Businesses as tools of crime

Summary

How businesses are used as tools of crime

Businesses are attractive tools of crime because they provide criminals with legitimacy and opportunities to enter new arenas, expand operations or conceal other criminal activities. Criminals do this by exploiting vulnerabilities in laws and administrative systems, as well as by using businesses as a credible front vis-a-vis the outside world. Actions which would immediately attract attention when carried out by a private individual can be carried out within a business to a great extent unnoticed. Forms of incorporation can thus protect individuals from government scrutiny, not least by means of complex ownership structures. For example, businesses are used to carry out fraud, money laundering and smuggling, and to gain access to public funds and critical markets.

One in five members of criminal networks had businesses

In the period 2020–2023, one fifth of the 56,000 adult members of criminal networks had at least one formal business engagement. Altogether, members of criminal networks were involved in just over 23,000 businesses, corresponding to around 1.7 per cent of all businesses in Sweden.

Businesses in which members of criminal networks are involved differ in several respects from the businesses in Sweden at large:

• Around 80 per cent are limited companies, compared to 65 per centnationally.
• The business involvement of members of criminal networks isgenerally much briefer than business involvement at national level.
• The businesses of members of criminal networks are significantlymore likely to go bankrupt than other businesses.
• The businesses of members of criminal networks are much morelikely to have a record of indebtedness with the Swedish EnforcementAuthority than other businesses. The total overdue debt which theirbusinesses had to the State is approximately SEK 11.5 billion, whichaccounts for a significant proportion of all Swedish business debt.
• More than 12 per cent of the businesses of members of criminalnetworks have no information regarding their industry (informationreported by the business itself), compared to only 0.5 per centnationally.

Among businesses in a known industry, construction, restaurant, real estate and trade predominate, all industries known to be at-risk for money laundering and illegal labour practices. The businesses of members of criminal networks are typically small. Seven out of ten have no registered employees at all, and half have no declared turnover or a turnover of zero. Only a small proportion, around 6 per cent, have a turnover of more than SEK 10 million. Thus, on paper, the majority of network criminals’ businesses have limited resources, negligible economic activity and few or no employees. However, this does not necessarily mean the businesses are inactive. The businesses can be used, among other things, to carry out transactions to and from company accounts, or to create false invoices in money laundering schemes.

The members of criminal networks found in the Swedish Police Authority’s population constitute a young, predominantly male and highly active criminal population. A large majority have been suspected of criminal offences at some point, and about a hundred individuals are also subject to a trade ban. This group is generally resource-poor, with low levels of education, low declared incomes and high levels of debt. By 2025, the indebtedness of this group, to the State, other businesses and private individuals, was recorded at more than SEK 12 billion by the Swedish Enforcement Authority.

A small group accounts for many business engagements

There are significant differences among the one in five members of criminal networks with business engagements. Most have only one or a few business engagements. A small group (fewer than 300 individuals), referred to in the report as ‘criminal entrepreneurs’, stands out: this group accounts for more than 12 per cent of the 23,000 businesses to which members of criminal networks are linked. Their business engagements are very brief, and largely occur in businesses which they themselves did not launch. Businesses often go bankrupt following the departure of the criminal entrepreneurs. In the register of criminal suspects, appearances of criminal entrepreneurs largely relate to fraud and business-related crime, but instances of violent and drug offences also appear.

Around 30 members of criminal networks in the police intelligence population also appear as auditors in numerous businesses. These engagements covered a total of more than 3,000 businesses during the period. In some cases, individuals were engaged as auditors by businesses in which other members of criminal networks were involved, but these businesses most often had no formal connection to the population studied.

Businesses exploited for various schemes

In various types of schemes, businesses serve different purposes. In some schemes, access to the business is a prerequisite, for example in schemes based on bogus employment or aimed at misappropriating business aid or committing VAT fraud. In other cases, access to businesses or company accounts can be a means of expanding a business, for example in the case of credit fraud or large-scale money laundering using false invoices. In other cases, businesses are used as a front, as in smuggling or investment fraud. In such cases, a call centre company, for example, can provide a legitimate front.

These schemes occur in a wide variety of businesses, from pure front companies with no business activity whatsoever to established businesses where illegal activities are mixed with legal ones. What the schemes described have in common is that they are well known to authorities,
including the system vulnerabilities which facilitate them. Nonetheless, they can be implemented and replicated in new business forms.

Vulnerabilities at different business stages

The fact that systems are vulnerable does not necessarily mean that they are badly designed. Loopholes for criminal exploitation may be an inherent and inevitable consequence of the legitimate purposes for which the system is primarily built, and legal certainty and basic business freedom may also limit the room which public authorities have for manoeuvre.

In carrying out its commission, Brå has identified a number of vulnerabilities, which are described in greater detail in the report. Some stand out and recur in several different types of schemes and at several different stages of the business cycle:

• exploiting market for existing businesses
• use of front men to hide true principals
• planned bankruptcy to preclude investigation
• difficulties in scrutinising businesses’ reported data
• business activity lacks external transparency
• lack of controls in disbursement of public funds.

Existing businesses are used

The report shows that several schemes rely on the market to buy existing businesses, so-called shelf corporations or aged corporations. A shelf corporation is an administrative shell corporation sold by brokers to clients who can thus quickly acquire a fully operational limited company in place. By having multiple shelf corporations at the ready, criminals can quickly shift to a new business to continue their criminal activities – especially once the previous company has been investigated or gone bankrupt.

Aged corporations with a business history are businesses that have been in business and whose representatives seek to wind up or sell the company in a simple way. Aged corporations, like shelf corporations, are often sold as administrative shells. The big difference from shelf corporations is that registrations, licences and bank accounts are included. This means that scrutiny of, among other things, the circle of ownership and management that is carried out in several contexts (for example when registering for F-tax and in authorisation processes), is avoided. It also makes it more
difficult for banks to keep customer knowledge up-to-date in order to assess high-risk transactions. Buying an aged corporation with a business history is thus a way to escape oversight and to “rest on borrowed laurels”.

Businesses that have been around for a long time may appear more trustworthy and creditworthy than they are in fact. It is possible to submit retroactive changes to, for example, salaries and annual reports, and in this way businesses with no real turnover and which were virtually dormant can be provided with a history that is completely fictitious. Certain forms of business grants can also be applied for retroactively by aged corporations. The use of shelf corporations and aged corporations with a business history is a key part of the infrastructure for using businesses as tools of crime.

Exploitation of front men and straw men

In many cases, the systems that regulate businesses do not seem to work well in relation to the criminal justice system, which primarily targets individuals. One obvious point to emphasise is that businesses are used as tools of crime by individuals. An excessive focus on control and investigation, targeting the business and its activities, may thus risk missing the individuals who commit offences with the use of businesses. Administrative sanctions against businesses and corporate fines tend to be toothless in cases where businesses are only used instrumentally to commit offences.

Although the report focuses on businesses owned by members of criminal networks, the use of so-called 'straw men' or ‘front men’ in various capacities is revealed to be widespread. These individuals occupy formal positions in businesses without having any insight into the alleged business activities. In some cases, these front men are installed as representatives of the company in order to undergo scrutiny or even answer questions about the business. This may involve, for example, processes where businesses apply for licences or various forms of registration, such as F-tax. In other cases, straw men are deployed in businesses just before bankruptcy in order to face the possible consequences of investigation and control.

The use of false or exploited identities exacerbates the problem of straw men and front men. Exploited identities may belong to socially vulnerable individuals, who in some cases are not even in Sweden. The criminal actors often check the electronic ID documents, rather than the actual person. As the number of boards of directors on which any one individual can sit is
essentially unlimited, access to a few individuals or electronic ID documents can grant control over a large number of business. It is therefore possible to quickly build up a large business park and potentially use it for criminal purposes.

There are very few legal obstacles to becoming the representative of a business. An individual (or exploited identity) with no declared income, a serious criminal record and involvement in numerous bankrupt businesses with extensive public and private debts can nonetheless serve as the representative of a business.

Planned bankruptcies and the use of businesses as a commodity

Many of the schemes described in the report use businesses as a mere commodity. However, businesses are consumed at varying rates. In the case of credit and VAT fraud, businesses can be consumed at a rapid pace and several businesses can be used in parallel or in succession. Fraud has a high risk of detection, and bankruptcy is often a planned and integral part of the scheme. Even the exploitation of business grants is in some cases based on accepting the “risk” of bankruptcy. What these schemes have in common is that they are based on tricking capital and exploiting the corporate structure as much as possible before the offence is likely or inevitably detected by complaining lenders and investors or by ongoing checks by authorities.

In other schemes, often involving a mix of legal and illegal activities, businesses are used for longer periods. Under these schemes, different systems are exploited on a running basis – for example, through labour exploitation or systematic quality deficiencies in licensed business activities –at an intensity that can vary over time. The criminal gains per incident areoften smaller than in large-scale credit, investment or VAT fraud, but can besignificant in aggregate. In these schemes, avoiding bankruptcy is usuallyan advantage, but when it does occur, it is often in response to increasedgovernment attention, and the business is moved to a new companyregistration number.

Difficult to verify self-reported information

Much of the business information contained in official registers is self-reported. This fact is exploited in several criminal schemes involving businesses reporting spurious data. This is particularly common in various forms of fraud, such as bogus payroll schemes. When criminals provide
false information regarding ownership, board of directors, turnover, employees or exports and other business activities, they can create businesses which, on paper, appear quite legitimate. Actors exercising oversight can often have difficulty in determining whether the business is actually carrying out real activities when the documentation appears to be in order. For example, it is impossible to link declared salary to an actual transaction, declared profit to actual capital or VAT accounting and invoices to physical exports and imports on a routine level. Therefore, systems designed to provide transparency and scrutiny can, paradoxically, become tools for the commission or concealment of offences.

Both the presence and absence of routine information-sharing between authorities can create vulnerabilities that are exploited. In some cases, regulations have been constructed in a way that requires businesses to submit information on their own initiative, even though the information already exists in register form with other public authorities. The lack of automatic information-sharing is exploited by criminal actors, for example, when representatives are required to make a sworn statement during authorisation or procurement procedures. The sworn statement may, for example, concern past criminal offences or changes in ownership or management, information in both cases to be found in registers administered by other public authorities.

At the same time, instances in which public authorities share information are also exploited. The most obvious example is the Swedish Tax Agency's system for monthly income data; preliminary information which is reported by the employer, who has the right to change it on an ongoing basis. Nevertheless, the data are disseminated to several public authorities and actors and used as a basis for compensation regarding, for example, sickness benefit, unemployment fund, wage guarantee, subsidised employment support and documentation for work permits. By reporting inflated or completely fictitious salaries, criminal operators and front men provide this income with a paper trail. False payroll data can then be used, for example, as a basis for income-based welfare payments and when applying for loans and credit. This thus impacts both the public and private sectors.

Many schemes take advantage of the lack of in-person controls, which could, for example, reveal that no business is conducted at the address provided or confirm that subsidised labour is not on site and working. Face-
to-face meetings where representatives are forced to discuss their activities would greatly complicate the use of false and exploited identities as front men. However, such work is very resource-intensive and requires specific methods to produce accurate samples. One effective way to do this is through data-driven analysis.

Lack of external transparency into businesses creates huge room for manoeuvre

Businesses must provide a range of information to public authorities, both when starting up and when acquiring a business, and through ongoing reporting of taxes, VAT, wages and filing of annual reports. However, external transparency is limited, not least because most businesses are not required to have an auditor. Several public authorities are able to carry out controls and inspections, but these reach only a very small proportion of Sweden's approximately 1.4 million businesses. No one actor has access to the businesses’ current transaction data or accounts. In addition, there is a backlog in businesses’ financial reporting to public authorities. This creates opportunities for criminal activities to continue undisturbed for a long time.

Lack of controls before disbursement of public funds

In many cases, there is a requirement of reasonable dispatch linked to the decision-making and disbursement activities of public authorities. This applies, for example, to payments of various subsidies, wage guarantees and excess VAT. The requirement of reasonable dispatch is to protect workers and businesses from financial insolvency, but it also conflicts with the kind of controls that would be needed to avoid criminal misappropriation of public funds.

The overall assessment finds an over-reliance on ex-post controls. The ineffectiveness of ex-post controls in countering the use of businesses as tools of crime is partly due to the modus operandi of criminal organisations and partly to the large volumes of businesses and control points to be managed. The report shows that, in many cases, funds received under false pretences are quickly transferred from business. This means that, by the time audits are launched, the money is often gone. Thus, to counteract irregular disbursements to businesses used as a tool of crime, it is more effective to extend the possibilities for ex-ante controls than to use and develop methods for the recovery of unduly paid grants.

The businesses of members of criminal networks are used as tools of crime

The register study reveals several indications of rogue behaviour and likely criminal activity. This applies in particular to the businesses with which the criminal entrepreneurs are linked, but also to some of the businesses of other members of criminal networks. Many of the businesses show divergent patterns that are consistent with several of the schemes presented in the report.

Bankruptcies and straw men are common

The combination of high levels of debt, use of straw men and bankruptcy may indicate that a company has been used for credit fraud. The same factors can also hide money laundering and VAT fraud, for example. There are clear indications that planned bankruptcies and straw men are widely used in the businesses of members of criminal networks. This is particularly true among criminal entrepreneurs, who account for a disproportionate share of the business activity of members of criminal networks. Of the businesses in which criminal entrepreneurs were involved between 2020 and 2023, one fourth had gone bankrupt by 2025. Among all Swedish businesses, the corresponding share was only 3 per cent. The businesses of other members of criminal networks also went bankrupt to a large extent, and at the time of bankruptcy had very high levels of indebtedness to the State. In total, indebtedness to the State amounts to approximately SEK 11.5 billion.

Thus, many members of criminal networks have had links to businesses that later go bankrupt, but they themselves were less likely to be on the board or in management when the bankruptcy took place. This suggests that straw men are placed on the boards. In other words, the use of straw men does not necessarily mean that there are no visible links to rogue business operators. However, there is a need to track changes in boards over time, and not just look at the initial and final board. The widespread use of straw men is also confirmed by the decrypted chat material, where trafficking in straw men and identities is a recurring theme.

Large disbursements of public funds to businesses

During the period analysed, businesses connected to criminal networks have misappropriated large amounts of public funds. For example, businesses were granted almost SEK 600 million in subsidised
employments and the same amount in short-term aid during the pandemic, as well as almost SEK 500 million in additional grants. In addition, businesses were granted just over SEK 3.9 billion in deferred or unpaid tax through deferral rules. Members of criminal networks, through their businesses, are able to access society’s pooled resources in the form of public funds on a large scale.

The decrypted chats analysed reveal that businesses are used to create false salary data. Price lists are provided for salary paper trails, which can then be used for money laundering or benefit fraud, for example. However, which specific businesses are involved could not be determined. These may be, but need not be, businesses linked to the group we analysed in the report.

It does not appear likely that the members of the criminal network found in the police intelligence population would have significantly inflated or fictitious salaries during the period analysed. Most members of criminal networks have no registered employment at all, and among those who were employed, the declared income of nearly half was less than SEK 200,000. More than 1,000 of these individuals have been suspected of benefit fraud, which could be based on false income declarations.

Businesses in activities worthy of protection

In some cases, links between businesses and members of criminal networks are particularly troubling, especially when these individuals have access to businesses engaged in regulated activities. These are activities worthy of protection which are subject to specific regulations and sometimes licensing, such as food and waste management, handling explosives or carrying out financial activities. This also applies to activities that are largely financed by public funds, such as healthcare, social care and labour market coaching.

Members of criminal networks had official involvement in around 1 per cent of businesses in the healthcare-provider register and 4 per cent of businesses in the care register, which includes residential care homes (HVB), personal assistance and consultant-supported foster care. When we include businesses which can be linked to individuals suspected at some point in a case also involving members of criminal networks, the shares increase to 2 and 12 per cent respectively of all businesses in the registers. More than 30 businesses where members of criminal networks had official involvement were licensed to handle explosives. Including fellow suspects, there were 123 businesses with such licences. Although the number of businesses involved is limited, they operate in particularly sensitive areas where errors can have serious consequences.

Share of business-related crime by members of criminal networks

One overall conclusion is that there exists clear evidence that businesses are used as tools of crime in criminal milieux, in particular linked to various forms of fraud. At the same time, it is important to emphasise that several of the schemes described in the report leave no clear traces, and therefore cannot be examined in a register study.

The question of how businesses are used as tools of crime in criminal milieux poses a number of methodological challenges. On the one hand, it cannot be ruled out that some businesses linked to criminal networks conduct completely legitimate business activities, and on the other hand, we must assume a significant number of unreported cases, consisting of criminally controlled businesses which we have not been able to analyse. Nor, in this study, have we had the opportunity to examine foreign-owned businesses.

Business use is unevenly distributed, with a very small group of criminals accounting for a large share of business activity. Among the one fifth of members of criminal networks who were older than 18 years of age and had businesses, most common was to be involved in one small business, in industries traditionally at risk for money laundering or illegal labour practices. In comparison, criminal entrepreneurs have had an average of 19 business engagements in the years 2020–2023 (despite the fact that 17 per cent of criminal entrepreneurs had a trade ban). Criminal entrepreneurs also show the clearest signs of rogue behaviour, such as serial consumption of businesses and numerous bankruptcies. In other words, certain individuals appear to have a business specialisation in the criminal milieux studied, as we also note that the criminal entrepreneurs are not suspected of drug trafficking and serious violent crime to the same extent as the others in the population.

Such a specialisation is also confirmed by material from the decrypted chats. Conversations about businesses account for a very small proportion of the material collected, with a small group of users appearing in several
threads. The same users are involved in many different schemes, while at the same time having contacts with people in criminal networks mainly involved in drug trafficking.

In businesses where there are indications of rogue behaviour, the schemes are largely simple, and businesses are used as commodities for a short period. This applies, for example, to simple credit fraud and the misappropriation of emergency grants. Given the brief and high-rate consumption of businesses, it is also possible to quickly adapt arrangements to new circumstances. This is evident, for example, in relation to pandemic grants, where businesses of members of criminal networks have been allocated almost SEK 1 billion. In longer-term schemes, where legal and illegal activities are mixed, fewer footprints are left in the register data, making it more difficult to analyse from our data. In some cases, businesses of criminal networks operate in activities that are publicly funded and worthy of protection, which in itself is a risk indicator.