March 12 2024

My latest article for GRIP.

What the City of London can learn from the UK police

The full article is below.

The recent Angiolini Report on the multiple failings of various UK police forces which allowed Wayne Couzens to become and remain a police officer until he kidnapped, raped and murdered Sarah Everard, has lessons for all of us, in particular, for organizations now grappling with non-financial misconduct.

An excellent review by Rob Mason, director of regulatory intelligence at Global Relay, covers how firms will need to monitor staff and the factors they will need to consider when monitoring and reviewing non-financial behavior. So what lessons can we learn from what went wrong with the police?

Prevention is better than cure

If you can avoid employing crooks/bullies/racists/sexists/incompetents in the first place, it will be very much easier than dealing with misbehavior later. It’s not just that getting rid of bad employees takes time and effort. Gresham’s Law applies: just as bad money drives out good, bad employees drive out good. They help create a bad culture. They make it harder than it ought to be to keep good people. They make it more difficult than it ought to be for others to speak up about such misbehavior.

There is a mismatch between what you (and your many procedures/Codes of Conduct) say and what your employees see you doing. You’re not simply having to monitor for – and deal with – misbehavior but also having to work harder than necessary at stopping good employees from leaving.

Hiding in plain sight is easy

One of the most surprising – and worrying – findings of the report was that, far from it being obvious to colleagues that Couzens was a violent predator, he gave the opposite impression. Many of those working with him thought he was a good officer, helpful, hard-working and so on. Rather than thinking “yes, he was capable of that” when caught, many could not believe it. It was frighteningly easy for a seriously depraved man to hide this from his colleagues.

What was true in three police forces is also true in the City. Many of the worst wrongdoers were thought of as “stars” or charming. Even the worst bullies are well capable of presenting a good side to those they need to impress. There is a level of calculation and thought in what they do. So you need to be alert and test how genuine all this “charm”, “hard work” and “starring achievement” really is.

There are always clues

The clues are usually small: the wrong dates for previous employment, small errors in addresses for credit checks, making your chaotic finances look good for the period when they are checked. All these were present in Couzens’ case; all were deliberate; all were done with the intention of presenting a picture of himself which was designed to mislead. It is a feature almost invariably found with wrongdoers elsewhere.

Small lies matter

Couzens’ small lies mattered – not because they were evidence of his offending and sexually violent interests – but because they evidenced the way Couzens, as with so many other wrongdoers, was able to compartmentalise himself, presenting the image he wanted to authorities and only sharing his true self with a few trusted colleagues.

It is not the content of the lies that (usually) matter but the fact of them. What does that tell you about someone? And if they get away with them before they have even joined your organization, what have they learnt? That they can lie and get away with it. That what you put in your procedures doesn’t really matter. They are the most important lessons they will learn – and ones which your training risks doing little to counter.

What is the point of due diligence/vetting?

Not the silly question it might seem. The point is to try and understand the character of the person you are hiring and whether the wonderful things you have been told during the interview process are too good to be true. Too often, though, they are seen as merely a tediously bureaucratic process which must be gone through, outsourced to another team, often far away, who do not understand either what they are doing or why it matters.

The risk is that any inconsistencies are not escalated or ignored and only reviewed after something has gone wrong. At that point you have two problems: those caused by your errant employee, and your faulty judgment and/or failure to take information you had asked for into account. The latter is an easy hit for regulators. They’ll take it.

Judgment matters

“Had those responsible for police vetting not allowed process to usurp their independent thought and curiosity, Couzens may not have held the office of constable for as long as he did.” (From the Report’s Foreword)

Independent thought and curiosity are always needed, no matter how good your processes. The latter are an aid to judgment, not a substitute for it.

One of the more interesting tidbits from the Report is that the Civil Nuclear Constabulary outsourced its vetting to Kent Police, made the decision to hire before receiving the results back, then did not change its mind even though the vetting showed chaotic financial indebtedness of a type which should have stopped his hire, because of the risk of blackmail and/or stress.

Couzens, who worked for many years in his father’s garage, was a fluent Russian speaker. He joined the Met because he said he wanted to do detective work, then immediately applied to become a firearms officer with the Diplomatic Protection Squad. But no one wondered whether such a person should have been guarding nuclear facilities, or have a firearm with access to diplomats, or why his actions were at odds with his stated intentions. Or, indeed, whether they might be a target for a hostile foreign state actor.

The financial world is also a target. One of my more interesting cases was discovering the hire of someone as a bond trader who claimed to be in the SAS (unevidenced) and had then taken five years out to teach in Syria during the middle of the civil war (why?). No one was asking questions about this unusual CV.

Whatever monitoring you do, look at what you were told before someone joined, look at the whole picture, don’t just focus on breaches of procedures, join up the dots, look at the whole picture and ask the obvious questions: does what I am being told up add up / make sense / is this the sort of person we want here / is this the sort of behaviour we want to see? Then act.

Make it easy for yourself

The more complicated the processes and procedures, the easier it is to make mistakes, forget things, not keep accurate records. This too was a feature here. Some complication is inevitable given the seemingly endless and ever-changing rules. But try to make your processes easy to understand and follow. Make the point of them and their importance clear. Keep accurate records. Give yourself the best chance to know what is going on.

July 11 2021

There is always a clue. Sometimes more than one. Often hiding in plain sight, if only others used their eyes.

On Friday, Wayne Couzens, a former Metropolitan Police officer and member of the Parliamentary and Diplomatic Protection Squad, authorised to carry a firearm, pleaded guilty to the murder of Sarah Everard earlier this year. He had earlier pleaded guilty to her kidnap and rape. The story of what he did to her is harrowing.

Despite his planning and attempts to cover his tracks, he gave his police mobile number to the firm from which he hired the car he used for the kidnap. That mistake (or arrogance) was what caught him. The number plate was caught on CCTV next to where Sarah was last seen and the telephone numbers were run through the police database. One can only imagine the reaction and shock of those doing that search when they realised that their prime suspect was a serving police officer, moreover one who would have had to go through an enhanced level of vetting for his role and his authority to carry firearms.

Perhaps they should not have been so shocked. Following his arrest, we learnt that a few days earlier he had been caught indecently exposing himself elsewhere in South London. No action was taken and the reasons for this are the subject of a separate police investigation.

This weekend we also learnt that:-

1. He had been accused of indecent exposure six years ago, again with no action being taken.

2. When in the Civil Nuclear Constabulary protecting Sellafield, his nickname among colleagues was “The Rapist” because his behaviour towards women colleagues was so creepy.

It would not be surprising if more were to come out about his behaviour and attitudes. As of now there are 12 police officers in at least two police forces under investigation with regard to what they did or did not do re the investigation and the Everard murder.

There are a number of points worth making, even on the basis of this limited information.

1. It is usually best to avoid hiring wrong’uns into your organization. Or at least try to. An obvious point perhaps but one which is not in practice always taken as seriously as it should be. Keeping someone out is a whole load easier and less time-consuming than trying to get them out later. The refusal to admit a mistake was made, the belief in HR development and appraisals are powerful forces favouring inertia.

2. Checking CVs, due diligence, vetting really matter. Small inconsistencies, missing information, stories which do not add up, which do not correspond with what was said in interview, which are changed are warning signs and should never be ignored. They too often are. Vetting is too often outsourced to juniors far away, too often treated as an administrative step to be completed rather than as a key part of the decision-making process. If someone warns you about a person’s reputation (as happened with a notorious fraudster) don’t ignore it just because you don’t have a procedure to deal with with it. Due diligence is not a paper exercise: it is trying to find out about a person’s character, what they are like when they are not shiny faced and trying to impress you.

Bluntly, if the Met’s enhanced vetting allowed someone like this to hold a firearm and guard Parliamentarians, what is the point of it? Or was it the case that it simply was not done well – or at all?

3. Remember that, whatever sector you are in, you are managing risk. If someone dubious gets past your first line of defence, they’ve learnt that your defences are not great. They’ve learnt how to fool you and get away with it. How seriously do you think they’re going to take your training and your other defence systems? How are you going to manage a risk you don’t even know you have?

4. Don’t ignore the small stuff. Not every person indecently exposing themself goes on to rape and murder. Not every person telling a lie on a CV becomes a fraudster. But can you tell the difference between those who will and those who won’t? And do you want to take the risk of getting it wrong?

Perhaps indecent exposure (a crime) was seen as a bit of a joke? Perhaps creepy behaviour towards women was seen as him simply being a bit of a lad? Maybe the women were seen as unduly sensitive and their concerns downplayed? The police investigations may reveal answers.

But what about the much more common small lie – often handwaved away as “small” and so unimportant, forgetting that it is the fact of lying which matters not what the lie is about? Most of the major fraudsters in recent history lied about seemingly unimportant things at an early stage in their career. Their lies were ignored. They learnt they could lie and get away with it. They did not stop there.

There are always clues. They tell a story. It’s one we should read with care.

Photo by Tadas Petrokas on Unsplash