The views and opinions expressed in this article are those of the thought leader and not those of CeFPro.
By Corey A. Reason, Head of Compliance, Clarien Bank Limited
When I was asked to write this article, I was trying to think of a good anecdote to explain intelligence sharing and public-private partnerships. And then it came to me, in the form of the of the Pink Floyd song. Our industry is the wall, keeping bad actors out and we should all strive to be another brick in this wall.
I am sure that most of you, myself included have sat in many a forum and listened intently as someone gave a presentation, only to have the meeting conclude and later think back and say “what can I do with that?” If the answer is nothing, then you likely were only given information.
The difference between information and intelligence, is if it is actionable. Below I have provided the definitions as defined by www. Intelligence101.com, a website dedicated to training within the Intelligence Community Information is knowledge communicated about a particular fact or circumstance. Intelligence is all about finding out information, determining what it means – and then using it to take action!
I mention the definitions because I think it’s important to understand the differences before one can have a useful conversation in this space. We are provided with information on a daily basis, however, moving from information to intelligence is a skill that takes practice and changing your existing thought process, but once you do, you will be a more valuable member of your financial crime team.
Before we can discuss best practices and the use of intelligence it’s important to understand the steps in the Intelligence Lifecycle: Direction, Collection, Processing, Analysis and Production, Dissemination and Feedback.
- Direction: Comes from your leadership team, what are they looking to solve and this intelligence feeds into their decision-making process;
- Collection: The creation of a plan of gathering intelligence from various sources and tools;
- Processing: Is the manner of executing the collection plan and intelligence is assembled for use;
- Analysis and production: Establishes the significance
of processed intelligence, integrates it by combining disparate pieces of information to identify patterns, and then interprets the significance; - Dissemination: Finished intelligence products take many forms depending on the needs of the decision maker and reporting requirements; and
- Feedback: A closed loop; feedback is received from the decision maker and revised requirements issued.
Internally the lifecycle should help drive risk-based approach and where to dedicate resources based on what your firm is seeing and the challenges arising. These are often associated with the geography, client type and product mix that make up your company’s risk profile.
On a larger scale, externally some of the Intelligence Lifecycle can be used, even in markets where proper legislative information sharing hasn’t been implemented yet. I would encourage institutions to form peer groups and share thematic information on risks they are seeing, you never know if your neighbour already has addressed the issue and can share a solution that might work for you; or if you are the first case of a new and emerging risk that no one has built a defense for yet. In both cases, it helps make the financial system stronger when banks talk to one another.
In my career, establishing a Financial Intelligence Unit (FIU) was a key milestone in moving from information to intelligence. The FIU serves as a central hub to administer the Intelligence Lifecycle and be a single point of contact across the organization for intelligence requests.
For an FIU to be effective there must be engagement from many elements across the organization; executives and the leadership team must support the function and utilize it as a resource to assist in decision making, functional teams like Financial Crime Compliance (AML, Sanctions, Anti-Bribery and Corruption), Fraud, Cyber and Data Analytics to provide various inputs for the intelligence report and the Lines of Business, as both an intelligence requester and intelligence source.
We have looked at the Intelligence Lifecycle and ways to look at intelligence already, lets discuss how this is applied
FATF Guidance on information sharing: types and mechanisms
In some cases, specific information sharing arrangements to facilitate information sharing among financial institutions for AML/CFT purposes have been reached between jurisdictions. This can provide statutory gateway to facilitate information sharing between financial institutions in a cross border environment for AML/CFT purposes.
Public private partnerships for information sharing are also being developed in a number of jurisdictions and have achieved positive outcomes. Through such partnerships, information is shared across law enforcement, FIU, vetted participants from the private sector as well as international partners in some cases, to facilitate a more comprehensive view of transactions and customers’ behavior. Such sharing often happens in a secured environment in order to facilitate further data-mining, operational analysis and scanning by the private sector to fill potential intelligence gaps.
Industry forums or platforms- Initiative can also be steered by financial institutions by creating structures such as inter- bank forum or through their banking/industry associations to share information on recent crime trends, modus operandi and typologies across participants. Representatives of law enforcement and supervisors could also collaborate in such initiatives to further support the work.
Additionally, there are groups like the Financial Services Information Sharing and Analysis Center (FS-ISAC) which
have become a vital asset for business, trade and commerce, dedicated to reducing cyber-risk in the global financial system. Serving financial institutions and in turn their customers, the organization leverages its intelligence platform, resiliency resources and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats. The FS-ISAC is headquartered in the US, with offices in the UK and Singapore.
The US Federal Government have utilized intelligence sharing arrangements for years, post September 11th to coordinate and ensure a full picture of bad actors and their activities and assist law enforcement in bringing cases for prosecution.
Governments for intelligence sharing in financial crime
The National Cyber Investigative Joint Task Force, led by the Federal Bureau of Investigation (FBI), functions as a domestic focal point for 18 federal departments or agencies to coordinate, integrate, and share information related to cyber threat investigations, as well as make the Internet safer by pursuing terrorists, spies, and criminals who seek to exploit U.S. systems. Pervasive criminal activity in cyberspace not only directly affects its victims, but can imperil citizens’ and businesses’ faith in these digital systems, which are critical to our society and economy. Computers and the Internet play a role in most transnational crimes today, either
as the target or the weapon used in the crime. The use of the Internet, personal computers, and mobile devices all create a trail of digital evidence. Often the proper investigation of this evidence trail requires highly trained personnel. Crimes can occur more quickly, but investigations proceed more slowly due to the critical shortage of investigators with the knowledge and expertise to analyze ever increasing amounts of potential digital evidence.
Challenges with intelligence sharing in the financial services industry:
Ask any financial crime professional what one of the biggest challenges they have currently, it is bound to be intelligence sharing. The challenge and concern with sharing intelligence (names and transactions) is that although everyone says that would be helpful in the fight against financial crime there have been few moves to provide regulatory cover for institutions to conduct information sharing. Until there is a genuine commitment from governments to allow this type of sharing across the industry, within a defined and “need-to-know” framework, it will be difficult to stay ahead of bad actors.
As you are aware, under Section 314(b) of the USA PATRIOT ACT there is a provision for information sharing with other financial institutions. At the beginning this sounds great, however, the scope is very limited. To help decide whether to utilize 314(b) requests, there are 3 questions one should ask prior to commencing request.
- Whether the financial institution suspects a specified unlawful activity has occurred;
- Whether a transaction involving the proceeds from that activity has taken place; and
- Whether that transaction is part of a terrorist or money laundering scheme.
And after assessing that, two final components to the process; 1. Is the other institution a participating institution (they are not required to be) and 2. they are not obligated to respond. This adds up to a useful but not fully developed information sharing model. A strong first step recognizing that that criminal and terror organizations understand information sharing restrictions and how to exploit that to their advantage. We have to stop thinking that these bad actors are anything but highly organized and well-informed.
The industry along with government partners need to forge strong relationships and share thematic issues. For example, if there is a particular industry that law enforcement has been observed to be utilized for money laundering in a specific jurisdiction, share that with financial institutions. We can train our tools and resources to these emerging risks. Conversely, the financial industry should provide insight on new risks to law enforcement where they can. Intelligence sharing by government and industry is a symbiotic relationship and mutually beneficial.
So what does it look like in the future? I think that governments world-wide will continue to see the value in information sharing in the financial industry; it took decades for them to crystalize tax treaties that share information cross border. I foresee that the same level of maturity and time will be required; unless there is an event that speeds things up; if you look at how law enforcement siloed intelligence prior to September 11th, it took a life changing event to bring the paradigm shift that was stagnant for years to occur. In the meantime bad actors will continue to exploit this weakness and mask illicit activity across many financial institutions in different geographies. This is perhaps one of the most challenging issues facing the industry globally; but one we can overcome, working together.