On 23 February 2022, Scotland’s Serious Organised Crime Strategy was published. The strategy has four strands: divert; deter; detect; and disrupt and is about all of Scotland working together to reduce the harm caused by SOC. It is about detecting and disrupting SOC Groups, but it is also about preventing it at source: cutting off the markets, the recruits and the opportunities on which SOC relies.
This includes preventing companies with links to SOC bidding for, securing and profiting from public sector contracts by using the measures available through public procurement legislation, policy and tools.
Law enforcement intelligence shows that those involved in SOC use semi-legitimate companies to gain contracts available from the public sector. The profits they gain from these contracts are then used to fund organised crime, including drug dealing, people trafficking and money laundering.
Police Scotland advice is that organisations engaged in SOC tend to be chaotic in their nature and may find it difficult to maintain consistent systems and processes to the extent expected from bona fide companies. More information on SOC is available from the Crime Prevention page of the Scottish Government website.
Some of the greatest risks arise in the private security industry. The Security Industry Authority (SIA) is the independent organisation responsible for regulating the private security industry, under the terms of the Private Security Industry Act 2001.
The SIA Approved Contractors Scheme (ACS) comprises a set of operational and performance standards for suppliers of private security services. Those organisations that meet these standards are awarded Approved Contractor status, and may advertise themselves as such.
Any contractor or sub-contractor performing security industry services under a Scottish Government contract is required to be registered with the ACS for the category of security service being provided/performed under the contract. Public sector organisations are encouraged to adopt an equivalent approach for relevant contracts.
The cyber resilience of suppliers is increasingly important as the number of cyber-attacks targeting suppliers to the public sector has grown in recent years. Attacks can (intentionally or otherwise) disrupt and damage both suppliers’ services and public services.
The Scottish Public Sector Supplier Cyber Security Guidance Note promotes the adoption of a consistent approach to supplier cyber security across the Scottish public sector. Example tender and contract wording has been published to help public sector bodies embed cyber resilience into the supply chain process.
Cyber resilience advice and support for individuals, businesses and organisation is available from the Cyber Resilience advice and support page of the Scottish Government website and also through the CyberScotland.com website.
Cyber security arrangements for systems processing personal data form a key aspect of compliance with the UKGDPR, which took effect on 25 May 2018. The data protection obligations placed on organisations and their supply chains by UKGDPR go wider than technical measures to protect personal data. See the Information Commissioner’s Office (ICO) Guide to Data Protection for more information.
A buyer should determine whether any personal data processing is involved as part of a contract or framework agreement, for instance by a third party supplier, and also the technical protections that might be needed as a result. There should be a legally binding contract with that supplier that includes certain mandatory terms from the UK GDPR as to the roles and responsibilities of each party for data protection.
When personal data is no longer needed, it needs to be destroyed securely. If outsourcing this work to a shredding service or other disposal contract, ensure that data will be handled and disposed of securely.
Illegal working leaves people vulnerable to abusive and exploitative working conditions, and in the most serious cases human trafficking and exploitation or modern slavery.
All employers have a responsibility to check that workers employed by them have a right to work (RtW) the UK. This applies to staff employed under a contract of employment, service or apprenticeship, and indirect employees for example, self-employed workers. Under the Immigration, Asylum and Nationality Act 2006 an employer can be served with a Civil Penalty Referral Notice if they are found to have employed illegal workers and failed to conduct relevant pre-employment checks. This could see them faced with the payment of a penalty of a specified amount. By carrying out RtW checks an employer can avoid liability for a civil penalty.
The law on preventing illegal working is set out in sections 15 to 25 of the Immigration, Asylum and Nationality Act 2006, section 24B of the Immigration Act 1971, and Schedule 6 of the Immigration Act 2016. The UK Government has published an Employer’s guide to right to work checks. This guidance encourages employer’s to check that their contractors and labour providers carry out RtW checks on people they employ, engage or supply (or that they carry out these checks themselves).
In relation to contracts where RtW checks may be a factor, buyers are encouraged to consider actions on a case-by-case basis seeking legal advice as required. An appropriate strategy might include:
The above are examples only, other factors may be relevant depending on the individual procurement.
In order to prevent public money from ending up funding SOC, and to allow legitimate businesses to thrive, it is important that we do all we can through procurement legislation to prevent companies who launder money, evade taxes or cut corners, from competing for and securing public contracts.
The Procurement Reform (Scotland) Act 2014 (the Act) places a sustainable procurement duty on a contracting authority before they buy anything, to think about how they can – though their procurements - improve the social, environmental and economic wellbeing in Scotland, with a particular focus on reducing inequality, and act in a way to secure this. For example through the appropriate use of the sustainability test and its associated tool; the prioritisation methodology, and the application of relevant and proportionate contract requirements.
The Act also requires obligated organisations to develop a corporate procurement strategy and report against its delivery at the end of each year. This should include a statement of its general policy on the procurement of fairly and ethically traded goods and services, and this could include their approach to serious organised crime.
The public procurement regulations allow, and sometimes require, a contracting authority to exclude companies from tendering for public contracts for not meeting certain conditions, and select the most suitable bidders based on technical ability and previous experience in relation to the subject matter of the contract. This is done through the Single Procurement Document (SPD).
Regulation 19(4) of PC(S)R 2015 places a legal obligation on contracting authorities to include relevant clauses in their contracts to ensure those they contract with comply with environmental, social and employment law obligations.
Regulation 57(2) of PC(S)R 2015 allows contracting authorities to reject bids that do not comply with applicable obligations in the fields of environmental, social and labour law established by EU law, national law, or collective agreements.
Regulation 69(5) places a legal obligation on contracting authorities to reject bids that have been found to be abnormally low because they do not comply with applicable obligations in environmental, social or labour law.
The public procurement regulations also permit contracting authorities to ask for tenderers to be registered under a certain label scheme - as long as the circumstances outlined in Specification apply. For example, Cyber Essentials or Cyber Essentials Plus is a Government backed scheme to help businesses of any size protect themselves against a range of the most common cyber attacks, and to demonstrate their commitment to cyber security, IASME and ISO/IEC 27001 (allowing also for equivalent standards).
The relevant National Outcomes and Indicators within the National Performance Framework focus our activity around ‘creating a more successful country, with opportunities for all of Scotland to flourish, through increased wellbeing, and sustainable and inclusive economic growth’. The relevant National Outcomes and Indicators for security and crime are:
Scotland was one of the first countries in the world to sign up to the Sustainable Development Goals which have developed to achieve a better and more sustainable future for all. Many of the Goals align with Scotland’s National Performance Framework.
