A Thousand Arrests a Month: Why Safeguarding Still Isn’t Keeping Up

TL;DR

• The scale of current offending tells us the threat is active, distributed and constantly renewing.
• Many organisations still rely on controls designed to confirm recorded harm, not surface emerging digital risk.
• Safeguarding usually falls behind through process gaps, limited visibility and inconsistent ownership, not through lack of care.
• Keeping up means adding lawful, proportionate and documented digital due diligence to existing safeguarding practice.

The process has not kept pace with the threat

When policing leaders say child sexual abuse is becoming more severe, more complex and easier to access, you should treat that as an operational warning.

Technology has lowered the barrier to entry, and mainstream platforms have widened both reach and anonymity. Harm can develop, spread and disappear long before anything shows up in a formal record.

Yet plenty of organisations still run vetting models designed for a world where the record carried most of the story.

DBS checks, references, and safer recruitment guidance still matter; they are basic safeguards, and they should be done properly.

They just weren’t built to surface digital behaviour, online associations, or early signals that sit outside statutory disclosure systems.

That is not a criticism of those safeguards; it is simply where they stop being informative.

What this looks like in real life

Take a school hiring into a regulated role.

The organisation runs the checks, the DBS comes back clear, the references are in, and the candidate presents well; on paper, the process looks sound.

But the real question is not whether each individual control was followed. It is whether the organisation has any reliable way of spotting risk that sits outside those controls.

If nobody is responsible for structured digital due diligence, if online review is either absent or improvised, and if nobody has defined what gets escalated and why, the organisation may be compliant at the surface while still exposed underneath.

This is where a lot of safeguarding and high trust risk now sits - in the gap between what the process confirms and what the process cannot see.

Why compliant can still mean exposed

Most teams are working hard: following policy, documenting decisions, trying to do the right thing under pressure.

This is rarely an effort problem; it is a process design problem.

Compliance can be perfect on paper and still leave the riskiest area untouched.

You can confirm identity, gather references, run a clear statutory check, and still have a blind spot the size of the internet. In high‑trust environments (such as schools, care, charities, sport, healthcare and other regulated employers) that matters.

Traditional checks are necessary, but they are not sufficient on their own.

What a stronger process actually requires

Safeguarding leaders do not need persuading that the risk exists; they are dealing with it every week.

What is usually missing is operational clarity: who is allowed to do what, what gets captured, and what happens next when something surfaces.

A stronger process answers six questions clearly:

1. Who searches?

The organisation should decide who is actually permitted to carry out any online due diligence.

2. What are they allowed to review?

The scope should be defined in advance, not improvised in the moment.

3. What gets captured?

If something relevant appears, the evidence standard should be clear, what is recorded, how, and for what purpose.

4. What triggers escalation?

Staff should know the difference between weak noise, relevant concern and immediate safeguarding relevance.

5. Who makes the decision?

The person spotting a signal should not be left making isolated judgment calls without structure.

6. How is the rationale documented?

If a decision is challenged later, the organisation should be able to explain what was seen, what mattered, and why the response was proportionate.

If those questions are vague, the process drifts. Some managers search deeply; others do not search at all. Some people capture far too much; others capture nothing. A concern appears and then stalls because nobody is sure whether it is meaningful or who owns the next step.

That is how defensibility starts to fall apart.

A better safeguarding standard

At roughly 1,000 arrests a month, a few familiar phrases deserve more caution:

“Nothing showed up”

“Nothing on the DBS”

“Nothing concerning”

“Why bother doing more?”

“We are doing the minimum required”

Often those are not conclusions at all; they are simply descriptions of how narrow the search was.

A better standard reads like an audit trail:

• We ran the right checks for the role, every time.
• We knew what each control could and could not reveal.
• Where the role justified it, we had a lawful, proportionate method for additional digital due diligence.
• We captured what mattered (and only what mattered).
• The final judgement was human, contextual and defensible.

That is a safer, more defensible position.

Final thought

Treat the NCA statistic as a safeguarding warning, not a policing update.

If offending is operating at that scale, protective systems have to match the way risk now appears, in digital space, early, and often outside the record.

Safeguarding still matters, but it no longer fits neatly inside the old checklist model.

The test is not whether your process looks compliant in the moment; it is whether it still looks defensible after something serious comes to light.

That is the standard.