To keep up with the criminals who funnel illicit money through legitimate banks, financial institutions need to do more by embracing new technologies, collaborating and communicating. Deirdre Carwood and Laura Wadding explain.
As criminals become increasingly sophisticated, they find new ways to channel illicit money through legitimate banks. They’re managing to stay one step ahead of the industry in the process. This has a potentially significant impact on Ireland, given its role as a dynamic international financial services hub: a leading player for wholesale banks and investment funds, and part of a heavily intermediated international financial landscape.
Over the past two decades, financial institutions based in Ireland have spent a lot of time raising their standards to comply with increasing anti-money laundering (AML) regulations, keeping customer documentation up to date, and remediating issues as they arise. Every year, financial institutions invest a large proportion of their costs into maintaining this regulatory compliance – but simply complying with regulations doesn’t prevent a bank from becoming a victim of crime. And the fight against financial crime has become fully digital, following the changed working models after COVID-19 leading to an accelerated shift towards fully digital environments.
But have the banks’ systems kept pace? Are their internal control frameworks strong enough to track suspicious data points and highlight transactions that seem out of the ordinary? A human employee could compare a passport photo with the person standing before them waiting to make a deposit in the physical world. Face-to-face contact and human interaction have been very effective in identifying suspicious activity in the past.
However, we rely on algorithms to spot that activity and mark it as unusual in the digital world. For example, if an account with regular monthly lodgements of €10,000 suddenly has deposits of €150,000 at a time, that’s a potential red flag. This kind of detection technology can be costly, and large financial institutions can be slow to adapt.
Another way for financial institutions to detect potential illicit financial flows and identify emerging trends in criminal activity is through information sharing. However, the data-sharing forums currently in place are not fit for purpose, and they need to be much broader in scope for today’s digital world.
Retail banks, fintechs, regulators, accountancy practices, legal firms and law enforcement all have discussion forums, but there is no single central utility gathering information, detecting patterns and developing typologies of illicit finance activity.
This matters for two reasons: first, without a unified forum, the lack of up-to-date near-real-time sharing of information between all stakeholders is causing delays in investigating suspicious sources of money.
Secondly, it is difficult to measure the cost of financial crime, specifically illicit finance, to the industry and the economy. In an Irish context, when the Garda National Economic Crime Bureau reports instances of financial crime to the Central Statistics Office, this tends to appear as one number, meaning there is no breakdown of illicit finance. Similarly, financial institutions may be obliged to report issues around illicit finance to the Central Bank of Ireland; still, there is no aggregate data shared in the appropriate circles.
But if data can help the fight against financial crime, it can also be a potential hindrance. Under the General Data Protection Regulation, organisations are only entitled to collect the information they need to retain based on the business requirements. The more personal information a bank holds about its customers, the greater their obligations are from a data protection perspective. This is a tricky balancing act: how far should a bank go to demonstrate that it knows who its customers are? The delicate line between adequately addressing the threat of illicit finance and respecting the individual’s right to data privacy is set to remain a vital issue.
Deirdre Carwood is Partner of Financial Advisory at Deloitte.
Laura Wadding is Partner of Risk Advisory at Deloitte.
Five steps to collectively tackle illicit finance
The ecosystem should take five critical steps in response to the threat.
1. Improve alignment
A greater alignment of preventative effort across the public and private sector, concentrating on high-value activities, is paramount. This should include better sharing of information and intelligence, such as emerging typologies and tactical data sets, which would sharpen the regulated sector’s ability to identify suspicious activity. Anecdotally, some banks report that as little as 1% of transaction-monitoring alerts identify information that warrants reporting to national intelligence authorities, suggesting significant effort and capacity in the system is arrayed against activity that does not lead to outcomes.
2. Renew the focus on effectiveness
In some cases, legislative and regulatory frameworks or their interpretation inhibit the ability to align resources to where it’s needed most. It is essential that financial crime risk management frameworks are implemented by organisations and regulated to prioritise the effective delivery of outcomes rather than focusing on technical compliance as an end in itself. There are encouraging signs that innovative approaches are being considered and progress is being made, such as within the Deloitte US’s recent consultation on enhancing the effectiveness of Anti-Money Laundering (AML) programmes.
3. Increase collaboration
The adage “the whole is greater than the sum of its parts” is undoubtedly true of the illicit finance regime. Improved collaboration could also enable global public sectors to leverage the capacity and capabilities of the private sector to help drive a more disruptive agenda and secure better outcomes. As an example, international law enforcement could look to the approach taken by the US Department of the Treasury and Department of Justice (DoJ). The DoJ has worked with the private sector for the best part of a decade, bringing in forensic accountants, open-source intelligence analysts and more, which has enabled them to make a dramatic step-change in the seizure of criminal assets.
4. Embrace new technologies
While the proliferation of emerging technologies, including new payment platforms, cryptocurrencies, and Digital ID, represents criminal opportunity, it also opens the ecosystem to start designing out vulnerabilities. Emerging analytics and encryption technologies will allow us to “see more” in data and enable new kinds of data sharing in compliance with overarching privacy principles.
5. Make broader connections
Illicit finance requires all sectors to play a strong and active role. This goes beyond financial services, governments and law enforcement. Social media, internet service providers, and telecommunication companies within the global corporate sector can all be vectors through which fraudsters access their victims. All have a preventative role to play. The challenge is significant and requires considerable reform of the current system. However, we know that everyone involved wants the same outcome: preventing crime, protecting citizens and customers, and disrupting criminals. For leaders in both governments and industry, the task is to harness their shared ambition and go on this transformational journey together.