(1 year, 12 months ago)
Public Bill CommitteesI appreciate the Minister’s response. To pick up on a couple of his points, he said that there are already remedies available, but as we have seen there are far too few for employees who suffer at the hands of a nasty business owner. We have all seen such cases on the news or from our own case loads.
The Minister mentioned the regulations governing covid loans. Clearly, that is a very specific example, and he makes a fair point, but that is not the case for all public moneys. However, this is a probing provision and would require further work before I sought to test the Committee or the Chamber with a vote. I therefore beg to ask leave to withdraw the motion.
Clause, by leave, withdrawn.
New Clause 71
Suspicious Activity Reporting: risk rating
“(1) The Proceeds of Crime Act 2002 is amended as follows.
(2) After subsection 339(1) insert—
‘(1ZA) An order under subsection (1) must prescribe that a risk rating be included as part of a disclosure.’”—(Dame Margaret Hodge.)
Brought up, and read the First time.
I beg to move, That the clause be read a Second time.
I will be on my feet for a bit, so I will try to be succinct—I know that Members have other things to do this afternoon. [Laughter.] It may be impossible for me. I want to say quite a lot about this new clause.
New clause 71 is about reforming of the suspicious activity reports regime. Ministers will accept that the SARs regime is a central tool in our defence against money laundering, but I hope they also accept that the current system is broken—it is not working. The new clause would introduce a new risk rating system, which would transform the efficacy and efficiency of the current regime.
SARs are very valuable and a vital source of intelligence. They are made mainly by financial institutions, but also by solicitors, accountants or estate agents, and they report suspicious activity. They have been absolutely instrumental in a range of successful actions against criminal activities, locating sex offenders, tracing murder suspects and identifying those involved in online child abuse, and they have shown how young women are trafficked into the UK. They have also been instrumental in closing down fraud and money laundering.
To give one example of a successful case involving fraud, a vulnerable elderly man in his 80s was the victim of a fraudster who had gained his personal details through a cloned website, when the elderly man believed that he was making a genuine investment. The reporter who saw the transaction going through was suspicious when the fraudster tried to impersonate the victim and access his main funds. He reported the transaction, and the UK Financial Intelligence Unit, which operates the SARs regime, received that report. The unit immediately passed it on to the enforcement agency—I wish this happened every time—which visited the victim in his house. The agency was then able to quickly contact the institution where the transaction was supposed to take place. It reported that the suspicious activity was wrong and confirmed the real identity and bank details of the elderly man, which all prevented him from losing in excess of £80,000.
This scheme is therefore important, and it is successful when it works well. However, at present, the sheer volume of SARs and the limited resources available mean that the information is not analysed and often simply not used. In evidence to the Treasury Committee, Mark Steward, the director of enforcement at the Financial Conduct Authority, said:
“More needs to be done in order to get more out of the valuable data that is in there. Otherwise, it just sits there.”
Graeme Biggar, also giving evidence to the Treasury Committee, as director general of the National Economic Crime Centre, said:
“Twenty years ago, we got 20,000 suspicious activity reports in, largely from banks. This year, we would not be surprised if we got three quarters of a million, and the number of defence against money laundering SARs, where we are told in advance and given the option to refuse permission to proceed, is going to double, we think, this year. The sheer volume coming through is really significant and very hard to deal with.”
According to research from Spotlight on Corruption, only 118 people handle the SARs. That is one employee to 4,250 SARs. The Australians, who have a similar enforcement regime, and who have also experienced an explosion in SARs, have a staff complement of one to 1,400—three times better than our own. The Committee has often talked about the relative budgets for enforcement of the UK and the USA. The USA has increased funding of the Financial Crimes Enforcement Network by 30%, and its staffing by 50%. The Minister should recognise that the Federal Bureau of Investigation’s budget is now 15 times larger than the National Crime Agency, although our population is only five times smaller than America’s.
The Financial Action Task Force review in 2018 said SARs should be reformed, and SARs were criticised by the FATF. The Treasury Committee report in 2019 talked about SARs reform. In 2017, the Government had announced a reform programme for SARs, led by the Home Office together with the NCA. That reform programme constituted action 30 in the economic crime plan. The intent was to have an IT transformation, better analytical resources and capabilities, and an improvement in SARs processes. That SARs programme was reviewed by the Government’s Infrastructure and Projects Authority, and was given an amber rating in 2021. So reform started in 2017, the programme was given an amber rating in 2021, and today, in 2022, it is not complete and there is no timetable from the Home Office—maybe the Minister can help with that—or a target date for completion, which was a criticism the Treasury Committee made of the programme. Delivery was originally promised by December 2020, but we are two years on from that and we are a long way from seeing SARs completed.
In that context, new clause 71 introduces a risk-rating regime. I do not think anybody thinks that is a crazy idea, and I hope the Minister will—just for once—adopt one of the suggestions that the Opposition have made in Committee. I hope he will not say that we do not need the legislation. We are nearly six years on from when the reform programme was announced, and reform has not happened. The Government cannot, despite the best efforts of right hon. Member for Uxbridge and South Ruislip (Boris Johnson), ignore legislation, although they seem to be ignoring the desire to reform the SARs programme.
If Ministers want action, which they have consistently said they seek with the Bill, they should accept new clause 71. If they simply see this measure as party political, they should not. We do not deal with the funding issue in the new clause, but we will ensure that the focus is on the most significant SARs. That will lead to more enforcement. I urge the Minister to adopt our new clause.
(2 years ago)
Public Bill CommitteesQ
Graham Barrow: Absolutely. What I am looking at is probably not even 5% of what I could look at in terms of suspicious activity and red flags. I have not the hours in the day; bear in mind that I do not get paid for any of this, so it is a labour of love, or whatever. There is a sensible answer, which is that we are now in a world where data is manipulated really easily and in bulk. Therefore, something that my company has done is to design algorithms that looks at clusters of red flags. If all we look at, Dame Margaret, is red flags, we are going to be overwhelmed. We have to accept that we cannot address every issue straightaway, which means that we need to look at clusters of red flags, which, taken together, can indicate significant organised crime or corruption that is being utilised through the formation of companies.
This year I have seen one organised crime group create about 1,500 companies, using data that they have stolen from two major global organisations. These are HR files, so the data is replete with all the personal information of those employees, who have then found themselves directors of companies that have been registered to empty shops, which have then been used to access banking, particularly overdrafts or other banking credit. There are about 1,500 companies, and the average overdraft might be £5,000 to £8,000; you do not need too many of them to be successful to understand that millions of pounds are being extorted or fraudulently obtained from banks through this ease of use.
Something else that is really important is the ID&V piece. If you have stolen ID&V data from, for example, a company’s HR files, the implementation of proof of life at the same time—that is, you do not just have the documents, but can prove it is you by having some form of selfie or other real-time interaction—is vital, because these people do not just set up companies; they open banking with them. Banks can be criticised, but they do an awful lot more due diligence than Companies House. If these people are opening bank accounts, the ID&V they currently have is clearly high quality. We must bear that in mind.
Q
Graham Barrow: Probably not. We have done some analysis of phoenix companies. For example, I think that something like 30,000 companies on Companies House have changed their name for fewer than seven days and then changed it back to its original name. That is a variety of phoenixing by which you disappear from your company name for a few days and then come back again. As you will probably know, Gavin, every year on Companies House there are thousands of proper phoenix companies—those that have dissolved and reopened, either geographically close or at the same address with virtually the same name. It is a real issue, and it is part of the whole broader issue of company name observations. There was a piece on “You and Yours” on Radio 4 a few weeks ago about a lady who had Asda Ltd registered to her terraced house in Huddersfield. She received 7 kg of post and all sorts of other things, and bailiffs turned up at her door.
The Bill does include the ability for Companies House to reject similar names, but if you have 3,000 companies a day—and that extends to companies across the world that may have similarities—I do not see how you are going to enforce that reasonably. There is just too much volume and too many potential comparative data points to compare them to. That is a huge issue, and one that inserting a little bit of friction between application and registration would help to address. At the moment, the focus is entirely on speed of getting on to the register. Putting in a bit of friction to do some proper checking would be a good idea.