Illicit finance is one of the most serious issues facing society today, threatening international security and prosperity. It can underpin and enable the most heinous of crimes, with estimates suggesting an overall cost to the UK alone of at least £37 billion a year.[1]
Tackling illicit finance is difficult. Organised criminal gangs continuously evolve their operations to exploit and defeat controls put in place by law enforcement and the regulated sector. They exploit weaknesses in the system, deliberately moving money between multiple institutions and jurisdictions. This is in the full knowledge that challenges in information sharing between financial institutions will make it difficult for authorities and institutions simply to "follow the money".
In a previous white paper, we outlined a number of reforms that could improve the effectiveness of the response to tackling illicit finance. Essential among these was the development of innovative data and information-sharing utilities. These include mechanisms that allow the same process to be undertaken once on behalf of many organisations — for example, know-your-customer (KYC) utilities — or which enable siloed datasets to be brought together to identify patterns and networks that could not be seen by looking at data in isolation, such as transaction-monitoring (TM) utilities.
In recent years, there has been much more interest in utility models and a number of jurisdictions have begun to plan, pilot and explore approaches to information sharing. For example:
In the UK an information-sharing proof of concept facilitated by the UK Home Office and UK Finance is in progress, with the aim for multiple banks to share information about customers who pose the highest financial crime risk.
Pilots have shown that utilities are viable and valuable, demonstrating that it is possible to set up information sharing across multiple financial institutions and that the processing and outcomes can identify new risks, enhance intelligence and improve suspicious activity reports (SARs), as well as potentially releasing capacity across the system. To realise the full benefits, however, greater clarity in legal and supervisory frameworks would help.
Other sectors already successfully use utilities, from which the AML community should learn. For example, the benefits of information sharing utilities are well-understood in the fraud and cyber domains, where utilities are integral to business-as-usual (BAU) processes.
The public sector has a vital role to play and utilities work best when they use intelligence insights. This means that public-private collaboration, sharing intelligence about threats and risks, is a significant enabler of success. The public sector could play an even greater role, however, including the provision of data sets, clarification of guidance and clear encouragement for utilities through enabling regulation and legislation.
Managing data privacy requirements that protect the personal information of individuals when sharing data is a genuine challenge, but one that can be addressed. Privacy-enhancing technologies (PETs) such as homomorphic encryption could help.
The use of PETs should be balanced with discussion on the need for regulatory and legal clarity on information sharing and the use of data to support technological innovation. Wider use of cross-regulator sandboxes, for example, covering both data privacy and financial crime, would support greater sharing of best practice, particularly in relation to how data privacy and AML laws can be balanced.
Sharing information across borders is even harder, necessitating the management of data privacy regulations among jurisdictions. For example, the requirements of the EU General Data Protection Regulation (GDPR) still hold, regardless of a company's base or location, if they are collecting data from an individual within the EU. This affects the way entities share their data, and the efficiency with which they can do so.
Incentivisation is essential. The absence of regulatory recognition currently limits the time and resources that entities will invest in such initiatives when balanced against the need to meet wider regulatory obligations.
Leadership is critical and, coupled with an overarching governance structure, can drive forward and implement utilities where there are large and complex groups of stakeholders. Senior support within organisations can also unblock internal issues and help to resolve matters with other participants in utility models.
Lastly, there is opportunity to exploit existing points of data aggregation, such as the national payments architecture. A particular priority should be to test how centralised analytics could be run across these existing points of data aggregation to identify and disrupt financial crime and assess the effectiveness and efficiency of doing so.
Looking across information-sharing frameworks, in the authors' view there are four stages to driving a well-functioning utility system:
Organisations are likely to need one or more partners to provide many of the supporting services on this roadmap, such as project management or technology, if they are to fully realise the benefits of a well-functioning utility model.
Despite the potential challenges of developing utilities, they have the ability to transform the effectiveness of the anti-financial crime framework. This is especially true when public and private sector insight is brought together to enable utilities to be truly intelligence-led and aligned with the prioritisation of threats. As such, the development of utilities and the required investment and innovation should be actively encouraged.
______________________________________________________________________________
References:
[1] The economic and social costs of crime (publishing.service.gov.uk)
[2] Monetary Authority of Singapore Consultation Paper on FI-FI Information Sharing. (mas.gov.sg)
Link to Thomson Reuters Regulatory Intelligence article for subscribers: http://go-ri.tr.com/xvcZOV