WEDNESDAY 4 JUNE 2008

Mr William Hughes and Mr Rob Wainwright

  Q61  Chairman: Mr Wainwright, Mr Hughes, welcome. Thank you very much indeed for coming. We very much appreciate it. As you will know, this Committee is a sub-committee of the main European Union Select Committee of the House of Lords and we are currently conducting an inquiry into Europol. We have had evidence from the Home Office; we shall have visited The Hague and Brussels towards the end of the month and had other witnesses to see us. You will realise that this is on the record. We are most grateful for your evidence to the Committee. If there is anything you want to add at the end of the meeting, the Committee would be most grateful to hear from you in writing. I do not know if you would like to make an opening statement or go straight into the questions which I think you have had warning about.

  Mr Hughes: My Lord Chairman, perhaps I could start by saying thank you very much for inviting us. Rob Wainwright is the Deputy Director for our international side. Europol is his day-to-day business, as well as Interpol and other international issues, so on technical matters he is well placed to answer those questions. On issues around the strategy and direction of SOCA and our relationship at a more senior level in terms of the European sub-committees, I will take those questions. I hope that is fine with you.

  Q62  Chairman: Absolutely fine. Please do not hesitate, either of you, to chip in, to underline what has been said. Let me start. I wonder if you would give the Committee a brief overview of the current UK arrangements under the Europol Convention for connecting the United Kingdom competent authorities to Europol through the UK Europol National Unit.

  Mr Wainwright: SOCA is the Europol National Unit for the United Kingdom under the terms of the Europol Convention, whereby each Member State establishes a central point of contact, a single point of contact, to co-ordinate its law enforcement activities and interests in regard to Europol. Here in the UK that National Unit is located within the International Department of SOCA and deliberately so, co-located with the other international channels of police co-operation that we have in the United Kingdom. It is an integrated part of a bureau that also includes Interpol, the European Arrest Warrant functions in the European Union, and also a very large bilateral network of liaison officers that we have around the world (some 140 now in 40 countries). Our International Department will also be the home, in a UK Central Bureau, for the Schengen Information System when the UK connects to that in 2010 or 2011. My Lord Chairman, in one part of our department we are the UK centre for UK law enforcement co-operation worldwide. Europol is a very important part of that. From that central base we are able to provide support services to UK police forces and other law enforcement agencies and offer to them, therefore, the full range of Europol's capabilities through our central co-ordinating function. That National Unit provides specialist advice to our UK partners. Also, on behalf of the UK community as a whole, we carry forward the UK's interests at Europol, as a single voice representing the UK community over a range of operational matters and policy matters as well. It is my responsibility, for example, to represent the United Kingdom on the Europol Management Board.

  Mr Hughes: To add to Rob's very full answer: we have about nine officers, but that includes three officers, one from the Metropolitan Police, one from HMRC (Revenue and Customs), and one from the Scottish Crime and Drugs Enforcement Agency, who work as a team and are The Hague end of the unit Rob has just described.

  Q63  Chairman: You say in paragraph 10 of your paper: " ... the large network of SOCA Liaison Officers around the world". Could you say something about that?

  Mr Wainwright: Yes, of course I can. These are regular SOCA officers experienced in the full range of our operational activity who have been appointed overseas—as I have said, in some 40 countries now—to roles which involve them being normally diplomatically accredited, so working in most cases out of British Embassies. Their job is to manage our operational relationships with the bilateral agencies, the agencies within the countries in which they are located. We have many, many officers in countries outside Europe and in large stations in Afghanistan, in Colombia, in parts of the Caribbean and so on. Within that network of 140 officers, approximately 30 or so are located within Europe. That gives us, therefore, an alternative channel of communication for the conduct of our operation with Spain, with France, with Germany and our other partners in Europe. Of course, on a case-by-case basis, therefore, we have a choice of which channel to use in the conduct of our operations. Over a period, certainly, of two years under SOCA and many years before that through our precursor agencies, we have developed a habit that works very well, I think, in terms of which of those channels of communication we should use in any particular case.

  Q64  Lord Hodgson of Astley Abbotts: You have described officers serving overseas. How long do they go for?

  Mr Wainwright: The tour length is a maximum of four years. In Afghanistan it is two years because of the unique operating circumstance there.

  Q65  Lord Hodgson of Astley Abbotts: That is long enough for them to get bedded in, to achieve what is presumably a pretty trusting relationship.

  Mr Wainwright: That is a good question. In some cases we have extended our officers beyond that four year period to capitalise on the impact they have made in understanding, if nothing else, the cultural dynamics of co-operation in that country. We think in most cases four years is about right, because we have to balance that with their future as well and the need for them to be reintegrated into the UK structures here in SOCA. Also, for us to take advantage of their unique experience of working overseas, we can bring that back into the main body of SOCA's work here.

  Q66  Lord Hodgson of Astley Abbotts: In addition to that, language is a key to understanding cultural differences. Do those officers who go out for that four year period have sufficiently good linguistic skills or is that something they come back with?

  Mr Hughes: When they are allocated, we give them language training to a very high standard as much as we can. For most of the languages that we are learning now in the various more exotic parts of the world it is survival skills that they need. We then employ locally employed individuals who have language skills who can act as translators and interpreters. Also, because we are working with embassies abroad, we have access to their linguistic backup as well. Some in this room will be familiar with the old drug liaison officers that Customs used to have around the world and the National Criminal Intelligence Service (NCIS) had some crime liaison officers. We inherited them when we formed SOCA and brought them all together, but we have rationalised that type of approach, so that they are no longer simply liaison officers who pop in on occasions to various agencies that we work with overseas but we are seeking, wherever we can, to embed them in the enforcement agencies that we work with operationally. That is another difference: SOCA now operates operationally overseas as well as in the UK. On the issue around the SLOs, we have moved away from the situation of having single liaison officer posts to where we have double or more, supported by regional networks, so the continuity is maintained with people who rotate at different times and have a regional back-up and a support network back in the UK in the international side and at the regional level.

  Q67  Lord Mawson: My experience in this country is that there has been a lot of talk about partnership and joined-up thinking with agencies working in Europe. You obviously have to develop a whole range of quite complicated partnerships and relationships. My experience in this country is that, whilst there is a lot of talk about it, when you examine under the detail of a lot of this it is not happening on the ground and things are not moving on. In the modern world, it is all about relationships and senior relationships, and often the top, middle and bottom beginning to build those personal relationships. What financial investment and personal time are you investing in that whole area, so that, as a modern organisation, you can interface with other organisations in the modern world with the demands that that makes?

  Mr Hughes: The answer to that question could be quite long, so I apologise in advance. If you go back to the basic issue, which is maintaining relationships and partnerships, that is what we have been doing for the last two years at a very high level and at a tactical level with our operational colleagues in police forces and HMRC, and now the UK Borders Agency as it is starting up. As an agency of around 4,150 individuals, we are relatively small in those regards, so the leverage that we look for in partners is very important to us. Partnership, as you say, does not always work: it is absolutely crucial that it does work for us if we are going to be successful. There are some copies for the clerk of our annual report which highlights the partnership working that we have been doing operationally around the world and in the United Kingdom. In order to put it on a more strategic and, if you like, coherent footing, the UK Threat Assessment is something that we produce as well, the idea of which is to highlight those threats of serious organised crime impacting on the United Kingdom in a real sense. The old document used to be a bit historic. This is about trends: where it is now and where it is going. From that we have developed the UK Control Strategy, which picks up on the main 16 programmes of activity that we think we need to combat that. That is a multi-agency approach, where other agencies beside SOCA lead on taking those programmes forward. We are attempting at every level to build up that partnership approach: at the intelligence and strategic level; at the tactical level working with our operational partners; at the top level (where I am still a member of the ACPO Council of Chief Constables, so I have an opportunity therefore to influence the strategic direction that policing is taking in the United Kingdom); in bilaterals we have with our senior colleagues in HMRC; with ACPOS; with the Northern Ireland Office; and with the Organised Crime Taskforce in Scotland and Northern Ireland. It is hard work, you are right, and in the past it has sometimes been less than complete, but we are trying in every way we can to ensure a partnership approach on this.

  Mr Wainwright: In our international work, partnership is our lifeblood. We do nothing of any substance overseas without working with at least one other partner. It is the way we do our business. To reflect that, the organisation has invested about 10 per cent of its budget and its people in its international programme of work—which is a sizeable investment, to reflect the point you have made. We have some examples we can give, if the Committee is interested, in how we have developed partnership arrangements to operational effect around the world.

  Chairman: Thank you. Let us move on.

  Q68  Lord Mawson: How does the UK make its independence requirements for organised crime and terrorism known to other European partners in the Europol framework?

  Mr Wainwright: Mr Hughes has already outlined to you the national intelligence framework that we have developed for SOCA here in the UK. It is to exert an interagency response to organised crime. We have the instruments of what we call the UK Control Strategy, the UK Threat Assessment, and something we call the National Intelligence Requirement. That last document is the principal and national means by which we make clear to our partners where our priority intelligence gaps are and the priority collection process which would follow thereafter. Although that was framed principally with domestic partners in mind, it does work very well overseas for us as well. We use, therefore, the requirements that we have established here as those that reflect our priorities, to share that with our partners around the world through our bilateral network of officers that I was talking about, but, in particular, through institutions like Europol as well. We are pleased, of course—and I think the Committee has noted this in previous evidence—that in the last few years Europol has developed a similar approach, following a successful campaign in the UK Presidency in 2005 to promote UK best practice on intelligence-led policing, so we have the principles of what we now call the European intelligence model, embedded more or less in Europol and the European partners. That has been designed very much with the UK experience in mind and we are using instruments of that, in a similar way that we are using instruments at a national level, to connect the two. Our success, therefore, in reflecting the UK requirements in that European framework is quite high. I think there is still some way to go to develop it in a more coherent way at the European level, but we are pleased with the progress in the last couple of years.

  Q69  Lord Hodgson of Astley Abbotts: I would like to go back to the role of SOCA as the UK's National Unit at Europol. We had inferences in previous evidence that quite a lot of the most valuable part of the Europol organisation is from the bilateral International and National Unit contacts, as opposed to the central unit itself. As we understand it, we do not have a harmonisation of what each individual Member State chooses as its National Unit. Would you like to tell us how this process works, what the consequences have been, and what the impact has been on the effectiveness of the organisation both at a cohesive and a bilateral level.

  Mr Wainwright: Like in so many aspects of work within the European Union, harmonisation of precise structures/procedures across 27 Member States is very difficult to achieve. Instead, the architects of the Europol Convention got it right 10 years ago by agreeing some common principles so that there would be a single point of contact, a National Unit in each country, so that there would be a single interface there. The National Unit would operate in a certain way without being overly prescriptive, because it was recognised, of course, that the national policing arrangements in those 27 Member States are different, unique in each case, and to impose, therefore, a very rigid prescribed model that might work for one or maybe two countries certainly would not work for 27. We take a general framework of some common strategic principles and seek to apply that according to the unique domestic circumstances of each country. I think that has survived. It has passed the test of time over those 10 years. The network of National Units has survived and, indeed, strengthened—very much so—and there are no Member States—certainly not the UK—that are calling for any reform there. The first part of your question was about the extent to which the Liaison Bureau perhaps consumes more of our interest. That is true. It is a very effective Liaison Bureau network. Last year the UK processed something like 560 operational cases through that bureau. That is the second or third highest between the 27 Member States, so we are a good user of that network. I think, however, it is oversimplistic for us to compare that with what we might get from the main body of Europol itself. The two are co-located, certainly, in the same building, but, also, in almost all of those cases there will have been a supporting involvement of Europol and therefore it is not so easy to separate the two. Perhaps my most important point with regard to that is that the service we get from Europol is, in the main, a high quality service. It is one of receiving tactical and strategic intelligence from its analysis files in particular. These are very important to us because they represent the only access we have to a pan-European database for organised crime, containing millions of data entries about the most serious forms of organised crime operating in the EU, and it is at Europol only that this information and database and technical capability exists. That is the principal capability of Europol that we are interested in.

  Mr Hughes: This is a crucial aspect. The Council of Europe in 2007 held up the way that we are structured in the UK as the best type of model. We are very pleased with that. The other aspect is having access to what Europol provides. When the Europol Information System comes online, that will give us phenomenal results, because the vast majority of the issues we are dealing with in terms of serious organised crime are either at a global level or certainly start outside the borders of the United Kingdom. If we are not able to pick up the intelligence in that, then we are hamstringing ourselves to only being able to work within the UK and we need to work outside.

  Q70  Lord Marlesford: I can see how valuable this immense amount of information is. Does that mean that you will have realtime access shortly, for example, to the names of individuals which are on the Europol computer system?

  Mr Wainwright: We have realtime access to that now.

  Q71  Lord Marlesford: Would all the names on the British police computer be on the Europol system, so that other countries who want to check a name can check whether there is a Brit who is regarded as serious enough to have on the Police National Computer?

  Mr Wainwright: There is no direct connection between the Police National Computer and Europol's database.

  Q72  Lord Marlesford: What is the source of the names in the Europol database?

  Mr Wainwright: In the main they are drawn from the national police investigations of serious organised crime within the 27 Member States. It, therefore, in that sense, gives a more restricted view of criminality. The Police National Computer, and equivalents around Europe, is a much larger database and is connected around Europe, in the main, by a differently used system, the Schengen Information System in particular. In Europol, therefore, we have a different kind of database. It is smaller but it contains information about a higher level of criminality. In particular, it contains information that is of a higher level of sensitivity, because very often it is about major organised crime suspects connected to live police investigations, so the levels of confidentiality have to be much higher—which is why there is controlled secure access through a central point of contact in each Member State.

  Mr Hughes: Europol and Interpol are different in this regard. Interpol is very much a fact-based post office, in effect, for looking at data which has provenance and records back in the home countries. Europol is much more intelligence-based. The Analytical Work Files that we have referred to are the database for operations that are ongoing. That is where sensitive information is stored. That will be built up by relevant countries, Member States, giving that information. There are very strict controls on how that information is held and who has access to it. One of the benefits that we have of Europol at the moment is that it provides the only restricted level, in terms of confidential information to be shared, around Europe between law enforcement agencies that exist. We have that in the United Kingdom but the only way we can communicate with other countries' law enforcements is through what Europol does in that regard. So we have access to very high quality intelligence about actual operations. A database which just gives a summary of all those who are known or wanted is on the PNC, and, as Rob has said, in due course, when the United Kingdom signs up to Schengen, there will be a sharing of information. When countries indicate that a UK national has committed crimes abroad, that information is then put through on to the PNC by us, but there is no direct linkage in terms of being able to do that between the PNC and the European databases at the moment.

  Q73  Lord Marlesford: When that happens, obviously there will be a big step forward, because there has been a lot of criticism recently about people who are found, foreign nationals, for example, employed at Heathrow who have criminal records, a fact unknown to the people employing them in the UK. Will that be something which the linkage will deal with in the future?

  Mr Hughes: It should be. The CRB as well will be able to link into that information and intelligence again. This is where we have a disconnect at the moment.

  Q74  Chairman: Mr Hughes, you said when the UK signs up to Schengen. There will be some people in this building who would rather say "if the UK ever signs up to Schengen" being an island. But I will leave that point.

  Mr Hughes: That is more practical than political, My Lord Chairman.

  Q75  Chairman: We are talking about data and I want to intersperse another point here. You say in paragraph 8 of your paper, "Due to EU data protection requirements limiting the extent to which Europol can exchange personal data with third parties ... " and, then, in paragraph 9, "significant issues around data protection would need to be overcome first." You have talked to us about the structure of data information but I think we must ask you about the effect of it. How serious is the limitation created by EU data protection requirements on to the effective work of Europol? How are you proposing to "overcome" it? Then, over the page, at paragraph 12, you say, "Technical difficulties currently restrict the extent to which the UK contributes and retrieves data from the system." Is that the same technical difficulties you have referred to in paragraphs 8 and 9? Perhaps you could tell us how you would like to see changes made so that a more effective use can be made of the relevant data.

  Mr Hughes: My Lord Chairman, taking paragraph 12 first, if I may, this is a technical issue on the basis that at the moment we do not have an automated data transfer system in SOCA in order to do this. We will have it very soon as part of our IT change-out, so that when that comes on stream—hopefully within the next year or two—we will be able to update on to the EIS very quickly. That is a technical issue. On the other two, I would ask Rob to go through the particular issues. Of course, you will be well aware of the constitutional issues for different countries, so, to an extent, what happens at Europol is that to take account of that you end up with not the lowest common denominator but you go to the most severe level of confidentiality.

  Mr Wainwright: We do not wish to imply in either our written or spoken evidence that we are dissatisfied with current data protection safeguards that operate in the EU. Indeed, we welcome data protection. Of course it is a very, very important part of police work. We recognise that both domestically, in the work that SOCA does, and in our international collaboration, but, as Bill says, to a certain extent they impose—rightly, in my view—certain restrictions in the way that we can operate. In the particular example that is quoted in paragraph 8, I am referring to the co-operation agreements that Europol has made with third countries. It is a statutory requirement in Europol that it may only exchange personal data (that is, the most sensitive of its data holdings) with those partners where it has concluded agreement that is consistent with the data protection principles and requirements of EU legislation. The data protection standards in the EU by world standards are very high, and we have found, therefore, that it is not always possible to find similar levels of data protection standards in other countries. That is why Europol has not been in a position, for statutory reasons, to conclude agreements with some countries, at least, outside Europe. In relation to the extent to which that inhibits police-to-police co-operation, I guess it does, but there is a balance always between allowing police officers the most open playing field perhaps in which to conduct their inquiries and the very important need for data protection and safeguards. I think the current arrangements in the Europol Convention are about right. They certainly do not reflect EU values and requirements in the main and we are not seeking to change them.

  Q76  Baroness Garden of Frognal: We have observed that there seem to be differences of interpretation in terms such as "intelligence", "personal data", "information", terrorism", "organised crime", "serious crime" and so on. Could you comment on this apparent lack of clarity in definition and say what the implications are for the work of Europol and for national member agencies?

  Mr Hughes: This is not just limited to Europe, of course. It is also the case that in any other mix of law enforcement agencies you will have different terms. Part of the arrangements we will be doing to answer the question just now about partnership is to set protocols and SLAs with our partners as to what we mean by this and what we are going to do about it, et cetera. Whenever we set up a bilateral with another country in Europe or elsewhere, that is part of our first operation. On the specific issues around personal data, there are definitions in the Europol Convention which pick up on the contents of what will be put in the information system and how they are put in there, in both Article 8 and Article 10, and that also includes witnesses, potential witnesses, and other people as well. So there are references to personal data. Organised crime does not always carry any definition. In many countries, their definition of organised crime can be different. One of the things when we set up SOCA and you will have noticed from the SOCPA legislation, the Serious Organised Crime and Police Act 2005, is that we make no definition of "serious" or "organised" in there because it is not a term that is recognised within UK law as such, it is more a practice within a type of criminality. We are looking at organised criminals who engage in very serious levels of crime where there is an organisational aspect to what they are doing. It is that type of approach. If you were to try to define that too tightly it would restrict our ability to be able to support partners; for example, when we assisted Suffolk when they were dealing with the murders of the five women in Suffolk. That was not an organised crime but it was certainly serious crime. We try not to get into definitions like that, or one is constrained. But, then, you may find when you operate across Europe that certain types of criminality which are defined in countries as organised may not even be a crime as far as other countries are concerned.

  Mr Wainwright: In my view, it is not a serious handicap. The terms "intelligence" and information", for example, and even "personal data", are used interchangeably. There is always the language, of course. In some European languages there is not a term at all for "intelligence" I think. So these are used interchangeably but they have become such a natural part of the policing lexicon in Europe that all practitioners understand what we mean when we may use these interchangeable terms. Although there is a danger perhaps, particularly with regards to some of the more precise legal definitions of these terms, my experience is that this is not a serious issue.

  Q77  Lord Marlesford: My recollection is there is a fairly recent definition of legislation which requires the reporting by professionals of any suspicions of tax avoidance or evasion and so on, which, as one reads in the press, has resulted in thousands or hundreds of thousands of reports to your organisation. Is that correct?

  Mr Hughes: Are you talking about suspicious activity reports?

  Q78  Lord Marlesford: Yes.

  Mr Hughes: That is a different issue. The suspicious activity reports are a requirement of the Proceeds of Crime Act to deal with money laundering and asset hiding. If banks, financial institutions, estate agents, lawyers, anybody who engages in transactions of large amounts of cash, high-value traders (who are defined as people who would sell high-value motor vehicles and things like this) consider that the transaction or the person or the individual or the cash itself is perhaps concerned in crime and therefore they have suspicions, they are required by law to report it to what was NCIS before and is now SOCA, and that forms the suspicious activity reports regime. That is held on a separate database that we have access to, and it is used and available to all police forces in the UK and to our partners in the HMRC and Border Agency. It is a very useful database in order to very quickly identify fraudulent activity. We have been doing work around data mining of the database, and we now have one million records on that database. It enables us to identify, for example, very quickly, criminal networks involved in the laundering of money, and the MTIC fraudsters, the so-called carousel VAT fraudsters, become quite apparent. We still require more transactions and more suspicious activity reports to be reported to us, however, because there are parts of the industry that are not doing so and they need to be aware that there is an imprisonment penalty if they fail to do so.

  Q79  Lord Hodgson of Astley Abbotts: In my life outside the House I was formerly responsible for reporting circumstances to NCIS and SOCA on the part of a building society. It seemed to me that three-quarters of what we sent you was completely useless and would end up nowhere but in the wastepaper basket or blocking up somebody's filing cabinet or somebody's computer. Would you not agree that there would be a serious case for a de minimis limit of, say, £500?

  Mr Hughes: Just before SOCA started, the Chairman now of SOCA, Sir Stephen Lander, was asked by the then Chancellor of the Exchequer and the Home Secretary to carry out a review of the suspicious activity report regime, as you are probably aware. As a result of that, he made quite a few recommendations as to how it could be improved. All of those recommendations were accepted and we have addressed all of those. We had quite a few complaints, as you will be aware. A lot of people sent a report in, which then disappeared into what they saw as some sort of Bermuda Triangle and never emerged again. This happens. I am sure other people around this table will be well aware that this is a complaint that is often made: "We report things to the police and we never hear any more about it." We have sought to bring into our agency what we call a vetting unit, people representing banks, financial institutions, other trading areas, who are then given the very sensitive details of what we have done with that information. As with all information, when you accumulate it, the power of the ability to analyse that is greater than the single report that comes in. As to a de minimis rule, that is perhaps not for me to comment upon. We have already had changes in the Proceeds of Crime Act which brought down the amount that you could carry or have about your person from, I think, £10,000 to £5,000. If you are carrying more than £5,000, you can have that money taken off you by a police officer if there are suspicious circumstances and you would then have to apply to a magistrates' court to get it back. There are already changes afoot, but it is a question of how far down you want to go in the de minimis rule.