By Anna Celner, Global Head of Banking & Capital Markets Practice, and Sir Rob Wainwright, Partner and Senior Banking Advisor, Deloitte
Financial crime’s rapidly rising scale and destructive impact amplify the need for a genuinely robust data-driven solution. With global estimates suggesting $2 trillion is laundered annually and fraud now at epidemic levels, illicit finance has become one of the world’s most prevalent businesses.
This is not a victimless, white-collar crime. It exposes the most vulnerable in society to exploitation by criminal groups through the most heinous crimes, including human trafficking, drug trafficking, modern slavery, illegal wildlife trade and terrorist financing. As such, illicit finance is damaging the security and prosperity of all nations by effectively depriving individuals, communities, taxpayers and governments of vast swathes of vital capital.
Legislators, public authorities, regulators and the financial-services industry globally are investing enormous sums to combat the threat, but outcomes remain poor, with less than 1 percent of illicit funds recovered. This means that current efforts across the global ecosystem are not a sufficient deterrent.
Breaking down siloes
A key deficiency in financial-crime-fighting efforts is the continued prevalence of siloed data, driven not only by technical issues but also by legislative and regulatory factors. Financial institutions, governments and regulators frequently tend to guard their data, even in relation to financial crime. Still, this approach is ineffective and illustrates the urgent need for both private and public stakeholders to act far more collaboratively.
Significant potential value rests on combining financial-crime data held in the component parts of the ecosystem, especially across the banking sector and in law enforcement. Unlocking that potential relies on building more complete and durable partnerships and resolving significant legislative and regulatory issues that are culturally ingrained.
Overcoming these hurdles will allow different parts of the system to unlock the value of readily available external data, while data integration and sharing can create complete pictures of criminal activity by helping to uncover patterns and new findings.
Even though roughly $214 billion1 is spent annually on anti-money laundering and sanctions compliance by financial institutions, the return on investment (ROI) is negligible. This is because the interpretations or effects of existing regulations and supervisory frameworks lock efforts into high-volume, low-value activities (such as SARs [Suspicious Activity Reports] reporting at low-suspicion thresholds and on an all-crimes basis), which are not garnering useful data or intelligence. And even when intelligence or insights are generated, they are not routinely shared or acted upon.
Persisting on such a strategy is ineffective and undesirable. Instead, both public and private institutions need to place greater emphasis on bolstering the efforts of law enforcement to create united intelligence efforts enriched by two-way exchanges of information so that public authorities and financial institutions can see fuller and truer pictures of serious criminal threats operating in the financial system.
Failing to do this will perpetuate the rule-following asymmetry that exists between criminals and their prospective captors: Those who commit financial crimes are not bound by any information-sharing rules and arguably exploit the fact that the people trying to uncover them are restrained by such restrictions.
This uneven playing field undermines law enforcement’s ability to build a picture quickly and comprehensively while simultaneously undermining financial institutions’ ability to fully understand their global financial-crime risk exposures. The irony is that it’s often the case that all the pieces of the intelligence jigsaw puzzle exist, and the “bad actors” and criminal organisations involved are already known and on watchlists. Still, the dots simply cannot be connected.
Improved information sharing between domestic and international partners would overcome this issue and provide financial institutions, law enforcement and intelligence agencies with invaluable insights that would significantly enhance efforts to stop the likes of private criminal enterprises and rogue states from inflicting further damage globally.
A more cohesive defence strategy may be able to more quickly and decisively identify where increased illicit activities are occurring or where new pockets are manifesting themselves, as is the case with the real-estate sector at present, and therefore proactively combat them.
Cross-ecosystem collaboration is key
Being reactive will leave the financial-services ecosystem exposed and vulnerable to significant criminal harm and adverse regulatory scrutiny. A sophisticated, joined-up framework between public and private organisations is, therefore, critical to tackling the constant threat of illicit finance and enabling an effective response when global events create the potential for spikes in illicit activity, as we have seen with fraud during the pandemic.
Public-private partnerships (PPPs) are actively encouraged by the Financial Action Task Force (FATF) and are increasingly accepted as high-value, voluntary activities that can drive engagement between policymakers, financial-services participants and other sectors.
Utility models are also widely recognised as beneficial to all stakeholders in the ecosystem, either to allow duplicative processes to be undertaken once on behalf of many—such as Know Your Client/Customer (KYC) protocols—or to bring together datasets for collective analysis to enhance risk-management functions. In addition, setting national risk priorities can support the public and private sectors in working collaboratively on agreed outcomes.
This is where technology, automation, artificial intelligence (AI) and machine learning (ML) can make a difference. Being intelligence-led helps drive efficiency and effectiveness across the financial-crime-detection framework by enhancing and enabling a truly risk-based approach. And by embracing data and analytics alongside innovative technologies such as digital ID (digital identity verification), stakeholders can germinate a crucial enabler of a more robust financial-crime framework that can drive transformation.
Some common examples of digital ID include electronic databases—such as distributed ledgers to obtain, confirm and store identity evidence—and digital credentials—that help authenticate identity for accessing mobile, online and offline applications. Beyond this, biometrics can identify or authenticate individuals2.
Nonetheless, despite the FATF’s estimate that 60 percent of global gross domestic product (GDP) will be digitised by the end of 2022, there remains no comprehensive, internationally agreed-upon set of standards for developing digital IDs3. This is inhibitive for tackling illicit finance, given that leveraging the power of data can provide numerous benefits, even beyond efficient and effective detection.
Data collection and analysis can help institutions manage the ever-increasing costs of compliance by allowing multiple versions of similar systems, such as case management and analytics tools, to be rationalised and specific repetitive, high-volume tasks to be automated. It can also allow a financial institution to build a more comprehensive understanding of risk so that exposures to regulatory sanctions can be reduced at both the corporate and senior-manager levels.
A holistic customer view is critical to enabling financial institutions to protect their own systems and their customers’ assets from criminal exploitation and ultimately deliver better societal outcomes.
While progress relies on all stakeholders, the financial-services industry can take vital steps to demonstrate its commitment to a new way of addressing illicit finance.
Financial institutions must ensure that they do not have any communication barriers internally between anti-money-laundering (AML), cybersecurity and fraud teams, and they must expedite efforts to share data with peers to ensure better levels of financial-crime prevention and detection.
The firms that will prosper are those that acknowledge that the responsibility for driving this forward cannot simply be left with the relevant teams but that success will require board-level sponsorship of such an agenda, with a nominated board member tasked with setting goals and targets for the organisation’s fight against financial crime.
Signs of progress
While significant progress remains to be made, there are some encouraging signs globally of improved detection and prevention frameworks.
In Australia, the AUSTRAC’s (Australian Transaction Reports and Analysis Centre’s) Fintel Alliance is bringing together an increasing number of banks, remittance-service providers and gambling operators, as well as law enforcement and security agencies, to share intelligence and develop solutions. Investments have been allocated to enhancing reporting systems for financial institutions to streamline compliance and drive more timely and effective financial intelligence. A parliamentary committee is examining the adequacy and efficacy of the national AML/CFT (anti-money laundering/combating the financing of terrorism) regime and is due to report on it in the coming months.
In Europe, through the Transaction Monitoring Netherlands (TMNL) initiative, five major banks are piloting collective transaction monitoring of combined pseudonymised transaction data to identify unusual patterns of cross-bank activity relating to money laundering. The immediate goal is to enhance the effectiveness of the participating banks’ efforts against financial crime, with a potential endpoint being the development of an industry-wide utility that will perform transaction-monitoring activities on behalf of the financial institutions involved.
While the TMNL is a private-sector-led initiative, the banks have sought active cooperation with stakeholders in the public sector to build the TMNL platform, such as securing detailed typological input from the Dutch Financial Intelligence Unit (FIU).
These approaches provide substantive blueprints for the wider global financial ecosystem to follow, and mimicking them simply requires the will of all stakeholders to pull together for the common good.
Research and experience show the benefits of connecting data from multiple sources. Not only does such an approach broaden the amount of data available, but it provides an opportunity for greater and more diverse scrutiny of the data, potentially leading to discoveries that may have been almost impossible to identify otherwise.
But for a truly effective and efficient detection-and-prevention system, stakeholders must embed technology, such as AI and ML, into their financial-crime-fighting frameworks to ensure robust data scrutiny and pattern recognition. For such a system to emerge, financial institutions, regulators, governments and law-enforcement agencies must improve the levels of collaboration internally and between each other.
There is growing acknowledgment of this in key financial centres. For example, significant steps have been taken in the United Kingdom, most recently through the new Economic Crime and Corporate Transparency Bill, to implement reforms aimed at preventing the abuse of limited partnerships, providing additional powers to seize and recover suspected criminal crypto-assets, and enabling new intelligence-gathering powers for law enforcement and greater confidence for businesses around information sharing.
Similarly, in the United States, through the Anti-Money Laundering Act of 2020 (US AMLA), the FinCEN (Financial Crimes Enforcement Network) has established national AML/CFT priorities for financial institutions to incorporate into their AML/CFT programmes and for regulators and examiners to include in their rules, guidance and examinations. This establishment of national priorities represents a significant step forward in shifting the primary focus of US regulators and financial institutions from maintaining technical compliance through their AML/CFT programmes to a more risk-based, innovative and outcomes-oriented approach and has the potential to provide a “blueprint” for other jurisdictions to follow once fully implemented.
These changes demonstrate the building momentum for change, growing understanding of the need to embrace cross-ecosystem collaboration and strengthening combined power of data and intelligence underpinned by innovative technology. But for a watertight global defence, this approach needs to be ubiquitous.
Success here will improve global financial well-being, elevate financial institutions’ reputations and support environmental, social and governance (ESG) goals by ensuring that the world’s capital is used for positive and inclusive innovations rather than crime and exploitation.
1 LexisNexis Risk Solutions: “Global True Cost of Compliance 2020” report.
2 Financial Action Task Force (FATF): “FATF Guidance on Digital Identity in Brief,” March 2020.
ABOUT THE AUTHORS
Sir Rob Wainwright is a Partner and Senior Banking Advisor at Deloitte. He previously served as the Executive Director of Europol for almost a decade. Sir Rob has had a 28-year career in intelligence and international affairs at the Serious Organised Crime Agency, the National Criminal Intelligence Service and the British Security Service. In June 2018, he was awarded a Knighthood by HM Queen Elizabeth II for his services to security and policing.