The Australian Business Research and Innovation Initiative (BRII) initiative is a government-funded scheme that encourages small to medium sized enterprises (SMEs) to develop innovative solutions for government policy and service delivery challenges. One challenge identified last year was “tracking the effect and value of information products” in the field of criminal and financial intelligence. To understand more about BRII projects in practice and their application to enhancing technology within financial information-sharing partnerships, FFIS has invited Atraxium to explain their work:
Across major financial centres, large proportions of reports of suspicion submitted by regulated firms are of negligible value to law enforcement investigations. Feedback to the private sector on those suspicious reports can be extremely limited, which can undermine the ability of those private regulated firms to adopt a risk-based approach to tackling financial crime, as required by the FATF standards.
Financial information-sharing partnerships are improving feedback and dialogue on reporting and intelligence, often by bringing analysts into direct communication on cases. However, to allow feedback at a larger scale, technology solutions will be required to facilitate, share and record feedback on the value of intelligence. At Atraxium, we are working to develop such a solution.
Part of the problem is that, even within government and across a wide variety of forms of intelligence, producers of intelligence face considerable challenges in knowing how their intelligence products are used and what the value is to their end users.
This problem was identified by the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Australian Criminal Intelligence Commission (ACIC) via the BRII challenge, and five requirements were highlighted to address the problem:
Technology can motivate intelligence users to unlock the potential of feedback to the producers of intelligence. This has application within government agencies but, also, between public and private sectors operating within the partnership approach to tackling financial crime.
Atraxium is an Australian start-up that is one of two businesses that was awarded a BRII proof of concept grant. The Atraxium platform aims to enable producers of intelligence products to upload and share products that clients can view and provide feedback via an interactive interface. This feedback can then be analysed within the platform to assist decision making about resource allocation.
To support widespread and effective use of the technology, we recognised that a major part of the project was to change behaviour. We need to encourage feedback by understanding how users work, from product preparation to end consumption. This has led us to focus on three major design challenges.
Firstly, we need to understand how different people are motivated to provide feedback. Not all users will feel compelled to provide feedback based on the same behavioural ‘triggers’, or just because it’s a good thing to do. Where one user sees value enough to drive action, others may not. Our approach has been to utilise behavioural insights to design for different types of user motivations; users are humans, humans are complicated.
Secondly, resources are often stretched and volumes of intelligence continue to increase, putting pressure on analysts. Giving feedback takes analysts’ time away from other tasks. To encourage feedback behaviour, potential barriers need to be either minimised or removed completely. Our design approach has been to remove and reduce ‘friction’ in the user experience as much as possible.
Thirdly, we needed to recognise that outcomes for an intelligence product are unknown at the time of initial consumption and can take some time to materialise. Even if outcomes are known, since distractions are ever-present, some users will inevitably forget to provide feedback. To respond to this challenge, we are developing a product that is structured to the life-cycle of intelligence, providing reminders and tracking the use of products throughout an investigation – not just the final result.
You can read more about our approach here.
We are now testing the technology experience against these fundamental design principles, and welcome a dialogue on our approach and their application to technology enabling financial information-sharing partnerships.
If we can develop the technology in a way that takes account of the very human challenges that exist to providing feedback on intelligence, then this approach can potentially help both public and private intelligence analysts to be more relevant, efficient and effective. Such technology will be key to increasing the capacity and scale of public/private financial information-sharing partnerships.
This Expert Comment follows Privacy International's participation in 'The Future of Future of Financial Information-Sharing Partnerships in Europe' discussion roundtable in Brussels, held on 9 January 2018 - please find the FFIS discussion summary of that event here.
As with any sector, the detection and investigation of criminality must protect the human rights of us all. As new ways of fighting money laundering and terrorist financing continue to develop through, for example, public/private financial information sharing partnerships (or FISPs), we have to ensure that the right to privacy is protected.
Anti-money laundering regulations in the financial sector require private entities to play an almost unique role in identifying and reporting suspected criminality. The financial sector is thus an interesting area for Privacy International: financial data can reveal sensitive information about our lives, and new technologies mean that the amount of data gathered and used by the sector is increasing. This has potential implications for developments in surveillance more broadly, as the United Nations High Commissioner for Human Rights puts it, part of the “growing reliance by Governments on the private sector to conduct and facilitate digital surveillance.”
Yet the level of public understanding, and that of civil society organisations, about the wide ranging forms of financial surveillance that exist is limited, including information-sharing partnerships. For those not specialised in the field, the financial sector can often be opaque and complex. When combined with the added opacity of the practices of intelligence and law enforcement agencies, it can mean that there are significant gaps in the public’s awareness of how personal data is being used. This risks leaving the existing system, and proposed developments such as FISPs, unchallenged by public scrutiny.
It is thus particularly important that obligations to respect and protect privacy are met. Under international human rights law, and in the UK, the Human Rights Act, interferences with our right to privacy have to be both “in accordance with the law” and “necessary and proportionate”.
Banks have access to a huge amount of data about our lives: not only where we go and what we buy, and the manners in which we generate our livelihoods, but also who we’re connected to; they may even gather photos of us every time we use their ATMs. As well as being used to make financial decisions about us – and decide what products to try to sell us – data is increasingly be used to detect criminality and data can be shared through these public/private partnerships.
This is all occurring even as the amount of data generated by and accessible to the financial industry is growing dramatically. Financial institutions and the regtech industry are now seeking access to data that currently resides outside of our financial relationships with institutions in the form of publicly available data and social media. The mosaic effect on someone’s life that emerges from the volume of collection and analysis of this data, even though ostensibly “publicly available” means that its use has to be closely regulated. Indeed, the European Court on Human Rights has long held that “there is […] a zone of interaction of a person with others, even in a public context, which may fall within the scope of “private life”, particularly when this data is systematically or permanently recorded.
With the vast data accessible to the financial industry, the obligation to conduct surveillance becomes even important to critically assess and question. In theory, many of these surveillance mechanisms including public/private partnerships in financial crime are meant to help the private sector to identify ‘suspicious’ behaviour and report it to the authorities. However, despite the anti-money laundering system being in operation for 25 years, there are still major unresolved questions about what ‘suspicious’ means in the context of financial behaviour. Human judgements and broad indicators of suspicion can result in individuals or transactions being identified as ‘suspicious’, which can have damaging implications for individuals who may, after all, be entirely innocent.
New forms of data about peoples’ lives may suddenly become seen by our surveillance systems as indicators of criminality without ever assessing whether this is legal, fair, or effective. This problem of proportionality and fairness could be compounded by public/private partnerships working from very large combined data sets and the use of technologies like artificial intelligence to spot patterns to detect criminality. As can be seen with the field of predictive policing, the use of artificial intelligence and algorithms to make decisions on a limited data set can result in deeply prejudicial outcomes.
We should remember that the starting point in financial crime is that, typically, 80-90% of Suspicious Activity Reports from the private sector are not relevant to law enforcement investigations, and that only 1% of money laundered is estimated to be recovered. The danger is that using data and analytics in this context may reinforce existing bias in historical data and whilst ignoring genuine criminality that doesn’t ‘fit the mould’.
If new approaches to public/private information-sharing to detect financial crime, money laundering and terrorist financing do not address these underlying concerns, there is a danger that they do not meet key tests of proportionality, necessity, but more broadly public tests of fairness and justice. To counter this risk, we need to make sure that there is sufficient independent oversight to protect our right to privacy.
The consequences, if financial surveillance developments in this sector are handled badly, including information-sharing partnerships, would be severe. The risk is not only to confidentiality of an individual’s personal data and finances. It has the potential to adversely impact upon people’s lives, in ways that are unfair. The accumulation of data, from an increasingly broad range of sources, and shared across organisations, increases the risks of breaches and other security concerns. As risks turn into ‘incidents’, including within these public/private partnerships, these factors can impact upon the confidence that people and communities have towards financial professionals, and indeed trust in the entire formal financial sector.
A common perception of financial crime is that it is “acceptable” wrongdoing with no real victim or cost. It could be insider dealing or fraudulently making a claim against an insurance company. No one actually loses “real” money or suffers true harm.
The true picture is rather different. The true picture is one of the headless corpses, dumped on a highway in Mexico, killed by members of a suspected drug gang. It is one of dozens of bodies found in a Malaysian jungle, victims of human trafficking, or 7.6 tonnes of pure cocaine, destined for Europe, discovered in a small Peruvian coastal town. Far from being victimless, the human cost of financial crime and the illegal activities it supports, is very real.
Regulators, law enforcement agencies, data providers and banks and other financial institutions are placing an increasingly high priority on tackling this issue. Rightly so, because while corruption and financial crime are not new - they have been a feature of society since the concept of money first developed – what is new is the technology available to financial criminals and the sophistication they apply to their crimes.
Tracking all of this money, establishing its use, and detecting any fraudulent behaviour that could be linked to serious financial crime, is not easy. Recent high profile cases involving banks accused of unwittingly processing laundered money through their systems shows how hard it can be.
In Europe, it’s estimated that criminal activity is worth at least €115 billion, and only about 1% is seized. Effectively professional money laundering services say ‘hey, give me you cash and I will launder it through the banking system, and my operating cost is only 1%.’
No single party can combat this alone. That is why it is so crucial to use all the tools at our disposal to step up the fight against financial crime. Regulators are requiring banks to make ever more stringent checks on their customers and perform rigorous due diligence to fulfill their obligations.
That is why it’s imperative that public and private sector organizations work in partnership with each other to exchange data and harness their expertise - as well as be able to share information across borders. Governments and law enforcement agencies tend to operate within national borders. Financial crime rarely does, and the perpetrators can exploit the differences in regimes and regulations to their advantage. At Thomson Reuters, we are planning to raise this issue at the World Economic Forum where we will hold a panel on Financial Crime January 24, 2018 that will include David Craig, President of Financial & Risk at Thomson Reuters; Paul Radu, Director of the Organized crime and Corruption Reporting Project; Rob Wainwright, Director of Europol; Fred Kempe, CEO of Atlantic Council; and Geraldine Lawlor, Global Head of Financial Crime at Barclays.
The use of data presents its own challenge in an era where companies, governments and organisations have to collect ever more information about who they do business with, at the same time as our individual online profiles get ever larger.
The balance between ensuring that data is used appropriately, but can also be accessed in the fight against financial crime, is a keen one. We are all – individually and as a society - made safer from drug gangs or human traffickers when we can make the best use of the information we have. But individuals must be able to be sure that their own data is not being traded or shared for anything other than the most vital security purposes.
Nor should it be forgotten that if banks lack confidence in the data available, they may avoid ‘high risk’ activities and withdraw financial services from the communities and markets that need them most, with a consequent impact on prosperity and economic cohesion.
As governments around the world seek to codify new data protection laws, all parties have a role to play in ensuring we get this framework right.
Only then can we really hope to take the fight against financial crime to the child traffickers, drug cartels and prostitution rings, and start to win it.
2017 was a big year for the role of public/private information-sharing in the fight against financial crime. Between March and May 2017, three major public/private partnerships to support information-sharing were established - in Australia, Singapore and Hong Kong - adding to similar efforts in the UK, the US, the Netherlands and Canada.
As a collaborative project within the RUSI Centre for the Financial Crime and Security Studies, this Future of Financial Intelligence Sharing (FFIS) programme started 12 months ago to provide a focus point for independent research into the role of these public-private financial information-sharing partnerships (what we term 'FISPs') to detect, prevent and disrupt crime.
Between February to October 2017, the FFIS programme examined the role of these partnerships in the US, UK, Canada, Australia, Hong Kong and Singapore. We conducted high-level interviews and hosted workshops and discussion events in London, Brussels, Singapore, Hong Kong, Buenos Aires, Mexico City and Washington D.C., engaging with approximately 300 senior individuals from public authorities, the private sector, civil society and the research community. Over 40 expert and senior individuals engaged in the formal peer-review process for the research, including all the relevant lead public agencies.
We published our final report ‘The role of financial information-sharing partnerships in the disruption of crime’ at SIBOS in Toronto on 17 October 2017 as the first international, independent and comparative study of public/private information-sharing partnerships. Our findings received Wall Street Journal coverage and were presented in a number of fora, including to governments of the FATF in their Buenos Aires Plenary Meeting and the Egmont Group of Financial Intelligence Units (FIUs) Information Exchange Working Group.
For those that weren’t able to participate, please download the research summary slides below or watch the full research presentation or short summary infographic video.
The policy landscape in this area continues to evolve at pace. FATF updated their consolidated summary of FATF Standards on Information Sharing and published new FATF Guidance on Private Sector Information Sharing in November 2017. A number of FISPs are in pilot stages, prior to formal evaluation or stable performance metrics. Almost all countries with a FISP are still innovating in terms of the appropriate structure and depth of information-sharing. In 2018, we expect a number of new FISPs to be established in FATF countries.
As a research programme, we will continue to work with a wide range of governments, financial intelligence units, law enforcement agencies and private sector reporting agencies to provide research support and international-best practice sharing. As our first major study identified, there are many outstanding challenges for FISPs to consider across a range of leadership, legislative, governance, technology and evolution issues.
In 2018, we will be encouraging discussion beyond effectiveness indicators, which have rightly drawn a lot of interest, to advance dialogue on proportionality, privacy, supervision issues as well.
We invite a wide range of stakeholders to engage in our work.
Our research programme in 2018 will centre on the following key themes:
1. Supporting policy thinking around the establishment of new partnerships – This theme will apply the research findings from 2017 to support the next generation of FISPs. The programme will bring international experience and research expertise to contribute to developmental discussions about new public/private information-sharing partnerships. In 2018, within this theme, we intend to host operational and legislative development workshops in Brussels, Canada, Argentina, the UAE, France and Malaysia. We are grateful for our close research relationship with Europol and Interpol in connection with this work.
We would like to thank all those who contributed to our work in 2018, particularly HSBC, Thomson Reuters and EY for their financial and logistical support, as well as subject matter experience. In addition, we are delighted that Western Union will be joining as a strategic partner of the FFIS programme in 2018.
We are very grateful for the support of the FFIS research advisory committee, who contribute in a personal capacity to guide the research process.
As the fight against corruption has become more sophisticated, understanding has also grown that money laundering is an integral part of the picture.
If you are an oligarch who has bribed your way to a state monopoly, and then abused that monopolistic power to enrich yourself at the expense of ordinary citizens; or a health minister who has mis-appropriated the budget for building hospitals; or a politician who has received a multi-million dollar bribe to facilitate the passage of a defence or oil deal: you need somewhere to keep the money.
A few things you might look for when salting away proceeds of corruption are:
Let's focus on the low chance of detection. The world's largest financial centres - places like London, Singapore, Dubai, Shanghai, New York and others - are often also cited as global centres of money laundering. It's obviously easier to hide dirty money in a large market where most of the money is clean and there are billions of transactions every single day. Assuming the authorities genuinely want to keep out the dirty money - and there are those who question that assumption - what's the best way to do it?
For around the last fifteen years, money laundering has been taken more seriously than ever before. It's not simply to combat corruption: anti-money laundering (AML) defences are designed to tackle all sorts of dirty money, from organised crime, illicit drugs and - most importantly - terrorist financing. AML was given a huge impetus in the wake of the World Trade Centre attacks. And the system that was created, particularly in the UK and the US, envisaged that the private sector would become the front line of defence against money laundering. Certain private sector institutions - in the 'regulated sectors' like banking - would be responsible for spotting suspicious transactions, and reporting them to the authorities. And for those who failed in their responsibilities, there would be large penalties.
There has been lots of activity; investment worth billions of pounds by the private sector and a widespread acknowledgement that the system is failing. So what should we do?
Cue the very timely report on the 'Future of Financial Intelligence Sharing', which gives both an overview of the current state of play, and an analysis of whether greater intelligence sharing between the public sector (essentially law enforcement agencies) and the private sector (principally the banks) would yield better results.
A key question is whether greater sharing of intelligence, between and within the private sector and the relevant authorities, would lead to more criminal activity being detected. But the report goes beyond that analysis, and also addresses important questions about how and when the private sector should play a role in the AML process. It is clear there are both advantages and pitfalls.
I'll focus first on the pitfalls, and most of these can be grouped around the issues of alignment of interests and public trust.
Critics allege that the current AML system – driven by FATF and the US - has already gone too far in out-sourcing governmental responsibilities to the private sector. It is argued that those who should be the gamekeepers are actually complicit with the poachers: one of the AML patterns evident in the past fifteen years has been that there can be great incentives for banks and others to take on suspicious clients. And for individuals who benefit with bonuses and career-enhancing prestige, and their institutions which want to make a profit, why not? So transferring responsibilities to the private sector might not seem the most sensible way to manage our AML defences.
You might think that greater intelligence sharing is just that – a bit of sharing, and therefore a practical response to a difficult question. But it is also a bit more than that. It is giving the private sector a shared responsibility to both set up and police the frontline defences against corruption. By extrapolation, it assumes that they are willing and able to fulfil such a function, and that they can do so in alignment with the public interest. By establishing this principle, it also opens to door to a much wider involvement; and it does so behind closed doors.
Which brings us to the issue of trust. Bankers, lawyers, accountants, estate agents, do not rank highly on anyone’s list of trusted sectors. Look at the expensive properties in London bought through the proceeds of corruption: in each case, requiring a bank, an estate agent and a lawyer. This huge trust deficit is the biggest barrier any government will face if it wants to give more responsibility on AML to the private sector.
Neither is it obvious that the solution is to allow law enforcement agencies privileged access to private data, whether in a data-sharing environment or some other mechanism. Just as there is little trust in banks, in many areas of the world it is law enforcement agencies that are regularly cited as their countries’ most corrupt institutions.
So there are some big pitfalls, but also some opportunities: the private sector has resources that dwarf those of law enforcement agencies; the intelligence sharing system used in the UK and elsewhere has started to find its feet; and given the importance of the private sector as key links in the chain, nobody seriously believes that a country’s defences against money laundering can be effective without private sector buy-in.
Moreover, and fundamentally, it seems a sensible hypothesis that being able to share information about very suspicious customers will improve both the defences and the detection rates.
How to square this circle? Here are three things that could help, derived from RUSI’s forward-thinking report:
Meanwhile, the regulated sectors should be working in parallel to address the alignment of incentives and the trust deficit. Without that, the notion of a greater role for the private sector around the world is doomed to failure before it starts.
The world is currently facing a great challenge: to identify and disrupt the flows of money from serious criminal activities. The range of the estimated size of the problem varies between different international organizations (BID, Tax Justice Network, Global Financial Integrity, FATF, ACFE, etc.) but it is possible that the income generated by certain serious crimes, such as money laundering, tax evasion, corruption, fraud, cybercrimes and counterfeiting accounts for between 8% and 15% of global GDP. At this scale, this is a problem which is likely to be affecting the integrity, transparency and healthy functioning of all economies.
My academic and professional activity in the past 20 years allow me to give a view from different perspectives on the evolution of the system designed to prevent and deter money-laundering and the financing of terrorism in the Republic of Argentina.
In the public sector, I had the opportunity to promote relevant public policies, as well as being a regulator and supervisor of our financial system and have represented my country in front of important international forums (CICAD/OAS, FATF, EGMONT, etc.). In the private sector, I was regulated and have advised clients to meet obligations under anti-money laundering laws. This experience, together with the development of my academic study of the issue, has unfortunately led me to develop a critical view of the historical functioning of our prevention system for financial crime in Argentina.
My experience does not allow me to affirm that we have achieved the desired objectives of seriously disrupting financial crime.
If we intend to change that reality, which is repeated in many countries beyond my own, the first aspect to consider is the need to understand that the traditional mechanisms of generating, exchanging and using financial information to detect and disrupt crime are not producing the expected results. The modus operandi over the last 20 years has seen financial institutions forced to work as isolated actors, generating information for the use of the competent authorities, such as the SAR (suspicious activity report), without receiving any feedback or having the possibility to share this information with their peers. If we are to improve the system, then this disconnected and inefficient approach to generating intelligence from the financial sector must be tackled.
However, over recent years we can perceive a positive change in regulatory and policy trends. We are seeing an increased effort to ensure that regulatory expectations on the private sector to report information are in line with the priorities of law enforcement agencies that are responsible for using that intelligence. In theory, obligations on the private sector to report information and exchange data should enrich potential law enforcement investigations of financial crime. The different developments around the world, such as described in the RUSI study of Financial Information-Sharing Partnerships, including models established in the United Kingdom, Canada, Australia, Hong Kong, the United States and Singapore, describe a new paradigm to achieve this objective, which can be adopted by other countries.
The recommendations of the paper set out how policies and procedures can be oriented to exploit the available financial and transaction information from the private sector for the purposes of analysis, intelligence and subsequent investigation, whilst always respecting appropriate confidentiality. The paper highlights that such information sharing should be underpinned by legal frameworks that preserve basic principles such as the presumption of innocence and the protection and confidentiality of information.
We will only be successful if we achieve a change of the regulatory and policy paradigm jointly among all public and private sector actors that have mutual objectives. We must not forget that we are facing a scale of financial criminality that has the capacity to affect our institutional, economic and social orders. We must remember that money must serve man and not govern it.
HACÍA UNA NECESARIA MODIFICACIÓN DE LOS SISTEMAS DE AML/CF
En la actualidad el mundo se encuentra frente a un gran desafío, que es el de controlar los importantes flujos de dinero provenientes de actividades ilegales.
Con el objetivo de cuantificar la gravedad de dicho desafío podríamos mencionar que frente a un PBI global estimado en unos 75 trillones de dólares americanos, distintas organizaciones internacionales (BID, Tax Justice Network, Global Financial Integrity, FATF, ACFE, etc.), valoran que los ingresos generados por ciertos delitos graves tales como el lavado de dinero, evasión fiscal, corrupción, fraude, cyberdelitos, contrabando y falsificación, etc. alcanzan aproximadamente entre un 8% a 15% de dicho PBI, afectando a la integridad financiera mundial.
Esos mercados solo pueden operar si existe un mercado aún más grave e importante que es el de la compra y venta de voluntades, de públicos y privados. Esto genera dominación, dependencia y contamina la transparencia y el sano funcionamiento de cualquier economía.
El desempeño de mi actividad académica, laboral y profesional de los últimos veinte años me permiten dar una visión desde distintas perspectivas sobre la evolución del sistema integral de prevención del lavado de activos y del financiamiento del terrorismo en la República Argentina.
En el Sector Público tuve la oportunidad de ser promotor de políticas públicas en la materia, así como ser regulador y supervisor de nuestro Sistema Financiero y haber representado a mi país frente a importantes Foros Internacionales (CICAD/OEA, FATF, EGMONT, etc.). En el Sector Privado fui Sujeto Obligado por ser miembro del Directorio de una Entidad Financiera y asimismo asesor y consultor independiente.
Todo ello complementado con el desarrollo de diferentes actividades académicas, lamentablemente me obligan a tener una visión crítica respecto del funcionamiento de nuestro sistema integral de prevención. Si bien el mismo nos muestra que en la actualidad existe un cambio de tendencia, el balance de estos veinte años no me permite afirmar que hemos logrado los objetivos buscados.
Si pretendemos cambiar esa realidad, que se repite en muchos países, el primer aspecto a considerar es la necesidad de comprender que los mecanismos tradicionales de generación, intercambio y uso de la información financiera para encarar investigaciones efectivas no están dando los resultados esperados. Son muchos los recursos invertidos tanto de públicos como de privados, pero aun así el mal sigue dominando.
El proceso natural donde las entidades financieras se ven obligadas a trabajar como actores aislados generando información para uso de las autoridades competentes, tales como los ROS, sin recibir ningún feedback ni posibilidad de compartir dicha información con sus pares, pareciera ser un mecanismo en extinción. Esta visión se complementa con la necesidad que los organismos de regulación y control también puedan intercambiar datos para enriquecer una potencial investigación.
Las diferentes corrientes internacionales, tales como los modelos de FISP (Financial Information-Sharing Partnerships) establecidos en Reino Unido, Canadá, Australia, Hong Kong, Estados Unidos y Singapur, como así las recomendaciones del programa FFIS (Future of Financial Intelligence Sharing), reflejan un nuevo paradigma a seguir.
Las políticas y procedimientos deben estar orientados a explotar de una forma distinta la información financiera disponible con fines de análisis, inteligencia y posterior investigación. Siempre resguardando los requisitos de confidencialidad que deben regir en este tipo de procesos. Ello complementado con reformar a los marcos jurídicos que preserven principios básicos como el de presunción de inocencia y el de protección y confidencialidad de la información.
El desafío solo será exitoso si logramos un cambio de paradigma en forma conjunta entre todos los actores del sector público y privado que posean una comunión de objetivos. No debemos olvidar que estamos frente a un poder real con capacidad de afectar a nuestros ordenes institucionales, económicos y sociales. Debemos recordar que el dinero debe servir al hombre y no gobernarlo.
Information is the lifeblood of any enterprise. This is especially true in relation to detecting and deterring financial crime, money laundering and terrorist financing.
In an interconnected world, lines of inquiry are often blurred, borders are immaterial and technology assists anonymity. As a consequence, the traditional ways in which law enforcement investigations and intelligence analysis are conducted have had to adapt to keep up with an ever-increasing sophistication of criminal and terrorist syndicates.
The current report on “The Role of Financial Information-sharing Partnerships to Disrupt Crime” provides a timely and practical focus on new mechanisms and structures to meet current and future financial crime information needs more effectively.
Under international standards and national regulations, financial institutions are expected to be the primary source of financial information both from a customer due diligence perspective and from a criminal justice perspective.
Historically this relationship between government, on the one hand, and the private sector, on the other, has been formal and at arms’ length. The distance can and should be shortened so as to maximize the quality of information available under law and to leverage the skills and knowledge available in both sectors.
How could that be achieved?
Financial institutions, as part of their business, possess detailed information on financial transactions and who conducts them. As part of their business, they assess the risks associated with providing services to clients. Making better use of their knowledge and skills and information, in partnership with law enforcement agencies, will improve the detection and investigation of financial crime.
The FFIS report highlights that, in many countries, the legislative regimes do not permit or facilitate public/private or private/private information sharing. It also highlights that there is typically an imbalance between a regulatory compliance-led signals to the private sector about what to report and law enforcement priorities.
The reality of financial crime today requires supportive laws which encourage information sharing, while appropriately protecting confidentiality. Operational level sharing produces operational results to support investigations. The report provides good examples from a number of countries where mechanisms to do so have been put in place and are working effectively. These are useful models for other countries.
These examples also show that a more flexible approach to public/private information sharing can greatly improve the quality of suspicious transaction reports while potentially reducing their volume and allowing both public and private sector actors to focus attention on where the real risks lie.
The study sets out 5 principles and 26 recommendations in a ‘tool-kit’ for developing FISPs. These should provide a helpful basis for international standard-setters and national policy makers to consider and establish a coherent and specific policies on information-sharing between the public and private sectors.
The work of standard-setters gathered in Buenos Aires this week will be focused on supporting the effective deterrence and disruption of financial crime. The insights contained in the FFIS report, based on operational experience, about how to improve the system through public/private information sharing are worth acting on because they will enhance operational outcomes in the way that the FATF standards and its Effectiveness Methodology intended.
Last week, leaders from national Financial Intelligence Units (FIUs) gathered in Buenos Aires to discuss, among other things, the role of technology, innovation and fintech to ‘unlock the power of FIUs’ in a series of sessions with industry, research and fintech representatives. It is the right focus, but the ambition from FIUs needs to be matched with adequate resources from both the public and private sectors to make it a reality.
The FFIS study ‘The role of financial information-sharing partnerships in the disruption of crime’ found that in the investigative cases where financial information-sharing partnerships (FISPs) have been used, they have significantly enhanced the quality, timeliness and impact of suspicious reporting from the private sector. However, the majority of public/private FISPs in operation today are essentially low technology forums; ‘case briefing’ or insight-sharing roundtable meetings. The low-to-no technology approach has worked well for the cases that they can discuss around the table, but the model limits the scale and rate of information-sharing activity, and the scope of FISP membership. Better use of technology could support engagement beyond those that can be accommodated around a table. Without increasing the rate at which FISPs can process cases, their impact is only going to be limited when compared to the overall scale of financial crime washing through financial centres.
We have recommended that the effective use of technology, taking account of security and data privacy issues, be at the heart of expanding the potential of FISPs. It should be directed at improving the facilitation process of public/private information sharing of financial crime information and the analytical capability of the partnerships to understand the strategic nature of the threat.
We highlight a few key development areas in which FISPs should apply a greater use of technology in the fight against financial crime.
Increasing the speed of information-sharing: criminal operate in real-time and so our public/private and private/private exchange of information needs to be in real-time to match the criminal threat. Currently the general modus operandi for FISPs is to share information, then process the information in silos and come back together to discuss findings over a period of weeks. This sharing needs be brought down to hours and minutes.
Expanding the scale of case work: FISPs have demonstrated their value at a case-briefing level, but given that the best estimates indicate that only 1% of criminal funds are ever frozen or confiscated by law enforcement agencies, the scale of the case work needs to expand substantially if we are going to stem the tide of criminal finances.
Driving continuous learning and development of threat typologies: criminal behaviour is highly adaptive and so the speed at which law enforcement and FIUs can work with the private sector to understand the nature of criminal finance threats will need to improve. Greater analytical firepower should also improve the depth of detail to which financial crime typologies can go. National-level typologies for narcotics financing or human trafficking may have a use, but to understand the differences between the ways in which specific criminal networks are operating on different sides of a country, and then communicating and sharing that insight with major reporting entities is a more ambitious and attainable use of technology.
This is why the key research issues for the FFIS programme in 2018 will include looking at the different applications of technology solutions for FISPs. A key focus will be understanding the benefits of both the secondment model and the private/private dynamic sharing model. The secondment model, pioneered by the AUSTRAC Fintel Alliance, allows private sector intelligence analysts to become seconded ‘public entrusted officials’ for the purpose of supporting AUSTRAC intelligence products. This co-location and opportunity to make use of shared analytical services has a strong potential to reach the goal of real-time public/private information sharing. However, in the US, greater use of 314(b) of the USA PATRIOT Act allowing dynamic real-time information-sharing between private sector reporters may provide an alternative model for delivering real-time exchange.
In all of this development, the fight against financial crime must ensure it draws on the lessons from cyber and fraud information sharing partnerships, which in many ways are more advanced in their use of technology.
As we say in our report, ‘There is still some way to go before the AML system, as a whole, responds to the character of modern financial crime – which operates in real time, is most often international in scale, and can be highly sophisticated and adaptive to avoid detection.’
Focusing effort and resources now on improving the use of technology and analytical firepower in these partnership, provide the greatest promise to meet that challenge. The ambition and insight is there across FIUs, but policy support and adequate resources will be essential. Without this investment, FISPs may degrade into an investigative tool only to draw information from the financial sector, and thus miss the bigger opportunity of building a shared public/private understanding about strategic crime threats and improving the resilience of both the financial sector and economies, as a whole, against criminal finances.
The FFIS programme was honoured to present at the Innovation & FinTech session of the Egmont Group of FIUs Information Exchange Working Group as one of the first events in a week of meetings in Buenos Aires focused around the FATF Plenary.
Long talked about, it feels as though there is finally genuine, practical momentum behind the idea that the only way to achieve a step-change in the outcome of efforts to tackle financial crime is through better partnerships between the financial sector and law enforcement agencies.
Where we once had just ad hoc personal contacts between public and private sector investigators, we are seeing the evolution of structured, organised and concerted sharing of information that will enable more targeted monitoring, investigating and reporting by the private sector and more effective use of resources by law enforcement agencies.
It's not a matter of 'if' but 'when' countries embrace partnership and information sharing. Those that have are starting to see the benefit in terms of more effective responses to key financial crime threats such as human trafficking and terrorist financing.
That’s the good news. But, as those countries such as the UK, Hong Kong and the US have discovered, creating and maintaining effective Financial Information Sharing Partnerships (FISPs) requires constant commitment by all involved. Whilst key individuals have been instrumental in building the trust necessary to establish partnerships such as the UK’s Joint Money Laundering Intelligence Taskforce (JMLIT), success will only be assured once several key factors are in place.
Firstly, legal conditions that allow information to be shared confidently and in confidence are crucial. This will also require assurance from regulators and supervisors that such voluntary contributions and disclosures will not be used to trigger enforcement action against this good faith, voluntary action by the financial institution (assuming no illegal activity or negligence is revealed).
Second, banks must quickly identify their ‘Return on Investment’ – their work is voluntary and for now, willingly undertaken. Ensuring an identifiable benefit from this collaboration is key.
Third, public-private (and vice versa) information sharing is not enough. Legislation that enables private-to-private sharing is required. This exists in a (sub-optimal) form in the US and the UK in the form of the USA PATRIOT Act section 314(b) and the UK’s Criminal Finances Act, but more needs to be done to strengthen the integrity of the whole system, not just to facilitate law enforcement outcomes.
Fourth, governments must not view FISPs as a means of avoiding investment in their own financial crime-fighting capabilities. Any sense that the investigative responsibilities of law enforcement agencies are being outsourced to the financial sector may well negatively impact the commitment of time and resources dedicated by the private sector thus far.
Fifth, although domestic FISPs may assist with strengthening the integrity of national financial systems, the proceeds of financial crime move seamlessly across borders, taking advantage of the widespread inability of countries to share valuable cross-border financial crime-related information in a timely fashion. Linking FISPs across borders, particularly in areas of close financial connection such as the EU and the Americas, should be a key near-term objective.
And finally, FISPs need to determine how their outcomes will be identified and successes measured. Sustaining and developing these collaborative efforts will be challenging if metrics to establish the extent to which the investment of time and effort consumed by FISPs is leading to a genuine step-change in impact cannot be quantified and valued.
Progress to date by those countries that have committed to create information sharing partnerships is encouraging. But like any relationship, maintaining success and progress requires a continuous investment of time and effort and constant, honest assessment of progress.
From bribery and corruption to people-trafficking and drug-smuggling: organised crime takes many forms and does untold damage. Banks have a major part to play in stopping it.
The vast majority of financial institutions take this responsibility very seriously. At HSBC, for example, we have significantly strengthened our ability to fight financial crime over recent years. But no organisation can tackle this complex, long-term challenge alone. A close partnership between banks, policymakers like regulators and governments, and law enforcement agencies is crucial.Thought Leadership
Sharing information is at the heart of that partnership. In effect, different organisations hold different pieces of a jigsaw. Banks have an overview of financial transactions taking place around the world; public agencies gather intelligence about the greatest threats to society. By coming together and sharing information, public and private bodies can see the whole picture – allowing them to target their efforts to stop criminals more effectively.
But data protection and privacy rules sometimes make it difficult to share information between different parts of the same bank, let alone with third parties. Different legal jurisdictions can make cooperating across borders harder still.
That’s why it is encouraging that, over the past few years, authorities in a number of countries and territories have set up dedicated information-sharing forums. These bring together experts from regulators, law enforcement agencies and financial institutions. Working within strict parameters, the different organisations pool their knowledge to better understand and tackle the biggest threats.
A new report from the RUSI Centre for Financial Crime and Security Studies’ Future of Financial Intelligence Sharing (FFIS) research programme, produced with support from organisations including HSBC, examines the different approaches taken in six such forums around the world – the US, UK, Hong Kong, Australia, Canada and Singapore. The report shows that, although it is relatively early days, these forums are already delivering results.
In the UK, for example, the Joint Money Laundering Intelligence Taskforce (JMLIT) has contributed to the arrest of 63 individuals, the closure of 450 bank accounts and the restraint of GBP7 million of suspected criminal funds in its first year. While in Hong Kong, in its first four months of operation, public-private information sharing is credited with contributing to the arrest of 65 persons and the restraint of HK$1.9M worth of assets.
This is a positive start. With a commitment from a total of 20 countries around the world to set up such forums, there is real momentum behind efforts to improve coordination. It is now vital to build on this.
The FFIS report suggests some important next steps. Foremost among these, as argued by HSBC’s Chief Legal Officer Stuart Levey in a speech last year, is the Financial Action Task Force setting global standards on information sharing so legal barriers do not prevent these partnerships developing in more countries.
It is also important to invest in technology to improve the quality of the information shared. Advanced computer programs are able to sift through reams of data far quicker than humans, spotting patterns of unusual transactions that until now would have been virtually undetectable.
Such programs could also help to refine and strengthen existing defences against financial crime. According to the FFIS report, private companies file millions of reports on suspicious financial transactions each year – but more than 80 per cent of these are of no immediate value to law enforcement agencies. Using technology to identify and focus on the areas of highest risk could help everyone make better use of their resources.
The threat from financial crime is constantly evolving. Criminals have significant resources and can learn, adapt and innovate themselves. There are no easy answers, and sharing information is only part of the solution.
But the experience of the past few years is encouraging. It shows that private companies and public bodies are ready to invest serious time, money and trust in building partnerships. I believe that together we are heading in the right direction: towards a stronger, more robust financial system that is better able to disrupt crime and protect the public.