Go back to menu

National Crime Agency sets out plans to deal with increased criminal use of encryption, the dark web and virtual assets

Data identified as the continuing key commodity for cyber criminals

23 April 2020

The recently published Annual Plan for 2020/21 sets out the National Crime Agency's operational priorities for the year ahead and its enforcement response to the serious and organised crime threats set out in its National Strategic Assessment (NSA).

Economic crime a strategic priority in the Annual Plan 2020/21

Included as a strategic priority in the NCA's Annual Plan for 2020/21 is reduction of harm to individuals, the UK economy and institutions from economic crime – including fraud, money laundering and cyber crime.

The plan highlights that advancing technology gives offenders new tools to communicate and to commit and hide their crimes. It points to money laundering remaining an important enabler, reported losses from fraud increasing by more than a third, and millions of cyber attacks targeting homes and businesses in the UK in the past year.

The plan is much less detailed than the 2019/20 annual plan - last year's plan was more specific on cyber crime risk, for example, identifying Russian-language organised crime groups (OCGs) as representing the biggest cyber crime threat to the UK, and setting out a key priority to grow and embed a single UK response to cyber crime at local, regional and national levels to deliver a comprehensive, joined up UK response to critical cyber incidents (see our Insights post on the 2019/20 plan here) 

Nevertheless, in the coming year, the NCA's operational priorities include:

  • Developing the National Economic Crime Centre (NECC) to increase understanding of economic crime threats and lead an increase in the scale and impact of the NCA's response, including against fraud;
  • Increasing the effectiveness of the UK's Financial Intelligence Unit (FIU) and supporting the Suspicious Activity Reports (SAR) Reform Programme to improve the NCA's use of private sector information; and
  • Ensuring the NCA's management of information and data remains effective, secure and proportional, giving the NCA confidence in its data and enabling it to better exploit it.
Technology threats highlighted in the National Strategic Assessment of Serious and Organised Crime

The NSA sets out what the NCA sees as the threats to the UK from serious and organised crime in the coming year.

Encryption and crypto

It notes that technology trends identified in 2018 have become more prevalent during 2019, including increased criminal use of encryption, the dark web and virtual assets (referring both to crypto or virtual currencies as well as the underlying blockchain or DLT technology). Interestingly, it is stated that all current NCA investigations encounter some form of encryption, indicating the pervasive nature of the technology.

The NCA's view of crypto is stark in the assessment, which indicates that virtual assets are increasingly attractive to criminals and states that the increase in their use more generally suggests there has likely been an increase in their popularity and use for criminal activities. It warns that, by bringing crypto providers within the AML regime through 5MLD, there may be an increase in the perceived legitimacy and use of virtual assets.

Data and cyber crime

The assessment identifies data as continuing to be the key commodity for cyber criminals, with the CVV security code on cards the most coveted data to be 'scraped' from payment pages. CVV scraping has increased in the past year, along with losses from ransomware and one of the fastest growing threats, business email compromise (BEC) fraud.

Cyber crime is noted as a major enabler of fraud, with data obtained through cyber breaches, phishing and similar attacks being used to commit fraud or being sold to enable others to do so.

Money laundering

While the assessment found that cash-based money laundering was still a major method of laundering funds in the UK, it states that UK-based criminals continue to identify new ways of using virtual assets to launder profits.

SARs Reform Programme

The NCA's SAR Annual Report 2018 described how the NCA was working with the Home Office on a SARs reform programme, which was needed as "a matter of urgency, as the current IT is old and reaching the end of its life". The SAR Annual Report 2019 noted that the NCA (as the financial intelligence unit for the UK) continued to work closely with the Home Office. The NCA's annual plan for 2020/21 refers only briefly to the Programme through inclusion in operational priorities of supporting the Programme to improve the NCA's use of private sector information. The Programme appears to be one which is both

ambitious and long term, and in the meantime the NCA has increase headcount in the FIU to cope with SARs being received.  It is expected that, even without allowing for coronavirus disruption, wholesale changes to the SARs regime for the NCA will not happen until late in 2020 and into 2021.

The NCA and coronavirus

The NCA's annual plan for 2020/21 was likely largely finalised before the full force of the coronavirus outbreak was felt by the UK, and so mention is limited to the foreword by the Home Secretary, Priti Patel, who refers to the NCA responding "decisively this year to protect the vulnerable and ensure that organised criminals have been foiled in their callous attempts to benefit from the Coronavirus outbreak."

In the current climate, it is well recognised that the threat of cyber crime is particularly elevated. More generally, the NCA has recently warned that OCGs may try to exploit the outbreak to target the UK, and its cyber crime investigators have seen instances of coronavirus-themed malicious apps and websites, as well as email phishing attacks aimed at stealing personal and financial information.

Regulated firms must continue to comply with their obligations to report suspicious activity to the NCA, and be mindful of the increased threat levels posed by cyber criminals in the current climate when evaluating whether or not to make SARs.