The Financial Action Task Force (FATF) says institutions should be sharing information between them to detect money laundering more easily and comply with the Anti-Money Laundering (AML) and Countering the Financial of Terrorism (CFT) requirements.
Money laundering is a global problem with an estimated size of up to US$2 trillion (5% of the global gross domestic product) being illegally laundered each year.
While regulators and financial institutions across the world have been working hard to curb this socio-economic corruption, with ever-increasing cooperation and stricter scrutiny, their efforts have largely been ineffective.
Curbing financial crime has been daunting as multinational criminal schemes cannot be tackled by one jurisdiction alone. Furthermore, criminals exploit more than one institution to launder, move or use funds with links to terrorism.
In this context, global money-laundering watchdog Financial Action Task Force (FATF) says that “data sharing is critical to fight money laundering and the financing of terrorism and proliferation”.
In its recent report titled Stocktake on data pooling, collaborative analytics and data protection, the international agency provides the FATF recommendations. It notes that with technological advances, financial institutions can analyse large amounts of structured and unstructured data and identify patterns and trends more effectively. The report also lists available and emerging technologies that facilitate advanced AML/CFT analytics and allow collaborative analytics between financial institutions while respecting national and international data privacy requirements.
The need for data pooling and collaborative analytics
According to the FATF, data sharing is important to fight money laundering today. The key points shared by the FATF on this are:
- Data about individual customers is becoming “increasingly dispersed” across different financial institutions as customers are using multiple banking institutions. Therefore, a sole institution going after a criminal might not be effective.
- Sharing data and using advanced analytics simultaneously by multiple financial institutions can reveal trends or potentially suspicious activities more effectively.
- Data sharing can aid financial institutions with transaction monitoring, institutional risk assessment, customer onboarding and identification of the beneficial owner.
- It can help prevent criminals who engage with multiple domestic and international financial institutions from exploiting information gaps.
- It can also help identify and share patterns, such as the typologies of crime that can effectively help institutions detect crimes and conduct intelligence-driven investigations.
The types of data that could be shared
Based on a survey of AML/CFT national authorities, financial institutions, technology developers, academia and other private sector representatives, the FATF noted that many types of data could be encrypted for AML/CFT purposes. They include Customer Due Diligence (CDD) information, transactions, red flags, indications of customer risk (such as whether a Suspicious Transaction Report (STR) has been filed) and updated information of the institutions in a correspondent banking relationship.
Respondents added that a combination of data categories is often shared, depending on the specific objectives. Some respondents also noted that the sharing of customer information is only occurring in an encrypted state and on the occasion that the concept is unclear.
In addition to the above-mentioned types, respondents also stated that they share “Other” types of data such as legal entity identifier reference data, typologies and alert dispositioning/outcomes (for internal model tuning).
How data is currently shared
The FATF noted that it had identified various new technologies under development or in use to facilitate data sharing and analysis between financial institutions for AML/CFT purposes, as part of its research and interviews with respondents. The identified technologies and their sub-items are listed below:
- Homomorphic encryption enables access to a wider set of data to improve outcomes and enable intelligence-led decision making.
- Zero-knowledge proofs allow one bank to gain another bank’s data that they hold on an individual, without sharing that individual’s identity.
- Secure-multiparty computation when applied to different data sources, they can extract credible suspicions from different parties, while keeping the data sovereign.
- Differential Privacy can analyse broad trends, but may create a trade-off between precision of data and privacy.
- Machine Learning can optimise decision points in business processes by understanding the current states and predicting optimal decisions. A scoring model or classification mode can help identify suspicious networks or entities.
- Federated Learning such as a travelling algorithm, can access and interrogate data sets in different financial institutions without moving the data. This leads to more dynamic risk assessment tools.
- Deep Learning can help financial institutions monitor transactions.
- Natural Language Processing can transform free text in suspicious transaction reports into structured data that can be used for network analytics.
- Robotic Process Automation enhances efficiency by automating repetitive tasks that were previously performed by humans.
- Network Analytics derives patterns that cannot otherwise be seen at end-point level. It can identify a network of related entities based on known subject(s) of interest.
Infrastructures for Processing and Transfer
- Trusted execution environments (confidential computing) enable two parties to agree to share their data (e.g., transaction data) and analyse it using a trusted execution environment.
- Secure cloud technology enables firms to collect, store, and analyse significantly large data sets at very low costs, of both structured and unstructured data, that can help collaboration amongst those with access to the secure cloud environment. However, legal barriers for data sharing remain the same.
- Distributed Ledger Technology can be used to share data between several parties, without one party having the full power of data disposal.
- Application programming interfaces (API) allows large data sets to be collected, stored and analysed more efficiently.
The FATF, however, noted that an open dialogue between financial institutions AML/CFT supervisors and data privacy protection authorities is important to the success of initiatives using new technologies and their ultimate effective implementation. In addition, regulatory sandboxes (or innovation hubs) provide valuable opportunities to test how new technologies interact with national (or supranational) AML/CFT and DPP laws and regulations. Other challenges involved in the use of these technologies include:
- The perceived conflict between a financial institution’s desire to share information and more efficiently comply with AML/CFT measures, and existing legal restrictions designed to protect the privacy of its customers.
- Low quality data, including inaccurate or out-of-date data that could nullify the benefits of data pooling and result in an incorrect analytical outcome, including biased conclusions.
- The lack of regulatory clarity in the form of explicit regulatory requirements and guidance for the use of new technology.
- The explainability and interpretability of a decision based on a high level of automation.
Tookitaki and Federated Learning
A regulatory technology company focused on AML, Tookitaki has developed a Federated Learning-enabled AML information sharing framework, called the AML Ecosystem. Tookitaki has created an ecosystem of AML Knowledge through the Typology Repository (Hub) while breaking down silos through the AML Detection Engine (Spokes). Insights from the Hub can be seamlessly consumed through the Spokes by financial institutions to identify and prevent financial crime.
Typology Repository is a fast-growing database of AML typologies or scenarios sourced from a network of AML experts globally, including financial institutions, law enforcement and regulators, and non-profit organisations. Typologies refer to patterns that are used to finance or launder money for illicit activities like drug trafficking, forced labour, forgery, terrorism, etc. They map varied customer activities that represent suspicious behaviour without using any Personally Identifiable Information (PII).
Tookitaki Typology Repository is pre-packaged with Typology Developer Studio that allows the creation of typologies holistically through a No-Code user interface. Once created and verified, typologies can be downloaded by user institutions. Tookitaki AML engine – AMLS uses a proprietary AML insights language to deconstruct the typologies consumed from Typology Repository into risk indicators and then generate automated thresholds based on customer risk levels. Finally, an inbuilt simulation engine validates typologies while using a maker-checker process to deploy them seamlessly.
The AML Ecosystem enhances our machine learning-based transaction monitoring solution with superior detection capabilities. It is helping banks and fintech firms with financial crime identification and prevention by democratising AML insights through privacy-protected federated learning and precise detection through a hyper configurable machine learning approach.
For more information on our AML Ecosystem and the ways in which it supercharges your transaction monitoring capabilities, please contact us.
Talk to An Expert!