 evening everybody and welcome to the institute. Could I start by asking you to turn off your phones or turn them down and to explain that our guest speech will be on the record but the questions after will be according to Chatham House rules which they are non attributable. Rob has been here several times and some of you may have already seen him before. Rob Wainwright is the head of the Europol in Europe. He's the executive director and he has really made incredible progress in the Europol since he took over. He's led the establishment of the European Cyber Crime Centre and the European Counterterrorism Centre in 2016 and he's one of the leading executives on security issues. Sadly, his time is coming near to an end and I remarked him downstairs. He'd be a very useful person for people in the criminal world to hire because he'd be able to tell them how things are done. He's with us here today to talk about, as the title there said, more bang for our box, which is quite a sexy title and moving from the compliance driven to intelligence led in the fight against cybercrime and financial. Many of you will have attended a number of lectures here and talks here and been aware how the whole issue of cybercrime, technology, how it is changing the face of crime. It isn't the normal bag of swag as somebody mentioned being stolen and trying to find it under a hedge or wherever it's hidden. It's so much being done now on the internet. Rob will probably explain what the normal person who robs banks now. It's not somebody walking into a bank with a mask over their head and maybe a gun. He said another way. Don't explain too much how it's done but there's other ways now of robbing banks and that's what's happening. So an organisation like Europol has got to stay up to date and we're glad today we have representatives of the Gardie who work in the cyber area, people in the law profession and it's really important that we, the people, recognise the changes that are happening and maybe help to acquaint ourselves and to educate ourselves and our friends as to what changes these things will mean and I know Rob will mention this because the whole issue of data protection is so topical at the moment but as I said we all want to see the baddies caught but you don't want to see your data or your family being caught by data being used. So we have a very split kind of way of looking at how data is used. We don't mind somebody else's data being used to catch them out but please don't use my data to catch me out and that's, we all do that. So I'm very pleased today to introduce our guest speaker Rob Wainwright and the floor is yours Rob and we look forward to hearing what you have to say. Thank you very much Noran to the Institute for inviting me back again. That's right I have a month to go of my nine years running Europol which has been a very interesting, wonderful privilege to lead this organisation through a period of considerable growth. I should say also for those of you who don't know Europol, mission is to simply make Europe safer and to do that by helping the Guardi and its equivalence around Europe to fight better crime and terrorism. Crime and terrorism that has become more complex and more dynamic over the last decade or so. So the story of Europol while I've been there at least is one that's a bit better known now, still confused with Interpol very often but not as much as we always were. We were once even confused our name for that of being Europool as if it was the common European Agency responsible for monitoring chlorine levels in aquatic centres or something. But we've come a long way and over the period that me and my colleagues have been working at this agenda for a decade a nine times increase in the amount of intelligence that we're collecting, sharing and analysing on a weekly basis. Ingesting around 11 terabytes of data every week into our systems. That being processed in a very efficient way with the use of data science capabilities to produce intelligence leads that have led to a five times increase in the number of operations that we're running and operations that are on a much bigger scale. Around 1500 a year that are really high level operations of the type that we were able to announce this week for example which was the arrest of one of the bigger cyber criminals in the world. After a long period of investigating this person he was arrested by Spanish police. He and his organisation were responsible for malware attacks on over 100 financial institutions stealing in the process over a billion dollars from those banks. So when Nora talks about the modern day bank robber indeed they're doing it in a remote way and getting away with a very very large bag of swag in that case. So that's been the journey of Europool from this to that and the story behind it really like I'll share with you for the next half an hour or so is about three factors. The dynamics of the threat how that has changed how we've leveraged the power of networks which works which we see in other parts of government and society as well. And thirdly how data is the oil in that system and how we've used data still in a responsible way going to Nora's point to drive a different kind of response to this threat from crime and terrorism. So first the threat the dynamic nature of it come more complex become bigger in scale a larger impact on counter terrorism of course. Last week's side events the loss of a French law enforcement officer the latest in a series of attacks that have killed hundreds of people in Europe over the last three years. A threat that is complex because it's been propagated by a combination of foreign terrorist fighters and those that have stayed at home so called lone actors. These foreign terrorist fighters of which there are about five or six thousand we think they've traveled from the EU to Syria and Iraq. And some of which have come back to carry out the grand style attacks that we saw in Paris and Brussels in 2015 and 16 especially. Now their activities have dried up somewhat the outflow certainly has gone down to trickle if not to nothing at all. And the inflow also is a bit of a mystery to us an intelligence mystery to the community at the moment. We know about a third of them have died in combat. Maybe a third others have already come back are in prison or have even successfully rehabilitated in some cases. But I still leave one thousand two thousand people that are either still there or gone to another location halfway back like Turkey but still pose a considerable threat on their return. They were radicalized enough to want to go there in the first place. You can imagine their exposure to that conflict experience over the last few years will will will have changed their state of mind even more so. But really it's been these people at home in our communities that that have caused the most damage to us in three quarters of the terrorist attacks of the last three years. These people some of them maybe were trying to to travel to Syria Iraq and as a result of clamp downs by European governments much better work by intelligence agencies and the police to really stop that. It meant that we could really restrict their opportunity. And then what happened to underline how technology is transformed also this space of terrorism is that the high command devices in Syria Iraq using social media to pump out propaganda and recruitment methods issued a very important public announcement in in May 2016. And they said look if you can't come because you know Western governments are stopping you come then do what you can at home. And it specifically said take a gun take a knife kill a police officer or kill a soldier use a truck to run over people in public places. And this is a specific calling by one of the top spokespersons of ISIS. And of course what immediately followed in the months after that was an increased tempo and terrorist activity exactly along those lines. The power of social media and the way in which ISIS have used it much more than any other terrorist group in history to try to establish a virtual caliphate as well as a physical one and to try and mobilize therefore a more complex more dispersed threat against our values and our societies. Cyber crime in a way is even more complex because some of the underpinning elements for police to investigate online are so much more challenging than they are in the offline world. Whether it's relating to encryption or data retention or simply the inability we have most of the time to identify the offender. And even then if we identify the jurisdictional problems we have with the fact that he's robbing those banks from his bedroom in Ukraine for example. So the fundamentals are much more challenging. It's a space of course in which technological advancement really can give the criminal very quickly new ways of harming us such as the way in which they've been exploiting crypto currencies as a money laundering vehicle as a means by which to develop ransomware attacks and as an investment scam as well. So the way in which new technology drives that is really important. Now that arrest of this cyber kingpin this week, an illustrative case, the way they got away with a billion dollars was really smart bit of work and shows the sort of modern nature of how these operatives can work. So they targeted banks in a very specific way over a long period of time using so-called spear phishing emails. They were posing as legitimate businesses and business contacts of the bank to get somebody in the bank to click on that attachment. That attachment had embedded in it something called a remote awareness tool which allowed them to sit in the system without that individual knowing in order to observe his or her email traffic and what she did each day perhaps. Then they apparently did nothing for eight months while they worked their way around the system going from one to the other to the other, compromising each one until they found the bingo prize which was the person who has administrator rights over the banking systems. And once you capture him or her, as they did in this case, then they had remote control of the bank transfer payment systems. So they could just transfer accounts, transfer money from accounts to accounts. They were manipulating card balances, inflating them. And in the most Hollywood movie type scene of all what actually happened in this case, they could remotely control ATM network. So we actually had accomplices in this organisation. There were standing on the street corners of parts of central and eastern Europe at 3.19am, for example, with a large suitcase outside an ATM machine while his accomplice back home controlling that network was instructing it to empty its cash holdings and it would fly out into that suitcase. Two minutes later he was on the next street corner doing exactly the same and exactly the same and exactly the same. And in total, over an eight month period, over four year period rather, 100 financial institutions lost a billion dollars. And that's the power of what they can do these days. It shows you the scale, of course. Wanna cry is another example of that last year because we had 300,000 victims, most of them companies in 150 countries. So the scale of cyber crime is something that is now exceptional. It says something also about the level of innovation that Hollywood type scene is also seen in other areas. So Wanna cry itself was the first time we saw a ransomware attack that had a built-in worm functionality. So it could self-propagate around the network. That's why it spread around the world like wildfire over that weekend. That's why it got the headlines as well. Importantly, that capability in Wanna cry was based on stolen US intelligence capability. And that's an important other point that we're monitoring is an increasing blending of state capability, state after capability in this space and wider cyber crime. Why is that important? Because of course, when you're dealing with cyber capability in certain states, that's the highest grade available, highest grade possible. And normally it's just targeted for espionage reasons, of course, which causes enough damage as it is. But if that starts leaking out into the wider criminal domain, either deliberately or accidentally, then there will be a much more widespread impact of the highest grade capability. So that means that even the biggest institutions in the world, which might be telling themselves, they have the very best information security defences are also vulnerable. And there is no lock strong enough that can get your threat down to zero. There is no wall high enough that you can build. So the state of mind has to become one of resilience and an understanding of how to manage this as a very, very serious risk. Underpinning these elements of cyber crime is an enormous market online, particularly in the dark net. An industrialised operation of criminal marketplace forums that are selling hundreds of thousands of different commodities. And also a syndication effect of criminals that are now collaborating rather than competing with each other. And in one notable case called Operation Avalanche in November 2016, that Europol was running with the FBI and the German authorities. After four years, we'd identified the single largest cyber criminal organisation operating online. In fact, it was a conglomeration of 20 that had come together, brigading their resources, their teams of specialists. Amongst themselves, they'd even appointed a CEO, a CTO, a CIO, a CFO. And they run this like a huge commercial enterprise, generating a million phishing emails a week, the very latest in banking malware. We found victims in 190 countries. And this was a service, an industrialised high grade service that they were offering to the wider criminal community. And so of course it underpins the infrastructure of how cyber crime can work at the scale that we've been seeing. In the organised crime world, a similar effect now as well around the syndication of crime. People that organised crime groups in the past have kept themselves within their own ethnic or even family groupings, working in a much more enterprising way with other criminals across borders. Sharing services, exchanging good practices, handing over trafficking human beings from one geographical space to another, for example. In 2015, when the migration crisis took hold in Europe, we had a million irregular arrivals in that period, five times the amount of the year before. And we all saw on the screens of our television during that summer, these poor, unfortunate people, in their thousands literally walking across Europe. And it was a great criminal opportunity. And ad hoc criminal entrepreneurs on the spot started providing illegal taxi services to smuggle them across borders and so on, making a quick buck. This was the sort of spontaneous reaction of a criminal community. Local drug traffickers maybe that were turning their hand to a sudden opportunity that was falling in their laps. Since then what's happened is a much more professionalisation of the market. Now there are international syndicates that are controlling the people smuggling trade in and around Europe. And it's very dynamic, again very dynamic, and specialised teams, different teams from different countries, some that are specialists in recruiting the victims, others in transporting them, others that are producing very high quality fake travel documents, and others that specialize in money laundering, for example. And in money laundering there is a set of professional specialists that are providing the very best service that are exploiting our systems. And as they seek to launder the proceeds of what we think is a 120 billion euro criminal sector in Europe each year. And I'll come back to some of the lessons we're having in that shortly. So, underpinning all of this type of crime terrorism, organized crime cyber, what I'm describing is something that is certainly much more technology-enabled than we've ever seen before. That's an important characteristic. Well, there's one other important thing, which is certainly an example of the major security threats in all our societies having gone global, being much more transnational in nature. The essential elements of the terrorist threat are people that are travelling across our borders that are using the globalized instrument of the internet. Cyber itself is obviously self-evident in a globalized problem. Now, what does that mean? That means something about how we have to evolve and structure our response, because there is in fact a strategic gap in our response between the fact that these threats have long since become international and need to be tackled as such. And yet the construct, criminal justice, political policy construct of our response is still very much focused at the national level. So, there is this gap that has to be at least recognized and mitigated. On terrorism, that's a national security issue. The European treaties are very clear. They say that national security shall be the sole competence of the member states. So, not even a shared one, the sole competence. And flowing from that, of course, are very important principles and a culture that very much retain terrorism as a national legislator. This is not me asking to create a European FBI. That's something completely different. I understand the sensitivities of something like that and why the political construct is in that way. And those who wish to draw a parallel between how in the US you do have a federal FBI but you don't have it in Europe, of course, forget the point. This is a very different political space. My point is, therefore, not that we should ignore that. We should actually recognize it and mitigate the consequences of it and find ways in which we can still operate in a more effective way across border amongst ourselves. And that, of course, is where Europol, why Europol was created effectively initially 25 years ago solely to focus on drugs because that was the first example we had of security problems appearing on our streets that appear to have an international dimension because the drugs were coming from Asia, in the case of heroin, or Columbia, in the case of cocaine. So a combination of a bottom-up requirement from COPS saying, you know, we need mechanisms to help to cooperate across borders and some political will led us to the creation of something called the European Drugs Unit. And since then, of course, because all other types of these major threats have gone in the same way the mandate of Europol has grown. It's never grown, though, to such a point that we have established a European FBI and I still don't believe in that. We have no coercive powers. We can arrest nobody. We can run no informants. We can intercept no telephone calls. We can run no surveillance operations. So you wonder what on earth we can do then to fight the way in which crime works. Well, we do it by being this great interconnector, as I said earlier, by leveraging the power of networks, by recognizing that all of these national authorities have this intrinsic need to work better and more closely with each other and they need something that is the interconnecting point in that. So we've established, therefore, a platform, an arrangement, a community that has brought together now 1,200 different agencies right across Europe. So it's an enormous industrialized operation. We are about 1,000 people in our headquarters in The Hague, but we run this network, which is enormous. And when it can be leveraged and concerted in the right way, as it is in some of these biggest operations, then it has a tremendous power to it that can strike back against these agencies. Central to that are 220 liaison officers from 40 countries that are embedded in that headquarters community. Nowhere in the world, alone in Europe, nowhere else do you have something like that. They have the coercive powers, we don't. And it's a very important point of connection, right in the heart of our community. Rubbing shoulders, not only with themselves, but rubbing shoulders with our analysts. So as we're analyzing the data and finding those leads on the spot, we can do something about it. On the spot, we can convert that intelligence capability and the latent potential of this enormous network into actual operational effect, coordinating simultaneous arrest operations, for example, across the world. And to develop that further, and especially to apply it in a more magnified way to the top priority areas, we've built specialized centres. Nora mentioned in her remarks, the European Cyber Crime Centre, the European Counterterrorism Centre. These are therefore making sure that we can have the full use of the utility of this Europol capability. But it's supported and targeted in a way in these areas in a better way. So that the liaison officers that are representing the member states in these cases are actually, for those particular high priority areas, some of the best cyber detectives, for example in Europe, are specialists. And within those particular areas, we've concentrated on developing unique competencies that can help the member states even better. Terrorism, we've specialized on instruments that can track the flows of terrorist financing. We're working with 80 social media platforms around terrorist propaganda online, on cyber crime, digital forensics and so on. The network then further reinforced in a highly important factor to our success by industry, by bringing more and more industry partners in line, 80 banks so that we can work seamlessly with the financial sector around the cyber threats, especially to them. The biggest tech companies, I mentioned social media already, but Microsoft is absolutely instrumental to most of our operations to take down botnets, for example. So then when you think about a community as powerful as that, then we do have the potential, as I said, to carry out some, I think, some very impressive work. Our real power, then, the oil in our system that makes that work is, of course, data. It's our ability to harness the potential of data in the way that Amazon and Google and Facebook, bless them, have used in the last five to ten years as well. And this is really about your concepts, what we call in the community intelligence-led. It's something that we've been following, particularly in the national security space, for at least three decades in certain countries in Europe, including Ireland and the UK. So this is nothing new in its conceptual design. The idea that what is written in our strategy from ten years ago that we shall be the information hub of Europe. And around that, the idea that if you have a platform that can easily and seamlessly collect a lot of data, you can better inform yourself as to the nature of the problem and therefore be in a better position to respond to it. It's as simple as that. In fact, I digress a minute, but I was in Greece recently. I want to speak at the Delphi Economic Forum, and I've never been there before. It's a two-hour drive from Athens. I was Delphi itself famous in Greek mythology for the home of the oracle, where the mythical priestess used to sit and make predictions about what's to come. And it was these great predictions that the oracle, the font of the oracle, was that this mythical priestess could therefore give all power, all knowledge to all conundrums in life. Of course, that's a myth. I mean, she did exist. That's a myth. But the real power what happened in Delphi some two and a half thousand years ago was that the priests who supported her would be receiving every day the world's greatest thinkers and leaders who would flock to listen to the mythical priestess in order to have the great insight. And in doing so, they would be encouraged to share their ideas of wisdom. The priests observing that and taking notes suddenly became the most informed people in the world. And that's what they were relaying back. These priests and at oracle 2,500 years ago became a global information hub collecting the best ideas in the world. Very powerful example and all we are doing is something similar now. And yet when you hear industry talk about moving into a data centric world which has transformed industry, the new oil in the system it says, new about it, I don't think in those terms. But it's true like those companies we've benefited from what they call the data network effect. If you have the maximum number of users on your platform you will collect a maximum amount of data. The more data you have the more you can understand your business the more you can improve your service. The more you improve your service which in our world is providing better operational leads to police partners, the more users you attract in the next cycle. The more users you get even more data and improve your service even more. And that's what's driven this trajectory which has resulted in our now processing nine times the amount of data that we were nine years ago. Nine times more on the back of just two times more staff and resources and investment in IT. So you can imagine how much of a strain that's placed on us and we've only survived in that way by a continuous investment in technology and intrinsic curiosity and innovation to try and take our data processing capabilities even further. So that's why also at Europold now we're investing in concepts of artificial intelligence, machine learning and so on. Also at the heart of this great data centric operation though are embedded very important principles about data security and data protection. And of course the lesson from the last couple of weeks with Cambridge Analytica is I suppose if nothing else what it tells me working myself in essentially a data centric organisation is the importance of having in this much more data centric world of ours of having very important transparent rules of what you can do with that data. So for us accountability is important. We are publicly accountable for what we do with our data. We're inspected by an independent data protection authority that has full access to our data. Very important point because it establishes our credibility. Gives independent assurance that we're not exploiting the power that we have. Secondly transparency with our users. Are the police men and women who are sharing their data with us through our platforms. They're in control of that data. We shall only do with that data what we're explicitly consented to do by that individual. And thirdly this principle of proportionality that we have a very narrowly defined specifically defined purpose for why we were collecting and what we can do with that data. And all of that means we run a very tight ship which one might think is restrictive in operational effectiveness. Actually what it does is clean our data sets. Make sure that we actually don't have junk in our systems because we're not allowed to keep stuff that we've collected 20 years ago and not using it anymore. We're not allowed to have duplicate records or incomplete records and so on. So cleaner data sets give cleaner data operations. It trains the mind of the analysts to be more precise in the work that they do as well. And it's interesting as I reflect on what I'm seeing at the moment in other areas the importance of having this transparent accountable proportionate regime you shouldn't underestimate. Our operational imperatives, of course, are to maximise how much we can convert that intelligence into operational leads. But there's another potential that I've tried to focus on much more in the last three years from this rich data scene that we have. It gives us a great strategic insight and we can process it and understand it well enough. Then we really do understand the macro dimensions of crime and terrorism, how it is evolving. It can help us to influence in a positive way, policy making legislation and so on. And where we have become a bit more well known, a bit more reputable in terms of the impact that we're having, it also increases our influence. So from a more influential position in the public space with governments, with parliamentarians, we can use that because we're sitting on an insight that nobody else has. So when we were seeing across multiple operations that money launderers were habitually using the 500 euro note to move cash around borders because for obvious reasons you can move a million euros worth of it in a small briefcase, we also looked very hard at what the legitimate use of the 500 euro note seemed to be in the economy and we didn't see much evidence of that. So we went to central bankers, we went to policy makers, we went to the European Central Bank and said, this doesn't work, why are you still producing it? A lot of pushback, particularly from certain countries that still have a cultural preference to using cash, but in the end we prevailed along because we managed to get a community of support, managed to utilize our influence in the political game and ECB has now decided to stop producing new 500 euro notes. That's going to make the life of money launderers a bit more difficult in some cases, a lot more difficult and is an example of how we can convert our strategic awareness into real impact. Our latest and for me the final priority of that vein that I'm following is around anti-money laundering and here also there is so much to fix. Of course we have told ourselves that we should be following the money for the last 30 years I guess. An island should be proud indeed, the guard should be proud for its establishment of the criminal assets bureau as one of the very earliest forerunners of the way to follow the money very effectively. But as I look across the landscape of what Europe is doing as a whole, our records of following the money successfully are very, very poor indeed. And again using the insight that we have, we know the size of the criminal economy at least 120 billion euros, probably a lot more. We also run the network of asset recovery offices around Europe so we know down to the penny how much each year they're seizing of those criminal assets, 1%, just 1%. Now that's 1% despite the fact that we've built a very elaborate, very well resourced, very rigorously enforced anti-money laundering regime over the last 30 years. Legislation, we're currently up to the fifth anti-money laundering directive going through the European Parliament so you can't say we haven't got enough of that. There are armies of regulators in most countries enforcing highly specialized, strictly defined A to Z type regulations making sure that the banks do their job. If they don't they get multi-billion dollar fines and because of that is forced the bank to employ tens of thousands of compliance officers spending an estimated $15 to $20 billion a year running their compliance operations. All of that legislative regulatory effort, that huge amount of investment is giving us a 1% success rate and the figures in the US I'm told are even worse. So what's going on? I think it's really interesting, it's an example of strategic failure I think of systemic inertia in the community of the way in which this compliance-led concept and culture methodology has taken over. And we've lost sight of the real goal which is to stop dirty money getting through the system because the real goal now seems to be the way in which it works at least is the message to the banks are just be compliant. As long as you're compliant fine will move on. Forgetting the fact that the act of being compliant is no longer effective and why not because of this standardised brute force way in which it's based on the concept of transaction volume, high-high volume transaction monitoring. So every transaction that goes through the banking system is subject to a similar test of compliance. An algorithm is run on billions of transactions a day. These produced alerts, these alerts have to be manually reviewed by compliance officers. On average 5% of them only reached the threshold of being identified as suspicious, only 5%. So 95% of the time these armies of compliance officers are looking at noise. Of the 5% that go to the financial intelligence units as suspicious transactions, only 10% of those are taken any further because most of it is junk. So this enormous system that we've built is 10% of 5% successful. Now in my world, in our world in policing and law enforcement we've long since learned that you don't monitor a problem, respond to a strategic problem like that by monitoring every transaction in the same way. The problem of terrorism, we haven't responded to it in Europe by setting up an enormous regime that monitors everyone's activities just in case some of those produces an alert that could be suspicious activity of terrorism. Of course we wouldn't do that, it's disproportionate. The emphasis on intelligence, we start at the other end of the pipe by putting an emphasis on intelligence who other people are most likely to be the offenders and then use your system of regulatory control to target them. And the most frustrating thing is we have identified in Europe who the most likely offenders are currently working on some 400 top money laundering people in Europe who are the most adept at getting money through the system. 85% of it is still going through work. We know who they are. I just want to give those names to the 15 biggest banks in Europe and say don't want to worry about what Nora's doing with her savings accounts. I'll give you these names, at least some of your resources tell me what you know about the financial life of these people and I'm telling you that will be more than 1% successful in this intelligence here. And we can't do it because of the nature of the regulations and banking secrecy laws prevent that kind of free flow exchange of information. But especially across borders because we're an European institution we're barred from doing that. So it's a really interesting example of how the system still needs to grow up and evolve and respond to a more dynamic threat that when we try to create a very simple legal gateway for us to do precisely that by creating alongside the national networks of financial intelligence units a European financial intelligence unit at Europol, not to replace it just alongside to create that gateway for have direct contact. It was blocked by the national governments through the EU legislation process. So we've still got a way to go I think and as I'm drawing up, finishing up I think that's one of the lessons that we've made enormous progress by coming together as a concerted community. We've had to do that because of the nature of the threats in the way in which they become more complex and international. We've leveraged the effects of data and the power of networks especially and pursued a lot of I think essential reform. One final fact I would mention of course is that everyone's favourite topic of Brexit because what I'm describing is the need to have the most cohesive community for fighting these transnational threats. That's essentially driven what's driven our need to accelerate this change of coming more closely together over the last 30 years and on terrorism even more so in the last three years. Now we can't allow for a fracturing of that community of course in the near future which is why the security part of the Brexit negotiations are so important to make sure that we have the best possible cooperation also in the future. Nora, I'll wrap up there.