Infiltration in central government – Three government agencies’ work on preventing disloyal conduct
(RiR 2026:3)
Summary
In recent years, there have been numerous reports of infiltration in public sector activities. The number of undetected cases could be substantial and the consequences severe – divulged information that benefits serious crime, information tampered with or destroyed, financial irregularities and disruptions to essential services with high costs as a result. In light of this, the Swedish National Audit Office has examined efforts to prevent infiltration at three government agencies with important but different mandates – the Swedish Defence Materiel Administration (FMV), the Legal, Financial and Administrative Services Agency and the Swedish Prison and Probation Service. Common to these government agencies is a high level of risk exposure, from classified information and extensive procurements to managing substantial funds, and influence from organised crime. The Government has launched initiatives at a strategic level, while the Swedish National Audit Office’s audit focuses on how the agencies actually protect themselves against infiltration.
Security efforts are not effective
The overall assessment of the Swedish National Audit Office is that the audited government agencies’ efforts to counteract infiltration as a whole are not effective. This is the case for processes aimed at preventing and stopping infiltration as well as detecting ongoing infiltration. This means that there are major security deficiencies that, at worst, could lead to severe consequences. While some areas of their work function well, there are recurring shortcomings in governance, monitoring and effectiveness in the operations.
Security efforts differ between agencies
The Swedish National Audit Office considers that progress on protection against infiltration has varied. FMV has made most progress, with coherent processes, traceability and links between protective security analysis and agency-wide risk management. While the Swedish Prison and Probation Service has taken several steps, critical shortcomings persist, undermining both prevention and detection. The Legal, Financial and Administrative Services Agency has the greatest development needs; security efforts are fragmented, and incident logging and management are unclear.
Favourable conditions among staff
Register-based indicators point to a stable staff base with few hits in criminal records and low over-debtedness, giving favourable conditions for increasing protection against infiltration. The major weakness is that unregulated parts of the activities (operational protection) are often downgraded compared with security-sensitive activities, with more and clearer regulations. Ongoing investigations on extended background checks and suchlike could also bolster support in these areas.
Security work could be improved
Risk analyses should be supplemented with a bottom-up perspective that captures everyday observations from employees. Follow-on security vetting needs to focus more on sensitive yet crucial matters such as personal finances, social exposure, vulnerabilities, dependencies, career disappointments, and more to avoid missing any early warning signs. Externally contracted staff also pose additional risks of infiltration.
Recommendations
To the Swedish Defence Materiel Administration, the Legal, Financial and Administrative Services Agency, and the Swedish Prison and Probation Service
- Integrate employee security matters into regular procedures, to make them an integral component of leadership.
- Ensure that follow-on security vetting meetings for staff in a classified position are systematic and cover all relevant areas.
- Ensure that guidance materials for security vetting are based on the guidelines of the Swedish Security Service and the Swedish Armed Forces. However, develop and adapt the materials as much as possible based on the nature of the operations and staff duties.