What is Serious Organised Crime anyway?
The concept of organised criminal infiltration into your business or supply chain is interesting. I’ve worked with a number of critical infrastructure operators in Australia who have this concern: the nature of their business provides a unique opportunity for criminals to exploit their business, or the employees position, to facilitate their own or others criminal activity. Before we start to get carried away that serious groups like the mafia are infiltrating your business, it’s worth understanding key elements of the ‘spectrum of crime’ which forms a basis for any Threat Assessment:
- Criminal enterprise – a group of individuals with an identified hierarchy, or comparable structure, engaged in significant criminal activity (FBI)
- Opportunistic individuals – individuals who take advantage of internal control gaps or weaknesses and opportuinities of circumstance to perpetrate criminal and / or unethical activity (e.g. fraud or business espionage) (Curwell, 2022)
- Organised criminals – “small, organised networks of entrepreneurial offenders, often transitory in nature, that develop to exploit particular opportunities for illegal profit. These groups vary from temporary associations created to commit a time-limited series of offenses, to enduring businesses that invest in on-going criminal activities” (Eck & Clark, 2013, p28).
- Organised crime (organised criminal group) – “a structured group of three or more persons, existing for a period of time and acting in concert with the aim of committing one or more serious crimes or offences established in accordance with this Convention, in order to obtain, directly or indirectly, a financial or other material benefit” (Smith 2018 in United Nations 2004: 5).
- Transnational Organised Crime – those self-perpetuating associations of individuals who operate transnationally for the purpose of obtaining power, influence, and monetary and/or commercial gains, wholly or in part by illegal means, while protecting their activities through a pattern of corruption and/or violence, or while protecting their illegal activities through a transnational organisational structure and the exploitation of transnational commerce or communication mechanisms (FBI)
Its important to remember that not all crime that happens somewhere like a border, port or airport will be perpetrated by serious organised crime. Anecdotally, a lot of the crime I come across day to day involves opportunistic individuals and organised criminals. These risks are managed through employment screening and internal controls (which might include detection programs – see What can be done about it? below).
Common activities of serious organised crime – is there a nexus with your business?
Understanding the types of activities which commonly involve serious organised crime groups can help businesses assess their likely exposure to this activity. In the following list, I have compiled a list of offences based on information published by the FBI and ACIC:
- Bribery
- Currency Counterfeiting
- Embezzlement
- Fraud schemes
- Cybercrime
- Investment and financial market fraud
- Revenue and tax fraud
- Credit card fraud
- Superannuation fraud
- Money Laundering
- Murder for Hire
- Drug Trafficking
- Prostitution
- Exploitation of Children
- Organised retail crime
- Human Trafficking and Slavery
- Intellectual Property Crime – including Counterfeit Goods
- Illegal Sports Betting
- Cargo Theft
- Sale and distribution of stolen property
- Murder
- Kidnapping
- Gambling
- Arson
- Robbery
- Extortion
- Tobacco and firearms smuggling
- Vehicle theft
Does this article resonate with you? Please vote below or subscribe to get updates on my future articles
What we know about Serious Organised Crime in Australia today
Access to detailed assessments of the nature and sophistication of serious organised crime in Australia are not publicly available. However, one of the most useful reports is the periodic assessment of Serious Organised Crime released approximately every 5 years by the Australian Criminal Intelligence Commission. This report provides a useful outline of serious organised criminal markets in Australia, as follows:
| Illicit Commodities | Serious Financial Crime | Specific Crime Markets | Crimes Against the Person |
| Narcotics | Cybercrime | Visa & Migration Fraud | Exploitation of Children |
| Illicit Pharmaceuticals & Anaesthetics | Investment & Financial Market Fraud | Environmental Crime | Human Trafficking & Slavery |
| Performance Enhancing Drugs (e.g. steroids) | Revenue & Taxation Fraud | Intellectual Property Crime | |
| llicit Tobacco | Superannuation Fraud | ||
| Illicit Firearms | Credit Card Fraud |
Understanding whether your business, including your supply chain, has a nexus with any of these criminal markets will help inform your threat and risk assessment process in relation to organised criminal infiltration. As with assessing physical security of your office premises or facilities, you may not have a direct nexus with organised crime but your suppliers or neighbouring businesses might. This creation of an indirect nexus should also be considered, as this could have adverse reputation, safety and disruptive effects on your business, employees or customers.
The role of criminal enablers
Some organisations may not be directly of interest to OCG, but they may be recognised as having something or someone who can enable or facilitate their objectives. Examples here include access to information, professional facilitators (eg. lawyers, accountants, trust & company service providers), systems (eg being able to change a database record in a third party system), or sub-leasing warehouse or storage space.
The Australia Criminal Intelligence Commission identifies six enablers of serious and organised crime (ACIC, 2017):
- Money laundering
- Technology
- Professional facilitators
- Identity crime
- Public Sector corruption
- Violence and intimidation
Enablers can be targeted by organised crime either directly (eg group leases warehouse space for its own activities) or in relation to employees in key positions. Employees who have some sort of vulnerability, either at home or at work, may be coerced, bribed, intimidated or extorted to perform acts at the direction of a group.
What can be done about the risk of organised criminal infiltration?
So far in this post, we’ve demystified what constitutes serious organised crime, the types of activities (offences) commonly associated with this activity, the criminal markets where organised crime groups are found, and the professional intermediaries and enablers who might knowingly (or unknowlingly) support them. The next question is what to do about it.
The starting point for any business leader concerned about potential organised criminal infilitration in their business is a thorough, objective and factual assessment of the threats and risks, and their associated likelihood and consequence. Once understood, a proper security plan can be implemented to mitigate these risks.
With infiltration by organised crime there is a potential insider threat. This can materialise within both the employee and contractor / third party populations, including within the extended supply chain. This also needs to be considered when scoping any assessments. Suggested actions for businesses concerned about organised criminal infiltration include:
- Perform a Threat Assessment to map your ‘threat universe‘ (i.e. who is likely to target your organisation), and why
- Undertake a Security Risk Assessment, which incorporates identifying critical assets, vulnerabilities (control gaps), consequence and likelihood (i.e. which of your assets might serious organised crime groups actually consider attractive) for the various threats identified in the Threat Assessment. For risk such as product theft or product diversion, don’t forget to assess if your products are CRAVED.
- Undertake a Personnel Security Risk Assessment – this is commonly separate to your Security Risk Assessment, but identifies high risk positions and roles in the organisation which give acceess to your critical assets, and the types of employment screening (background investigation) and continous insider threat detection programs that may be required to mitigate the risk
- Perform due diligence on prospective and current employees, contractors, suppliers and business partners / third parties based on the risks idenitifed in your Security Risk Assessment and Personnel Security Risk Assessment.
- Develop a robust intelligence and security program to monitor for ongoing changes to your organisation’s threat landscape (including building capabilities such as media monitoring), and where appropriate, develop partnerships with police and security agencies to help mitigate the risk to within your organisation’s risk appetite.
Following these steps will ensure you know where you need to focus your security effort and resources. It may be that your greatest risk is that of opportunistic individuals and organised criminals (including trusted insiders and employees or contractors of your third parties or business partners) and not serious organised crime, requiring a different treatment strategy. If in doubt, seek assistance from an appropriately qualified professional who is licenced by the State Police to give security advice in the relevant Australian jurisdiction. If in doubt, have a read of this advice from ASIAL, the Australian Security Industry Association.
Further Reading
- Australian Criminal Intelligence Commission (2017). Organised Crime in Australia 2017, www.acic.gov.au
- Australian Security Industry Association (n.d.). Who needs a security licence? https://www.asial.com.au/resources/who-needs-a-security-licence
- Curwell, P. (2021). Defining your ‘Threat Universe’ as a building block of your intelligence capability, https://paulcurwell.com/2021/10/17/the-threat-universe/
- Curwell, P. (2021). Magazine article – “Supply Chain Integrity: Detecting Product Diversion”, https://paulcurwell.com/2021/07/31/magazine-article-supply-chain-integrity-detecting-product-diversion/
- Curwell, P. (2021). Product security risk assessments for tangible goods, https://paulcurwell.com/2021/12/19/product-security-risk-assessments-for-tangible-goods/
- Curwell, P. (2021). Building a media monitoring capability 101, https://paulcurwell.com/2021/03/06/building-a-media-monitoring-capability-101/
- Curwell, P. (2022). Business espionage – the sale of intellectual property on the dark web
- Eck, J. E., Clarke, R. V. G., Center for Problem-Oriented Policing,, & United States. (2013). Intelligence analysis for problem solvers. https://www.ojp.gov/ncjrs/virtual-library/abstracts/intelligence-analysis-problem-solvers
- Federal Bureau of Investigation – https://www.fbi.gov/investigate/organized-crime#Western-Hemisphere%20Organized%20Crime
- Smith, R. G., & Australian Institute of Criminology. (2018). Organised crime research in Australia 2018. https://www.aic.gov.au/sites/default/files/2020-05/rr10_for_online_0.pdf
- Standards Australia (2006). HB167:2006 Security Risk Management, Australia, https://infostore.saiglobal.com/
- Talbot, J., & Jakeman, M. (2013). Security risk management body of knowledge. Hoboken, N.J: Wiley.
DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.