Why an isolated fight on money laundering is ineffective
Financial institutions have been historically averse to cooperating with other financial institutions for sound commercial and compliance reasons. This has meant that they have fought the war on money laundering on their own, in isolation, often using software built internally to monitor the payment transfers of their own customers. Even transaction monitoring platforms that multiple institutions share in common, provides no ability for its clients’ compliance officers to work in tandem on shared targets and cases.
This is not ideal. Money launderers do not politely stick with one FI to commit their crimes but engineer elaborate money flows and networks across different banks and regulatory domains. With the advent of exciting cross border financial networks, the placement, layering and integration steps are executed at different financial participants doorsteps. Compliance officers are left to reporting the activity, without the value of knowing what stage they thwarted. This lack of clarity makes it difficult to mitigate for decreasing the ongoing threat.
To have a better chance of thwarting them, FI’s need a more complete picture. The puzzle is incomplete if FI’s scrutinize only their own data, but combined AML transaction monitoring, with data from as many sources as possible, would very likely boost detection of financial crime in progress.
Difficult though this is, it is beginning to happen.
Where has collective transaction monitoring already been deployed?
United States: FinCEN 314(b)
The US Patriot Act casts its net the widest: FinCEN 314(b) provides the legal framework for banks, insurers, mutual funds, casinos, and other types of financial institutions to share information – on a voluntary basis – when “terror financing or money laundering” is suspected. It is a permitted communication channel for compliance officers of participant institutions. It is, however, not a platform where shared financial transactions are monitored for criminal activity on a day-to-day basis. This lack of close to real-time tactical data sharing has been spotted in FinCEN’s SAR reviews demonstrating only a mere 20% of SARs annotated a 314b related investigation. That being said, over 8000 financial institutions used the mechanism to report suspicious activities. Those SAR’s in over 80% of the cases were purported to be money laundering investigations.
Such a platform is in an exploratory mode in The Netherlands with a consortium of five Dutch banks known as TMNL. Of the participants, the three largest – ING, Rabobank and ABN AMRO make up around 80% of total Dutch banking assets. The financial reach and clout of TMNL mean it enjoys active backing from the government and this may be key to its success.
Similarly, new guidelines from the Dutch Data Protection Authority have permitted 160 licensed banks and insurers to share details of suspected fraudsters within the confines of strict privacy laws. Additionally, TMNL has the added benefit of working closely with Dutch enforcement agencies, ministries of Finance, Justice and Security, the Fiscal Information and Investigation Services, and the FIU. This widespread collaboration has an efficiency over the 314 approaches of ensuring that the intelligence stakeholders are immediately informed.
What has excited the compliance community in The Netherlands and beyond are the early successes of TMNL, where the analysis of a year’s worth of data from the five banks revealed several previously undetected criminal schemes.
How does a platform such as TMNL operate, and could the Dutch project, alongside a communication channel similar to the US 314b participant network be a template for other data-sharing mechanisms, powered by critical SaaS regtechs?
Key aspects to successful collective transaction monitoring
Clear data sharing guidelines: As we remarked earlier, knowledge sharing goes against almost every instinct of the larger institutions and is technologically difficult to achieve. For European banks, there is the legal barrier of GDPR. Security and data sharing guidelines must be negotiated and agreed upon; protocols of communication and feedback mechanisms put in place to alert participating banks of potential criminal activity. How do you review the performance of a transaction monitoring platform, or measure its success?
Commonly used, not commonly controlled: The platform (whatever it looks like) will require substantial innovation, yet may have to operate at arm’s length from the consortium. This is the case with TMNL which is effectively a fintech with its own office and staff. The encrypted data are shared but the results – that is to say, any indication of money laundering – “belong” to the banks involved in the payment chain. The banks investigate independently and rule independently whether to file a report with the Dutch Financial Intelligence Unit.
Balance on individual and collective monitoring: Any joint transition monitoring scheme can never be a substitute for a bank’s internal fraud monitoring but offers enormous potential benefits as data is scrutinised by multiple investigative eyes and is submitted to multiple detection models, not just one.
How to realise a collective transaction monitoring platform
The idea of joint monitoring and detecting is a no-brainer, but its execution presents a considerable headache for banks and regulators. The main obstacle is data. Any mature business will have a fragmented legacy of multiple data sets and systems, and no two banks are alike. On the other hand, an innovative regtech, whose USP commits to unlocking data silos, might strike just the right balance to tackle this.
All eyes are on the Dutch scheme which is expected to go live later this year. Compliance officers worldwide are keenly interested in its progress because deeper inter-financial cooperation in the fight against financial crime is the way of the future.
At Sentinels, we believe that data sharing is the key to successful AML compliance and transaction monitoring. Our recent partnership with PPRO, the leading local payments infrastructure provider, will take this into practice: by monitoring for suspicious activity across PPRO’s customers, it enables cross-institutional monitoring - the next exciting frontier in compliance. Read more here.