In the new digital age, fully embracing a collaborative, intelligence-led approach to tackling financial crime is essential to finally deliver against the mandate of “effectiveness” and to achieve better outcomes.
While significant progress has been made in the fight against financial crime, it is increasingly apparent that the global anti-money laundering (“AML”) and counter-terrorist financing (“CFT”) system which has developed over the past 30 years is not fit-for-purpose.
The publication of the recent FINCEN files is yet another sobering example which shines a light on the scale of the problem facing law enforcement in suppressing money laundering on a global scale. The amounts of funds being laundered globally are so vast, estimated at $2.4 trillion a year, they have practically lost their meaning. The United National Office on Drugs & Crime (“UNODC”) estimates that less than 1% of this figure is detected. Law enforcement simply do not have enough resources or visibility of the bigger picture.
Meanwhile, banks and financial institutions are coming under increasing strain to stem the tide of the growing threats of money laundering, fraud and cyber-crime, which are becoming more blurred and less distinguishable from one another. With continued advances in technology, used by highly networked criminals, and with changes to our working environments since the on-set Covid-19, we are in danger of the ‘effectiveness gap’ widening even further.
The problem of financial crime will never be fully eradicated, however, we need to do better.
Collaboration or integration across organisational teams, which are separately responsible for AML, cyber and fraud risks can facilitate the setting of broader, cross-organisational goals and richer data pooling, to enable a more holistic view of the modern day financial crime threats within financial institutions
While there are challenges to overcome, there is consensus that a joined-up, intelligence-led approach offers a way forward to rebalance the fight against financial crime. A number of pioneering public-private partnership (“PPP”) initiatives emerging across the globe, powered by new innovative technology, are leading the way and are illustrating what is possible in public-private partnership models.
There is clearly also political will at the E.U. level to reframe our approach, as is evident in the Financial Crime E.U. Action Plan, announced by the European Commission in May 2020, which is a clear statement of intent to create a new financial crime model, placing increased collaboration and effectiveness at its heart.
From the Financial Action Task Force’s (“FATF”) mutual evaluation processes, to the supervision of banks, financial institutions and other obliged entities by national regulators, a detailed legal and regulatory AML/CFT ecosystem has developed over the past 30 years, involving multiple public and private stakeholders across the international, regional and national levels, with each overseeing and reinforcing their respective roles.
One obstacle to information sharing is ‘tipping off’ rules which prevent financial institutions from sharing information in a way that is likely to prejudice investigations
Numerous scandals involving high profile control failures within banks show there is a need for an effective system of oversight, including a strong enforcement approach from regulators to stem the tide of illicit funds entering into the financial system. However, one inadvertent side effect of this cascading, one-way system of oversight has been a tendency towards measuring ‘technical compliance’ over ‘effective outcomes’.
In March 2020, for example, the CEO of the European Banking Federation (“EBF”), pointed to an “overly prescriptive” AML/CFT regime causing European banks to prioritise the management of “financial crime compliance risk” over the “management of financial crime risk”, despite the industry investing €100 billion in compliance annually.
AML/CFT information-sharing:
An area where particular challenges remain in the existing system is the extent to which information can be shared amongst financial institutions. While information-sharing to prevent fraud is a well-established and successful practice in many jurisdictions, for example, shared fraud databases are in operation in the UK and Netherlands, banks and financial institutions are prevented from doing so for AML/CFT purposes, with law enforcement agencies instead tasked with piecing the puzzle together and dealing with financial institutions individually.
While this is entirely legitimate when dealing with a suspicious customer, the inability to share information with other financial institutions . . . it is also contrary to how criminals operate – across financial institutions and across borders.
One obstacle to information sharing is “tipping off” rules, which prevent financial institutions from sharing information in a way that is likely to prejudice investigations. While this is entirely legitimate when dealing with a suspicious customer, the inability to share information with other financial institutions, with the same objectives and under the same legal requirements, is perhaps an overly prescriptive view within which financial institutions are required to function. It is also contrary to how criminals operate – across financial institutions and across borders.
There are also, of course, legitimate considerations in balancing information sharing for financial crime prevention purposes with data privacy considerations. However, there is little consistency in how data protection requirements are interpreted alongside AML requirements, even within the European Union, which sets AML and data protection rules across all Member States.
A more fluid system of information sharing between institutions, and across public and private stakeholders within PPP models, executed in a considered way, has the potential to significantly increase the effectiveness of preventing and detecting financial crime.
Intelligence-led approaches – view from around the globe:
PPP information sharing models are, of course, not new and are already in place to good effect. The UK’s Joint Money Laundering Intelligence Taskforce (“JMLIT”) been very successful as a public-private forum for sharing AML intelligence. Other countries have followed suit, including the Joint Intelligence Group (“JIG”) in Ireland. These are important forums, which allow sharing of typologies and strengthening relationships across public and private sector participants.
New pioneering initiatives in different parts of the world are now also taking this a step further by pooling data amongst institutions to drive better insights that would not be possible individually and, in doing so, are identifying and solving obstacles that will likely be common to future PPP models. In order to address data privacy issues, a number of these initiatives are using privacy-enhancing technologies (“PET”), now made possible by lower computing costs, which anonymise and encrypt data before being aggregated, while still being able to derive holistic insights.
Once fully operational, the platform will give AUSTRAC data-driven insights of potential criminal activity in accounts across the financial system, which can then be followed up and investigated
One of the most publicised developments of a utility approach can be seen in the recent announcement by five major Dutch banks to develop an innovative transaction monitoring central utility, known as Transaction Monitoring Netherlands (“TMNL”). The initiative takes aim at the estimated €16 billion worth of transactions laundered through the Netherlands each year, by pooling anonymised transaction data together to identify suspicious transactions across the banks.
The FINTEL Alliance Alert Project in Australia, an ambitious project involving AUSTRAC, the AML regulator and financial intelligence unit (“FIU”), and a number of domestic banks and other financial institutions, received $28.4m in funding from the Australian government to build a centralised platform to pool anonymised data across members.
Once fully operational, the platform will give AUSTRAC data-driven insights of potential criminal activity in accounts across the financial system, which can then be followed up and investigated. The UK’s Financial Conduct Authority (“FCA”) also initiated a well-received “TechSprint” in 2019, which encouraged the exploration of PET technologies to combat financial crime.
While these initiatives have identified other hurdles to be overcome alongside privacy issues, including, for example, the technical complexities involved; costs; and data quality and interoperability, they are also showcasing the potential benefits these technologies offer to all stakeholders, and to wider society, and are paving the way forward for other models to follow suit.
The potential of PET technologies has also been recognised by the European Commission generally, and by the European Data Protection Commission Supervisor, which described privacy-preserving technology as “enablers of data sharing which is both privacy friendly and socially beneficial”.
New technologies – threats and opportunities:
As discussions on PPPs and increased information sharing within AML/CFT continue to gather pace, banks and financial institutions, however, still need to grapple with the challenges they individually face in the ‘here and now’.
Unfortunately this has also opened the door to new, highly sophisticated and organised forms fraud and cyber-attacks, and has enabled new ways of passing laundered funds through the financial system quickly, easily and anonymously
We are undoubtedly living through an age of profound digital change, with transformative technologies such as cloud computing, applications on mobile devices, blockchain, internet of things and social media connecting us in ways we could never have imagined, and changing the global financial services landscape, in many ways for the better. Unfortunately, this has also opened the door to new, highly sophisticated and organised forms fraud and cyber-attacks, and has enabled new ways of passing laundered funds through the financial system quickly, easily and anonymously.
However, the use of data by financial institutions can also be a transformative weapon against these very threats and a surge in technology-led solutions are opening up exciting and innovative ways to respond. For example, developments in artificial intelligence, advanced analytics and machine learning technology are vastly improving previous rules-based-only approaches to transaction monitoring, making them more effective in detecting previously hidden criminal behaviour, as well as making them more efficient by reducing false positives.
Of course, having good data is a vital component in unlocking these capabilities. However, financial institutions have an opportunity to integrate these new technologies as part of their wider digital transformation journeys, many of which are being accelerated further by Covid-19. It is also important that regulatory authorities continue to promote the exploration and further adoption of new technologies, with appropriate safeguards.
Information sharing is also not the sole purview of PPPs, and can have a real impact when executed well within individual financial institutions, whether this is undertaken in conjunction with deployment of new technology solutions or not.
For example, collaboration or integration across organisational teams, which are separately responsible for AML, cyber and fraud risks can facilitate the setting of broader, cross-organisational goals and richer data pooling, to enable a more holistic view of the modern day financial crime threats within individual financial institutions.
The future of financial crime:
Clearly, the financial crime ‘goal posts’ are continuously moving in the new digital age. There are also many encouraging developments towards a greater intelligence-led approach and the adoption of new technologies. However, in the face of the mounting threats, it is incumbent on us to get our approach right.
The European Commission has expressly stated its intention for the E.U. to lead from the front, including by examining ways to further information sharing and PPPs, with guidance on PPPs expected early next year.
While the Commission is considering seeking the opinion of the European Data Protection Board, regulatory clarity between the interactions of AML/CFT and data protection, which can be applied consistently across Member States, is surely a vital element in realising the full value of greater information sharing and data-driven financial crime intelligence models within the E.U., which can act as a leader for others to follow.
It is clear, however, that greater collaboration, and increased use of technology, will be a key thread in the fabric of our financial crime response of the 21st century.
ABOUT THE AUTHOR:
Prior to joining Deloitte, Eoin was Head of AML & Financial Crime for a pan-European Bank. Eoin has also held risk & compliance roles within the banking, payments and fund sectors. Eoin has assisted a number of clients in setting financial crime risk frameworks, carrying out regulatory reviews and completing investigations. Eoin holds an International Diploma in Financial Crime Prevention and is a member of the Association of Compliance Officers of Ireland.
Share this on:
Follow us on:
We hope you enjoyed reading this article
If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!
