"I not only use all the brains that I have, but all that I can borrow"--WOODROW WILSON, 28TH PRESIDENT
The financial services industry generates vast quantities of information pertaining to money laundering, terrorism financing, and fraud. Much data is not subject to adequate intelligence analysis; in other words, there's "information waste." That information is produced by the banks internally, as well as by the banking community and regulatory agencies. An effective "Financial Intelligence Unit" establishes protocols and procedures to make productive use of that information and to reduce waste.
Information waste produced internally by banks refers to all significant events related to high-risk products, geographies, and clients, as identified through the risk assessment process, that trigger the execution of a control, but with underlying components that are not recycled or analyzed further intelligently. Here are examples of failures to capitalize on information:
1. Account opening. Each time an application is rejected because the prospect fails to either comply with customer identification procedures (CIP), due diligence, or enhanced due diligence (EDD) requirements, the account is likely to be rejected. However, the factors that triggered the execution of a control, such as dubious or incomplete information; failure to provide required information; or negative information found, are not analyzed to understand what type of client, business segment, geography, or type of product were related to that event.
2. Wire transfers. Each time a wire transfer triggers a positive hit against any of the sanctions lists, the transaction is blocked and reported to Treasury's Office of Foreign Asset Control (OFAC). If the relevant aspects of that transaction, such as origin of the funds, jurisdiction of the transmitter, type of related business activity, correspondent bank involved, type of currency, etc., are not analyzed further, potentially valuable insight into an intended violation is lost.
3. Security threats. When hackers attempt to penetrate a financial institution's network, and the activity is detected and aborted, it is often analyzed only to retrofit lessons learned into product design, rather than to gain an understanding of the business intelligence components of that event. There are important questions that should be asked: Why did the hacker choose that particular branch, product, and communication channel to attempt a penetration? Is the event related to a particular jurisdiction, geography, product, or client segment that might also be exposed to money laundering and or terrorism financing?
4. Check fraud. Every time a fraudulent check is stopped and the fraud is aborted, but the business fails to analyze the details-Why the fraudster identified choose that specific location?-an opportunity to gather important business intelligence is wasted. The good news is that a fraud was aborted; the not-so-good news is that the business failed to use the experience to help prevent future fraud.
Grab the low-hanging fruit
Those are examples of internal sources. There is also a wealth of relevant information, provided at no cost to financial institutions by regulatory agencies, that should be used to enhance an organization's internal data collection. Below is a list of some valuable resources:
1. FinCEN. Treasury's Financial Crimes Enforcement
Network's publications, such as the SAR Activity Review-Trends Tips and Issues, SARs By the Numbers, and Strategic Analytical Report. (SAR stands for Suspicious Activity Report.) These periodic publications focus on different aspects of the financial crimes phenomenon as gleaned from the suspicious activity reports (SARs) filed by financial institutions. For example, the May 2009 SAR Activity Review focused on the securities and futures industry; the Strategic Analytical Report issue of February 2009 focused on trends in mortgage loan fraud. …