An inspection of the National Crime Agency’s crime reduction (investigating offences relating to organised crime) function
- Back to publication
Print this document
This inspection looked at the non-specialist National Crime Agency (NCA or the agency) investigation teams based at branch offices across the UK. It adds to the findings of previous inspections of the NCA and other aspects of the serious and organised crime (SOC) system. Collectively, these will give a system-wide view of the UK law enforcement’s fight against SOC.
Alignment to threats
We found that the investigations command was focused on the national strategic threats and the priorities of the NCA Annual Plan 2020–2021. The processes at a local level to manage and direct the investigations and allocate resources were rigorous and effective.
The agency’s management of the highest priority cases and the difficult prioritisation of scarce, specialist resources are also effective.
Allocation of resources
The NCA is working towards the accreditation of all its investigators to the national standard used by police forces.
We found that the cases being developed by the intelligence command are focused on the SOC threats and are of an appropriate complexity for the NCA to investigate. There is insufficient capacity in the investigations command to meet the demand being developed by the intelligence command and the reactive demand (such as seizures at the border).
Capacity to tackle organised crime
We found that the investigators within the NCA work hard, showing resilience and flexibility, often in difficult conditions. We found a sense of purpose to target those causing most harm and to bring them to justice.
In relation to organisational learning, the agency has formal processes to make sure lessons are learned during investigations. These pockets of good practice need to be extended throughout the whole organisation.
We found that the processes for recording and reporting progress across multiple IT platforms were inefficient and often detracted from the management of operational work. Some of this is the result of legacy IT issues and some is due to a culture of excessive reporting. The agency struggles to resolve the IT issues due to the short-term and uncertain nature of its funding.
We found that the level and quality of equipment and access to investigative tools varies across the country. In some places it was inadequate. There needs to be consistent investment throughout the command to bring it up to the same standards as police forces.
We have made 13 recommendations for the NCA and the Home Office to improve how SOC is investigated and to increase value for money.
We make 13 recommendations, 2 of which are causes for concern.
Her Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) is an independent inspectorate. It is required by the Crime and Courts Act 2013 to inspect the NCA. Following an inspection, HMICFRS must report to the Home Secretary on the efficiency and effectiveness of the NCA.
This inspection, our eighth of the NCA, examines its crime reduction (investigations) function managed through its UK-wide branch network.
About the National Crime Agency
The NCA is the UK-wide crime fighting agency responsible for leading, supporting and co-ordinating the response to SOC. This includes human, weapons and drug trafficking, cybercrime and economic crime crossing regional, national and international borders, and child sexual abuse and exploitation (CSEA). It has more than 5,500 officers, 150 of whom are working in 50 countries worldwide.
The agency has two functions specified in statute:
- crime reduction; and
- criminal intelligence.
The focus of this inspection is on crime reduction, specifically investigating offences relating to SOC.
SOC is planned, co-ordinated and committed by criminals working together on a continuing basis. They are often motivated by financial gain and their crimes are characterised by violence, or the threat of violence. The NCA assesses the threat from and effect of SOC, including border security, and reports on it in the National Strategic Assessment.
The NCA can investigate any crime. However, it generally targets the highest levels of SOC, and the organised crime groups involved in such offences. The current National Strategic Assessment highlights (among other crime types):
- exploitation of the vulnerable (child sexual abuse, modern slavery and immigration crime);
- communities and violence (drugs, firearms and organised acquisitive crime); and
- harm to the UK’s economy and institutions (cyber and economic crime).
The NCA has a strategic role to analyse how criminals operate across the UK, and how they can be disrupted. It works closely with a range of organisations including:
- the wider criminal justice and law enforcement systems that deal directly with SOC;
- the UK intelligence community;
- government departments;
- overseas law enforcement agencies;
- private and non-profit organisations; and
- regulatory and professional bodies.
Investigating serious or organised crime
The NCA has a duty to:
- prevent and detect organised crime and serious crime;
- investigate SOC offences;
- direct others to carry out investigations;
- co-ordinate activity to combat SOC; and
- seek to get other parties in the SOC system to co-operate to combat SOC.
There is nothing in legislation to determine what the NCA investigates, but the director general makes that decision.
Terms of reference
We consulted the Director General of the NCA and representatives from the Home Office when creating the terms of reference for this inspection.
Our terms of reference were to consider how well the NCA investigates SOC (not including terrorism) and at what cost. This included how the investigations command contributes to tackling the various threats from SOC, as set out in the National Strategic Assessment and the NCA Annual Plan. We considered the investigative process, from the time the investigation is assigned, to the point of outcome; how the NCA sets investigative objectives; how it reviews progress against those objectives; and how it assesses the outcomes of investigations.
We sought to answer the following question:
How effective and efficient is the NCA in carrying out its crime reduction (investigation) function?
In this report we will explore the following:
- Are the investigations at branch level aligned to the threats in the NCA Annual Plan?
- Are resources allocated effectively according to the threats identified in the National Strategic Assessment?
- How does the NCA’s investigative capacity contribute to disrupting organised crime?
We have assessed the UK response to SOC over the last 18 months through PEEL reports of specific forces, the NCA relationship with ROCUs and the separate ROCU inspection. We have also inspected the intelligence function of the agency. The findings from this earlier work helped inform what we examined during our fieldwork for this inspection.
COVID-19 has influenced how we conducted this inspection but, using technology, we have undertaken fieldwork in NCA branches across England, Wales, Scotland and Northern Ireland. We visited, virtually, those in the North West, North East, South West, West Midlands and Yorkshire, as well as in Scotland and Northern Ireland. In each place, we ran three focus groups with NCA staff and interviewed senior managers. In addition, we conducted reality testing visits in person to two branch offices and received confidential briefings and attended strategic meetings at NCA headquarters.
Pre-inspection planning took place between March and October 2020 and the fieldwork took place in November 2020.
We reviewed NCA documents before and during the fieldwork, including:
- the NCA’s annual report 2020-2021;
- the National Strategic Assessment of Serious and Organised Crime 2020;
- the 2018 Serious and Organised Crime Strategy; and
- other documents relating to NCA investigations and operating procedures.
We also considered presentations given by NCA SIOs for several current investigations.
Finally, we interviewed the deputy directors and the director of the investigations command.
Alignment of investigations to the threats in the NCA Annual Plan
This section covers:
- governance; how the NCA makes sure it investigates the right cases and does it well;
- tasking and how the NCA prioritises its targeting of organised criminals; and
- how demand in the NCA is understood and managed.
The NCA leads the national process for tasking investigations to the most appropriate law enforcement agency. This inspection did not explore the full extent of the tasking process but considered it in the context of prioritising investigations within the NCA.
Investigative objectives are monitored at the QARs, which are run by the branch commanders. This process looks at all aspects of the investigation and includes a review of the original and current objectives. A representative of the tasking team attends this process. We found that objectives set at the point of tasking are generally very broad and heavily focused on criminal justice outcomes and intelligence development. Consideration of alternative outcomes such as ancillary orders or other ways of disrupting criminals by working with partner agencies, tends to come from the QAR discussions.
We found no deviation from the objectives set by the tasking process. Investigators understood what direction the investigation should take. This control over investigations meant that investigators knew what threat types were important to the agency.
There is a good process for managing the highest priority cases across the agency. The weekly command update (WCU) meeting determines the relative prioritisation of the top 25 high-priority cases. This process is also known as the Grid. The role this process plays in allocating resources will be discussed in more detail below.
The NCA, along with all law enforcement, has finite investigative resources and must prioritise its work according to the national threats.
We found that the tasking process, managed by the intelligence directorate, controls the workload of the investigations command. It is effective at ensuring the workload is focused on the national threats. It sets clear investigative objectives at the point of allocation and there are good processes for monitoring progress against those objectives. If new information comes to light during the investigation that changes those objectives, the team must be updated.
The WCU determines how people, specialist support and equipment are allocated to individual cases. We found that the WCU effectively focuses investigations and the work of specialist departments on the highest priority cases.
It is important but difficult for the agency to understand its demand. The process must have the most current and accurate data to prioritise competing demands for limited resources.
The WCU (Grid) process gives the agency a clear understanding of the demand created by the highest priority investigations.
The investigations command manages around 1,200 investigations at any one time. Individual branch commanders have daily, weekly and monthly meetings to understand demand. This picture is further enhanced through the QAR process, which is a rigorous review of each case. We found these elements of the process effective.
There are multiple systems for recording work, ATLAS (case management), APMIS (activity and outcomes) and local processes such as spreadsheets and investigation decisions. There is no efficient way of interrogating these systems to get an accurate picture of overall demand.
We found that beyond the high-priority cases, the picture of the agency-wide demand in investigations is less clear. There is a process called ‘branch loading’ which records the number of cases held by each branch. This only gives an estimate of how much work each branch has. We found that it does not differentiate cases by complexity, or the number of people and amount of time needed to investigate them. Work is allocated based on this process but often must be reallocated after discussions at a senior level about the true capacity within branches. The process for ensuring individuals and teams are not overloaded by the tasking team is inefficient.
Allocation of resources
This section covers:
- the training of staff involved in investigations;
- the purpose and role of the NCA investigations command; and
- accountability of intelligence development cases.
Appropriately trained staff
In its Annual Plan 2020–2021, the NCA states it must “…lead the cross-system response to SOC” targeting those who cause the most harm. In order to lead an SOC system that involves all law enforcement partners, the NCA must have the professional credibility to withstand challenges from the criminal justice system. It is important that the NCA trains and accredits its staff to the highest level.
The NCA has adopted the national standard professionalising investigation programme (PIP), that is mandated for police forces in England and Wales. The agency is working towards training all their investigators to PIP level 2, equivalent to a detective in a police force. There are 1,019 PIP level 2 accredited investigators (excluding supervisors) in the agency. The investigations command has trained 437 of its 623 investigators. The trainee investigator programme now trains all new recruits to this standard.
The national standard for SIOs is to be accredited to PIP level 3. There are two stages in the process of accreditation: the SIO course; and the practical application of this knowledge in an SIO role that is recorded in a personal portfolio. The College of Policing oversees both stages. The accreditation is important to show credibility as a witness in court, inquest or public inquiry. It also formally maintains a consistent high standard across law enforcement.
NCA policy states that all its SIOs will be accredited to PIP level 3. But the agency is far from achieving this. Of the 85 SIO roles currently in the investigations command, only a handful are accredited to PIP level 3, but 36 have the precursor qualification, PIP level 2 (manager). The agency is working closely with the College of Policing to be licensed to achieve its own accredited training or use some capacity within the Metropolitan Police Service. The NCA has several experienced SIOs who are operationally competent in their role but are not accredited to PIP level 3. So the NCA could be vulnerable to an attack on its credibility in a criminal justice process.
We found an additional obstacle to achieving PIP level 3 accreditation where individuals had not completed a PIP 2 managers’ course. As a result, we found examples of people feeling isolated and overwhelmed in a role they felt unqualified for.
The NCA finds it difficult to recruit staff into investigation roles and suffers lengthy delays in both the recruitment and training processes. It struggles to compete with other law enforcement bodies because of pay and conditions. The agency finds it more difficult to give the variety of experience to its recruits that nationally recognised standards require. For example, we found investigators who had never taken an investigation to court as the lead officer; or who had only dealt with one type of investigation. There are geographic differences and in the South East of England, where the agency finds it harder to recruit, there is also higher demand.
The NCA does not have an IT solution to enable people to identify appropriately skilled or trained staff for a particular purpose. Branches keep spreadsheet records of their own staff but there is no way of searching across the whole organisation. We recommend a single searchable IT system to ensure people with the right skills can be found easily.
By 31 August 2021, the NCA should make sure that the skills and availability of staff are accessible and searchable.
Purpose and role of the NCA investigations command
We found that the NCA was effective at leading the fight against SOC. Some of its workload could be undertaken by other organisations such as ROCUs.
The agency has two statutory functions: criminal intelligence and crime reduction. In relation to intelligence it has the role of managing “information relevant to … activities to combat organised or serious crime”. This is a role undertaken mainly through the intelligence and threat leadership commands. They bring together the knowledge from all law enforcement and produce the National Strategic Assessment. There has been significant investment in people, analysis and IT systems within the criminal intelligence function to improve the understanding of the SOC threats. This has resulted in many well-developed intelligence cases ready to be investigated.
The role of the NCA in investigating SOC is less clear and has not had the same level of recent investment in people or systems. The Crime and Courts Act 2013 states that the NCA should investigate organised and serious crime; ensure it is investigated by other law enforcement partners; and improve co-ordination and co-operation with and between those partners. This is a wide definition of responsibilities in relation to investigations and the definition does not set out which organisations should do what. The effect of this is that the agency investigates a wide range of cases from relatively straightforward border seizures to investigations crossing county and national borders. Except for international investigations, the nature of some of the work undertaken by the NCA was like that of ROCUs and SOC teams in forces, albeit the scale of NCA investigations was often greater.
There are several legacy responsibilities such as border seizures and some high‑profile specialist and historic investigations that use a lot of investigator time and take away from current high-priority investigations. Neither of these types of investigation require the unique skills held by the NCA.
The agency also generates its own investigations. These are generally referred to as intelligence development cases. We found the quality of these to be good. The agency must also react to spontaneous events. An example of this is seizures of illegal commodities at the border by Border Force. Investigation teams are balancing the proactive demand with the reactive demand and often re-prioritise locally in order to accommodate both.
Border seizures do sometimes lead to proactive investigations to find the source of, or intended recipient of, the goods seized. But the process of investigating the seizure itself rarely uses the specialist proactive skills and resources of the wider agency. Reactive border referrals account for nearly 40 percent of the NCA’s pre-charge cases.
We found that the cases in the intelligence development pipeline are focused on the SOC threats and are of an appropriate complexity for the NCA to investigate. These proactive cases need the specialist skills and tactics of the agency. We found that most of the border referrals had little or no opportunity to target people at the top of organised crime groups and could be dealt with by a ROCU or by local policing.
By 30 November 2021, the NCA, in consultation with ROCUs, forces and the Home Office, should consider if the NCA should manage the reactive demand generated by seizures at the border.
We found that there were not enough investigators to deal with all the work generated by the intelligence command. So these intelligence development cases are being retained by the intelligence team too long as there is no one available to investigate them.
 Crime and Courts Act 2013 para 1 (5) (a).
Accountability for intelligence development cases
The NCA reviews intelligence development cases and, where it is likely that it will become an investigation, the agency nominates an SIO to smooth the handover. This is referred to in the agency as a linked SIO. It is intended to make sure that an SIO is aware of the case and could be ready to receive a handover at short notice, if needed. It also provides an opportunity for the SIO to make sure evidence is secured. This is particularly relevant in fast-moving cases with immediate risk to people’s lives. The approach has merit, but we found examples where the process was being abused. We found no policy for the linked SIO approach and its use is not consistent.
We found that the linked SIO was used to sanction the use of investigative techniques on long-running development cases that would otherwise not be permitted. In these circumstances, a linked SIO is unlikely to have a full understanding of the case. Therefore, any decisions to deploy investigative tactics may be flawed. We found one SIO supervising 16 ‘linked’ intelligence development cases as well as their investigative caseload. Another example was an SIO in the south of England being a linked SIO for a case in Liverpool, with only a phone call to familiarise themselves with the details of the case. This is blurring lines of accountability and could cause the individual and the agency problems if there are questions as to who was responsible for what decision.
We did find support among SIOs for their early involvement in intelligence development cases, to make sure evidence is secured and criminal justice outcomes considered. There should be a clear policy as to how and when the linked SIO is used and where responsibility for decision making lies.
By 31 May 2021, the NCA should publish a policy for the use of linked SIOs as a way of ensuring smooth and timely handovers between intelligence and investigations. The practice of shifting decision making responsibility from intelligence to investigations before a formal handover must stop.
NCA investigative capacity to tackle organised crime
This section covers:
- professionalism in the investigations command;
- organisational learning throughout the NCA;
- co-location with ROCUs and other organisations;
- information technology and other equipment; and
There was a huge sense of collective responsibility and loyalty at branch level. People work long hours in support of their colleagues.
As an organisation, the NCA adapts well to new threats. Operation Venetic, the agency’s response to the criminal use of an encrypted phone service, is a good example of the NCA adapting to, and leading the UK response to, a new threat.
Case study: Operation Venetic
Operation Venetic is the UK’s response to intelligence generated when law enforcement uncovered an encrypted phone service, EncroChat. This came from the NCA’s collaboration with international law enforcement bodies, notably in France and the Netherlands. EncroChat is a criminally dedicated secure communications (CDSC) platform and there were around 10,000 users of the service in the UK.
The NCA showed that with a sudden increase in demand it could adapt its own resources and co-ordinate the activity of wider law enforcement to a achieve a common goal. This was all in the context of the COVID-19 global pandemic.
It prioritised workload according to risk and any threats to life were managed by a dedicated team within the NCA.
Organisations that share learning reduce the number of repetitive errors and also become more efficient as good practice is spread throughout. Learning comes from formal processes; training and continuous professional development (CPD); and informal sharing of experiences.
We found that the quality and consistency of the organisational learning varied across the command. Where an investigation had the scrutiny of the WCU, a formal debrief happened at the end of the operation. This was often in partnership with the Crown Prosecution Service (CPS) and any learning was shared with the OSCAU, which updates an intranet page and informs the relevant threat lead. This is good practice. This form of learning, by its nature, has a delay between the learning and the sharing of that learning, as cases can take months or years to conclude.
Learning in other situations is less consistent. Every NCA investigation has a QAR to make sure the investigation is working towards its objectives. In some cases, the chair asks the SIO to update any lessons learned and refers this learning to the OSCAU for wider organisational learning. We see this as effective use of the QAR process, but it should be more consistently applied across the agency.
Informal learning outside these processes is entirely down to the regional leadership and very rarely crosses between regions. There should be a process and encouragement to share all organisational learning.
By 31 May 2021, the NCA should ensure that organisational learning is added to every QAR, is considered whenever a case is closed, and sent to the OSCAU.
We have previously commented that branch offices co-located with ROCUs, and other agencies, have a better understanding of the SOC threat in their area and work in a more integrated way.
The organised crime partnership (OCP) in Scotland, co-located on the Scottish Crime Campus in Gartcosh, is a good example of a joint venture between the NCA and Police Scotland. The unit is staffed with both NCA and Police Scotland officers and is fully integrated into the local and national tasking process. They have shared objectives and a common purpose.
There is a similar unit in London run jointly with the Metropolitan Police Service and, although the operation of the units was not a specific focus of this inspection, we found they worked well and should be considered as good practice.
This inspection found that co-location was still good practice for better integrated working and that the OCP took this another step and further improved how the NCA works with other organisations locally to tackle organised crime.
Technology provides the opportunity for organisations to increase efficiency in how they operate. IT can make working practices and processes seamless and automated; and it reduces the need for people to waste time travelling. The convenience of accessible IT must be balanced with the need for information security to protect personal data and confidential material. Leaks of such material in a law enforcement agency could put lives at risk and undermine public confidence in that agency. We found the NCA’s system protects its most sensitive information well.
There are two main IT issues affecting how effectively and efficiently the agency operates; automation and the security of the platform.
The agency has numerous long-term projects to improve its IT system and mitigate some of the problems with ageing technology. The agency finds it difficult to plan and implement complex projects such as IT improvements due to the lack of long-term capital funding.
By 30 November 2021, the Home Office should make it clear how much money the NCA will have for the next three years to allow for future business planning and investment in longer-term projects.
The NCA’s IT system runs on a single platform regardless of the data sensitivity of the activity. This means everything operates at the highest level of security. Some of the consequences of this are:
- investigators do not have access to mainstream computer software for collaboration;
- there is no direct and fast access to the internet to view material potentially relevant to the investigation; and
- painfully slow upload and download speeds for the numerous documents to scan on to the case management system (ATLAS).
All of this is slow and inefficient.
ATLAS is a standalone case management system which, according to policy, should be used for all case management. The system is constantly improving and there is a working group for users to help with its development. By the time an investigation is allocated it will usually have been developed by intelligence.
At the point of handover, the investigator will have to manually input all the data on to ATLAS. This includes subject details, locations and evidence. None of it is transferred from the intelligence system automatically.
The restrictions created by the high security of the platform means that it is not possible to develop an interface with the CPS, so all case files larger than 10MB are downloaded on to disks and driven directly to the CPS. We found examples of discs being driven hundreds of miles, costing time and money. This is not a good use of resources.
The lack of automation means time taken to manually input data and update multiple systems with the same information is time taken away from investigating crime. This applies to the case management system and APMIS, the NCA’s performance management system.
With immediate effect, the NCA should prioritise IT investment that increases the automation of data transfer between systems to save staff time inputting information manually.
The delay in handing over cases between intelligence and investigations (as discussed above) means the amount of information and evidence that needs to be input and uploaded on to ATLAS can be significant. We found examples where this involved dozens or, in exceptional cases, thousands, of items being uploaded. This means that investigators spend time inputting information and uploading documents to ATLAS, delaying the progress of the investigation. The use of a manual process at this stage also increases the risk of evidence being lost or missed off disclosure schedules. This would contravene the requirements of the Criminal Procedure and Investigations Act (CPIA) and potentially undermine prosecutions. We did not find any evidence that this has happened, and it is a risk the agency has identified and is working to mitigate.
With immediate effect, the NCA should mandate the use of the Magnet ATLAS case management system for intelligence development, thereby reducing the manual inputting of information at the point of handover to investigations.
The NCA has an agreement with an external supplier to provide forensic examination of devices seized during investigations. While the service provider can respond to priority requests, it is not capable of meeting all the needs of the NCA during the immediate response to incidents. The capability gap is in the ability to forensically examine devices while individuals are in custody. The NCA has limited technical equipment for the initial assessment and examination of digital devices. The availability of this equipment and people trained and available to use it varies across the command.
We found examples of NCA staff using the digital forensic capability of police forces. This was because of delays in accessing the NCA’s own equipment or outsourced digital forensic providers. There is a particular need for prompt forensic examination of devices when people are arrested sincethe digital evidence is needed to charge and remand them in custody. Without this digital evidence, suspects were released under investigation, and we found examples of people absconding abroad.
The NCA needs to review the digital forensic analysis arrangements. This should include greater investment in mobile digital forensic technology. And it should make sure its suppliers are performing to expectations.
By 31 August 2021, the NCA should review its digital forensic capability to make sure it meets the needs of the organisation.
Surveillance and other equipment
The quality of the equipment available to surveillance officers has not kept pace with that available to ROCUs or police forces. The NCA is dealing with the most sophisticated criminals in the UK and abroad and yet there are examples of vehicles barely used because they are equipped with out-of-date camera and recording equipment. We heard of several examples of officers using their own mobile phones to capture subject images to pass to colleagues in the field. This is unacceptable and must be addressed.
Cause for concern: recommendation 10
With immediate effect, the NCA should make sure that the practice of using personal mobile phones to obtain evidence and to communicate during covert operations should stop.
By 31 May 2021, the NCA should consider investment to update surveillance equipment to make sure officers have the quality of equipment needed to tackle the most sophisticated criminals.
Radios were another issue for officers. The radios used by police forces are assigned to frontline officers and can be tracked by the force control room, which can see where everyone is at any one time. The NCA does not have this facility. Radios are not issued to individuals as a matter of course, but officers can access team radios and should log on to them, making them identifiable.
We found there were occasions when officers attending warrants or dealing with offenders did not have a radio or had not logged on to their radio. This leaves officers at risk if an emergency response is needed. We were given accounts of officers using the ‘999’ system to get assistance in volatile situations.
Cause for concern: recommendation 12
With immediate effect, the NCA must make sure all officers have access to a radio during operations or when dealing with suspects, and that they have the knowledge and confidence to log on to them correctly. Consideration should be given to making radios personal issue to officers on the front line.
Our inspection of the NCA’s relationship with the ROCUs, which we published in November 2020, reported that the NCA control room does not have the technology to know where its staff are. Control room staff must phone round each branch, as the radio system and the duty management system do not provide a reliable picture of who is deployed where. Our recommendation was that the “control room has an effective duty management system so that it can monitor the location and duties of its resources”.
Internal reporting and accountability
The NCA is responsible for understanding the threat of SOC across the UK. The director general is personally accountable “to the Home Secretary for the discharge of the NCA’s functions in accordance with the strategic priorities”. Quality assuring and reporting on risk is therefore important. We found the agency has daily and weekly processes for informing senior leaders about new and continuing operational activity and associated risk. These processes provide detailed tactical information to give reassurance that work is focused on the strategic priorities of the organisation. We found that these daily and weekly processes were too onerous on officers and SIOs and were an unhelpful distraction from progressing investigations.
We believe the balance between accountability and the activity of investigations needs further examination to make sure the level of reporting is necessary and justified.
The numbers of people involved in requesting or providing progress updates is significant. This is compounded by the manual nature of the reporting process. We found examples of SIOs having to report daily and weekly progress on cases to local managers as well as providing written updates for the formal WCU. They also provide bespoke reporting for other departments involved in the investigation. In addition, similar information documenting the progress of investigations must be input into the performance monitoring system, APMIS.
We found the most important monitoring process to be the QAR held in branches on a quarterly basis. We found this to be the right tool for monitoring and supervising ‘live’ investigations. The other reporting mechanisms were bureaucratic and did not help the organisation meet its strategic objectives.
The NCA writes to the Home Secretary every week detailing all operational updates on high-priority investigations and those just below this threshold. Following the WCU there is a quality assurance process to produce the letter. This letter is in addition to weekly or twice-weekly briefings between the director general and the Home Secretary, also covering operational, tactical and strategic updates. The Crime and Courts Act does not stipulate the level of reporting by the director general to the Home Secretary. But the framework document for the NCA (May 2015) does state the director general must “provide information to the Home Secretary, if requested, about any aspect of the NCA’s undertakings”. It is perfectly reasonable for the Home Secretary to take a detailed interest in NCA operations. But we are concerned that the level of scrutiny by the Home Office, and the detail required for the director general to brief the Home Secretary, have had an influence on the bureaucratic reporting that sits below them.
We found that everyone within the command chain is expected to, or feels pressure to, have a detailed knowledge of individual cases. This is contributing to the amount of time spent reporting on progress. We believe there needs to be a cultural shift in the way the NCA is held accountable and manages its internal reporting processes. Unintended consequences of a culture of excessive reporting are that people feel undervalued, confidence falls, motivation reduces and opportunities to improve are not taken.
This thirst for detail by senior managers in the NCA and Home Office drives a culture that requires too much reporting, too frequently, with too much detail involving too many people, and taking too much time. This should not be allowed to continue.
The NCA needs to simplify its reporting processes and to develop automated processes (that need keying in just once) that perform a primary purpose of managing the investigation. An operational diary (currently completed separately on Excel or Word) within APMIS or ATLAS could be used for all these purposes and would be more efficient.
By 31 August 2021, the director general, with the Home Office, should review its reporting mechanisms and make sure the time spent updating and reporting on investigations is necessary and proportionate.
 Revised framework document for the National Crime Agency, NCA, May 2015, para 4.2(e).
 As above, para 4.2 (f).
In the last ten years, law enforcement in the UK has changed its approach to the identification of and responsibility for risk due to vulnerability. Previously, it was the responsibility of dedicated teams to deal with certain types of risk such as child protection or domestic abuse. The problem with this approach was that, if people were not identifying risk and crimes on the front line, crimes went unreported, victims were let down and offenders escaped justice. The emphasis has shifted from dedicated teams responsible for identifying risks and vulnerable individuals to it being everyone’s responsibility.
The NCA manages many investigations that carry significant risk. This could involve risk to:
- users of an illegal commodity (drugs, firearms or people);
- people involved in the process of distribution, whether willing or forced;
- rival groups; or
- members of the public with no link to the activity.
It is therefore important that the agency recognises these risks and responds to them appropriately.
We found that, in general, the agency identifies and manages these risks involving vulnerable individuals well. We found that if a risk of vulnerability is identified at the point of tasking, the case would either be investigated by a designated team with appropriate training, or the investigator would be assigned an adviser with specialist knowledge. We saw good examples where the agency assigned cases involving children or possible slavery to an adviser with those skills.
We explored the knowledge and understanding within the wider command of several investigative tools and functions. These included: safeguarding vulnerable people; management of victims and witnesses; LOM; suspect welfare; and organisational learning. We found that the knowledge of these roles and responsibilities was not well understood.
The agency has successfully created small dedicated teams with genuine expertise and passion for their subject, whose responsibility seems to stretch agency-wide. We are not critical of this strategy, but it seems that the understanding of risk by investigators is generally poor. There is an assumption by many investigators that managing vulnerability is not part of their role.
We found that once a child or adult is identified as vulnerable, the designated teams have good networks to support the investigator. The NCA has employed specialist social workers within the child exploitation and online protection command (CEOP) and these experts are available for other investigators to use if required. Most of this capacity is currently taken by Operation Stovewood and we found little knowledge of this function.
These small dedicated teams need help to increase their profile throughout the organisation, making it clear what their role is to investigators. If risks only become visible during the investigation, and information about them was not available at the time of tasking, we have concerns that these risks may go undetected. We believe that the agency needs to increase investigators’ understanding of vulnerability, so they can identify risks and know when to involve the dedicated teams.
 HMICFRS defines vulnerable people as “People less able to help themselves in case of an emergency, for example people with mobility problems, people with mental health difficulties, and children.”
The NCA is a national law enforcement organisation operating in a complex environment across local, regional and national boundaries.
We found that the NCA is meeting its statutory obligation to provide a crime reduction (investigations) function. It has resources and systems in place to effectively manage investigations. We found evidence of good practice. For example, organisational learning debriefs undertaken jointly with partner organisations such as the CPS.
But there are areas for concern and opportunities for improvement. For example, the NCA’s staff use their own equipment for capturing and distributing evidence; and staff are potentially left without radio communication in conflict situations.
We found that there is more demand within both the intelligence development pipeline and from other investigations such as border seizures than the investigations command can deal with. This leads to shifts in priority based on resource and not based on objective assessment of risk and opportunity.
The NCA, in collaboration with the Home Office and other interested parties, must decide its investigative role and purpose and agree where to allocate demand that doesn’t require its specialist skills.
The agency understands the risks associated with its IT systems but – without the certainty of long-term capital funding – it cannot invest sufficiently in improving. There are some immediate recommendations to improve efficiency – such as the use of the case management system during intelligence development. But only comprehensive investment in IT will resolve the issues for the future.
The agency has good, hard-working investigators. Their experience and knowledge varies and the levels of nationally recognised accreditation are still low. There is a commitment to the accreditation process but the speed at which SIOs are achieving PIP 3 accreditation, and how the agency then deploys them, needs improvement.
The NCA needs to reflect on the way its internal reporting mechanisms work. Making these more streamlined and less bureaucratic – with greater focus on achieving strategic objectives – will create capacity in the investigations command.
We have made 13 recommendations to improve the efficiency and effectiveness of the NCA’s crime reduction (investigations) function.