The Financial Intelligence Unit (FIU) of a Financial Institution (FI) is critical in enhancing the overall efficiency and effectiveness of the organisation’s response to financial crime (FC).
An FIU that is intelligence-led, tech-enabled and proactive has the power to identify, evaluate, and respond to threats faster and more effectively by putting actionable intelligence in the hands of those that can do something about it. It also has the potential to help the FI keep pace with evolving regulatory expectations around the effective application of the risk-based approach.
Within many FIs, the assessment of FC risk is still undertaken in silos. Data from different business areas and across domains is not brought together effectively for collective analysis and is not routinely enriched by external sources of intelligence. This inherently undermines the quality of analysis that can be conducted, and the outcomes delivered.
In addition, FIUs themselves are often ‘underpowered’, comprising only a small team of investigation analysts who are too often engaged in providing reactive support to law enforcement requests, over proactive intelligence and analysis. As a result, an FI’s ability to identify threats and respond to them proactively is undermined – as is the effectiveness and the efficiency of their response to FC.
How do you address this challenge?
In our view, the FIU needs to be multi-disciplined across fraud and FC risk domains with the following key responsibilities:
- Identification – access to a holistic view of the customer to provide faster and more precise information to senior management, the business and law enforcement and to inform the identification of emerging and evolving threats.
- Analysis – development of comprehensive analysis of customer information to provide proactive intelligence to safeguard customers, the organisation and enhance controls. Advanced analytics skills will be applied, such as behavioural client profiling.
- Dissemination – production of both tactical and strategic intelligence that is quickly actionable, both internally and externally.
For this model to be successfully deployed, the FIU must have access to:
- A comprehensive view of all customer data (made available through the convergence of monitoring across client behaviour and risk domains, dynamic customer lifecycle management and intelligence-led risk assessments), enriched with Open Source Intelligence (OSINT), and access to intelligence from intelligence sharing partnerships with other public and private sector stakeholders in the ecosystem.
- Technologies that enable enriched customer data to be visualised, analysed, assessed, and actioned. Increased adoption and integration of Artificial Intelligence (AI) and Machine Learning (ML) solutions will also be of benefit by reducing manual effort and enabling trends to be spotted which might not be visible to the eye when dealing with lots of data.
- FIU analysts who lead complex investigations but are also data literate to enable a greater understanding of how data can be manipulated and be able to query increasingly larger datasets.
In addition, it will be critical that the FIU has effective engagement with policymakers to secure permissions to embrace reformed ways of working.
Intra-bank sharing of information is critical, across its various entities, cross border, and via appropriate gateways. Information should also be available for analysis across risk domains, in particular, bringing together FC, fraud and cyber security data, which is still often addressed within silos in FIs. Other than the connection of fraudulent activity producing illicit funds that need to be laundered, it is often the same criminal actors perpetrating these crimes and they do not stick to one type, meaning collaboration amongst specialists in these areas would be valuable in an attempt to outsmart criminals. Often within global organisations, regulations restrict such sharing of information across jurisdictions, therefore this model will require internal and external governance arrangements to ensure data privacy regulatory and legal requirements are met.
Similarly, inter-bank and public-private partnerships, such as the Joint Money Laundering Intelligence Taskforce (JMLIT) are critical for enriching intelligence and harmonising the ecosystem of actors who are fighting FC. With a number of information sharing initiatives already in flight, such as: the UK’s National Economic Crime Centre (NECC) led Fusion Pilot1; Transaction Monitoring Netherlands (TMNL); Collaborative Sharing of Money Laundering/Terrorism Financing Information & Cases (COSMIC) in Singapore; and, Article 75 of the new European Union Anti-Money Laundering Regulations2 bringing in new powers for information sharing; the FIU of the future is likely to have access to a much more diverse intelligence.
We recognise that what we describe represents a significant change from the model that currently exists in many banks and bank FIUs, and would require, in some cases, substantial re-structuring. However, we think these changes are valuable and suggest prioritising:
- People – transitioning to multi-disciplined intelligence leads with expertise across several risk domains, and a clear distinction between investigative and proactive intelligence roles to ensure intelligence analysts are given the time and capacity to work on proactive intelligence without getting inundated with reactive investigations. In addition, more broadly within the FIU team, there is a need for resources with data-oriented backgrounds.
- Process – production of authoritative intelligence to drive effective risk management across all domains. This will include an increased focus on ‘top-down’ thematic-based investigations, with effective outcome feedback-loops into risk/threat assessments and front-line FC controls.
- Technology – investment in data, technologies, and partnerships to enable the creation and analysis of holistic customer views.
Alongside this, governance processes will need to be adapted both within the FIU and across the first and second lines of defence FC teams. Similarly, FC teams will need to put in place the required data and technology, processes, and procedures to harness and effectively exploit the outputs from the FIU across the organisation.
The outcome of these changes will have potential benefits across the entire organisation. FIs will be able to make better assessments of customer risk through holistic analysis. Targeted intelligence will help more effective detection of illicit activities, as well as driving efficiencies in the control framework. These improvements in efficiency and effectiveness will in turn lead to:
- Better client service (safeguarding customers through a reduction in fraud and FC exploitation);
- Enhanced reputation with regulators and policy makers;
- Enhanced quality of intelligence reporting; and
- Improved time and cost efficiencies.
Criminals are often ahead of law enforcement and the controls that FIs put in place; they are aware of loopholes within the system and are opportunistic in exploiting them. Banks have a role to play, both in terms of meeting regulatory requirements, and being active in helping the system as a whole to better tackle FC. The existing system has a number of inadequacies that FIUs are well-placed to help address by taking a leading role in utilising technology, leveraging all accessible data in an analytical manner and actively participating in information sharing initiatives.
Please get in touch if you would like to discuss this topic further. Also look out for further articles in our Future of Financial Crime series – up next, our penultimate article, in which we discuss the importance of establishing a holistic FC technology and data architecture and strategy, to underpin and make possible the key changes we've set out throughout the whole series. Financial Crime Operations - but not as we know it.
2Texts adopted - Anti-Money Laundering Regulation - Wednesday, 24 April 2024 (europa.eu)
