recoveries.

uk-fraud

So What Can You Do?

I’ve already had discussions with one large British TelCo and a lawyer about preparations for the claim process. I’ve discussed the concept with several interested police officers and one thing which will help secure police support is telecoms crimes being reported – if there’s no data, there’s no problem and therefore no resources allocated. I recognise that in the past, reporting was time consuming and, frankly, futile, but I hope to be able to provide an update on a practical reporting process very shortly.

In the meantime, I know you’d rather innovate than stagnate, so we’re establishing a POCA Telecoms Fraud Campaign page at the Risk & Assurance Group. This issue won’t fix itself – so support the campaign by visiting our campaign page at the RAG website and signing up!

David Morrow
David Morrow
Dave has 35 years of law enforcement, investigation and fraud management experience including multiple international assignments. He is a recognised telecoms fraud expert and for a number of years chaired the GSMA workgroup responsible for Security & Fraud Risk Assessments.

Starting in HM Customs & Excise, Dave moved from uniformed duties to spend 5 years in Investigation before taking a commercial investigation role with Network Security Management. Amongst other assignments, this included a secondment to help establish the Jamaican Government’s Revenue Protection Division, where he made Jamaica’s largest ever financial recovery.

Following 6 years of commercial investigation, Dave joined Vodafone where, in the early days of mobile, he worked closely with law enforcement; he was one of the few civilians invited onto the Computer Crime Course at Bramshill. Dave’s counter-fraud initiatives saved millions in UK (e.g. £24m p.a. on credit card fraud) and he was seconded to help establish Corporate Security in the company’s largest networks, Turkey and India, and also performed fraud reviews for partner networks including Azerbaijan, Croatia, Libya and Ukraine. Dave now provides fraud management support as an independent consultant.