Skip to main content

Intelligence Operating Model

Using the Intelligence Operating Model (IOM), forces and Regional Organised Crime Units (ROCUs) can request support from TOEX for complex investigations into organised exploitation.

The TOEX IOM provides:

  • Support to forces, ROCUs and NCA tasked through regional gateways
  • ROCU capability
  • APMIS recording and monitoring
  • Intelligence development, analysis, and research support
  • Financial intelligence
  • Support around ownership

Colleagues can make a bid for TOEX support via the ROCU Gateway using a tasking request form asking for assistance.

The request is triaged by the regional Gateway team and then sent to TOEX managers for consideration. The Senior Intelligence Analyst (SIA) then works with the force Senior Investigating Officer (SIO) to agree a terms of reference – this establishes what support TOEX will provide, the timeline and product anticipated – working to the SIO investigation strategy.

Skilled development then begins, with contributions made by Intelligence Analysts, Intelligence Development Officers, Data Insight Analysts and Researchers. They enrich the intelligence picture by gathering information/data and providing analytical interpretation that generates tactical options to disrupt organised exploitation.

The teams are able to conflate a number of national, regional, and local datasets, ensuring all available intelligence is recorded on the Police National Database, and use the data capability tools to build a picture of the offending and the people involved.

Upon completion of this intelligence and analytical work, the threat is reassessed by TOEX alongside the requesting force or ROCU, which will inform recommendations regarding onward ownership. Depending on the scale of the threat, it will either remain with the force/ROCU or be escalated to a regional or national owner.

Because TOEX is recorded as a capability on the NCA’s Agency and Partner Management Information System (APMIS), the team can document and measure the value added to operational activity.

It is important to note that TOEX cannot own risk. There should always be an identified owner of the threat, which is typically the customer (forces and/or ROCUs) for the request into TOEX. This is why it is important that taskings follow the route outlined below.

Threat escalated at force level tasking

  • At this point, an SIO should already be assigned to the threat.

Bid comes into ROCU Gateway team for TOEX support via the force-region SPOC

  • The customer may or may not be the SIO but regardless the SIO holds the risk.

Allocation to TOEX

  • The SIO can focus on managing the risk whilst TOEX does the much-needed intelligence development.
  • On the SOC master list, the owning agency will always be shown as the force/region that own the threat.
  • Where risk transfer is required (following intel development), this is to be done via regional TTCG and if necessary, through escalation to the Federated Tasking Team.