Criminal associations

IBAC intelligence has identified the threat of organised crime groups cultivating contacts within the public sector to access information, influence decisions and manipulate systems.

Criminal groups have been identified targeting all levels of government including council workers, departmental officers and law enforcement employees. Organised crime groups can target public bodies to access:

  • databases, particularly those with personal identification information that could facilitate identity theft, debt collection, witness intimidation, extortion, or that could be sold to other criminal groups
  • decision-making processes, including contracting and tendering and the regulation of particular industries
  • property and goods with high resale value or that facilitate criminal activity.

If your agency has access to information or commodities of value to organised crime groups then you could be targeted.

Vulnerabilities

Vulnerable agencies/sectors

The most vulnerable agencies will be those with:

  • large identity data holdings, particularly where those systems can be accessed by a large number of employees
  • decision-making and regulatory powers, including those agencies overseeing the security, construction, planning, development, prostitution, gaming and liquor industries
  • access to sensitive information, including law enforcement information.

Vulnerable employees

Organised crime groups may try to develop relationships with public sector employees using some of these tactics:

  • targeting risk-taking behaviour by public sector employees such as illicit drug use or problem gambling. These activities can leave public sector employees vulnerable to being coerced or manipulated by organised crime groups
  • utilising social media in innovative ways, such as using Facebook to target individuals who can be identified as public sector employees
  • using pre-existing relationships to shift public sector employees’ loyalties away from their employer. Members of the crime groups might develop these relationships and seek to persuade the targeted employee that helping a friend is the right thing to do
  • through shared interest: Evolving interests associated with organised crime group members and the broader community have created new areas where organised criminals and public sector employees can interact. Organised crime groups members now increasingly mix with broader community groups at fitness clubs, tattoo parlours, and body building and martial arts venues.

Suggested control measures

Security culture

  • Conduct risk assessments to address the threats presented by organised crime groups
  • Establish clear security and integrity standards tailored to the types of risk faced by different public bodies
  • Identify high-value information and systems and ensure appropriate protections are applied to those areas that are most likely to be targeted

Declarable associations

  • Introduce policies around the identification and reporting of declarable associations/relationships between staff and criminal entities
  • Consider making it compulsory for employees to declare any associations they may have when they are recruited, and periodically through their employment
  • Introduce clear consequences for staff failing to declare an association

Pre-employment checks and revalidating employees

  • Vet candidates appropriately  during recruitment with the depth of pre-employment screening and vetting to be commensurate with the levels of access and sensitivity of each position
  • Revalidate employees security clearances at regular and or random intervals
  • Ensure that employees moving from one position to a position entailing increased levels of access and sensitivity  are subject to further vetting and suitability processes commensurate with the new position

Auditing

Conduct proactive routine audits of information and financial systems to identify where there has been inappropriate access to, or use or sharing of, information, systems or property

Case study: Operation Fraser

Following a Victoria Police investigation, IBAC received a notification from the Victoria Police Professional Standards Command (PSC) alleging a metropolitan city council employee had stolen council animal management equipment and given it to members of an outlaw motorcycle gang.
As the allegation was that activity had occurred in the past, Operation Fraser focused on whether the officer had current criminal associations and if so, whether he was using his council employment for their benefit.

On all available evidence, IBAC found the employee did not have current associations with the outlaw motorcycle gang members or associates.

However, IBAC recommended the council conduct a review of the accountability of unsupervised staff, and consider improving:

  • policies and procedures around the use and supervision of council vehicles
  • how policy and procedures are communicated and implemented in the work place
  • staff awareness of conflicts of interest and their obligations under council policies.

The council accepted IBAC’s recommendations.

View our past investigations. 


Want more information?

Visit the website of the Victorian Commissioner for Privacy and Data Protection for detail about the mandatory security standards required of Victorian government agencies.