Annual Activity Report EUROPOL 2013 · support services) was put on the reserve list of IT...

Europol Unclassified – Basic Protection Level

The Hague, 22 May 2014 EDOC# 686763v10

Annual Activity Report EUROPOL

2013


Contents 1. ....................................................................................................3 Summary2. ................................................................................................5 Introduction

2.1. ......................................................................................5 Challenges of 2013

3. ..................................................................................6 Achievements of 2013

3.1. .................................................................................6

Summary of progress against the Europol Strategy 2010-2014 and the Europol Work Programme 2013

3.2. ....................................................7 Progress against the Work Programme 2013

4. ...........................................................8 Part I Key Activities and Achievements

4.1. ........................................................................8 Europol support to operations

4.2. ................................ 11 Investigator satisfaction with Europol operational support

4.3. ......................................................................... 12 Europol support to EMPACT

4.4. .............................................................. 12 EC3 (European Cybercrime Centre)

4.5. ...................................................................................... 13 External Relations

4.6. ........................ 15 Core systems for information exchange, storing and processing

5. .................................................................................. 19 Part II Management

5.1. .................................................................................... 19 Management Board

5.2. ........................................................... 19 Budgetary and financial management

5.3. ........................................................................................... 20 Revenue 2013

5.4. ...................................................................................... 20 Expenditure 2013

5.5. .............................................................................. 22 Human Resources 2013

5.6. .......................................................................................... 22 Data Protection

5.7. .................................... 23 Assessment of audit results during the reporting year.

5.8. .......... 25 Follow up of reservations and action plans for audits from previous years

5.9. ................................... 26 Follow up of observations from the discharge authority

5.10. ............................................................................................. 26 Reservations

6. ............. 26 Part III Assessment of the effectiveness of the internal control systems

6.1. ................... 26 Risk assessment by the IAS regarding Europol’s process landscape

6.2. ............................. 27 Compliance and effectiveness of Internal Control Standards

6.3. ......................................................................... 27 Risk management activities

Annex A Work programme objectives key output/outcomes

Annex B KPI performance

Annex C Major Decisions taken by the Management Board in 2013

Annex D Financial Statements (draft final accounts)

Annex E Declaration of assurance issued by the Director of Europol (Authorising Officer)

Annex F Risk Management 2013

Annex G Analysis and Assessment of the Annual Activity Report by the Management Board

2


1. Summary

Progress against the Europol Strategy (2010-2014) and Work Programme 2013

- Good progress was recorded for 62% of the KPIs able to be measured at the end of 2013. For a number of KPIs the result improved significantly throughout the year or compared with last year, notably for the percentage of SIENA messages accepted and processed by Europol, number of objects and persons in the EIS and budgetary outturn 2013.

- In the process of reallocating resources to enable the establishment of EC3, the scope and timing of some planned initiatives contained in the WP2013 were affected by the re-prioritisation and others were unable to be fully implemented. However, despite this, very good progress was made on 83% of the WP 2013 objectives.

- Some progress was made in relation to augmenting Europol’s position as a central EU platform for capacity building in the fight against violent extremism; optimising the operational impact of the new AWF concept; delivering the new generation of the Europol Analysis System (EAS) and strengthening Europol’s financial intelligence capabilities (via FIU.NET integration).

Key activities and achievements

- Overall, the general trend inspired by the Europol Strategy towards a greater concentration on operational activity continued in 2013; the upward trend of number of MS operations supported increased while level output was achieved in relation to the provision of reports and other products and services.

- EMPACT priorities were fully supported via the EMPACT Support Unit (ESU) within existing resources, including the provision of logistical support for the development of OAPs and the development of a more effective monitoring system.

- In its first year of existence the major achievements of the EC3 included: the development of the forensic lab, development of the Multi-Disciplinary Centre for Cyber Innovation (MDCCI) and the delivery of several ICT tools and applications for the specialised processing of cybercrime related-data. The requests for EC3 support of large scale cross-border investigative action increased significantly in the course of 2013.

- Europol continued to enjoy close cooperation with its key partners including Eurojust, INTERPOL, CEPOL and the United States of America.

Europol’s core systems

- The average number of SIENA messages exchanged per month increased by 10% between 2012 and 2013 reflecting a continued trend of increased usage of SIENA by MS and Third Parties. The reach of SIENA was extended and a total of 13 Third Parties and 452 Competent Authorities were configured in SIENA by the end of 2013 (compared to 343 in 2012, an increase of 32%).

- The quantity and quality of information contained in the EIS improved due mainly to the “Bad boys” initiative and in particular the upload of 17,000 top criminals by The Netherlands. When the new data was entered into the system, it triggered over 600 hits with investigations in Member States and Third Parties.

- Overall, implementation of the new Europol Analysis System (EAS) progressed and revised planning provided a more realistic outlook. There is some risk associated with the delivery of the EAS due to delays with the ECM project and related interdependencies. The expected go live date of the new Europol Analysis System is the end of Q2 2014.

- At the end of 2013, there were 33 Europol Platform for Experts (EPE) platforms open to external users. Together, these online communities cover a wide range of expert domains. There were 4,419 registered users on the EPE.

Financial and Human resources

- At 98.6%, the target of at least 95% implementation of commitment appropriations was achieved and virtually the same as the final implementation rate in 2012. The overall payment rate was considerably higher than in 2012 (87% compared to 79%). The Management Board decided to carry forward to 2013 a total of € 16.3M payment appropriations to cover existing commitments. The final implementation rate of the carry forward was 91.1% at the end of the year, which is 8.2% higher than the implementation of

3


the carry forward in 2012. However, the target of not exceeding more than 5% of unused carry forward was not reached.

- Although the internal target for the carry forward from 2012 to 2013 was not reached by 4% the overall "under spend" for payment appropriations is still well within the limits.

- The vacancy rate at the end of 2013 was 3.9% achieving the target of below 4% (a total of 18 established posts were vacant).

Internal Control and Risk Management

- In 2013, the European Court of Auditors (ECA) issued the assurance statement on the 2012 annual accounts of Europol. The ECA viewed Europol's accounts overall as reliable, thus providing a positive statement of assurance on the reliability of the accounts, as well as the legality and regularity of the underlying transactions (e.g. procurement, recruitment etc.) across the organisation. The key improvement area highlighted by the ECA in the assurance statement regarding the 2012 annual accounts concerns the aspect of budget implementation (payment rates across the budget and (cancellation of) carry-forwards which were addressed by Europol as a matter of priority.

- In the areas supported by the IAF, nine of the 13 recommendations issued in 2013 (as part of 5 dedicated audit reports issued by the IAF) were implemented. The remaining recommendations related to human resource matters concerning staff employed under the previous legal framework of Europol (included in the work planning for 2014).

- Risk management activities focused on: Information security and project related risks (as part of the transformation programme regarding the Europol Corporate Network (ECN) and the Europol Operations Network (EON); and compliance expectations by Europol’s assurance providers (in particular concerning adequate levels of budget implementation, including the management of carry-forwards).

Building blocks towards the declaration of assurance

- Europol has responded diligently to comments of the ECA, IAS and IAF. There have been no reservations regarding the presentation of the final annual accounts to the discharge authority

4


2. Introduction The following report is submitted on behalf of the authorising officer of Europol on duties performed and the organisation’s activities in 2013. It is presented in accordance with Article 40(1) of the Financial Regulation Applicable to Europol1 and as such will be forwarded together with an analysis and assessment of the report by the Management Board, to the budgetary authority and the Court of Auditors.

Guided by the Europol Strategy 2010-2014 and through the implementation of the annual Work Programme, Europol provides a wide range of strategic and operational products and services to national law enforcement agencies in order to support them in their fight against serious international crime and terrorism. The Strategy contains Key Performance Indicators (KPIs) directly related to strategic objectives for which annual targets are devised. These KPIs are reviewed annually to verify that they adequately measure the progress and impact of Europol’s work.

The current report presents the 2013 activities and results of these, with reference to objectives set in the Work Programme 2013 and risks associated with these activities. The core business activities of Europol include: operational and analytical support to Member States and core systems for information exchange, storing and processing (see Annex A for detailed reporting). This report also outlines the performance in relation to the strategic objectives contained in the Europol Strategy. Furthermore, this report provides an overview of the resources expended, audit results and the efficiency and effectiveness of the internal control system.

Future developments for 2014 have been identified throughout this report.

2.1. Challenges of 2013

In 2013, following the final decision by Council and Parliament on the EU budget for Europol and the subsequent approval of the Europol 2013 budget by the Management Board, the MB requested Europol reallocates resources in favour of the EC3 whilst minimising impact on its core activities as far as possible. Resources were shifted from other parts of the organisation, impacting on not only the operational capacity of the affected business areas, but also on the other services that faced an increased workload to support the establishment of EC3 (ICT, legal, finance, HR, procurement and communications). In the process of reallocating resources to enable the establishment of EC3 it was inevitable that the scope and timing of some substantial initiatives were affected by the re-prioritisation, or postponed until 2014 including:

- A number of EC3 services as envisaged in the scenario that was presented to the MB in December 20122 (e.g. 24/7 scanning of open and Law Enforcement source intelligence, large-scale malware analysis).

- The integration of Check the Web into the Europol Platform for Experts (postponed to early 2014).

- The Unified Search Engine (USE) for SIENA (i.e. interface with national systems), interface with (new) Europol Analysis System; access for ELOs/ENUs, analysis and tender procedure to procure cross-matching platform and implementation support services) was put on the reserve list of IT initiatives for 2013

- The full integration of FIU.NET into Europol will not be finalised in January 2014 as initially envisaged but at a later stage

Lastly, in the course of the year, 20 staff members resigned unexpectedly (i.e. resigned 10 months or more before the expiration of their first or second contract). Most of these were key posts in project management and analysis. In general, the departure of these staff had a negative impact on the efficiency of the concerned

1 Financial Regulation Applicable to Europol (2010/C 281/01) published 16.10.2010 (Official Journal of the European Union) 2 “Update on the European Cybercrime Centre”, item 09c on the agenda of the 85th meeting of the Management Board, 11-12 December 2012 (EDOC#642106v3).

5


teams. Moreover, a number of these unforeseen resignations had a direct impact on the implementation of the Project Portfolio and the Work Programme 2013 as outlined above.

3. Achievements of 2013

3.1. Summary of progress against the Europol Strategy 2010-2014 and the Europol Work Programme 2013

The Work Programme 2013 and the more detailed internal Work Plan 20133 were the main mechanisms through which the Strategy was implemented and monitored in 2013. The Work Plan contains lower-level performance indicators that measure the implementation of planned actions to achieve the Work Programme objectives. Progress against the Work Plan is reported internally on a quarterly basis. The goals of the Europol Strategy are as follows:

Goal 1 Europol will function as the principal EU support centre for law enforcement operations

Goal 2 Europol will become the EU criminal information hub

Goal 3 Europol will expand its capabilities as an EU centre for law enforcement expertise

Goal 4 Europol will grow as a modern, efficient organisation with the best resources, effective governance arrangements and a positive reputation

3.1.1. Progress against Strategy KPIs 2013 Good progress was recorded for 13 (62%) of the reported 21 KPIs at the end of 2013 (see Annex B for complete list). For a number of KPIs the result improved significantly throughout the year or compared with last year:

Percentage of SIENA messages accepted, processed by Europol

Number of objects and person objects in the EIS

Budgetary outturn 2013

Some attention was called for 8 KPIs:

KPI Outcome

Percentage of all SIENA messages shared with Europol (target of 70%)

Result was 66%. Following the KPI review this KPI will only be monitored internally as of 2014

Number of SIENA requests and for information messages sent by Europol to external partners (HQ/TP)

The result was 17% below the set target for 2013. The result however for information exchange from external partners to Europol did exceed the set 2013 target by 9%.

Percentage of Europol actions defined in the Operational Action Plans implemented by Europol

At the end of 2013, 80% of all actions for which Europol was Action Leader were implemented (it was decided not to establish 2 new Focal Points (West Africa and MOCG)

User satisfaction with analytical reports provided to high profile operations/ investigations (target of 8.3)

The average at the end of 2013 (7.9) was slightly below the set (increased) target

Number of EIS searches The total number of EIS searches in 2013 (306,434) was 33% below the end of year target (454,000) but 12% more than in 2012. The set target for 2013 was based on the MS’ individual targets and very ambitious. It is believed that the Search Web Service to automatically search the EIS from national systems could significantly improve the situation

Average number of visits per day on the EPE (target of 400/day)

At the end of 2013 on average 110 visits per day were counted on the EPE. However, the current measurement does not reflect the real usage of the EPE. Therefore, as agreed by the

3 Where 71% of activities (138) were achieved or good progress made, some progress on 10% and limited progress on 4%. 15% of activities were postponed due to: the reorganisation (5), closed projects and/or integrated into the EC3 (5), related to other IT dependencies (3), implementation of the NAC (3), Budget (2) and the EAS tender (1).

6


Directorate, new KPIs will be monitored as of 2014

Audit recommendations graded as critical implemented by improvement measures within twelve months (target of 75%)

Overall 54% of audit recommendations had been implemented. Structural topics remain ongoing: asset and contract management, procurement and supporting evidence / formal requirements for the payment of allowances. Related activities and projects are planned in 2014 and will address a number of the outstanding recommendations.

Delivery of projects and programmes according to targets (target of 75%)

Result of 56%. The 2013 ICT Workplan was revised in June 2013 due to resource constraints (e.g. unexpected resignation of ICT project managers and long term absences for medical reasons), 2012 work spill-over due to the end of year reorganisation and delays due to lack of delivery from contractors. As a result of revised planning a number of 2013 initiatives will be completed in 2014. Consequently the outcome of the KPI target is lower than the original plan. Despite these constraints, 14 out of 25 initiatives/releases were delivered within the year boundary.

3.2. Progress against the Work Programme 2013

Despite the significant challenges imposed by the resource prioritisation as outlined above and notwithstanding the delays in ICT project and activity/project scope limitations, Europol was able to establish the new task of the EC3 and still effectively deliver against its Work Programme.

The 23 annual Work Programme objectives were assessed on the basis of performance against associated Work Plan4 activities, performance indicators and targets (see Annex A for more detail on output/outcome per objective). Figure 1 shows the achievement of objectives by Goal area.

Figure 1 Achievement of WP2013 objectives by Strategic Goal area

Goal 1 EU Support Centre for Operations

100%

Very good progressSome progress

Goal 2 EU Criminal Information Hub

50% 50%


Goal 3 EU Centre for LE experts

17%

83%Very good progress

Some progress

Goal 4 Modern and Efficient Organisation

100%


Based on the assessment of progress made against Work Plan objectives, very good progress was made on 83% of the Work Programme objectives (19). Some progress was made on the remaining four objectives. These were:

▪ Augment Europol’s position as a central EU platform for capacity building in the fight against violent extremism

▪ Optimise the operational impact of the new AWF concept

▪ Deliver the new generation of the Europol Analysis System (EAS)

▪ Strengthen Europol’s financial intelligence capabilities, linking money flows to criminal activities and following up on the identified links (FIU.NET integration)

Some initiatives from the Work Programme 2013 were not fully implemented at the end of the year including:

- The EAS project (first release of the new system completion and roll-out estimated for completion only in 2014).

- SIENA 2.4 and 2.5 postponed to 2014 (including structured information exchange (UMF), Architecture improvements, training improvements, integration with National Systems enhancement (incl. UMF), administration tool improvements).

- Within the Universal Message Format 2 Interoperability Coordination Programme (UMF2) structured communication on SIENA and governance structure for the

4 Organisational-wide internal plan elaborated in order to implement the Work Programme

7


framework were not completed. The Commission approved the extension of the UMF2 programme until end May 2014 to allow its finalisation.

- No strategic partnerships (MoU) with the private sector were established. However, four MoUs were in progress between Europol (EC3) and Microsoft (signed on 12.02.2014), Trend Micro, Symantec and McAffee.

- The compliance management framework project was de-prioritised in 2013.

- A number of the initially planned deliverables of projects to further improve ICT support services were delayed and will only be finalised in 20145.

- The roll-out of the new Enterprise Content Management System, including Intranet functionalities, Document Management, scanning integration and basic Records Management functionalities which was planned in 2013 with a view to gain efficiency and cost savings was delayed.

For the complete overview of progress against objectives see Annex A.

3.2.1. Allocation of budget to Work Programme The difference between the initial 2013 budget of € 90,833,000 as reflected in the WP2013 and the final 2013 budget of € 82,520,500 was € 8,312,500 (€ 5m of which related to planned funding for JITs).

Overall, 27% of the committed budget (exc. Salary costs) and 55% of posts were allocated to operational Goals 1 to 3 (see Figure 2). 22% of the committed budget and 23% of posts were committed to Goal 4. Almost half the budget (47%) but only 14% of posts was committed to ‘ongoing management and support’ including ICT services, facilities, internal governance, management and administration).

Figure 2: Budget committed to Strategic Goal and supporting areas

0% 10% 20% 30% 40% 50% 60%

Ongoing mgmt and support (incl. ICT services,Facilities, internal governance, management and

administration)

MB meetings WG and MB Sec

JSB

IAF

DPO

Security

Goal 4

(Op) Goal 1-3

Posts

Committedbudget

4. Part I Key Activities and Achievements

4.1. Europol support to operations

Overall, the general trend inspired by the Europol Strategy towards a greater concentration on operational activity continued in 2013; the upward trend of number of MS operations supported through the three AWF and 22 Focal Points ,continued

5 The implementation of the Facilities Management System, Payrol, Flexitime (Time tracking), Recruitment module of the HR System, a number of planned enhancements of the IAM functionalities such as single sign-on functionality for EIS and CtW, integration of HR system, completion of the integration of the EAS and UAS. The following Network Security Improvement activities will only be finalised in 2014: vulnerability management solution implementation, improve Segmentation Operations and Support Network

8


while level output was achieved in relation to the provision of reports and other products and services.

An internal analysis of the operational capacity in terms of demand for service, operational outputs and delivery limits was conducted in early 2014. The results of which were:

o Based on SIENA statistics over the last three years, there is a clear increase in traffic and contributions to AWF/FP which, has resulted in an increased need to process more data.

o It is clear the MS have increasingly high expectations of Europol and that to date Europol has been able to deliver a consistent level of quality.

o It is also apparent that with the level of resourcing and structure of the AWF/FP, at the end of the 2013, Europol was approaching the end of its capacity to deliver at the same level as in previous years.

o There is room to improve efficiency, particularly in relation to the information workflow.

o The predicted increase in contributions needs to be considered in terms of the overall strategic approach to supporting MS operations and the organisation of resources. The negotiation and agreement of Service Level Agreements (SLAs) with the MS would be a positive development in terms of clarifying expectations, data requirements and delivery service levels.

Improvement actions

Implementation of recommendations contained in the analysis above including: revision of the workflow process, development of SLAs and work on definitions of quality in relation to operational products and services.

4.1.1. Operations supported via AWF/Focal Points In 2013, Europol used its information capabilities and operational expertise to support competent authorities in EU Member States in 18,310 SIENA cases initiated; an increase of 15% over 2012. Europol actively supported close to 700 MS investigations (with at least one product or service) of which around 80 were considered high profile (meaning they were EMPACT-related or had substantial resources devoted to them: three or more products or services). At the end of 2013, 2,381 operational reports were delivered (cross match, operational analysis and other operational reports including 131 hit notifications) which, is a decrease of 37% compared to 2012. However, as a result of implementing the new AWF concept, Hit Notifications became a less relevant product and discontinued as agreed with the HENUs. Excluding Hit Notifications then, 5% more operational reports were produced in 2013 compared to 2012: 2,141 operational reports in 2012 and 2,250 in 2013.

The number per type of operational support services provided by Europol to the MS investigations is shown in Table 1 below. The delivery of products and services was about the same level as in 2012. There were 213 requests for funding to attend operational meetings all of which were granted (plus one carried over from 2012). In total, 91% of the available budget was disbursed (€501,185). Europol also financially supported 39 euro counterfeiting investigations in 2013 with a total amount of €178,124 (€149,310 in 2012) resulting in more than 70 arrests, the dismantling of 6 illegal print shops and the seizure of counterfeit Euros with a total face value of over 6.5 million.

9

Case study One

Operation Lionfish: Operation Lionfish was a Joint Maritime Law Enforcement Operation against organized crime, led by INTERPOL under the banner of the Integrated Border Management Task Force, and in conjunction with the Caribbean Customs Law Enforcement Council and the World Customs Organization (WCO) which targeted cocaine and illicit firearms trafficking in the Caribbean basin. It involved 29 countries and territories of the Central American and Caribbean region, France (FR), Netherlands (NL), INTERPOL, WCO and Europol. Europol provided a mobile office on the spot used to cross check (against EAS/EIS) more than 5,600 persons and 1,200 vessels. As a result, four cross match reports were drafted, one to ES and CO, two for the UK and one for DE, DK and NL. The operation resulted in seizure of 41 firearms and 2,086 ammunitions, 4,449 kg of marijuana; 21,252 kg of cocaine and 8,175 kg of precursors and the confiscation of 77,607 US dollars. More than 110 individuals were arrested.


Table 1 Number by type of operational support provided to MS

Case study Two

Operation JPO EUROPE 2013: The Joint Police Operation (JPO) targeted vehicles stolen in the EU and smuggled eastwards, by deploying joint EU- Western Balkans (WB) patrols on the ground. This action, led by IT and supported by several other EU Member States (MS), was one of the key planned activities developed in the framework of the EMPACT Project on Western Balkans. Europol supported this case from the beginning. A preparatory operational meeting was organised in SI by Europol a few months before the action. During the action days a Europol official was deployed in AL. Thousands of law enforcement officers were deployed on the field while Europol organised an Operational Room at its premises to ensure fast cross-check of data and significant coordination function for police, custom/border guards and judiciary. During 3 days, police forces involved carried out 328,000 checks with 7,300 positive hits, and seized 129 vehicles (among them stolen cars, trucks, construction machineries and others) to an estimated value of nearly 2 million euro. 49 persons were arrested for trafficking of stolen vehicles as well as for possession of drugs and weapons, falsified documents and illegal immigration charges.

Type of operational support (no. times provided) Total 2013 Total 2012

Forensic/technical support6 651 634

Operational meetings funded7 214 208

EMPACT meetings financially supported8 36 30

Euro counterfeiting operations financially supported9 39 30

Mobile office (on the spot analysis) 90 91

Mobile Forensic IT Kit (on the spot) 56 28

Use of Operations Rooms for op. support/coordination 10 12

Use of the Multi Disciplinary Centre for Cyber Innovation (MDCCI) for operational support/coordination (EC3)

11

Use of secure video conferencing facility for op. coordination 10 14

24/7 on call 21 21* *The number of times a Europol staff member was required to return to Europol HQ after office hours for urgent operational support related to actions in the MS

6 For example, identification of printing devices and raw materials used for counterfeiting 7 As of 31.12.2013, €501,186 for operational meetings was paid out (91% of the available budget). € 7,000 out of € 48,814 carried forward to 2014 is expected not to be used i.e. 1.3% of available 2013 budget 8 As of 31.12.2013, €255,649 for operational meetings was paid out (93% of the available budget). € 7,000 out of € 19,351 carried forward to 2014 is expected not to be used i.e. 2.5% of available 2013 budget. 9 €178,124

10


Case study Four

JIT VETO: A major investigation involving Europol and police teams from 13 European countries has uncovered an extensive criminal network involved in widespread football match-fixing. A total of 425 match officials, club officials, players, and serious criminals, from more than 15 countries, were suspected of being involved in attempts to fix more than 380 professional football matches. The activities formed part of a sophisticated organised crime operation, which generated over €8 million in betting profits and involved over €2 million in corrupt payments to those involved in the matches. Led by Europol, Germany, Finland, Hungary, Austria and Slovenia, it was also supported by Eurojust, Interpol and investigators from eight other European countries. The investigation coordinated multiple police enquiries across Europe and was facilitated by intelligence reports from Europol, based on the analysis of 13,000 emails and other material, which identified links between matches and suspects and uncovered the nature of the organised crime network behind the illegal activities. The investigation has since led to several prosecutions in the countries involved, including Germany where 14 persons were convicted and sentenced to a total of 39 years in prison.

Case study Three

Operation In Our Sites III: Europol and US Immigration and Customs Enforcement's (ICE) - Homeland Security Investigations (HSI) - teamed with ten law enforcement agencies from Belgium (BE), Denmark (DK), France (FR), Hungary (HU), Romania (RO), Spain (ES), United Kingdom (UK), Hong Kong (HK), to seize hundreds of domain names that were illegally selling counterfeit merchandise online to unsuspecting consumers. Europol's contribution: Operational coordination as well as analytical and technical support and advice. Europol and participating MS Liaison Bureaux were involved in order to discover and target the domain names and prepare adequate action. 706 domains were seized in total. The US ICE IPR Centre accounted 297 domain name seizures in the US. Through Europol Member States, BE, DK, FR, HU, RO, ES and UK 393 domain names were seized. Operations were also conducted by HK Customs, which seized 16 domains. The last domain names seized under Operation IN OUR SITES III - TRANSATLANTIC bring the total number of IOS domain names seized to 2,550 since the operation began in June 2010

4.2. Investigator satisfaction with Europoloperational support

From 1 January 2013 until 31 December 2013, surveys of 23 operations were completed by 45 investigators. The operations, supported via the SOC Focal Points, were selected from the list of High Profile Operations. The overall response rate was 80%.

The end of year results were positive:

“Engagement with Europol experts was at the highest level and the good exchange resulted in excellent results”

(Respondent PL)

▪ While the target for user satisfaction with operational support (average rating) was achieved, the (increased) target for user satisfaction with analytical reports (average rating) was not. Both the average scores for 2013 were in the high value range.

▪ Overall, the ratings for operational services for 2013 were quite high with the lowest rating still well within the satisfactory range.

▪ Europol support played a significant role in achieving some outcomes for the MS including notably for 2013, those not usually rated as highly as other outcomes (e.g., increased networking) i.e. seizures, dismantling labs and criminal network groups and arrest of suspects. These scores were obtained in relation to a variety of operations supported.

“Europol officers were partners of the investigation team on a daily basis. They were collecting and transmitting important information from all the MS, they assisted in identification of modus operandi, suspects etc. The operational meetings, during which relevant officers of other countries could be met, would not take place without the support of FP EEOC”.

(Respondent CZ)

▪ The positive difference in the mean scores between 2010 and 2013 for the extent to which investigators believed the support provided by Europol influenced the operational outcomes achieved is statistically significant indicating a real difference and suggesting that since 2010 Europol

“It is worth noting the speed of response and the capacity to interact with other European police organisations”

(Respondent IT)

11


has increased its value to the MS in terms of influencing operational outcomes.

4.3. Europol support to EMPACT

The 2013 EU SOCTA was delivered to operational and policy stakeholders in March 2013 and threat assessment produced for each priority area. The Serious and Organised Crime Focal Points were aligned with the EMPACT priorities.

In 2013, the EMPACT projects entered the second of a two-year cycle to target the eight crime areas identified by Council as priorities based on the Europol Organised Crime Threat Assessment (OCTA 2011). The projects were supported by Europol, Eurojust, FRONTEX, CEPOL, Council General Secretariat, Commission, Interpol, EMSA, EMCDDA, OLAF and third parties.

The Europol EMPACT Support Unit (ESU) fulfilled its tasks and obligations laid out in the EMPACT Terms of Reference including, six-monthly reporting to National EMPACT Coordinators (NEC) and COSI meetings and the elaboration of the bi-annual status report (Europol Director's Report on the EU Policy Cycle and EMPACT) based on the monitoring carried out through the year by the ESU, the drivers’ reports and EMPACT Support managers’ reports (presented at the NEC meetings and to COSI).

In order to promote EMPACT priorities, the ESU made a series of presentations about EMPACT and the Policy Cycle to visiting delegations and in various fora, such as ARO network, CCWP and The Network for the Administrative Approach.

In providing logistical support, the Europol organised and supported the OAP 2014 drafting meetings held at Europol in October. The OAPs were subsequently presented to the NECs, COSI SG and adopted by COSI. The ESU also created and launched the EMPACT Europol Platform for Experts (EPE) in time to support the 2014 -17 EU Policy Cycle of which there are now 185 members.

For the Policy Cycle 2014-2017, the EMPACT Support Unit (ESU) developed a more effective monitoring system both to support the EMPACT Drivers in proactively managing their projects and to fulfil the monitoring functions assigned to ESU.

Europol notes, the different levels of MS engagement and commitment to EMPACT-related meetings. The success of an EMPACT project depends highly on the expertise and commitment of the individual project members. Therefore the MS are encouraged to ensure that their representatives are engaged in the meeting – and that they engage the MS in the priority.

4.4. EC3 (European Cybercrime Centre)

The European Cybercrime Centre (EC3) was launched in January 2013 to strengthen the law enforcement response to cybercrime in the EU and thereby help protect European citizens and businesses. The establishment of a European Cybercrime Centre was a priority in the EU Internal Security Strategy10.

In this first year of existence the major achievements in the establishment of EC3 included:

▪ The support of over 50 major international operations

▪ The development of the forensic lab that provides a professional and fully equipped environment for technical support in digital forensics;

▪ The development of the Multi-Disciplinary Centre for Cyber Innovation that provides a dedicated, technically suited environment for collaboration between law enforcement, private sector and academia on specific projects;

▪ The delivery of several ICT tools and applications for the specialised processing of cybercrime related data, including two versions of the malware analysis solution, a large-file exchange tool, an encryption/decryption platform and an instant messaging facility within the communication platform.

10 The EU Internal Security Strategy: five steps towards a more secure Europe. COM(2010)673 final, 22 November 2010.

12


The requests for EC3 support of large scale cross-border investigative action increased significantly in the course of 2013. This shows that Member States and cooperation partners clearly see the benefit of joining forces internationally and seizing the opportunity of the capabilities that EC3 offers in this respect.

In its other tasks, such as training and capacity building, strategic analysis and digital forensic support, EC3 has in its first year delivered important products and services to EU law enforcement.

The initiation of important partnerships was a feature of 2013 - not only with law enforcement authorities involved in combating cybercrime, but also with CERTs (Computer Emergency Response Teams), important internet and financial services companies, anti-malware industry, software manufacturers and universities. In addition, cooperation with the European Commission and agencies like CEPOL, ENISA and CERT-EU was very positive including the posting of a Eurojust cyber-liaison officer to EC3.

In relation to resourcing the Conciliation Committee of the Council and the European Parliament has voted for an increase of the Europol budget by €1.7 million and 2 posts for 2014, from which EC3 should also benefit. Furthermore, as from 2015 a budget increase is envisaged to strengthen the IT capabilities of Europol, including those in support of fighting cybercrime11. Although in financial terms this is very welcome, the question remains whether - in terms of staffing - EC3 will be able to cope with the steep increase of its workload. For example, a pilot in the area of processing large quantities of data from NCMEC (via US ICE) to identify investigative leads in the area of Child Sexual Exploitation is being conducted by EC3 with eight small MS from which, Europol receives 300 reports per month. If the pilot should be successful and of interest to larger MS (UK, DE and NL), thousands of cases would be reported to Europol monthly. It would not be possible to exploit this data given the current level of staffing and the opportunity to have real operational impact in the area of CSE would potentially be lost. Developments 2014

EC3 Operations: Malware Analysis Sandbox Evolution, Victim ID Solution, Open Source scanning and analysis solution.

EC3 – Forensic IT Environment (FITE): FITE storage expansions, FITE Domain tools, expand FITE with hardware/software to cover for organisational growth, reserve consultancy for supporting new forensic tools

4.5. External Relations

Europol has cooperation agreements in force with 18 non-EU countries12, ten EU entities13, and three other international organisations14. There are two types of agreements Europol concludes with its partners. Strategic agreements make it possible for the two parties involved to exchange all information with the exception of personal data, while operational agreements also allow the exchange of personal

11 A horizontal assessment of the necessary resources for decentralised agencies over the period has been performed recently and resulted in Communication COM(2013)519. This Communication states that, over the period 2014-2018, Europol may receive 15 additional posts, as well as the corresponding appropriations. Combined with the 5 % staff reduction and the annual levy for the redeployment pool, this results in the total number of posts decreasing from 457 in 2013 to 427 in 2020. Finally, the EU contribution to the agency is intended to be increased in 2015 to further develop the IT tools necessary to carry out its extended mandate, both for data collection and treatment, and for cybercrime related ICT tools. The net effect of this increase is yet to be determined. 12 Albania (signed in 2013), Australia, Bosnia and Herzegovina, Canada, Colombia, former Yugoslav Republic of Macedonia, Iceland, Liechtenstein (2013), Moldova, Monaco, Montenegro, Norway, Russian Federation, Republic of Serbia, Switzerland, Turkey, Ukraine, United States of America. 13 CEPOL (European Police College), ECB (European Central Bank), ECDC (European Centre for Disease Prevention and Control), EMCDDA (European Monitoring Centre for Drugs and Drug Addiction), Eurojust, European Commission, Frontex (The European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union), INTCEN (EU Intelligence Analysis Centre), OHIM (Office for Harmonization in the Internal Market ) and OLAF (European Anti-Fraud Office). 14Interpol, UNODC (United Nations Office on Drugs and Crime) and WCO (World Customs Organization).

13


data. In 2013 significant progress has been made in the process of concluding cooperation agreements with a number of partners, specifically in the Western Balkan region.

As in previous years, Europol continued its close cooperation with other EU agencies and organisations active in the areas of freedom, security and justice

Eurojust remains an important partner of Europol at a strategic and operational level. The mutual participation in operational meetings and the joint support to Member States' Joint Investigation Teams forms the basis for daily cooperation. The annual conference for national JIT experts took place at Eurojust. The extension of SIENA to Eurojust is a mile-stone for improved communication. Both agencies also strive for synergies at the administrative level with a view to make efficiency gains in times of financial austerity. Eurojust has been involved from the beginning in the planning of the European Cybercrime Centre located at Europol as a member of its programme board. Eurojust have a designated employee dedicated to European Cybercrime Centre on a part time basis to support the work of the Centre.

Europol actively supported the strengthening of ties between Freedom, Security and Justice (FSJ) and Common Security and Defence Policy (CSDP) initiated by the European External Action Service (EEAS). Europol’s relations with CSDP missions, EULEX in particular, continue to be subject of bilateral consultations. This led to further enhancement of the existing cooperation mechanisms. Both parties aim to develop a more robust and structured framework for cooperation. Mutual awareness rising, improved exchange of information on criminal and terrorist threats and enhanced cooperation between Europol and CSDP missions are issues of primary importance.

Throughout 2013, Europol has been supporting FRONTEX Joint Operations HERMES (Italy), AENEAS (Italy), INDALO (Spain) and POSEIDON SEA (Greece), which are aimed at combating illegal migration by sea in the Mediterranean. Following the Lampedusa tragedy on 3 October 2013, where over 360 migrants died at sea off the coast of Italy, in coordination with FRONTEX, Europol launched a mission in support of Italian authorities in the fight against facilitated illegal immigration by sea. Data obtained was cross-checked in Europol databases revealing hits with ongoing investigations in several countries. In 2013 Europol and FRONTEX signed a Memorandum of Understanding on the deployment of a secure line between both agencies, which should allow a SIENA connection in the near future.

Europol and Interpol continued their close cooperation throughout 2013. A new Joint Annual Action Plan was concluded following the successful implementation of its predecessor. In line with Europol’s strong involvement in the implementation of the EU policy cycle for serious international and organised crime, Europol is seeking to further involve Interpol in several EMPACT projects. Interpol is a participant in four EMPACT projects. These include the priorities of West African and Western Balkan organised crime, trafficking in human beings and mobile organised crime groups. Interpol is an Action Leader in the West African priority and the partnership between Europol and Interpol is particularly valuable in relation to activities in, and engagement with, countries outside the EU, especially those that rely on Interpol as their principal international law enforcement coordination and support network. Preparations for the involvement of Interpol in the new Policy Cycle 2014-2017 were ongoing. Following the opening of the European Cybercrime Centre in early 2013 and with a view to the opening of the Interpol Digital Crime Centre in Singapore in 2014, Europol and Interpol convened several meetings during 2012 to discuss synergies in the fight against cybercrime, including the Europol-Interpol Cybercrime Conference which will continue to be held annually in The Hague and Singapore. Both organisations are represented in each others’ governing boards in an advisory function.

The establishment of an effective working relationship between the European Anti-Fraud Office (OLAF) and Europol was discussed in a number of meetings at various

14


levels. A number of fields, such as customs cooperation and the protection of the euro against counterfeiting, in which the two entities could develop closer ties, were identified. Thus, the establishment of a joint working group was agreed, so practical aspects of cooperation can be discussed area by area.

Throughout 2013, Europol continued to support CEPOL’s courses and assisted in a number of training activities, including work on common curricula, e-learning, and webinars. In line with its own operational training strategy, Europol is streamlining its training activities in coordination with CEPOL. Europol and CEPOL have jointly developed a course on the EU policy cycle for serious and organised international crime, which was launched in 2012. Moreover, both agencies co-hosted National EMPACT Coordinators’ meetings and EU Policy Cycle Drivers’ preparation meetings, both to help ensuring the smooth implementation of the Policy cycle by training the most relevant actors involved.

Very good cooperation with the United States of America continued throughout 2013 with the USA Liaison Bureaux at Europol now consisting of 15 members, representing nine USA agencies. Various USA agencies participate in 13 Focal Points and the number of SIENA messages exchanged increased by 130% between 2012 and 2013. Work was ongoing to improve cooperation with the USA in relation to the exchange of information between EU and the USA on payment card fraud.

Key statistics

Whereas, the number of SIENA requests and for information messages sent by external partners to Europol increased by 20% compared to 2012, slightly less information was sent from Europol to external partners than in 2012.

13 cooperation partners now have direct access to SIENA (compared to 12 in 2012)

The number of messages exchanged with INTERPOL was 1,188 (an increase of 52% cf. 2012)

The number of messages exchanged with Eurojust was 2,251 (an increase of 210% cf. 2012)

The number of messages exchanged with the USA was 5,242 (an increase of 130% cf. 2012)

Developments 2014

The development of structured bilateral relations or the upgrade of existing frameworks for cooperation with a number of partners, notably OLAF, the EEAS or FRONTEX, remains a priority. So, is the enhancement of relations with Eurojust. The upcoming OLAF regulation will require the establishment of new administrative arrangements between Europol and OLAF

Europol seeks to engage FRONTEX with a view to initiate negotiations on an operational agreement. The main objective of such an agreement is to establish provisions on the exchange and transmission of personal data. It should also provide a framework for wider cooperation, including the harmonisation of definitions, working terms and processes for data collection from MS.

With the conclusion of operational cooperation agreements with Albania and Serbia (still to be ratified) and the advanced negotiations with Bosnia-Herzegovina and Montenegro most Western Balkan countries now have a framework for operational cooperation with Europol. The region remains a key priority for Europol, especially in view of EULEX’s reorganisation. Particular attention should be given to the countries’ proper preparation for the implementation of operational agreements.

Continued support to EU Member States’ and Commission’s efforts in the context of the Task Force Mediterranean should continue, with a focus on the fight against facilitated irregular migration.

4.6. Core systems for information exchange, storing and processing

The core systems of Europol are: SIENA (Secure Information Exchange Network Application), the Europol Information System (EIS), the Europol Analysis System (EAS) and the Europol Platform for Experts (EPE). The Europol Links Manager enables the automated cross checking of AWFs, 10.4 repository, the EIS and the Enhanced Risk Entities System15 (ERES). The benefit for MS is that this ensures that any data submitted by the MS is automatically cross checked across the various repositories and notification of hits is sent to the data provider without undue delay.

4.6.1. SIENA

SIENA is Europol’s secure information exchange application. It is a new generation communication tool designed to enable swift, secure and user-friendly exchange of

15 a repository containing open source data purchased by Europol from a commercial intelligence provider

15


operational and strategic crime-related information and intelligence between Member States, Europol and other law enforcement cooperation partners.

In line with the responsibility for the handling of operational information and criminal intelligence, emphasis is put on data protection and confidentiality to ensure compliance with all legal requirements. Equally, security is deemed vital and all necessary measures are taken to enable the secure exchange of restricted information. Furthermore, common features in the exchange of law enforcement information, such as protective marking as well as handling and evaluation codes, are used.

The average number of messages exchanged per month increased by 10% between 2012 and 2013 reflecting a continued trend of increased usage of SIENA by MS and Third Parties.

SIENA 2.3 was released on 21 November 2013 and was followed by a number of hot-fixes in order to solve various release issues. The most critical issues concerned the performance of the system and the delayed delivery of SIENA messages which were resolved in early December.

The LB from Member States and Third Parties were closely involved in the SIENA 2.3 release issues through user feedback sessions, in November and December, during which the known problems and the state of play were communicated. By the end of January 2014 the change in EMPACT priorities under the new EU policy cycle 2014-2017 will be reflected in SIENA, requiring another SIENA release.

The Next Generation strategic vision on SIENA as from 2015 onwards was presented and discussed with the SIENA national product managers at the SIENA Product Management Forum in December, resulting in a written feedback procedure. In January 2014, the SIENA strategy document was presented to the HENUs.

Key statistics 18,310 new cases were initiated by Member States, Europol and Third Parties, a 15% increase

compared with 2012 (and 4% above target), continuing the positive trend in the exchange of information through Europol since 2008.

As in 2012, Drugs was still the crime area with the most cases initiated, followed by Fraud and Robbery. Money Laundering appeared in 4th position while Illegal Immigration was in 5th position

456,598 SIENA operational messages were exchanged in total, an increase of 10% compared to 2012

Europol was included in 66% of the messages sent by Member States and Third Parties (compared to 65% in 2012).

13 Third Parties were connected to SIENA by end 2013; Australia, Canada, Eurojust, Former Yugoslav Republic of Macedonia (FYROM), Iceland, Monaco, Norway and Switzerland, Albania, Bosnia-Herzegovina, Moldova, Serbia and Turkey

A total of 452 Competent Authorities were configured in SIENA by the end of 2013 (cf. 343 in 2012, an increase of 32%).

In 2013 Europol accepted in total 43,104 contributions which is an increase of 67% compared to the total number of accepted contributions in 2012 (25,870). 98% of these were processed.

Developments 2014

implementation of the UMF entity PERSON, enabling structured data exchange in SIENA

further support for the connection of national case management systems to SIENA

e-learning module will be launched on ECM

the new Europol Analysis System (EAS), expected by mid 2014, implies simultaneous SIENA developments to ensure both products are continuously interoperable with each other. SIENA will enable the secure automated data import into the EAS where it will be available for compliance checks and validation in order to import the data into the corresponding AWF for analysis purposes. The cross-check and detailed analysis reports will be provided directly from EAS via SIENA towards the involved counterparties in the Member States and Third Parties

4.6.2. Europol Information System (EIS)

The main objective of the EIS is to be the reference system for offences, suspects and convicts, and other related data in view to support Member States, Europol and its cooperation partners in their fight against organised crime, terrorism, and other forms of serious crime, as stipulated in the Europol Council Decision. Information

16


stored in the EIS is made available to law enforcement officers in all MS and is automatically compared with information recorded by other MS and cross-checked with the AWFs, 10.4 repository and the Enhanced Risk Entities Solution (ERES).

The EIS v2.1 was released in March 2013. It featured a new DNA object, modifications of the Means of Communication (MOC) to support sharing and crosschecking of cybercrime related data as well as a new offence category ("other offences covered by art. 4 ECD") requested by the EMPACT community. The latter supports increased data sharing and improved mapping with national systems, for example for offences committed by Mobile Organised Crime Groups (MOCG), such as structured/organised/large scale theft.

Initiative “Bad Boys” is ongoing involving 25 MS and Cooperation Partners sharing high quality data on their top criminals. The Netherlands, France, Poland, Australia and Norway significantly increased their contribution of top targets. Initiative “Raven” by EC3 on travelling sex offenders progressed well. Since June 2013, when it was launched the number of individuals involved in child abuse or child pornography increased in the EIS by almost 40 times (a total of 1136 individuals). Denmark, Estonia, Finland, The Netherlands and US Immigration & Customs Enforcement have contributed to Raven.

With the addition of Finland, the total number of Member States using a data-loader was (14)16. Poland also extended EIS hit/no-hit access to two designated competent authorities: Internal Security Agency and Border Guard.

EIS content – quantity: Compared to 2012, the content of the EIS increased by 31.2% (a total of 245,142 objects in 2013). The total number of Persons (suspected or convicted criminals) stored in the EIS was 70,917 (an increase of 48% compared to 2012). The significant increase is mainly due to an upload of 17 000 top criminals by The Netherlands in the framework of operation “Bad Boys”, targeting the most significant criminals. When the new data was entered into the system, it triggered over 600 hits with investigations in Member States and Third Parties.

EIS searches: A total of 321,429 searches (95% by MS) were run in the system in 2013, 72% of them were batch searches. Compared to last year, there was an increase of 5% in searches performed. Cross Border Crime Check (CBCC) is a functionality which allows automatic crosscheck of data upon its insertion, and automated notifications to all involved parties (Member States or Europol). In 2013, 560 CBCCs were triggered on Persons which, is a significant 81% increase in comparison to the previous year (mainly due to the increase in quantity resulting from operation Bad Boys).

A total of 2541 CBCCs were triggered on other Objects, mainly Means of Communication (MoC). The high number is mostly related to the modification of EIS in March 2013 which introduced changes to MoC and the related matching logic.

EIS content – quality: Even though quality is difficult to be measured in absolute figures, it has to be noted that the quality of EIS data clearly increased in 2013 due mainly to newly inserted data originated from ongoing investigations or concerned top criminals following the guidelines of operation “Bad Boys”.

The EIS content has been progressing continuously over the years. The positive trend over the years is that increasingly more Persons (suspected or convicted criminals) are inserted in the EIS and that the ratio of “total Persons” to “total Objects” is increasing. In 2011 the percentage of “total Persons” compared to the “total Objects” was 22.5%, increasing to 25.7% in 2012 and 28.9% in 2013. This trend is very positive as the Person (suspected or convicted criminal) is the most significant “Object” from law enforcement & criminal intelligence perspective and subject of majority of relevant CBCCs.

16 Germany, the Netherlands, Denmark, Spain, Belgium, Sweden, France, Italy, Portugal, Slovakia, Poland, the United Kingdom, Lithuania and Finland

17


Key statistics In December 2013, the EIS contained 245,142 objects which, is an increase of 31.2% compared to

December 2012

The total number of Person entities stored in the EIS was 70,917 (an increase of 48% compared to 2012).

Drugs trafficking, with 29% of all objects is the major crime area followed by Robbery with 18%, Illegal immigration with 9%, Forgery of Money with 10%, and Fraud and swindling with 7%.

Belgium was the main provider of data (providing 25% of all data) followed by Germany (15%), Spain (13%), the Netherlands (10%) and France (10%)

321,429 searches had been conducted by MS in 2013 (increase of 5% compared to 2012)

3,101 CBCC events were triggered in 2013, 2,541 were related to persons. Compared to 2012, the average of CBCC events increased by 81%.

Developments 2014 Continue working on UMF standardisation: Finalise and close UMF2 EU grant project, implement follow

up actions and support the EU grant funded follow up project

Implement EIS technical and security improvements

Unified Search Engine (USE): Finalise USE implementation across SIENA and EIS, unifying and extending it’s search capabilities

4.6.3. Europol Analysis System (EAS) The EAS provides tools to support intelligence analysis within the framework of Analytical Work Files (AWF) and for other analysis tasks (e.g. SOCTA). It includes document management and workflow (open text), crawler software, entity and relationship extraction software and analysis databases.

Overall, implementation is progressing and revised planning provided a more realistic outlook. There is risk associated with the delivery of the EAS related to delays with the ECM project and related interdependencies. The data model within the software was defined to meet the needs of Europol. Most functionality contained in the software package out-of-the-box was tested and found to meet Europol’s requirements without needing additional refinements. This was in accordance with the initial evaluation during the tender stage and, therefore, in-line with the project planning. Work on the integration with Europol’s system continued and the first results demonstrated to the users were well received. This included for example, the integration with the entity extractor or the translation tool. First tests on the workflow functionality delivered mixed results and led to a redesign of this module in order to stay closer to requirements and the expectations expressed in the tender. Work on the SIENA integration is on-going and making good progress. The expected go live date of the new Europol Analysis System is the end of Q2 2014. Developments 2014 EAS: Implementation New Europol Analysis System incl. advanced analytical capabilities, management

of heterogeneous data and flexible data model, searching & indexing, improved reporting an integration, increasing managerial and statistical control, workflow and tasking, integration with Europol systems

4.6.4. Europol Platform for Experts (EPE)

The vision for the EPE is to be a secure environment for specialists from a variety of law enforcement areas, enabling them to share – within their respective communities – knowledge, best practices and non-personal data on crime. The EPE, available since 2010, was developed not only for the publication of documents but also to encourage authorised users to cooperate online via a series of collaboration tools.

At the end of 2013, there were 33 platforms17 open to external users (some of them divided into sub-communities). Together, these online communities cover a wide

17 Administrative approach to tackling Organised Crime, Counter Terrorism Centre, EACT, EC3 – SPACE, ENFAST NEW, ENFSI Crime Scene Website, ENLETS, EnviCrimeNet, EPGE, E-SCAN – Global, E-SCAN - Law Enforcement, European Law Enforcement Communicators Platform, Financial Crime Information Centre (FCIC), Forgery of Money, Intellectual Property Crime, Interagency Learning Coordination Network, Intelligence Analysis Training, PCCC Platform, PIES, Prüm implementation, SOCTA, Special Tactics – ATLAS, Special Tactics – CHIS, Special Tactics – Covert Surveillance, Special Tactics – EHWG, Special Tactics – ETS, Special Tactics – EuNAT, Special

18


range of expert domains. On 6 January, there were 4,419 registered users on the EPE. The development of EPE 3.1 was completed and the release planned for Q1/2014. The sponsored development of Liferay (the software used to build the EPE) was completed in November 2013. Key statistics 33 platforms open to external users

4,419 registered users on the EPE

ENU authorisers are active in all MS

Developments 2014 Revision of EPE 3.0 taking into account emerging priorities, in particular those related to the EC3 and

budget constraints

5. Part II Management

5.1. Management Board

The Management Board took several decisions during 2013 in relation to various topics. Most decisions were taken in relation to:

▪ (i) budget and planning (e.g. Work Programme 2014, Staff Policy Plan, Draft Europol Financial Regulation and the Estimate of Revenue and Expenditure 2014),

▪ (ii) staff related matters (e.g. indefinite contracts, recruitment and assessment of Deputy Directors)

▪ (iii) cooperation with third parties (e.g. Russia, OHIM, Albania and Serbia) and

▪ (iv) systems (e.g. accreditation of systems).

For a list of major decisions taken by the Management Board in 2013 please see Annex C.

5.2. Budgetary and financial management

The final outcome of the KPIs for 2013 is the following:

▪ At 98.6%, the target of at least 95% implementation of commitment appropriations was achieved and virtually the same as the final implementation rate in 2012. The overall payment rate was considerably higher than in 2012 (87% compared to 79%)

▪ The target of the cancellation of payment appropriations not exceeding 5%18 was reached as the draft surplus for 2013 was € 2.3M, combining the unused community subsidy for 2013 and the cancelled payment appropriations carried forward from last year. This is € 2.6M below the set KPI.

▪ In order to ensure an acceptable carry forward to the next year, the payment rate should be at least 90% of the commitment value (max 10% of the commitment value would be carried forward to the next year). The overall final payment rate was 87.2% which is just below the target. As per the European Court of Auditors’ indication, the target for payments per Title at the end of the year is:

- 97.9% achieving target of at least 90% for Title 1

Tactics – ISLE, Special Tactics – Witness Protection, UMF 2 - Universal Message Format, EPE Product Management Forum, European CODIS Users, EMPACT

18 This means that Europol, in order to avoid budget reductions, must not exceed 5% of cancellations concerning payment appropriations in the current budget year 2013 (€ 82.5M) and from the carry-forward from 2012 to 2013 (€ 16.3M): Thus, overall: 5% of 98.8M (2013 budget and carry-forward budget): €4.94M. Accordingly, the KPI for the budget commitment rate in Section 2.2 ‘Expenditure (C1 – current year)’ has been set at 95% and the KPI for the payment rate of the carry-forwards in Section 2.4 ‘Carry forward from 2012 to 2013 (C8)’ has been fixed at 95%, in order to avoid a budget reduction scenario in future.

19


- 56.5% failing to achieve the target of 80% for Title 219

- 72.3% achieving the target of 70% for Title 3.

▪ It is also worthy to note the achievement of organisational efforts to find budget savings:

- Over the last 3 years (2011 – 2013), leaving aside building related costs20 (which have increased over time due to ongoing change requests to the building across business areas), administrative costs decreased, overall, by 26% (6.8M in 2011, 5M in 2013).

- The statutory body related costs (MB, JSB) decreased by 45% over the last 4 years (2010 – 2013: 2M in 2010, compared to 1.1M in 2013).

- Office related administrative expenditure decreased by 55% over the last 4 years (2010 – 2013: 2M in 2010, compared to 0.9M in 2013).

5.3. Revenue 2013

▪ The Community subsidy (IC1) was fully cashed in 2013, amounting to € 82.1M. Additionally an amount of € 68K of other revenue established in 2012 and carried forward to 2013 was also cashed. The total revenue which is part of the final budgetary outturn is € 82.2M.

▪ The internal generated assigned revenue (IC4) is excluded from the final outturn. It is linked to expenditure budget items where it will be re-used for future expenditure of the same nature which will only be used in the next budgetary year (2014). The nature of the established assigned revenue is diverse, ranging from telecom expenditure for NEUS connections to reimbursement of mission expenses. The outstanding amount of € 52K is foreseen to be cashed in 2014.

(See Annex D for Financial Statements (draft final accounts))

5.4. Expenditure 2013

▪ Title 1: In line with previous years, the overall implementation rate of commitments stood at 98.8% and the payment rate at 97.9%. The implementation was affected by the outcome of outstanding salary adjustments. The fact that the potential salary adjustments did not materialise allowed transfers out of Title 1 for a total of € 1.8M.

Title 2: The implementation rate for commitments came to 95.4%, 2.7% lower than in 2012. The payment rate was 6.2% higher compared to 2012 and came to 56.5%.

- Around 62% of the committed budget under Title 2 was linked to running costs for the building.

- The commitment implementation rate for the administrative ICT was 99% and relates mostly to new functionalities, consultancy and fees for the administrative systems (HR system, Europol Content Management system, Facilities Management Information System, ABAC), other ongoing running network expenditure and the administrative telecommunication costs.

- For the rest of this Title the majority of the budget was foreseen for statutory expenditure (Management Board, including working groups and JSB) with an overall commitment implementation rate of 92%.

During the year, the budget in Title 2 decreased by € 215K which was mainly transferred to Title 3 (ICT transfer between administrative and operational budget items and budget available after the cancellation of the translation of the

19 It should however be noted that compared to 2012 payment rates for all Titles have increased in 2013. For Title 2 and 3 the increases were considerable (6.2% for Title 2 and 24.1% for Title 3). 20 Costs in connection with the Service Level Agreement (SLA), in particular changes to the building

20


Europol Annual Report for 2012). Almost 39% of the budget in Title 2 was carried forward to 2014 (€ 3M). The main reasons for this are:

- Unpaid amounts for the SLA with the Host State

- ICT consultancy related commitments (HR system, Enterprise Content Management, Facilities Management Information System)

- Interpretation and translation for the JBS and MBS meetings taking place in the last part of the year.

▪ Title 3: At the end of 2013, the overall commitment implementation rate under Title 3 came to 99.4% and the payment rate to 72.3%. The payment rate was 24.1% higher compared to the previous year. The implementation of the operational ICT amounted to € 16.2M and only in the last quarter commitments for about € 3.2M were taken. The main one of which, related to the TestaNG migration and running costs (€ 2M). An amount of € 5.9M is carried forward, representing 27% of the budget in Title 3. Out of the carried forward amount, 92% is for the operational information and telecommunication costs; the remaining 8% is for operational activity related costs (Chapter 30). A number of transfers (amounting to € 1.9M) were done to Title 3, mainly for ICT requirements to pro-actively prepare the migration and installation of all VPN lines to Member States, Non-European States (NEUS) and 3rd Party sites (total 56 sites), including eight months of running costs for 2014, under the Testa New Generation contract.

▪ The Management Board decided to carry forward to 2013 a total of €16.3M payment appropriations to cover existing commitments. The final implementation rate of the carry forward was 91.1% at the end of the year, which is 8.2% higher than the implementation of the carry forward in 2012. However, the target of not exceeding more than 5% of unused carry forward was not reached as a total of € 1.45M lapsed and will be incorporated in the final budget outturn. The reason behind the unused carry forward budget from 2012 to 2013 mainly relates to the overestimation of the commitments taken for the Service Level Agreement with the Host State (changes of the office environment and EC3 lab) and commitments related to ICT where final costs were lower than anticipated. Further to this, some activity related administrative and operational expenditure lapsed as the final reimbursement of various meeting costs and missions turned out to be lower than estimated.

▪ The provisional budget outturn was closely monitored, in particular during the last quarter of the year. The draft surplus is € 2.3M. It combines the unused community subsidy for 2013 and the cancelled payment appropriations carried forward from last year. The assigned revenue and expenditure are excluded from the final result.

▪ Overall 35 transfers have been made throughout the year 2013 for a total amount of almost € 6M (or just over 7% of the budget). Transfers between the Titles came to €1.9M. Title 3 has been increased by this amount which came from Title 1 (€ 1.7M) and Title 2 (€ 215K). In 2012 a total number of 53 transfers were made for a total amount of € 8.3M (almost 10% of the budget).

▪ In accordance with Article 14.5 of the Financial Regulation applicable to Europol, non-differentiated appropriations corresponding to obligations duly contracted at the end of the financial year shall be carried over automatically to the following financial year only. Payment appropriations to cover existing commitments amounting to € 9.4M were carried forward. This represents 11% of the overall budget (€82.5 M). Out of the € 9.4M carry-forward:

- € 468K concerns Title 1 Staff, which is 0.9% of the Title 1 budget (€ 52.8 M)

21


- € 3M concerns Title 2 Administrative Expenditure, which is 39% of the Title

2 budget (€ 7.7M)

- € 5.9M concerns Title 3 Operational Expenditure, which is 27% of the Title 3 budget (€ 21.9M)

▪ Improvements were seen in the financial processes:

- The commitments and payments transactions have on average been processed well within the set time limits; commitments within 4 days and payments within 19 days.

- The year average for 2013 for percentage of late payments comes to 10% (compared to 23% in 2012)

5.5. Human Resources 2013

▪ The vacancy rate at the end of 2013 was 3.9% just below the target of 4% (a total of 18 established posts were vacant). Of the 18 posts, 8 had already been identified to be cut as of 01.01.2014, so for these posts no recruitment procedures were intended. Excluding these posts, the vacancy rate would be 2.2%.

▪ From the 512 staff appraisals due for completion in 2013, 92.4% were finalised achieving the target of 85%, while 7.6% were still pending (these included staff on long term sick leave, maternity leave etc).

▪ At the end of December 2013 female staff made up 32.3% of all staff working for Europol and occupied 30.3% of established posts filled. Females represented 12.8% of staff in Senior Specialist/ Senior Analyst positions (i.e. 19 of 148 staff in these posts). The percentage of female staff members in Business Manager or higher positions was 3.7% (one staff member).

▪ The countries with the largest representation among the Europol staff continue to be The Netherlands, Belgium, The United Kingdom, Germany, Italy and France. The first two of those are overrepresented, when compared to percentage of national population in the EU; however, the UK, Germany, France and Italy are still underrepresented. There are two MS – Malta and the newest MS Croatia – that are not represented among Europol staff.

Key points 98.6% of the Europol budget was committed, the same as 2012.

Overall payment rate improved to 87% (higher than 79.7% in 2012)

Substantial improvements were made to key financial processes: payment and commitment processes

Vacancy rate target of <4% achieved

Developments 2014

Facilities Management Information System: finish 2013 release incl. space and workplace management, internal move management, maintenance management, facilities asset management, building information management, stock management and facilities service desk.

HR system: e-recruitment module, time tracking module, payroll module.

Contract management and procurement support: define requirements for contract management and procurement support solution.

Improve diversity and gender balance at Europol

5.6. Data Protection

Protection of personal data remains a key factor in allowing Europol to successfully fulfil its mission. Europol’s tailor-made data protection framework is widely recognised as safeguarding the highest standards of data protection in the area of law enforcement. It aims at serving the needs of operational units in preventing and combating organised crime, terrorism and other forms of serious crime affecting two or more Member States. At the same time it ensures the protection of interests of the persons whose data are processed in Europol’s systems. Following the public debate arising from the revelations by Edward Snowden throughout 2013 on mass

22


surveillance conducted by security services, Europol placed even more emphasis on striking the right balance between freedom and security.

During 2013, the Data Protection Office (DPO) participated in all projects involving the processing of personal data by drafting the data protection requirements and coordinating cooperation with the Joint Supervisory Body (JSB) whenever necessary. In cooperation with the Legal Service the DPO also prepared data protection reports for those third parties with which Europol intends to conclude operational cooperation agreements. The DPO of Europol focused on the further implementation of the new AWF concept, for instance, by means of pursuing a privacy-by-design approach for the technical development of a new Europol Analysis System based on Palantir software. Furthermore, the DPO provided data protection-related guidance regarding various EC3 initiatives such as a Large File Exchange tool, public private partnership and the further development of EC3’s European Platform for Experts (SPACE).

As regards the process to arrive at the conclusion of cooperation agreements, data protection reports describing the level of data protection in Montenegro and Bosnia Herzegovina have been submitted to the Management Board. Additional questionnaires have been sent to Moldova and the Ukraine in the reporting period.

In the area of administrative data protection, the DPO provided three notifications regarding to processing of sensitive data to the Joint Supervisory Body (JSB) for prior checking in line with the principles of Regulation 45/2001. Comments received have been addressed. Furthermore, the consultation procedure for notifications of processing operations regarding the new HR system has been finalised. In the area of training and awareness-raising, the DPO has organised two sessions with dedicated material for all ICT Units of the Capabilities Department.

In 2013 Europol responded to 497 data subject requests for access to data stored at Europol. None of the citizens approached the JSB to appeal the decision made by the Director.

5.7. Assessment of audit results during the reporting year.

5.7.1. Audits by the Internal Audit Service (IAS) In 2013, the IAS did not conduct audit activities at Europol. The risk assessment concerning Europol’s process landscape, performed at the end of 2013, will shape the forthcoming ‘Strategic Internal Audit Plan 2014 – 2016’.

Europol considers all 12 pending recommendations from the previous two assurance audits carried out by the IAS as implemented. The IAS will assess the status of Europol’s response as part the summary reporting on the financial year 2013.

5.7.2. Audits by the Internal Audit Function of Europol

The Internal Audit Function (IAF) of Europol provided support to the organisation throughout the year on a daily basis. In particular, the review of the systems and processes feeding the accounting system, represented by the Accrual Based Accounting (ABAC) System as the central repository of the financial transactions at Europol, provided valuable input to the organisation’s validation activities, thus supporting the assurance statement of Europol regarding the establishment of the annual accounts and the development of internal control framework (see separate Section on Internal Control Standards – ICS).

In 2013, next to on-going advice activities on a daily basis and the report on the follow-up of recommendations issued by the IAF in the period 2010 – 2012, the IAF supported the:

- Analysis of carry-forwards from 2012 to 2013; the

- Setting up of a framework for ex-post verification at Europol; and the

- Review of the systems and processes feeding the accounting system (including the authorisations of access rights in ABAC);

23


In the areas supported by the IAF, 13 recommendations were issued in 2013 (as part of 5 dedicated audit reports issued by the IAF). From the 13 recommendations, Europol considers nine recommendations as implemented. The four pending recommendations relate to human resource related matters concerning staff employed under the previous legal framework of Europol (included in the work planning for 2014).

5.7.3. Audits by the European Court of Auditors (ECA) In 2013, the European Court of Auditors (ECA) issued the assurance statement on the 2012 annual accounts of Europol.21 The ECA viewed Europol's accounts overall as reliable, thus providing a positive statement of assurance on the reliability of the accounts, as well as the legality and regularity of the underlying transactions (e.g. procurement, recruitment etc.) across the organisation.

The key improvement area highlighted by the ECA in the assurance statement regarding the 2012 annual accounts concerns the aspect of budget implementation (payment rates across the budget and (cancellation of) carry-forwards.

The results from the first audit regarding the financial year 2013 suggest that Europol should consider strengthening its procurement approach.

In 2013, the ECA performed the audit of the 2012 annual accounts. In December 2013, the ECA’s report on the annual accounts of Europol for the financial year 2011 was published in the Official Journal of the European Union (OJEU).

The comments by the ECA relate to technical aspects in relation to financial and human resources management in the following areas:

▪ Budgetary management (payment rates across the budget and (cancellation of) carry-forwards): As a result of the pro-active steps taken in 2013, Europol achieved its best budget execution results since becoming an EU agency in 2010, while at the same time significantly reducing administrative costs.

▪ ‘Automatic’ carry-forward of two individual budget commitments: The ECA viewed that the following two individual carry-forward transactions were not founded on completed legal commitments:

- 1.2 Million Euro, concerning the EC3 Digital Forensic Lab (DFL), also referred to as the ‘EC3 Lab’;

- Million Euro, regarding the implementation of the HR System at Europol. When considering the two budget commitments in question, Europol acted in good faith, in the understanding that in both cases a legal commitment had been established.22 No concerns regarding the business reasons which

21 Report on the annual accounts of the European Police Office (Europol) for the financial year 2012, together with the Office’s replies (2013/C 365/33), Official Journal of the European Union (OJEU) C 365/236 – C 365/244, 13 December 2013 22 The regulatory background of the comment by the ECA can be summarised as follows: Subsequent to an authorised budget commitment (Article 61 (1) of the Financial Regulation (FR) applicable to Europol in force until the end of the financial year 2013) during a budget year, Article 10 (5) of the FR applicable to Europol determines that "obligations duly contracted at the close of the financial year shall be carried over automatically to the following financial year only". The view expressed by the ECA was that for the EC3 Lab, the formal legal commitment is to be identified in the purchase order for the construction of the EC3 Lab (which was indeed only signed in 2013). Europol's understanding was that the agreement between Europol and the Host State (based on the exchange of letters in relation to the Lease Agreement, which requires Europol to ask the Host State's prior written permission for alterations to the building) constitutes the legal commitment (mutual common understanding with the Host State that the EC3 Lab would be built at Europol). Europol therefore acted in good faith, assuming that the purchase order for the construction of the EC3 Lab only confirmed the technical financial values regarding the investment amount. Similarly, the ECA audit team expressed the view that the there was no legal commitment for the extension of the HR System implementation at the end of the financial year 2012. According to the ECA, Europol should have considered to carry forward the two commitments as so called 'non-automatic' expenditure. The difference is that for 'non-automatic' carry forwards, only "most of the preparatory stages" (Article 10 (3) of the FR applicable to Europol) in relation to the financial transaction need to be finalised by

24


motivated Europol to initiate the two respective carry-forwards were raised. The comment from the ECA was about the technical implementation of the carry-forwards, which, following the ex-post viewpoint by the ECA, should have been considered by Europol as 'non-automatic' carry-forwards.

In order to respond to the audit finding, a detailed process description regarding the requirements to be observed for proposing carry-forwards was established by Europol’s Accounting Officer and communicated to all financial actors in Q4 2013. In light of the corresponding measures to achieve higher level of budget execution in 2013, the number of carry-forward commitments decreased by 40% (compared to 2012), while also the overall value of carry-forwards was reduced to 9.4 Million Euro year end 2013 (to 2014), a decrease of 42% in comparison with 2012 (16.3 Million carried forward to 2013).

▪ Supporting evidence for staff allowances: The ECA commented that Europol should update supporting information for staff allowances more regularly; explicit reference was made to child allowances. Following Europol’s validation of the human resources related information and processes for the financial year 2012, corrective actions were taken. As of the beginning of 2013, Europol reminds all staff members on a monthly basis, when issuing the salary statements, about their obligation to notify Europol about any changes to the personal situation. In addition, an update of the personal situation (in particular concerning the marital status and dependent children) is collected for all staff by the end of Q1 2014 (mandatory self-declaration).

▪ Recruitment procedures: The ECA made comments in three areas regarding which Europol provided the following response:

- Test questions for tests and interviews: Europol considers the confidentiality of selection tests to be of key importance and points out that there is no legal requirement (or case law) which determines that the point of time for establishing the test questions has to be prior to the short-listing of suitable candidates (according to the understanding of the ECA).

- Weighting of the selection criteria: The weighting of the selection criteria has always been agreed before the short-listing took place and since July 2012, Europol records this process in specific decision by the selection committee chairperson.

- Documentation of the selection committee’s decisions: Europol holds the view that all key findings of selection committees which are of relevance to appointments are properly documented. In view of ensuring efficient administration it considers that not all individual thoughts of the selection committee members have to be recorded in ‘minutes’. This requirement, from Europol’s analysis, can also not be derived from relevant case law.

As part of the audit in relation to the 2013 financial year, Europol will take up the matter with the ECA. The audit activities concerning the implementation of the budget for the financial year 2013 commenced in Q4 2013, including the ECA’s first regular audit mission. The results from the first audit suggest that Europol should consider strengthening its procurement approach. Regarding the comments by the ECA (resulting from previous audit activities), specific actions were included in the work planning for 2014 (especially in relation to asset management).

5.8. Follow up of reservations and action plans for audits from previous years

In 2013, there were no reservations regarding the presentation of the final annual accounts to the discharge authority. The current status of Europol’s action plans is reflected in the respective section per assurance provider (see the respective Sections above).

the end of the concerned budget year (as a consequence, the legal commitments could have been completed in 2013). As for automatic carry-forwards, a 'non-automatic' carry forward, concerning the two commitments in question, would also have required the approval by the Europol MB by 15 February 2013 (Article 10 (1) of the FR applicable to Europol), thus, there is no difference in the process concerning the involvement of the Europol MB.

25


5.9. Follow up of observations from the discharge authority

In April 2013, the European Parliament (EP), based on a recommendation from the Council, granted Europol discharge for the implementation of the annual budget for the financial year 2011.

As part of the current discharge proceedings on the implementation of the budget for the financial year 2012, Europol provided the EP with updates on the actions taken to respond to the comments made by the EP in the 2011 discharge resolution23, alongside answers to a questionnaire which the EP addressed to all EU agencies24.

5.10. Reservations From Europol’s perspective, no reservations have been identified which would affect the presentation of the annual accounts in 2013.

Key points The ECA viewed Europol's 2012 annual accounts as reliable, thus providing a positive statement of

assurance on the reliability of the accounts, as well as the legality and regularity of the underlying transactions (e.g. procurement, recruitment etc.) across the organisation. Improvements identified by the ECA in 2013 concerned in particular budget execution, technical aspects in relation to financial, human resources management, procurement and asset management which are addressed by Europol.

Since Europol became an EU agency in 2010, the organisation achieved its best budget execution figures by the end of 2013 (e.g. 72.3% payment rate regarding operational budget). Office related administrative expenditure decreased by 55% over the last 4 years (2010 – 2013: 2 Million in 2010, compared to 0.9 Million in 2013), thus responding to the overall guidance given by the discharge authority regarding an overall efficient and effective use of public money.

The IAS assurance audit report on ‘monitoring and reporting of activities and budget execution’, released in 2013, contained 7 recommendations which Europol proposed for closure by the IAS. 5 outstanding recommendations from the 2012 assurance audit report on planning and budgeting were also addressed in 2013, with Europol proposing to consider the recommendations as implemented.

Throughout the year, apart from ad hoc risk management, the corporate risk log of Europol was updated five times. Europol risk management activities focussed on: Information security related risks (as part of the transformation programme regarding the Europol Corporate Network (ECN) and the Europol Operations Network (EON) and compliance expectations by Europol’s assurance providers (in particular concerning budget implementation, including the management of carry-forwards).

Improvement actions

Specific project related activities are underway to address the comments by the ECA, in particular by concerning asset management. A review of Europol’s procurement approach is underway, taking into account best practice benchmarking from the public sector.

While the risk management culture at Europol is continuously growing, further enhancements are envisaged in 2014 to better monitor project and programme related risks at corporate level.

6. Part III Assessment of the effectiveness of the internal control systems

6.1. Risk assessment by the IAS regarding Europol’s process landscape

At the end of November 2013, the Internal Audit Service (IAS) conducted, in cooperation with the Internal Audit Function (IAF) of Europol, a risk assessment exercise in relation to Europol’s process landscape.

The report on the outcome of this exercise, including a ‘Strategic Internal Audit Plan 2014 – 2016’, will be presented to the Europol Management Board (MB) for adoption in May 2014, in line with Article 84 of the new Financial Regulation (FR) applicable to

23 "Discharge proceedings by the European Parliament (EP) on the implementation of the budget for the financial year 2012 - Follow-up by Europol: Discharge decision of the European Parliament (EP) on the implementation of the budget for the financial year 2011", Europol file no. 70357v3, 17 January 2014 24 "Discharge proceedings by the European Parliament (EP) on the implementation of the budget for the financial year – Questionnaire by the Standing Committee of the EP on Budgetary Control (CONT Committee) to the EU Agencies Network and individual agencies - 2012 – Response from Europol”, Europol file no. 703688v5, 15 January 2014

26


Europol.25 From the draft report provided by the IAS, the following audit topics were identified for the way forward: Recruitment, stakeholder management, procurement and data management including information security.

The first assurance audit on recruitment is envisaged to take place in September 2014.

6.2. Compliance and effectiveness of Internal Control Standards

By the end of 2012, all 38 measures listed in Europol’s action plan to promote the ICS at Europol were assessed by the IAS as implemented. In 2013, Europol’s activities to promote ICS focused on:

▪ ICS 2 – Ethical and organisational values: Following the release of the respective special report by the ECA in Q4 2012, Europol, supported by the IAF, held awareness sessions across the organisation on Europol's approach regarding the handling of gift items and conflict of interest situations, in order to ensure that staff members are at all times vigilant of the importance Europol’s independence of discharging its duties.

In view of the entry into force of the new Framework Financial Regulation for EU agencies and EU Staff Regulations as of 2014, Europol devised a specific additional policy on conflict of interest management and handling of gift items which is scheduled for implementation in 2014. The main new elements are the (technical) process automation of the reporting/authorisation of gift items and the requirement for key staff members, beyond the actors involved in financial decision-making, to sign self-declarations with a view to keeping formal records on the independence of staff while exercising their duties (in line with the Commission’s approach).

▪ ICS 13 – Accounting and Financial Reporting: The Accounting Officer drew up a multi-annual plan for the verification of processes and systems operated at Europol (which generate the financial data as represented in ABAC). This plan was based upon a comprehensive risk assessment and represented a prioritisation exercise across all areas of budget expenditure to determine the sequence of processes and systems for subsequent verification. The risk assessment performed will be reviewed on an annual basis and the plan updated accordingly.

6.3. Risk management activities

Throughout the year, apart from ad hoc risk management, the corporate risk log of Europol was updated five times, to put into action adequate response measures, with a view to addressing the corporate risk exposure of Europol.

Risk management activities focussed on:

- Information security and project related risks (as part of the transformation programme regarding the Europol Corporate Network (ECN) and the Europol Operations Network (EON); and

- Compliance expectations by Europol’s assurance providers (in particular concerning adequate levels of budget implementation, including the management of carry-forwards).

An overview of the high level risks identified in the Europol Work Programme 2013 (and their status by the end of 2013) is provided in Annex F.

25 Decision of the Europol Management Board (MB) on the adoption of the Financial Regulation applicable to Europol, Europol file no. 701427v3, 10 January 2014 (published on Europol’s website)

27


Annex A Work programme objectives key output/outcomes 2013

Achieved/Good progress Postponed until 2014

Some progress Limited/No progress

Goal 1: Europol will function as the principal EU support centre for law enforcement operations Strategic Objective 1.1: Ensure effective delivery of a unique set of operational support services

KPI 2012 result

Target 2013

Result 2013

1 i-User satisfaction with operational support 8.5 8.3 8.4

2 ii-Percentage of all SIENA messages sent by MS shared with Europol

65% 70% 67%

3 iii-Number of operations/investigations supported by Europol - - 684

4 v-Number of operational analysis reports delivered - - 209

Work Programme Objective 1.1.1 – Deliver operational services in line with the needs of investigators on the frontline, supporting their efforts in the fight against prioritised types of crime

Assessment: The range of operational services was delivered at around the same level as the same period last year. User satisfaction with operational support remains high. The information flow process was reviewed but requires further work. Improvements were made to other processes such as the financial support for operational meetings.

Summary of main outputs/outcomes 2013

Europol produced 2130 operational reports (operational analysis reports and cross match reports) during 2013 (cf. 2140 in 2012)

Financial Intelligence Reports / Notifications that identify targets linked to suspicious transactions and suggest how to investigate them = 39 (target of 10)

Number of requests to EC3 forensic capability (on the spot/HQ): 472 requests for support from HQ, 4 on the spot, 7 forensic reports

Multi Disciplinary Centre for Cyber Innovation (MDCCI) was used for operational support used 4 times The guidelines for the financial support of operations were updated and changes made to the internal workflow to

compensate for reduced capacity in conference/travel. Overall, Europol financially supported 39 euro counterfeiting investigations in 2013 (30 in 2012) with a total

amount of €178,124 (€149,310 in 2012) resulting in more than 70 arrests, the dismantling of 6 illegal print shops and the seizure of counterfeit Euros with a total face value of over 6.5 million

214 operational meetings were funded (a total of €501,186)

Strategic Objective 1.2: Enhance the coordination of operational action in the EU

KPI 2012 result

Target 2013

Result 2013

23 Number of joint Investigations supported/coordinated by Europol

30 - 265

Work Programme Objective 1.2.1 – Foster a steady increase in Joint Investigations, including via the provision of financial support to Joint Investigation Teams (JITs) as the primary means to providing operational support to cross-border operations

▪ Assessment: Good close cooperation continues with the JIT Secretariat (Eurojust). The substantial increase in the KPI result was due to difference in definition and counting (at the end of Q4 Europol supported 24 JITs as full member (Europol signed JIT arrangement) compared to 30 JITs supported at the end of 2012. In addition 5 JITs were supported outside an arrangement which is comparable to 2012)..


Meetings held: Serious Crime meeting (14/2/2013); JIT prep meetings (11/6/2013 and 21/6/2013 with EJ/JIT secretariat), JIT expert meeting (27-28 June 2013); meetings with FP managers to improve cooperation further (4/7/2013 and 1/10/2013); task force meeting (27/9/2013) Exchange programme: continued with improved agenda; it will be reduced to 2 exchanges first semester 2014 and one exchange for second semester 2014; if interest is confirmed one exchange it will also be opened to ELOs from EU MS OD management to approve a further networking exercise end 2013/beginning 2014 Out of 59 joint operations/investigations supported by O2 and O3 in Q4 86% were reported as being EMPACT related

28


and 14% concerning other crime areas

Work Programme Objective 1.2.2 – Coordinate an increasing number of operations that address the EU priorities for 2011-2013 identified in the EU Policy Cycle

Assessment: Good progress was made in relation to dialogue with key partners in the priority areas and promoting the EMPACT priorities as well as providing the logistical support for the development of MASPs and OAPs (also see WP 2.1.1).


▪ The EMPACT Support Unit (ESU) fulfilled its tasks and obligations laid out in the EMPACT Terms of Reference. This included:

- the six monthly reporting, which was presented at the NEC meetings and to COSI.

- the bi-annual status report (Europol Director's Report on the EU Policy Cycle and EMPACT) based on the monitoring carried out through the year by the ESU, the drivers’ reports and EMPACT Support managers’ reports. This was presented at the NEC meetings and to COSI.

▪ The ESU made a series of presentations about EMPACT and the Policy Cycle to visiting delegations and various fora, such as ARO network, CCWP and The Network for the Administrative Approach.

▪ The ESU was also responsible for organising and supporting the OAP 2014 drafting meetings held at Europol in October. The OAPs were subsequently presented to the NECs, COSI SG and adopted by COSI.

▪ The ESU created and launched the EMPACT EPE in time to support the 2014 -17 EU Policy Cycle. There are now 185 members of this EMPACT platform.

For the Policy Cycle 2014-2017, the EMPACT Support Unit (ESU) developed a more effective monitoring system both to support the EMPACT Drivers in proactively managing their projects and to fulfil the monitoring functions assigned to ESU

Strategic Objective 1.3: Develop more effective cooperation with external partners

KPI 2012 result

Target 2013

Result 2013

27 i-Number of SIENA requests and for information messages sent by Europol to external partners

5,593 6,155 5,117

28 ii-Number of SIENA requests and for information messages sent by external partners to Europol

2,954 3,250 3,546

Work Programme Objective 1.3.1 – Intensify cooperation efforts with the United States, EU Candidate and Potential Candidate Countries and Russia

Assessment: Good progress made in relation to negotiating an operational agreement with RUS and cooperation with ESDC. Work with the US intensified in the area of payment fraud (see also 1.3.2 for cooperation with partners with operational agreements)


RUS: JSB opinion issued on 10 December 2013 ISR: discussion with MS, EEAS, COM and ISR continued in the view of finding a solution of compromise acceptable

by all parties Cooperation with ESDC has been successfully established; presentations on Europol were made for high-ranking

CSDP officials and police officers involved. A bilateral meeting took place; Exchange of data with IntCen has been initiated. Bilateral consultations took place. A legal letter is being drafted to clarify the applicability of the existing agreements

Serbia: operational cooperation agreement approved by the Council and prepared for signature. Albania: operational cooperation agreement approved by the Council and signed on 9 December 2013. Montenegro: Negotiations of the operational cooperation agreement 4 to 6 December 2013. BiH: Meeting with EU delegation to BiH. Planning of pre-negotiation visit to BiH for Q1 2014 aiming in particular at

facilitating the identification of the appropriate interlocutors in BiH for the actual negotiation of the operational agreement with Europol and at assessing the preparedness and readiness of BiH to enter into the negotiation phase

Work was ongoing to improve cooperation with the US in relation to the exchange of information between EU and the USA on payment card fraud (FP Terminal). Agreement was reached with the Director of US Secret Service to set up a Task Force following which Europol with the MS agreed the rules on joint investigative measures against criminal structures active in Europe and USA. The US Secret Service was requested to organise an operational meeting with field officers of USSS to work on the specific cases under the umbrella of the Task Force. Specifically BG requested to coordinate some joint actions between EU and US on the problem. Initially the meeting was scheduled to take place in November in US (field office New York) however USSS are considering to have the

29


meeting at Europol with a number of MS

Work Programme Objective 1.3.2 – Maximise operational added value from all cooperation agreements with external partners Assessment: Very good cooperation continued with Interpol, Eurojust and Frontex. Measures were taken in order to move towards improved cooperation with OLAF.


Close cooperation continued with Interpol, Eurojust and Frontex throughout 2013. Key results were: connection of Eurojust to SIENA, Europol support to four joint operations with Frontex and the signing of an MoU on the deployment of a secure line between both agencies, Interpol is participant to four EMPACT projects (leader of one) and work exploring the synergies between EC3 and the new Interpol Digital Crime Centre (SIN) was carried out (with both organisations being present on each others governing boards)

Early in 2013 a working group was launched with OLAF and the composition, mandate and work-plan. Conclusions of the working group and results of internal consultation resulted in a concept paper at the end 2014. At the working level FP SOYA officer were invited to the most important Pericles actions as speakers and are present at OLAF expert meetings and for the first time, a representative from OLAF was invited to FP Soya meeting. It was agreed that Europol would be invited to the next Pericles strategy steering group.

Strategic reviews and position papers in relation to Europol’s most significant partners were delivered to the DM

Goal 2: Europol will become the EU criminal information hub

Strategic Objective 2.1: Lead development of ECIM and promote its principles

KPI 2012 result Target 2013

Result 2013

41

% of Europol actions defined in the Operational Action Plans (OAPs, EU Policy Cycle) implemented by Europol

100% 100% 80%

Work Programme Objective 2.1.1 – Actively contribute to coordinated preparations and timely launch of the four year EU Policy Cycle 2013-2017 for organised crime

Work in relation to the SOCTA progressed well in support of EMPACT activities


The SOCTA mostly met user expectations and was perceived to be better than previous OCTAs. The update of the SOCTA methodology was approved by COSI in December.

SOC Focal Points were aligned with the EMPACT priorities. FP assisted in the delivery and finalisation of all EMPACT MASPs and OAPs

In the 2013 OAPs, Europol was Action Leader in 32 actions. Of these, 24 actions were finalised, 8 actions were not achieved, 2 out of these 8 actions will not be carried out as it has been decided not to establish new Focal Points (West Africa and MOCG). Europol is providing the support to these priorities without establishing new focal points. The EMPACT Drivers were informed earlier about how Europol is supporting the priority areas, also without establishing new dedicated Focal Points. 6 actions were not achieved and relate to OAP Synthetic Drugs and OAP West Africa. Europol was expected to deliver different intelligence products based on MS contributions. However, lack of MS contributions made it impossible for Europol to reach the targets set out in the OAP.

Strategic Objective 2.2: Improve analysis capability of Europol

KPI 2012 result

Target 2013 Result 6m 2013

47 User satisfaction with operational analysis reports

8.1 8.3 8.1

Work Programme Objective 2.2.1 – Optimise the operational impact of the new AWF concept

Assessment: While the information flow process was finalised there are difficulties in its implementation. Assessment of quality is related to the information flow and the structure of the work-streams, issues of roles and responsibilities between the operational centre and focal points need to be clarified. Proposed restructuring of FP will result in more efficient and effective use of resources


30


Process description of information flow was completed Improved process to produce OC-SCAN notices resulted in a draft manual and the production of a new product line.

The first product of which was awaiting approval at the end of 2013. Seven scan notices were produced. Revision of the focal point structure should result in a more consolidated approach Several strategic reports were produced including: Assessment on BitCoin digital currency; Project 2020: scenarios

for the future of cybercrime; Strategic Assessment of the Commercial Sexual Exploitation of Children Online; Police Ransomware Threat Assessment and Recommended Action Plan (restricted version); Counter-Terrorism Monthly Intelligence Summary (IntSum) September, October November; Europol Situation report Travel for Terrorist Purposes (focus on Syria)

Work Programme Objective 2.2.2 – Strengthen Europol’s financial intelligence capabilities, linking money flows to criminal activities and following up on the identified links

Assessment: The achievement of this objective is largely related to the integration of the FIU with Europol which still faces some challenges


The ECAB received 193 asset tracing requests from O Units and MS. At the end of 2013, 21 Asset Recovery Offices were connected to SIENA and had exchanged a total of 2061 messages (compared with, 451 messages exchanged via SIENA in 2012).

Over 2000 intelligence reports were retrieved through ERES The Common Understanding between Europol and the FIUs of the MS was endorsed officially by the FIUs

03.10.2013. Europol has signed the partnership declaration concerning the FIU.net project 2014-2015 presented by the Dutch Ministry of Security and Justice as proposal to accede to ISEC funding. Nine other FIUs have shown their will to become partner in the project. In order to define the requirements for the embedment and related actions, a workshop was held on 16 December 2013, involving representatives from Europol (Operations and Capabilities Departments), FIU.net and some MS FIUs.

On 28 November 2013, the Rapporteur in the LIBE Committee presented her proposal for a revised text of the 4TH AML Directive. In this version, article 54 (which calls on MS to ensure that their FIUs cooperate with Europol) had been deleted. Requests for clarification by some MEPs on the reasons for the deletion were met by an intervention of the Commission acknowledging problems raised by a MS, which questioned whether art.114 TFEU was the correct legal basis for such cooperation. Since several FIUs have claimed that there is no explicit legal basis in the EU framework which envisages or allows flows of operational information from an FIU to non-FIU entities, Europol strongly supports the inclusion of art. 54 in the 4th AMLD

Work Programme Objective 2.2.3 – Deliver the new generation of the Europol Analysis System (EAS)

Assessment: Implementation is progressing well but planning was reviewed to provide a more realistic outlook. There is risk associated with the delivery of the EAS related to delays with the ECM project and related interdependencies. Delays have resulted in a lower payment rate of the 2013 than initially anticipated


The implementation of the new EAS is progressing. This complex project requires close monitoring to ensure delivery in accordance with the revised project planning. The data model within the software was defined to meet the needs of Europol. Most functionality contained in the software package out-of-the-box was tested and found to meet Europol’s requirements without needing additional refinements. This is in accordance with the initial evaluation during the tender stage and, therefore, in-line with the project planning. Work on the integration with Europol’s system is continuing and the first results demonstrated to the users were well received. This includes, for example, the integration with the entity extractor or the translation tool. First tests on the workflow functionality have delivered mixed results and have led to a redesign of this module in order to stay closer to requirements and the expectations expressed in the tender. Work on the SIENA integration is on-going and making good progress. The expected go live date of the new Europol Analysis System is the end of Q2 2014. The current EAS platform is maintained at full scale in the meantime

Strategic Objective 2.3: Strengthen the information management capabilities of Europol

KPI 2012 result

Target 2013 Result 2013

59 i-Number of SIENA cases initiated* 15,949 17,454 18,310

60 ii-Number of SIENA messages received** 283,591 311,950 307,842

61 iii-Percentage of SIENA messages accepted, processed 126%

(inc. backlog)

98%

62 iv-Number of objects in the EIS 186,896 231,000 245,142

31


63 v-Percentage of MS which achieve their target number of objects in the EIS

Na 22%

64 vi-Number of person objects in the EIS 48,023 62,000 70,917

65 vii-Percentage of MS which achieve their target number of persons in the EIS

na 22%

66 viii-Number of EIS searches by MS Na 454,000 306,434

67 ix-Percentage of MS which achieve their EIS targets Na 19%

68 x-Number of cross border crime checks (CBCC) in the EIS

340 55/quarter 340

Work Programme Objective 2.3.1 - Further develop SIENA with user-need driven functionalities that reinforce it as the primary communication channel between Member States and Europol

Assessment: SIENA continues to incorporate and accommodate user requirements into new releases. The increasing number of MS and cooperation partners planning to connect more competent authorities to SIENA demonstrates the value of SIENA as a communication channel between MS and cooperation partners and Europol

Summary of main outputs/outcomes 2013 SIENA 2.3 was released on 21 November 2013 and was followed by a number of hot-fixes in order to solve various

release issues. The most critical issues concerned the performance of the system and the delayed delivery of SIENA messages. The SIENA performance was restored on 4 December 2013 through a number of hot-fixes. The delayed delivery of SIENA messages was resolved on 11 December 2013 by means of a temporary fix awaiting the upgrade of some SIENA servers, which was successfully performed on 16 December 2013. The selective cancellation feature was resolved but still requires a SIENA minor release to fix the incorrect status of certain messages caused by this selective cancellation bug. As from the moment this has been resolved, the grace period of 1 month on the SIENA case-based data retention period for Member States and Third Parties will begin. The non-critical SIENA issues such as deployment in training environment, the setting on the e-mail notification and the data retention pop-up lay-out will be solved in February 2014. The LB from Member States and Third Parties were closely involved in the SIENA 2.3 release issues through user feedback sessions, organized on 28 November and 5 December, during which the known problems and the state of play were communicated.

SIENA is connected to 452 competent authorities compared with 373 in 2012

Work Programme Objective 2.3.2 – Improve interoperability between the data processing systems of Europol, Member States, Interpol and EU-related bodies

Assessment: Good progress in this area.


UMF Information Model (law enforcement focus) and UMF Exchange Format (technical) were finalised and approved by the UMF Board of Partners in December 2013. Several representatives of Germany, Poland, Bulgaria, Norway, FRONTEX, Eurojust and Europol were trained in technical aspects of the UMF. Commission approved the extension of the programme until end May 2014 to allow the finalisation of one of the pilot-projects, SIENA supporting UMF. The programme is in its last phase which aims at the creation of a (proposal for) permanent governance structure for the framework.

The initial go-live date was postponed from end 2013 to Q2 2014 The UMF2 Prüm Hit Follow-up Form was launched to the Prüm Countries on 30 May 2013.

Goal 3: Europol will expand its capabilities as an EU centre for law enforcement expertise Strategic Objective 3.1: Pioneer new techniques to prevent and combat international serious crime and terrorism

KPI 2012 result

Target 2013

Result 2013

74 User satisfaction of key knowledge products, including Europol Platform for Experts*

75.2 ≥75.2 To be measured via User Survey 2014

Work Programme Objective 3.1.1 – Enhance the overall crime intelligence picture maintained by Europol with input from non-law enforcement actors

Assessment: Very good progress was made as strategic analysis reports and knowledge products were produced in accordance with the planning. Furthermore progress was made in relation to formalising work non-law enforcement actors in the form of four Memorandum of Understanding with private sector companies


44 Strategic analysis reports and 67 knowledge products were produced in accordance with the planning (except for one related to the synthetic drugs OAP and the joint EU/US report on terrorist travel patterns that was still under negotiation with US authorities

32


Four MoUs were in progress with Trend Micro, Microsoft, Symantec and McAffee (to be signed on 12/02/2014)

Strategic Objective 3.2: Strengthen the position of Europol as a platform for specialist areas

KPI 2012 result

Target 2013

Result 2013

79 i-Average number of visits per day to the expert communities on the EPE

400/day 110

80 ii-Number of active users in expert communities on the EPE

4000 4,419

Work Programme Objective 3.2.1 – Lead global efforts in combating euro counterfeiting

Assessment: Continued good progress in the area with the support of euro-counterfeiting operations and the ongoing development and increasing membership and usage of the EPE. Work towards accreditation of the Forgery of Money Laboratory continued but is now foreseen for Q2 2014.


Overall, Europol financially supported 39 euro counterfeiting investigations in 2013 (30 in 2012) with a total amount of €178,124 (€149,310 in 2012) resulting in more than 70 arrests, the dismantling of 6 illegal print shops and the seizure of counterfeit Euros with a total face value of over 6.5 million

At the end of 2013 the EPE contains 32 expert communities. One new platform was created in Q4, the European CODIS (Combined DNA Index System) users platform. In addition, the first platform (O1 Data Scan) on the EPE OpsNet was created and is under development.

On average 110 visits per day and 871 unique visitors per month were counted on EPE home during Q4. The number of unique visitors in October and November (971) were higher than ever. The development of EPE 3.1 has been completed and the release is planned for Q1/2014. The sponsored development of Liferay (the software used to build the EPE) was completed in November 2013

Work Programme Objective 3.2.2 – Augment Europol’s position as a central EU platform for capacity building in the fight against violent extremism

Assessment: Some progress was made in relation to this objective via the support to the relevant COM initiatives and projects. Due to limited capacity no specialised training was delivered and the EWS project closed


The Early Warning System project (lead by Spain) did not proceed and activities undertaken thus far are planned to be absorbed by the EEODN and other CT-related networks.

The Financial Analysis Training was postponed to 2014 due to reassignment of personnel to other duties and reduced capacity.

Europol participated in the meetings of the EU COM's initiative RANPOL (Radicalisation Network Police) and is also closely involved in the related EU COPRA project (Community Policing Preventing Radicalisation). Europol signed a ISEC Partnership Declaration for a Lithuanian project on self-radicalisation and continued to support sharing expertise and best practices in the context of RANPOL and COPRA

Work Programme Objective 3.2.3 – Establish a European Cybercrime Centre building on Europol’s strong capabilities to effectively address the growing threat posed by cybercrime and the criminal misuse of the Internet Assessment: Good progress was made in 2013 in the physical establishment of EC3 and in implementing the mandate accorded to the EC3. The start-up phase proceeded largely as planned and key deliverables were met.


The EC3 Opening Event was organised on 11 January 2013. EPCC and Europol-Interpol Cybercrime Conference successfully delivered

Forensic IT lab: (server racks, servers, workstations, signposting and consumables, specialised forensic servers, workstations and laptops for in depth analysis purposes) were delivered and forensic hardware and software (Miscellaneous tools, Domain Tools) were also delivered.

Decryption platform implemented Total number of operations supported by EC3 (at the end of 2013)

- CYBORG: 40 - TWINS: 20 - TERMINAL: 109

1st Solution for the Sandbox (Malware Analysis System) was purchased and assisted in the analysis of 41460

33


malware of which, 1200 were malicious

Knowledge products: 29 cyberbits published, 3 alerts, 1 intelligence notification, 1 cyber matter. Various strategic analysis reports published

Large File Exchange (LFE) solution was purchased and by the end of year facilitated the delivery of 170 intelligence packages

The Multi Disciplinary Centre for Cybercrime Innovation (MDCCI) room was completed and used four times to support operations.

The first look and feel of SPACE was released Work Programme Objective 3.2.4 – Fulfil Europol’s role in the EU-US TFTP agreement, and prepare to support any future equivalent system in the EU

Assessment Europol continues to fulfil its role in relation to the EU-US TFTP agreement


All JSB recommendations were implemented by the end of the year including amendments to the TFTP template, confidentiality and the retention period of data re ART 9 and 10.

Europol participated in discussions concerning TFTP and a three year value assessment completed for the EU COM confirmed the continuation of current practice.

Specific activities in 2013 Target date Progress 2013

94 Coordinate follow up actions to address TFTP related recommendations formulated by JSB and EU COM

Amendments made to TFTP template, amended confidentiality, dialogue underway regarding retention period of data re ART 9 and 10. Preparation ongoing regarding an EDOC referencing JSB recommendations, including data retention periods. Document to be completed by the end of third quarter. JSB recommendations implemented regarding ART 4/9/10 data retention periods EDOC#664355 & EDOC#665569, TFTP process description signed and updated. (housed with HOU) Sept 2013

95 Prepare to support any future equivalent system of TFTP in the EU if required by COM

Hosted EU Commission, (Head of unit, policy officer) DG Home delegates discussion re TFTP and TFTS March 2013. 3 year TFTP value assessment completed for EU commission EDOC#675089 Aug 2013. Monitoring TFTS dialogue ongoing. EDOC#672615 EU commission/US Treasury Art 6 joint review, completed with Europol case examples

Strategic Objective 3.3: Provide expertise and quality training in key law enforcement techniques

KPI 2012 result

Target 2013

Result 2013

96 Satisfaction of participants with training provided by Europol experts

8.7 8.5 9.3

Work Programme Objective 3.3.1 – In conjunction with CEPOL, develop effective and cost-efficient training in Law Enforcement Techniques for fighting prioritised types of crime

Assessment: Good cooperation with CEPOL continues and very good feedback is received on training delivered by Europol


Cooperation agreement with CEPOL concluded. Common planning exercise for 2013 done, another one for 2014 in planning. Joint activities with CEPOL have been

developed and all activities with CEPOL were implemented according to plan. Europol organised and delivered a total of 37 courses in 2013 and supported 46 other training activities organised by

CEPOL and/or Member States. Webinars were delivered on illegal immigration, THB, cyber crime, container smuggling & mobile crime groups held

At the end of Q4 the running average of the satisfaction scores from training participants is above the set target. This result is based on the evaluation of 31 courses covering 534 participants

E-learning module for TTT OIAT developed and a new e-learning module on Europol published. Europol is part of the new network of EU agencies' training coordinators Europol's activities are being coordinated with

CEPOL's NCPs. Europol took part in the evaluation process held for assessing MS' application for grants and supported the

development of the new common curricula on money laundering and terrorism.

34


Goal 4: Europol will grow as a modern, efficient organisation with the best resources, effective governance arrangements and a positive reputation

Strategic Objective 4.1: Strengthen Europol’s accountability arrangements

KPI 2012 result

Target 2013

Result 6m 2013

100 Percentage of audit recommendations graded as critical implemented by improvement measures within 12 months

75% 57%

Work Programme Objective 4.1.1 – Automate and centralise compliance and audit management

Assessment: Work has progressed on centralising compliance and audit management. Although the systems are not yet automated, there is better overall management and monitoring.


At the end of Q4, overall 57% of audit recommendations implemented. However, structural topic remain ongoing: asset and contract management, procurement and supporting evidence / formal requirements for the payment of allowances - ECA: Implementation rate: 67%: the following topics are pending: 1. Contract management - Project planned in

2015, 2. Supporting evidence and formal requirements for allowances - Ongoing activities by Personnel Administration and 3. Exception process - Document to be finalised in Q1 2014

- IAS: Implementation rate: 86%: the following topics are pending: 1. Guidelines for making amendments to the Work Plan, 2. Process and framework for strategy implementation, 3. Document the process for the work plan

- IAF: Implementation rate: 46%: the following topics are pending: 1. Contract management, 2. Asset management, 3. Procurement and 4. Formalisation of Europol's processes (in particular in the core business)

- JSB: Implementation rate: 35%: JSB opinion on the fulfilment of each single recommendation is expected only in March 2014. An updated Implementation Plan exists.

- DPO: Implementation rate: 50%: The last CAMA report shows 4 recommendations fulfilled, one pending. For the medical files no progress achieved, since HR procured a new service, which turned out to be still the same provider.

No qualifications reported by the ECA for both the annual accounts and the Europol Pension Fund (EPF) accounts. Positive discharge expected by the European Parliament, positive budget execution trend at the end of 2013 acknowledged by the European Parliament

The corporate risk log was updated and presented five times to the Directorate over the course of the year 100% of systems that were planned for accreditation in 2013 (i.e. seven) have undergone the security accreditation

process

Work Programme Objective 4.1.2 – Improve product and service management

Assessment: Good progress in this area with planned activities completed


Specific meetings were held in order to provide better integration between IT development and the business in the interests of improving product and service management

Work Programme Objective 4.1.3 – Prepare for the implementation of the future Europol Regulation

Assessment: Work in this area is ongoing


Europol is closely monitoring the legislative procedure of the Draft Regulation and participating in the negotiation thereof in line with the negotiation strategy. In particular, Europol participated in LEWP and CATS Council Working Parties

The process for the new organisational Strategy and Multiannual Implementation Plan linked with multiannual resource planning was agreed with MB 22.05.2014

Strategic Objective 4.2: Strengthen ICT and business alignment


Result 6m 2013

143 i-Delivery of services and products in line with agreed SLAs

95% 98%

35


144 ii-Delivery of projects and programmes according to targets**

75% 56%

Work Programme Objective 4.2.1 – Further improve ICT support services

Assessment: Work in this area is mostly progressing well with ongoing with several improvements made to ICT support services. Not all projects were completed to due unexpected resource issues and delays from contractors. This resulted in re-planning. However, several unplanned but important projects were able to be accommodated.


▪ The 2013 ICT Workplan was revised in June 2013 due to heavy resource constraints (e.g. unexpected resignation of ICT project managers and long term absences for medical reasons), 2012 work spill-over due to the end of year reorganisation and delays due to lack of delivery from contractors. This re-planning implied that a number of 2013 initiatives will be completed in 2014. Consequently the outcome of the KPI target is lower than the original plan. Despite these constraints, 14 out of 25 initiatives/releases were delivered within the year boundary.

In addition the following unplanned and unforeseen projects were delivered in the course of 2013: Decryption Platform for EC3, ad-hoc system for the Downfall Operation, enhanced security of the ICT organisation including instructor led training of 75% of C1, redesign of the Corporate Network including Secure Browsing and external Email validation, set up of the Workspace Transformation Programme to drive changes to keep track of key interdependencies/ risks between key ICT, business and change initiatives in order to be able to better manage the changes that will impact the entire user base of Europol.

Strategic Objective 4.3: Improve the management of Europol's human and financial resources

KPI 2012 result

Target 2013 Result 2013

160 i-Overall level of staff engagement ≥

53% n.a. To be measured 2014

161 ii-Vacancy index at the end of the year Max 4% 3.9%

162 iii-Budget outturn 2013 (committed budget)

95% of 2013 budget

committed 99%

163 iv-Budget outturn 2013 (payment of carry-forward)

95% of carry forward

2012-13 paid 91%

Performance Indicators EoY Target Performance Progress 2013

164 Deviation between planned and implemented budget per strategic objective (all BAs)

<15% To be reported Q4

165 Absence rate 2013

To be reported once the respective calculations are available from HR system. Full implementation of the Sick leave management module (including the functionality for calculations and reports) has been postponed due to stabilisation phase of HR system

166 Representation EU nationalities

Trend to a representation in line with the European population; all nationalities represented

The countries with the largest representation among the Europol staff continue to be NL, BE, UK, DE, IT and FR. The first two of those are overrepresented, when compared to percentage of national population in EU; however, the UK, DE, FR and IT are still underrepresented. The only MS not represented were Malta and Croatia

167 % of SDPR assessments finalised by 01.06.2013 (all)

100% 92.4%

168 % of selection procedures (steps 5-33) executed within 17 weeks/4 months

Min. 85% 100% (average was 3.6 months)

169 Number of justified/legitimate complaints about the recruitment process

0 None

170 Payment rate T1: 90% T2: 80% T3: 70%

The final payment rate came to 87%. T1 98% T2 56% T3 72% The overall payment rate is considerably higher than in 2012 (79%) and also all the individual Titles show a clear improvement. Although the target for Title 2 was not reached the 56% is already 6% better than last year. The reason for not reaching the target in T2 is the difficulty in implementing some parts with considerable budget (for example the building

36


expenses through the SLA with the Host State who only sends one invoice in 2014 covering all expenditure done for us in 2013, is something which is out of our control and the separate JSB budget)

171 Average throughput time for commitments and payments

commitments: max 14 calendar days payments: max 30 calendar days

The commitments and payments transactions have on average been processed well within the set time limits; commitments within 4 days and payments within 19 days.

172 % of late payments Max. 5%

The year average for 2013 comes to 10% (For 2012 it was still 23%). For Q4 the average was 6% and December 2013 isolated also came to 6% which is very close to the ambitious KPI

173

% of ICT budget unspent in 2013 and to be carried over to 2014 (i.e. committed, ordered, delivery started in 2013 and to be paid in 2014) (Title 2 - Chapter 21 and Title 3 - Chapters 31 and 32)

<30% 23% of original workplan budget and 34% of extended budget.

174 % of ICT budget committed (Title 2 - Chapter 21 and Title 3 - Chapters 31 and 32)

>95% 116% of original budget committed and 99,6% of final budget allocated was committed

175 % of ICT budget paid (Title 2 - Chapter 21 and Title 3 - Chapters 31 and 32)

min 50% (Q1) min 75% (Q2) min 90% (Q3) min 95% (Q4)

77% paid of original budget and 66% of final budget allocated.


Contributed substantially to the implementation of the European School in the Hague Improved performance reporting (financial reports) New digital library launched New process for staff appraisals introduced Review of training provided to staff undertaken and new strategy developed and approved Introduction of end of contract support Gender balance project implemented Simplified financial workflow processes Ex-post verification for low value commitments and invoices implemented ICT supplier management service established

Work Programme Objective 4.3.1 – Implement efficiency and cost saving initiatives in the context of financial austerity across the EU

Assessment: Several actions are being undertaken to respond to the need to increase efficiency and save costs.


In order to manage staff reductions required by the COM (5% in 2014-2017), posts were identified for 2014 and 2015. On going monitoring now takes place.

New general training and an introduction to procurement rules was delivered to newcomers as part of the legal induction. Training on low value tenders was delivered to the main stakeholders. Further training in the future will be delivered as required

MSPP drafted and agreed with MB passed to COM for adoption. Manpower information provided for O dept recruitment plan. Structured manpower planning for competency framework pending development of necessary competency framework

Strategic Objective 4.4: Build a strong Europol culture and a positive external image


Result 2013

203 i-Europol user survey results on image (Image index rating)

73.3 ≥ 73.3 To be reported in 2014

204 ii-Europol user survey results on overall satisfaction

67.8 ≥ 67.8 To be reported in 2014

Work Programme Objective 4.4.1 - Raise awareness of Europol’s added value through online communication tools targeting the law enforcement community in the MS

37


Assessment: Good progress in this area via targeted roadshows and a substantial increased presence in the media


65,840 articles in the media referring to Europol were recorded, an increase of 268% (over 2012) Social media features included on an improved Europol Internet website Europol awareness package for presentation and promotion of Europol by Europol staff, ELO's, ENUs was reviewed and

updated

Ongoing Management and Support activities

Internal Governance, management and administration


Consolidated improvements to governance structure and organisational business areas structure and improved related processes (e.g. merger of DM and DPB)

Implement staff survey improvement roadmap

Support Activities


Support to projects provided Continued work in area of process management through process description development and review and provision of

training on process management Alignment of process reporting with performance reporting New medical services tendered and contracted Proposal to integrate the Europol Pension Fund into the Europol administration as of 01.01.2015 drafted Meetings and information exchange between other agencies e.g. Eurojust, Frontex, Host State and ESMA are ongoing.

In order to conduct a benchmark exercise with other agencies and bodies and check facilities compliance (e.g. trends, costs, product and service demand management

Greater centralisation of facilities management via the Facilities Management Information System Improved Asset Management though the FMIS to make it possible to manage better e.g. the economical, technical, life-

cycle, etc. processes.

38


Annex B KPIs 2013

Strategic Objective KPI EoY target Result 2013

i-User satisfaction with operational support (HQ) 8.3 8.4

ii-Percentage of all SIENA messages sent by MS shared with Europol (MS) 70% 66%

iii-Number of operations supported by Europol (HQ) 684

1.1: Delivery of unique operational support services

iv-Number of operational analysis reports delivered (HQ) 209 1.2: Enhance coordination of operational action in the EU

Number of joint Investigations supported/coordinated by Europol (HQ) 265

i-Number of SIENA requests and for information messages sent by Europol to external partners (HQ) 6,155 5,117

1.3: More effective cooperation with external partners ii-Number of SIENA requests and for information messages sent by

external partners to Europol (TP) 3,250 3,546

2.1: Lead development of ECIM

% of Europol actions defined in the Operational Action Plans implemented by Europol (HQ) 100% 80%

2.2: Improve analysis capability

User satisfaction with operational analysis reports (HQ) 8.3 7.9

i-Number of SIENA cases initiated (MS/HQ) 17,545 18,310

ii-Number of SIENA messages received (HQ/MS/TP) 311,950 307,842

iii. Percentage of SIENA messages accepted, processed by Europol 98%

iv-Number of objects in the EIS (MS) 231,000 245,142

v-Percentage of MS which achieve their target number of objects in the EIS (MS) 22%

vi. Number of person objects in the EIS 62,000 70,917

vii-Percentage of MS which achieve their target number of persons in the EIS (MS) 22%

viii. Number of EIS searches by MS 454,000 306,434

ix-Percentage of MS which achieve their EIS search targets (MS) 11%

2.3: Strengthen information management capabilities

x-Number of cross border crime checks (CBCC) in the EIS (MS) 55 / Qtr 340

3.1: Pioneer new techniques

User satisfaction of key knowledge products, including Europol Platform for Experts (HQ) ≥ 75.2 Q4 2014

i-Average number of visits per day to the expert communities on the EPE (HQ) 400/day 110/day

3.2: Strengthen position of Europol as a platform for specialist areas ii-Number of active users in expert communities of the Europol

Platform for Experts (HQ) 4000 4,419

3.3: Provide expertise and quality training

Satisfaction of participants with training provided by Europol experts (HQ) 8.5 9.3

4.1: Strengthen Europol's accountability arrangements

% of audit recommendations graded as critical implemented by improvement measures within twelve months (HQ) 75% 54%

i-Delivery of services and products in line with agreed SLAs (HQ) 95% 98% 4.2: Strengthen ICT and business alignment ii-Delivery of projects and programmes according to targets (HQ) 75% 56%

ii-Overall level of staff engagement (HQ) ≥ 53.3 Q2 2014

iii-Vacancy index at the end of the year (HQ) Max 4% 3.9

iv-Budget outturn 2013 min. 95% of 2013 budget committed 95% 99%

4.3: Improve the management of Europol's human and financial resources v- Budget outturn 2013 min. 95% of carry forward 2012 to 2013 paid

(HQ) 95% 91%

i-Europol user survey results on image (Image index rating) (HQ) ≥73.3 Q4 2014 4.4: Build a strong Europol culture and a positive external image ii-Europol user survey results on overall satisfaction (HQ) ≥67.8 Q4 2014

39


Annex C Major Decisions taken by the Management Board in 2013

Meeting 6-7 February 2013

Implementation of the Budget 2012, including automatic carry-forward of appropriations 2012-2013 The MB approved the automatic carry-forward of payment appropriations from 2012 to 2013 (€ 16.34 M.) and of the appropriations available at 31 December 2012 arising from assigned revenue (€ 944 K.). Update on the EC3, including recruitment matters The MB adopted a revised Decision laying down the list of Europol posts that can be filled only by staff engaged from the competent authorities of the Member States reflecting which posts within the European Cybercrime Centre (EC3) shall be non-restricted. Report on indefinite contracts awarded in 2012 The MB authorised the Director to initiate the procedure for granting indefinite contracts to temporary agents in non-restricted posts and contract agents whose second contracts expire in 2013 and the first semester of 2014. Preliminary Work Programme 2014 The MB adopted the preliminary Work Programme 2014, as amended following the discussion, for submission to the Commission. Draft Estimate of Revenue and Expenditure 2014 The MB adopted the Estimate of Revenue and Expenditure 2014 for submission to the Commission. Draft Multi Annual Staff Policy Plan 2014-2016 The MB adopted the Multi Annual Staff Policy Plan 2014-2016 for submission to the Commission. IAF annual work programme 2013 The MB endorsed the IAF annual work programme 2013. Europol’s support in joint cross-border operations The MB agreed to the further development of the European Tracking System project. Review of the financial support guidelines concerning Euro counterfeiting The MB approved the revised guidelines on the financial support against Euro counterfeiting. Cooperation with Serbia The MB authorised the Director to enter into negotiations with Serbia for the conclusion of an operational cooperation agreement. Key Performance Indicators for the Europol Information System The MB recalled the importance of an effective use of the Europol Information System and approved option 2.

Meeting 22-23 May 2013 Recruitment of a Deputy Director The MB approved the vacancy notice for the recruitment of a Deputy Director (Operations) and drew lots to designate the five Member States which shall assign a MB member to serve, along with the MB member for the Commission and the Director, in the selection

40


committee that shall assess the applications received and draw up a reasoned report to be submitted to the MB. Appraisal of the Director The MB agreed that the Board members designated by drawing of lots to act as reporting officers for the annual appraisal of the Director, along with the MB member for the Commission, would serve for the reference period 2013-2014. The MB also agreed that Europol’s work programme would serve as the basis for the Director’s objectives, which he shall agree with the reporting officers. Annual appraisal of Deputy Directors The MB agreed that the reporting officer for the annual appraisal of the Deputy Directors for the reference period 2012 would also serve for 2013. General Report on Europol Activities in 2012 The MB adopted the General Report on Europol Activities 2012 to be submitted to the Council for endorsement in accordance with Article 37(10)(c) of the Europol Council Decision. Process to develop a new Europol strategy The MB agreed to extend the current strategy by one year and be used as a basis of the 2015 annual planning. Europol gender balance project: analysis and recommendations The MB approved the publication of all vacancies on Europol’s website and agreed to promote gender-balanced representation from competent authorities in selection committees for restricted posts. List of public holidays 2014 The MB adopted the list of public holidays 2014. Annual Activity Report 2012, including a draft MB analysis and assessment The MB adopted an analysis and assessment of the Annual Activity Report 2012 for submission to the European Parliament, the Council and the Court of Auditors in accordance with Article 40(2) of the Financial Regulation applicable to Europol. Cooperation with Albania and Serbia The MB agreed to submit the draft cooperation agreements with Albania and Serbia to the Joint Supervisory Body for an opinion. Data protection reports on Montenegro and on Bosnia and Herzegovina The MB agreed to submit the data protection reports on Montenegro and on Bosnia and Herzegovina to the JSB for an opinion. Cooperation with the Russian Federation The MB agreed to submit the draft cooperation agreement with the Russian Federation to the JSB for an opinion. Cooperation with the Office of Harmonisation for the Internal Market The MB approved the draft agreement of strategic cooperation with the OHIM. Cooperation with the European Network and Information Security Agency The MB approved the draft agreement of strategic cooperation with ENISA. Accreditation of systems The MB approved the accreditation of the Europol Operations network, provided an interim authority to operate for the Europol Analysis System and agreed on a three-month

41


extension of the accreditation validity of the Europol Information System, the European Bomb Database System and Check-the-Web.

MB meeting 9 October 2013 Indefinite contracts The MB authorised the Director to initiate the procedure for granting indefinite contracts to temporary agents in non-restricted post and contracts agents whose second contract would expire in the second semester of 2014. Draft operational agreements with Albania and Serbia The MB recommended the Council to authorise the Director to sign the operational cooperation agreements with Albania and Serbia. JSB opinion on the data protection reports on Montenegro and on Bosnia Herzegovina The MB authorised the Director to enter into negotiations with Montenegro and with Bosnia and Herzegovina for the conclusion of operational cooperation agreements.

MB meeting 3 December 2013 Review of the Europol Financial Regulation The MB preliminarily adopted the Europol Financial Regulation. Budget 2014 The MB adopted the Budget 2014. Recruitment procedure for a Deputy Director The MB adopted the reasoned opinion on the appointment of a Deputy Director and agreed to its submission to the Council. New Security Manual The MB adopted the Security Manual. Accreditation of systems The MB accredited the Secure Information Exchange Network Application, the Identity and Access Management, the Europol Information System, the Europol Bomb Database System and Check the Web for a period of 24 months. Outcome of HENU Working Group: JSB report on the conditions for Europol National Units in relation to data processing in Europol’s Information system The MB endorsed the conclusions concerning the JSB recommendations on the EIS.

Written procedures

13 December 2012 – 5 February 2013 Preliminary Work Programme and draft Estimate of Revenue and Expenditure 2014, Multiannual Staff Policy Plan 2014-16

8 February– 21 May 2013 Proposal for a Europol Regulation – Merger between Europol and CEPOL

23 May - 8 October 2013

42


MB opinion on Europol’s annual accounts 2012 MB Decision on outside activities and assignments, part-time work, and parental and family leave

10 October – 2 December 2013 Work Programme 2014 Data protection report on the Republic of Moldova

43


Annex D FINANCIAL STATEMENTS (draft final accounts)

The full “Final Annual Accounts for the Financial Year 2013, Financial Statements and Reports on the Implementation of the Budget” will be submitted directly to the Budgetary Authority no later than 1 July 2014. The below figures, therefore, represent the “draft final accounts”.

a. Balance Sheet

BALANCE SHEET – ASSETS Note 31.12.2013 31.12.2012 Variation

NON CURRENT ASSETS Intangible fixed assets 3.1.1. 5,495,924.86 5,261,046.31 234,878.55 Tangible fixed assets 3.1.1. 31,978,803.15 33,663,693.50 -1,684,890.35 Land and buildings 9,548,237.00 9,896,316.21 -348,079.21 Plant and equipment 528,331.00 383,972.00 144,359.00 Computer hardware 10,212,231.69 9,879,210.78 333,020.91 Furniture and vehicles 2,945,514.46 4,709,842.45 -1,764,327.99 Other fixtures and fittings 8,744,489.00 8,794,352.06 -49,863.06 Leasing - -

Tangible fixed assets under construction - - Investments - - - Guarantee Fund - - - Investments in associates - - - Interest in joint ventures - - - Other investments - - - Loans - - - Loans granted from the budget - - - Loans granted from borrowed funds - - - Term deposits over 12 months - - - Long-term pre-financing - - -

Long-term pre-financing - - -

LT pre-financing with consolidated EU entities - - -

Long-term receivables - - -

Long-term receivables 3.1.2. 6,915.00 6,915.00 -

LT receivables with consolidated EU entities - - -

TOTAL NON CURRENT ASSETS 37,481,643.01 38,931,654.81 -1,450,011.80

CURRENT ASSETS Stocks - - - Short-term pre-financing 3.1.3. - 25,515.00 -25,515.00 Short-term pre-financing - 25,515.00 -25,515.00 ST pre-financing with consolidated EU entities - - - Short-term receivables 2,153,749.38 1,077,771.52 1,075,977.86

Current receivables 3.1.4. 1,089,942.71 583,553.25 506,389.46

Term Deposits between 3 months & 1 year - - -

LT receivables falling due within a year - - -

Sundry receivables 3.1.5. 61,592.59 89,993.29 -28,400.70

Other 1,000,058.93 403,227.69 596,831.24

Accrued income 3.1.6. 10,257.99 1,961.63 8,296.36

Deferred charges 3.1.6. 984,487.67 401,266.06 583,221.61

Deferrals and Accruals with consolidated EU entities

5,313.27 - 5,313.27

Short-term receivables with consolidated EU entities

2,155.15 997.29 1,157.86

Short-term Investments - - -

Cash and cash equivalents 3.1.7. 11,801,032.23 26,916,429.41 -15,115,397.18

TOTAL CURRENT ASSETS 13,954,781.61 28,019,715.93 -14,064,934.32 TOTAL 51,436,424.62 66,951,370.74 -15,514,946.12

44


BALANCE SHEET - LIABILITIES NOTE 31.12.2013 31.12.2012 Variation

Net capital 1.4. 41,574,523.31 47,301,283.17 -5,726,759.86 Reserves - - - Accumulated surplus/deficit 1.4. 47,301,283.17 45,846,436.63 1,454,846.54 Economic result of the year - profit+/loss-

1.2. -5,726,759.86 1,454,846.54 -7,181,606.40

Minority interest - - -

NON-CURRENT LIABILITIES 611,622.70 590,703.70 20,919.00 Employee benefits - - - Provisions for risks and charges 3.1.8. - 11,120.17 -11,120.17 Financial liabilities -

Borrowings - Held-for-trading liabilities - Other long-term liabilities 3.1.9. 611,622.70 579,583.53 32,039.17 Other long-term liabilities 611,622.70 579,583.53 32,039.17 Other LT liabilities with consolidated EU entities

-

Pre-financing received from consolidated EU entities

-

Other LT liabilities from consolidated EU entities

-

TOTAL 42,186,146.01 47,891,986.87 -5,705,840.86

CURRENT LIABILITIES 9,250,278.61 19,059,383.87 -9,809,105.26 Provisions for risks and charges 3.1.10. 2,746,049.92 1,551,493.28 1,194,556.64 Financial liabilities - - -

Borrowings falling due within the year - - -

Held-for-trading liabilities due within the year

- - -

Other current financial liabilities - - - Accounts payable 6,504,228.69 17,507,890.59 -11,003,661.90

Current payables 3.1.11. 42,779.84 90,743.01 -47,963.17 Long-term liabilities falling due within the year

- - -

Sundry payables 3.1.12. 307,207.70 2,252,953.56 -1,945,745.86 Other 3.1.13. 3,696,476.82 4,855,847.97 -1,159,371.15 Accrued charges 3,647,009.16 4,852,812.00 -1,205,802.84 Deferred income 49,467.66 3,035.97 46,431.69 Deferrals and accruals with consolidated EU entities

- - -

Accounts payable with consolidated EU entities

3.1.14. 2,457,764.33 10,308,346.05 -7,850,581.72

Pre-financing received from consolidated EU entities

3.1.14. 2,307,671.78 3,094,491.21 -786,819.43

Other accounts payable against consolidated EU entities

3.1.14. 150,092.55 7,213,854.84 -7,063,762.29

TOTAL CURRENT LIABILITIES 9,250,278.61 19,059,383.87 -9,809,105.26

TOTAL 51,436,424.62 66,951,370.74 -15,514,946.12

45


b. Economic Outturn Account

ECONOMIC OUTTURN ACCOUNT

2013 2012 Variation

Subsidy from the Commission 79,858,089.40 80,063,410.79 -205,321.39

Grants 457,640.82 - 457,640.82

Income taxes26 51,576.37 104,848.62 -53,272.25

Other income – fixed assets 19,841.96 290,464.46 -270,622.50

Other operating revenue 320,246.26 643,625.07 -323,378.81

TOTAL REVENUE 80,707,394.81 81,102,348.94 -394,954.13

Administrative expenses -71,781,437.19 -68,507,303.49 -3,274,133.70

All Staff expenses -51,124,446.21 -50,435,707.21 -688,739.00

Fixed asset related expenses

-10,061,777.77 -8,948,881.17 -1,112,896.60

Other administrative expenses

-10,595,213.21 -9,122,715.11 -1,472,498.10

Operational expenses -14,650,731.45 -11,138,482.24 -3,512,249.21

Other operational expenses

-14,650,731.45 -11,138,482.24 -3,512,249.21

TOTAL EXPENSES -86,432,168.64 -79,645,785.73 -6,786,382.91

SURPLUS/DEFICIT FROM OPERATING ACTIVITIES

-5,724,773.83 1,456,563.21 -7,181,337.04

Financial revenue - - -

Financial expenses -1,986.03 -1,716.67 -269.36

Movement in pensions (- expense, + revenue)

- - -

Share of net surpluses or deficits of associates and joint ventures accounted for using the equity method

- - -

SURPLUS/ DEFICIT FROM NON OPERATING ACTIVITIES

-1,986.03 -1,716.67 -269.36

SURPLUS/DEFICIT FROM ORDINARY ACTIVITIES

-5,726,759.86 1,454,846.54 -7,181,606.40

Minority interest - - -

Extraordinary gains (+) - - -

Extraordinary losses (-) - - -

SURPLUS/(DEFICIT) FROM EXTRAORDINARY ITEMS

- - -

ECONOMIC RESULT OF THE YEAR -5,726,759.86 1,454,846.54 -7,181,606.40

26 Taxes from Europol Staff still recruited under Europol’s old Staff Regulation

46


c. Cash-flow Statement (indirect method)

2013 2012

Cash-flow from ordinary activities

Surplus/deficit from ordinary activities -5,726,759.86 1,454,846.54

Operating activities

Adjustments

Amortization (intangible fixed assets) + 2,403,895.09 2,058,065.33

Depreciation (tangible fixed assets) + 7,594,696.57 6,771,802.67

Increase/(decrease) in Provisions for risks and liabilities 1,183,436.47 649,247.45

Increase/(decrease) in Value reduction for doubtful debts - -

(Increase)/decrease in Stock - -

(Increase)/decrease in Long term Pre-financing - - (Increase)/decrease in Short term

Pre-financing 25,515.00 -25,515.00

(Increase)/decrease in Long term Receivables - -

(Increase)/decrease in Short term Receivables -1,074,820.00 1,104,287.06 (Increase)/decrease in Receivables related to consolidated

EU entities -1,157.86 -997.29

Increase/(decrease) in Other Long term liabilities

32,039.17 -84,667.78

Increase/(decrease) in Accounts payable -3,153,080.18 -1,427,535.93 Increase/(decrease) in Liabilities related to consolidated EU

entities -7,850,581.72 1,981,246.09

Other non-cash movements 6,155.9727 -

Net cash-flow from operating activities -6,560,661.35 12,480,779.14

Cash-flow from investing activities

Increase of tangible and intangible fixed assets (-) -8,598,243.28 -8,093,173.17

Proceeds from tangible and intangible fixed assets (+) 43,507.45 298,533.44

Net cash-flow from investing activities -8,554,735.83 -7,794,639.73

Increase/(decrease) in Employee benefits - -

Net increase/decrease in cash and cash equivalents -15,115,397.18 4,686,139.41

Cash and cash equivalents at the beginning of the period 26,916,429.41 22,230,290.00

Cash and cash equivalents at the end of the period

11,801,032.23 26,916,429.41

27 Net amount of other changes - tangible fixed assets.

47


d. Statement of changes in capital

Capital Accumulated

Surplus/Deficit Economic result of

the year Capital (total)

Balance as of 31 December 2012 45,846,436.63 1,454,846.54 47,301,283.17 Fair value movements - - - Movement in Guarantee Fund reserve - - - Allocation of the Economic Result of Previous Year

1,454,846.54 -1,454,846.54 -

Amounts credited to Member States - - - Economic result of the year - -5,726,759.86 -5,726,759.86 Other - - -

Balance as of 31 December 2013 47,301,283.17 -5,726,759.86 41,574,523.31

e. Budgetary outturn

Budget Revenue 2013 2012

Commission subsidy 82,120,500.00 82,655,000.00

Other subsidies and grants - 40,000.00

Other revenue 343,882.74 572,855.78

Proceeds of taxation of staff 51,625.64 119,804.64

TOTAL REVENUE (a) 82,516,008.38 83,387,660.42

Budget Expenditure

Title I: Staff

Payments 51,726,992.00 51,699,175.79

Appropriations carried over 570,035.86 949,642.47

Title II: Administrative Expenses

Payments 4,427,369.55 4,527,219.10

Appropriations carried over 3,136,223.87 4,289,621.87

Title III: Operating Expenditure

Payments 16,327,185.76 10,776,380.55

Appropriations carried over 6,128,389.60 11,709,019.91

TOTAL EXPENDITURE (b) 82,316,196.64 83,951,059.69

OUTTURN FOR THE FINANCIAL YEAR (a-b) 199,811.74 -563,399.27

Adjustments and corrections Cancellation of unused payment appropriations carried over from previous year

1,453,397.17 2,559,477.55

Adjustment for carry-over from the previous year of appropriations available at 31.12 arising from assigned revenue

608,710.46 1.807.538,20

Corrections for assigned revenue and the Host State* - (1.205.967,82)

Exchange differences for the year (gain +/loss -) 491.23 (6,059.45) BALANCE OF THE OUTTURN ACCOUNT FOR THE FINANCIAL YEAR

2,262,410.60 2,591,589.21

48


Annex E: Declaration of assurance issued by the Director of Europol

(Authorising Officer)

I, the undersigned, Rob Wainwright, Director of Europol, in my capacity as Authorising Officer for the organisation, declare that: - The information contained in this report provides a true and fair view

(reliable, complete and correct view) of the state of affairs at Europol.

- I have reasonable assurance that the resources assigned to the activities described in this report have been used for their intended purpose and in accordance with the principle of sound financial management, and that the controls put in place are dedicated to guarantee the legality and regularity of the underlying (financial) transactions.

This reasonable assurance is based on my own judgment and the information at my disposal, the work of the Europol Internal Audit Function (IAF) and the Accounting Officer of Europol, the observations of the Internal Audit Service (IAS) of the European Commission and reporting from the European Court of Auditors (ECA) in charge of issuing the statement of assurance on the annual accounts of Europol. The assurance is also based on the observations made during the year by the Management Board and the JSB, acting in their capacity as statutory organs of Europol. Herewith I confirm that I am not aware of any circumstance not reported in this report which could impede the accountability of Europol towards the budgetary authority.

Done at The Hague May 2014

Rob Wainwright

49


Annex F: Risk Management 2013

As part of the Europol Work Programme 2013, four critical risks (threats to the achievement of business objectives) were identified, and responded to as set out in the below overview:

1. Delivery of a unique set of operational support, in particular through the new Analysis Work Files (AWFs) structure

Measures taken: Europol continued placing emphasis on increasing its operational support activities to Member States and cooperation partners over the year 2013. The Liaison Bureaux (posted at Europol), as a key operational support component, played an important role to mitigate the risk. In addition, Europol committed itself to strengthen product and service management, including the promotion and dissemination of Europol’s key products and services, against the background of the priority areas of the EU policy cycle. Furthermore, horizontal cooperation with relevant EU agencies and bodies, and training measures tailored to the needs of concerned Member States’ authorities (in cooperation with CEPOL) were considered as adequate actions to help realise unique support services.

Current status: Member States, cooperation partners and Europol continuously worked in 2013 to address the risk. Positive developments were achieved, the results of which are detailed in Section 4 of this AAR: In particular, an increase of 15% initiated SIENA cases over 2012 and an overall higher number of operational support instances were reported. However, it also apparent that with the level of resourcing and structure of the AWFs (and FPs), at the end of the 2013, Europol was approaching the end of its capacity to deliver at the same level as in previous years. Bearing in mind the evolution to a new structure of AWFs and the deployment of the Europol Analysis System (EAS) in 2014, with a view to processing and analysing information and intelligence more efficiently, the risk exposure has been taken forward to the overview of critical risks concerning the Europol Work Programme 2014.

2. Timely delivery of the first EU SOCTA by March 2013

Measures taken: Rigorous project management, detailing milestones and critical path risks, supported by dedicated input from Member States and cooperation partners helped to address the overall risk exposure concerned the first EU SOCTA. The first EU SOCTA follows the agreed methodology, to strengthen in particular the aspect of foresight in presenting the most significant threats from OC towards the EU.

Current status: The 2013 EU SOCTA was delivered to operational and policy stakeholders in March 2013, in line with the project planning. Concerns about the previous OCTA methodology (e.g. transparency, reliance on historical data) have been fully addressed and the 2013 EU SOCTA uses a wider range of data sources and analytical techniques to identify current and future OC threats. Europol is satisfied that the 2013 SOCTA provides for a more robust tool to inform EU policy making and to draw up effective Operational Action Plans (OAPs). The focus of activities then moved to the follow-up of the identified priority areas. The EMPACT Support Unit (ESU) at Europol developed a more effective monitoring system both to support the EMPACT. The different levels of MS engagement and commitment to EMPACT-related meetings will shape the future success of the implementation of the corresponding OAPs. With this in mind, the aspect of OAP implementation has been included in the 2014 risk monitoring.

3. Development of key core systems

Measures taken: A key milestone was achieved through the development of the EC3 forensic lab, providing fully equipped environment for technical support in digital forensics. In addition, the network transformation programme progressed well, with a view to combining the objectives of attaining higher levels of security (in particular concerning the Europol Corporate Network – ECN - and the Europol Operations

50


Network – EON) and higher efficiency in core business systems (Europol Analysis System – EAS) as well as the related support infrastructure at the same time (in particular through the Enterprise Content Management (ECM) project, seeking to deliver an integrated state-of-the-art document management, as well as communication portal).

Current status: The delivery of the EAS is scheduled for 2014, with important evolutions in SIENA (multi-lingual support) and infrastructure areas (accreditation of the ECN to include the processing of information up to “RESTREINT UE/EU RESTRICTED”. Given the ‘work in progress’ status in all concerned areas, the risk exposure in relation to the further development of the core systems has been taken forward to 2014.

4. Ad hoc versus planned business delivery

Measures taken: Europol has established robust planning as well as performance measurement processes. Europol committed itself to implement efficiency and cost saving initiatives to also respond to ad hoc priority needs.

Current status: Europol’s new EC3 task was implemented through internal contingency measures, including the re-allocation of in particular human resources (staff) from infrastructure areas to the core business. As highlighted in Section 5.2 of this AAR, administrative costs (leaving out building related costs) decreased, overall, by 26% over the last 3 years. Only through Europol’s strong internal contingency planning capability, the expansion of Europol’s mandate regarding the EC3 could be achieved. Resource constraints in the context of the establishment of EC3 have led to a critical risk exposure concerning an adequate and compliant service and product delivery by Europol in 2014. Against this background, given that Europol perceives a continuously growing focus of (political) attention, Europol has carried the risk also forward to the Europol Work Programme 2014.

51


Annex G: Analysis and Assessment of the Annual Activity Report by the Management Board

Management Board

The Hague, 22 May 2014 MBS 055.2014

Analysis and Assessment of the Annual Activity Report (AAR)

by the Management Board for the financial year 2013

The Europol Management Board takes note of the Annual Activity Report (AAR) for the financial year 2013 submitted by the Authorising Officer in accordance with Article 40(2) of the Financial Regulation (FR) applicable to Europol.i

In analyzing and assessing the AAR 2013 the MB has made the following observations:

- The report contains a comprehensive and thorough account of the activities carried out by Europol in the implementation of its mandate and programme of work during 2013. As required by Article 40 FR applicable to Europol, the report also provides a detailed overview of the results achieved in relation to the objectives set in the Work Programme 2013, financial and management information, as well as the risks related to the organisational activities and measures taken to address them.

- The Management Board notes the continued increase in the demand for Europol’s products and services from law enforcement agencies and the positive feedback concerning the operational and analytical support provided to competent authorities of the Member States and cooperation partners. This trend is taking place against a stable human resource capacity at Europol.

- The MB also notes the following core business achievements for 2013, which confirms Europol’s role as the EU criminal information hub and leading operational support centre across the EU Justice and Home Affairs landscape: - Over 450,000 operational messages exchanged through the Secure Information

Exchange Network Application (10% increase compared to 2012); - Over 245,000 data objects stored in the Europol Information System (31% increase

compared with 2012); - Over 18,000 operational cases initiated (15% increase compared with 2012); - Support was provided to over 680 investigations relating to Europol’s priority areas

through: delivery of about 2,200 operational reports; forensic or technical assistance provided more than 650 times; about 150 on-the-spot mobile support instances; about 220 operational meetings sponsored to respond to the crime priority areas identified in the 2013 Serious Organised Crime Threat Assessment;

- The successful launching of the European Cyber Crime Centre (EC3) with the deployment of a digital forensic laboratory, various operational actions, including the disruption of global credit card fraud networks, the fight against global online child sexual exploitation and the dismantling of botnets;

- An innovative approach to reach out to Member States and cooperation partners through the Europol Platform for Experts providing 33 community areas for law enforcement and other specialists to share best practice and knowledge;

- User satisfaction steadily high, which encourages Europol to continue focussing on product quality and service delivery;

- An increase in public awareness in relation to Europol’s involvement in international investigations with over 65,000 media articles referring to Europol.

- A detailed assessment of the overall implementation of the Work Programme 2013 indicates that:

52


53

- Europol made very good progress concerning 83% of the Work Programme 2013 objectives;

- The overall budget commitment implementation rate exceeded 98% with an overall payment rate of 87%, which was the best budget implementation since 2010;

- Savings were made in administrative costs by 26% over the last 3 years, including a reduction of Management Board’s costs by 45% over the last 4 years;

- Despite zero growth in staffing levels, Europol met unexpected resource requirements by re-allocating 44 posts to the European Cybercrime Centre;

- Europol responded diligently to the comments of the European Court of Auditors, the Internal Audit Service and the Internal Audit Function of Europol.

- The MB also takes note of the planned improvements in key operational, financial and human resource areas mentioned in the AAR and encourages this work, particularly with regard to: - Appropriate staffing for operational analysis, the streamlining of underlying

workflows into the Analysis Work Files and the establishment of the new Europol Analysis System in 2014, with improved reporting and monitoring capabilities concerning the analysis outputs, given the steady increase of operational contributions from Member States and relevant cooperation partners;

- Maintaining the budget management levels achieved in 2013 while improving budget implementation further in 2014 (high payment rates and low carry-forward as well as cancellation rates) and seeking further administrative efficiency gains;

- The possible impact of the future Europol Regulation; - The results of the 2014 staff survey, while further focussing on the aspect of gender

balance since women represent 32% of all Europol staff.

The Management Board notes that the Director has no reservations or critical issues to report which would affect the presentation of the annual accounts for the financial year 2013 to the discharge authority.

The Management Board considers that Europol is effectively and efficiently delivering the expected products and services to the competent law enforcement authorities within the Member States and to its cooperation partners.

The Management Board attaches this analysis and assessment to the AAR for submission to the European Parliament, the Council and the European Court of Auditors in accordance with Article 40(2) of the FR applicable to Europol.

John O’Mahoney Chairperson of the Management Board i The Management Board adopted a new Financial Regulation applicable to Europol on 10 January 2014 in line with the Framework Financial Regulation established by the Commission for EU agencies. Article 114 of the Financial Regulation applicable to Europol determines that Article 40 of the previous Financial Regulation applicable to Europol continues to apply in relation to the financial year 2013.

Date post:	26-Sep-2020
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times

Annual Activity Report EUROPOL 2013 · support services) was put on the reserve list of IT...

Documents