Vetting is big news right now. From the Metropolitan Police’s handling of David Carrick to the National Audit Office’s criticism of the backlogs at UK Security Vetting, it seems there are many issues blighting vetting. In this blog, I take a look at the recommendations in these vetting reports and ask how things can be resolved.
Two sides of a coin – Police and Government
The HM Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) report reviewed hundreds of police vetting files and found cases where individuals should not have been allowed to join the police force, had criminal records, links to organised crime, or presented a risk to the public. They made 43 recommendations that sought to provide minimum standards of checks, improve vetting processes, decisions, and risks, and improve how police deal with misogynistic behaviour and counter corruption.
HMICFRS has made 5 areas for improvement and 43 recommendations which include:
Dissecting these “improvement areas” my interpretation is that, in many cases, forces had not taken steps to mitigate risks or assessed the risks too leniently when they had chosen to grant vetting clearance to individuals with “criminal convictions, or whose family or friends have convictions, or where concerning information is held”. In these cases, forces did not have enough people within their counter corruption unit or vetting units to mitigate the risks, presenting a “significant corruption threat” for those forces.
Renewals are “too long”, they concluded. The standard seven years between Management Vetting (“MV”) assessments and ten years for Recruitment Vetting (“RV”) assessments leaves ample time for individuals who were of no risk to the force to have become radicalised, unwell or otherwise of more risk than when they first joined.
In my opinion, it is only through the ability to routinely check individuals at least yearly that we will be able to mitigate the risks presented. Any intelligence or untoward actions noted should immediately trigger a review, in addition to routine re-evaluations.
UK Security Vetting (UKSV) was established in January 2017 following a merger of previous vetting services by the then Foreign & Commonwealth Office and the Ministry of Defence. Since 2018-19, UKSV has received an average of 164,700 CTC and SC clearances, and 17,900 DV clearances per year.
The Cabinet Office took on responsibility for the delivery of national security vetting in 2020 following a sustained period of poor performance. UKSV’s record in delivering timely clearances continues to be poor.
The delivery stabilisation plan UKSV introduced in January 2022 was a tactical solution to focus on
However, by prioritising the new DV clearances over aftercare checks, this carries additional security risks. Capacity is running at 23% under resourced – that’s 877 FTE headcount needed. They are using 163 contingent labour and temporary staff to man the checks. UKSV is relying on “efficiencies and automation …coming out of its delivery stabilisation plan” to meet the remaining shortfall of 160 FTE.
Built in 2014, the National Security Vetting System (NSVS) is unreliable and UKSV has been seeking to replace it since 2018. The system lacks capacity, is slow and requires many manual workarounds. These factors, together with regular outages, slow down the whole vetting process and user satisfaction is extremely low.
That contract was due to expire in 2020 but has been extended to 2024 (at a cost of £10.2m for 2022-2024). NAO describes how the Cabinet office had to write off £2.5m in its 2021-22 accounts due to a “failed IT upgrade”. The IT system used by UKSV “to process cases is old and unstable, with regular outages that slow down and stop the clearance process for extended periods”. Despite the stabilisation plan to focus on “automating and enhancing existing IT systems” the NAO pointed out that UKSV has had “multiple attempts to modernise the vetting system and does not currently expect to complete its reforms until 2024-25 at the earliest.”
The report concluded that vetting is of vital important to the running of Government and delays in providing clearance can result in being unable to progress national security work. Vetting should be reviewed regularly for changes to circumstances to prevent risks with access to sensitive data. It found the same three factors from the tactical solution have now contributed to the decline in standards. UKSV has been unable to secure approval for its Vetting Transformation programme business case because the Cabinet Office is “concerned about the deliverability of the programme and its achievability”.
The Cabinet Office should:
Both reports state there are not enough staff to process the amount of checks they have to do. UKSV states they are 23% under resourced – that’s 877 FTE headcount needed. They are using 163 contingent labour and temporary staff to man the checks. HMIC stated that the increased demands made by the Police Uplift Programme (PUP) targets had found not all forces had enough staff in the vetting units to cope with the demands, and in some cases, this had caused it to be unmanageable.
Both use similar data sets to conduct the checks – Credit Reference Agency (CRA) Personnel Vetting reports, Police National Computer (“PNC”) and Police National Database (“PND”) checks to name but a few.
Checks are manual – staff are logging in and out of data sets to cross check what has been provided by the applicant; using the little time left to assess any risks that may be posed if vetting clearance is granted.
Both Police and Government do not make enough – if any – use of open-source data to provide a full and accurate picture of the applicant. Social media checks are now an essential part of Police vetting to see if the applicant has posted anything that would be considered a red flag for vetting. Paul Sandford, Chief Constable for Norfolk stated, “There is an expectation that we carry out an exhaustive check of an applicant or indeed serving officer’s social media with regularity,”” and … “We currently check social media activity before someone joins us, but I could employ a warehouse full of employees to check social media activity of applicants to the constabulary and not cover every single post or tweet that is being made.”
Legacy IT Systems……
I discussed earlier that the UKSV IT system is described as “old and unstable” and unlikely to be modernised before 2025. The police forces do not have a consolidated vetting platform – with many forces using different IT systems, databases, and case management tools.
Amount of applications…..
HMIC doesn’t disclose the total number of applications per year. However, the PUP was set to recruit a further 20,000 officers by March 2023. Provisional data shows an uplift of 15,903 officers, with 560 additional officers recruited through other funding streams. That excludes the usual officer recruits, all of which require vetting, and the aftercare checks on the 144,356 officers already in post.
UKSV’s customers are funding the transformation programme and are frustrated with the lack of progress. Customers fund both the existing service and transformation costs in proportion to their use of the service. Government policy dictates that UKSV is the provider of vetting services. Some customers complain that although they therefore have to use UKSV and to contribute to the transformation programme, they have no say in how the funding is used and do not understand what the end vision of the programme is. UKSV forecasts it will underspend by £6.5 million on the programme in 2022-23 owing to delays to the business case, progress on the plan and delays in resourcing. UKSV has redeployed a net £1.5 million elsewhere across its business and is therefore currently forecasting it will be refunding customers around £5 million in 2022-23
The Police Uplift Programme (PUP) requires that 20,00 additional officers are hired before Spring 2023, following the Government manifesto in 2019 and the cuts to frontline policing since 2010. This has caused more pressure on the vetting teams, to not only conduct their usual checks, but with extra checks on top causing backlogs in most forces.
The NAO suggested there is a need for “greater support” within the Cabinet Office and called out duplication in Governance boards causing additional risks. Too much work is falling on senior leaders due to the lack of resource, constrained by recruitment freezes.
“Given the risks involved with recruiting officers at the scale and speed required by the uplift programme, it is essential that police leaders act now on our recommendations. Our report highlights that they simply cannot afford to wait any longer” 
Both reports suggest some work is needed to bring vetting up to the required standards, and the public lens is now firmly upon who the vetting teams’ leadership will respond to the issues identified.
Can these challenges be overcome? For both Police and Government?
With more funding UKSV could recruit the right number of people to manage the increased volumes of checks. Our work with a major police force has extrapolated some interesting figures regarding the number of checks that can be done – without increasing the number of staff –by automating the logging in and out of the different data sources and querying them concurrently. We conducted time and motion studies with live vetting teams which concluded that up to 80% of the time spent in reaching a decision and typing up a report was saved through automating the data gathering and reporting. This gave the vetting officers more time to evaluate what they have found and arrive at an informed decision
This essentially means, UKSV could swiftly work through the backlogs which currently exist, review cases more frequently and spend longer reviewing open source intelligence –as highlighted in the Jake Davison and Wayne Couzens cases.
Getting the checks to uncover vital clues to the risk of that officer/civil servant committing offences is now of the upmost importance. Vetting officers need to have the right data sources and the right training to uncover these risks.
Scout® enables them to do this easily – a platform that is pre-configured to conduct vetting checks, has all the right sources integrated – Credit Reference Agency (CRA) reports, access to Police National Computer (PNC) and Police National Database (PND) on one platform – allowing the user to conduct the checks, deep dive into those sources, and at the same time, conduct advanced open-source searching, uncovering social media posts, news articles and chat forums – in near real time.
HMIC suggested the police needed to record their decision making process within their report – Scout® has a free text box and the ability to drag and drop additional documents (such as the decision document) into the report before it is download in a pdf format. Additionally, Synalogik are integrating with Case Management Systems (CMS), so the reports can be created directly and saved in an auditable, compliant manner.
Summing up, both reports where quite damning and contained many suggestions. With an innovative mindset and the political will, the much needed changes can be brought about quickly and 2023 can be the year that we turn the tide on inadequate vetting checks for good…
 Counter Terrorist Check
 Security Clearance
 Developed vetting
 a new legislative requirement for those working in the airline industry
 Where appropriate and license is approved
 Where appropriate and license is approved