Investigating the limitations of the UK’s fraud strategy.
We sit down with the financial crime trainer and apprenticeship coach to discuss why he left the police force, how criminal investigations have changed over time, the importance of education and accountability in an anti-fraud strategy, and why he would never become a KYC specialist.
Paul Stratton has always wanted to be a police officer. In fact, during a recent house clean-up, his wife discovered a childhood picture of Paul and his brother dressed up as characters from ‘Chips’ (an 80’s TV show about two motorcycle officers from the California Highway Patrol).
However, after 22 years of working for Merseyside Police, including almost four years in the Fraud Unit, Paul knew he had to leave.
“It got to the point where I was struggling with the lack of team ethos and internal politics. Before moving to the Fraud Unit, I was investigating domestic abuse, violent crimes, and sexual offences, and was starting to feel like an Uber driver, where the next job would just pop up in my inbox. I just didn’t have time to follow up as much as I wanted to with the people I had helped and that always bothered me.
“Victim care is something that the police talk a lot about and I think it’s just become a soundbite. I don’t think we are doing as well as we could with victim care in certain areas of policing, and it frustrated me to just follow up with phone calls.”
Little wonder then, that Paul left the police to pursue a career in fraud and financial crime training and raising awareness of the harm of fraud.
The importance of education, accountability, and tangible messaging in the battle against fraud was a recurring theme in our discussion, as Paul believes a lack of consistent education – to the public, to the police, and the wider public sector – is a significant issue in the UK’s fight against fraud attacks. These rates, Paul believes, will not go down until that education gap is filled.
Referring to the UK’s recently-released fraud strategy, Paul said:
“We can’t hold departments accountable because, besides the general aim to reduce fraud by 10% by 2025, there are no specific figures [that they wish to hit] or how they’re going to do it, and no one knows what they’re tangibly supposed to be doing. British Prime Minister Rishi Sunak set out his five priorities for 2023, and, like them or not, they are clear, so why aren’t we doing something similar with the UK’s fraud strategy?”
In this interview, we discuss everything from Paul’s skepticism regarding the strategy’s 400 promised new fraud officers, why he hates words like ‘scams’, ‘white collar crime’, and ‘money mules’, and why we’re still probably one or two generations away from fully recognizing the impact of social media and acting upon the dangers of online crime.
From detective at Merseyside Police to fraud specialist at Liverpool City Council, and currently, a full-time fraud apprenticeship coach and fraud and financial crime trainer, why the career change, and what are the main differences and similarities in roles, if any?
I spent 22 years with Merseyside Police, and never wanted to leave, in fact I still consider myself police, but I had to leave as I knew there had to be something better out there. Somewhere where a work/life balance is achievable.
I brought the same principles and work ethic into my role at Liverpool City Council. In fact, it was working at the Council where I learned the most about fraud, corruption, bribery, conflicts of interest, gifts and hospitality, social media, KYC, and all the other typical red flags you look out for in police investigations.
What did a typical day look like at Liverpool County Council?
I oversaw the Whistle Blowing process, reviewing, and allocating cases, and I was the lead investigator for all allegations of internal fraud and potential criminal activity. I was also part of the council’s effective Due Diligence Group and developed the council’s new Fighting Fraud & Corruption Together strategy.
In 2020-2021, Liverpool City Council received a lot of bad press due to claims of widespread corruption, which led to numerous police investigations and government intervention.
I started my role just after the controversy started, so a lot of my work was focused on trying to bring Liverpool City Council to a point where there was that awareness of fraud and best practices. So, I would work virtually every day on building and delivering educational and engaging training sessions.
We talk a lot about anti-fraud culture, and counter-fraud culture – that’s a phrase that’s bandied around. But anti-fraud culture is a difficult thing to achieve, as that would mean everybody knows about fraud, and how to prevent it and protect themselves from it.
What led you to leave the Council and launch your fraud and financial crime training and consultancy business?
It’s something I’ve always wanted to do. I am committed to providing quality training to delegates. Long gone are the days when trainers could just sit in front of a PowerPoint and talk for an hour. It must be immersive, with tasks, real-life examples, and problem-solving sessions. People want, need, and deserve more. This is especially true in the public sector, where there’s very little money to train people, so when a trainer does come in, it’s vital they deliver the best learning they can.
How have criminal investigations and intelligence operations changed in the two-plus decades since you began?
Since I started, back in 1998, it’s changed dramatically. For example, when I joined there was very little education on evidence-gathering at a scene, but now, with technology, recruits are even receiving Open-Source Intelligence (OSINT) and social media training.
Whether it’s over Facebook (which it inevitably is), or Instagram or Twitter, investigators need to know and understand how to secure digital evidence. That’s where a lot of the crime exists now. It’s not in person anymore – it’s online.
Would you say the perception of fraud has changed over the years?
Yes and no. When I started in the police, the Fraud Unit, which was called the Cheque and Fraud Wing, would only deal with cases of a certain amount; it had to be of high value for them to even become involved.
For example, £1 million in losses to a huge organization is a speed bump in relation to a single parent losing £500 in a month and being unable to pay the rent. You see this with romance frauds, where people lose everything.
I think the perception of fraud can be too rarefied; we think ‘fraud’, we think “white collar crime,” and it’s a phrase I can’t stand, because many equate “white collar crime” with a business crime.
The last suspect I ever interviewed before I left the police was a young lad involved in a gang that were dealing drugs and other types of criminal activities like selling fake Liverpool and Everton tickets. And they were doing all that through a bank account they’d created with the name of a vulnerable neighbor, and had done it horrifically easily at the time. There are increasing numbers of gangs moving into fraud and money laundering now.
What are your thoughts on the UK’s recently-released fraud strategy? Do you think it goes far enough, and is dedicating resources in the right place?
I think anything that looks at reducing fraud is a good thing. However, [in the strategy] there are a lot of new names for old teams, and reinventing the wheel somewhat, but that’s often law enforcement’s way. We go from priority to priority. You won’t have a burglary team for two years, but then you have a huge burglary problem, so you assemble a burglary squad and solve that problem, then move onto something else. Such is the lack of resources to specialize in everything at once.
One of the things that I’m skeptical about is the government’s pledge to get 400 new specialist investigators. I don’t think these can be existing police officers, as no police force has enough staff to do what they need to do right now. So, I’m not sure where any new fraud specialists are going to come from, and whether they’re going to be trained or not.
I also don’t think the fraud strategy factors in the educational component. The strategy may be on gov.uk, but are people seeing it in any kind of usable format?
Are we doing enough education-wise with the public? I can’t ever remember seeing an advert on fraud prevention from the government. I see adverts about giving to charity and how people can spend money, but I don’t see adverts on how people can protect their money.
In the Foreword to the strategy, Home Secretary, Suella Braverman spoke of the need for coordinated collaboration between the police, the public and private sectors, as well as allies abroad. In your opinion, what is the most important component of a successful fraud strategy? Conversely, what hinders or can negatively impact the strategy, or a fraud investigation?
Intelligence sharing between the public and private sector and international arena is nothing new. The fact that, in 2023, we’re still talking about better intelligence sharing shows how far behind we are. From an investigator’s point of view, the mechanisms already exist for effective intel sharing. We have the National Crime Agency, which does a lot for police forces when they’re investigating abroad.
For example, if I was investigating bank accounts or looking to get an IP address, we have Financial Intelligence Units that can act in the international arena. We have the Financial Action Task Force for money laundering.
We need to look at how this affects investigators, and how we can make their jobs easier.
I know they’ve assigned an MP (Member of Parliament) with the role of Anti-Fraud Champion [Anthony Browne, MP], which is fantastic, but I think it needs to be more effective than just naming someone a champion. Is giving this role to one MP enough? How is he going to do that amongst his constituency work, and other responsibilities? (Read more about the UK’s Anti-Fraud Champion, Anthony Browne here).
But, for some reason, fraud is just not considered as severe. It’s almost perceived as a sort of invisible crime, where a lot of victims may report it but be too embarrassed to tell people about it.
For example, with romance fraud, many people may think the victim has brought it on themselves and should have been wiser.
I don’t like the term ‘money mules’; I call them money movers. I also don’t like the word ‘scam,’ people do not ‘fall for scams.’ They are defrauded by criminals.
People may have a lack of empathy when they hear “falling for a scam,” and think how could they send £500 pounds to someone they’ve never met? Well, that’s the way of the world now – that’s how we meet people in 2023. We’ve moved on; we’re probably one or two generations away from a full understanding of the impact of social media.
People now spend their lives online; on LinkedIn, on Instagram, everything’s done over email, if someone even rings you now, you think there’s a problem.
I think it’s the same with fraud and understanding the full effects of it. I don’t think we’re going to get over the “How could they fall for that scam” for a couple of generations because people just think, “Well, I met my partner in person or I still bank in branch,” and it doesn’t work like that. Those days are gone.
It’s for the same reason that people don’t like to be called “victims.” In the police, we call them complainants because they are complaining about a crime.
Apparently, just 1% of police resources are dedicated to tackling fraud, despite fraud accounting for 40% of all crime in the UK. Why do you think fraud is such a neglected area?
Action Fraud has had a lot of bad press, and I don’t think people actually understand what they do. Not to diminish their work at all, but Action Fraud is like a call center and data warehouse. People call up and make a complaint; they’re not staffed by experts, or detectives or fraud experts.
What hinders the effectiveness of Action Fraud is that we don’t tell people what Action Fraud is or manage people’s expectations enough to say that the complaint may not be investigated. So, when they get a letter a few weeks later, saying that the complaint is not being investigated, with no explanation, it’s tough. Whether it’s £50 or £5 million, you deserve a reason why the suspected crime isn’t being investigated, and you would get that if you were assaulted, for example. [Action Fraud will be replaced in Q2, 2024 with a new division. Read more about how it fits into the UK’s wider fraud revamp here.]
And that understandably has an impact on future reporting habits?
Of course, people just won’t bother reporting fraud. For years, victim support has been around the physical: assaults, sexual offenses, murders. But what do we do for people suffering financial and emotional loss because of romance fraud? Not enough.
What most hinders an investigation, however, are the low numbers of staff, and inadequate training. Officers, detectives, and investigators all need to be trained, whether that’s in document fraud, cybercrime, or how to find an IP address from an email. Unfortunately, this is not always the case in the public sector, with local authorities. Although this is being changed with the recent Counter Fraud Investigator Apprenticeship.
I suppose if complainants believe they are unlikely to receive any of the stolen funds back, then this would also have a knock-on effect in reporting rates?
Yes, you’re right, the ease with which Proceeds of Crime (stolen funds) can be moved around into multiple bank accounts is scary. A lot of people may think that if it’s only £100, they won’t report it, because they’re not going to get their money back, and it’s more effort than it’s worth.
Once that money is spent, even if the perpetrator is caught, it’s very difficult to get it back.
Let’s say the perpetrator resides in the UK, and you get them, the likelihood is they’re doing it for a reason: because they have no money or they’re greedy, so they’ll just spend it. It may not bother them if they get convicted, because they’re not going to get a job where they need a DBS check anyway.
Regardless of how much money has been lost, that shouldn’t necessarily factor into the decision to a) report it, and b) investigate it. We must look at harm. Unfortunately, currently, Action Fraud just does not do that.
The fraud strategy has earmarked £100 million for additional police resources. Is that enough?
No, it’s not; we lose millions of pounds every day to fraud. Again, it’s not the amount, it’s where it’s going.
Putting maybe one more detective into a fraud squad will take the pressure off, and really help get more positive outcomes, but I think there needs to be real education, and refresher courses on, for example, the blockchain. Can some of the money be used to procure external services, and bring someone in to talk about it? We just don’t know. Can we bring experts in to help the police with investigations, because we don’t know everything.
Of course, there’s a balance to strike, and you don’t want to saturate people with information on fraud and get people scared. Perhaps the best approach would be to properly publicize new fraud initiatives that show how the money is being used. Help teachers get training on fraud prevention, train doctors in how to deal with the mental health ramifications of fraud.
Education is a recurring theme, as is responsibility. Responsibility of the government to educate people, responsibility of victims to report complaints. What about companies and service providers, where does the responsibility lie there? What role will technology, and in particular KYC and identity verification services, play in the future of fraud prevention?
They bear a huge responsibility, don’t they? Having recently been onboarded by a company, it’s all completely digital now, isn’t it? One of the cases I dealt with before I left the police was with a new online bank, where a lot of criminals were using their friends’ photographs, passports and licenses to open bank accounts.
Knowing Your Customer (KYC) is everything really. And, it’s not just knowing your customer, it’s knowing your applicants, and knowing your staff. It’s having all these things in place, especially in recruitment, as document fraud is rampant, so it’s a huge responsibility.
You’ll have KYC specialists in banks, but what about the public sector and other private companies? In recruitment, for example, you’re relying on recruitment staff – are they getting the training they need? Are they all aware of the threats of fraud? Do they understand what KYC is?
I can only speak from the public sector, but the public sector and local authorities can learn a huge amount from banks and a huge amount from the private sector.
From a fraud investigator’s point of view, I think it’s going to get harder and harder, because long gone are the days where an applicant or consumer must come to a business, and if you’re opening a bank account nowadays, it’ll be online, and you don’t have to see anyone.
I don’t envy KYC staff – let’s put it that way. It’s not a job I’d like to do; there’s a lot of risk on their shoulders to develop, keep themselves regularly updated.
In this technological age, it’s also important to remember that fraud is about people as much as it’s about AI and machine learning. Someone must press that button at the start, and someone must be a victim at the end.
If you’re interested in more insights from industry insiders and thought leaders, check out one of our interviews from our Fintech Spotlight Interview series below.
Content Manager at IDnow
Connect with Jody on LinkedIn