Transcript Financial Intelligence Unit Analytic Software

AML Software
A Systems Approach
Kevin Whelan
[email protected]
Software Systems Approach
• Looks not just at one component of system, but
interrelation of all components
• Understands the interfaces between/among
components
• Understands that each component can work, but
the system can still fail.
– AML is a system with multiple components
• AML does not work well in most places
• Software can help with each component and with interfaces
– But only after the necessary context has been established
What is AML?
• Money Laundering is the process of disguising illicit
origins of criminal proceeds.
• Anti Money Laundering (AML) is a system that:
– Attempts to prevent criminal access to financial institutions
– Attempts to detect and prosecute use of financial institutions for
the purpose of money laundering
– Provides tools that allow instances of money laundering to be
investigated and prosecuted
• Successful AML has the following beneficial effects:
– Reduced Crime and Corruption
– Enhanced Soundness and Integrity of Financial System
– Encourages investment (especially foreign) and economic
development
Role of Technology
• What Technology Cannot Do:
– Cannot substitute for training
– Cannot create a compliance culture nor implement standards of
integrity and ethical behavior
– Cannot think (at least not very well), cannot think for you
– Cannot replace the human element, especially when dealing
with the human element
– Usually cannot define a business process
• What Technology Can Do:
–
–
–
–
–
Reduce Compliance Costs
Manage large amounts of information
Enhance sharing of information
Assist in the analysis process, but only if it is known
Can help to integrate the whole system!
FIU Technologies
• All about information!
– The idea is to synthesize information
• To take isolated pieces of information and move them from a parochial view
to a global view
• Use global view to perform analysis
– Example
• Person depositing $9,000 cash not suspicious
• Person declaring $10,000 taxable income not suspicious
• Person depositing $9,000 cash with $10,000 taxable income is suspicious!
– Use information to proactively create a suspicion!!! (rather than merely
confirming or refuting a suspicion)
• Acquiring Information is not easy
–
–
–
–
Can become overwhelmed with low-value mandatory information
Other gov’t agencies reluctant to provide information
Technical issues
Cost Issues
AML Organizational Components
Generally Two Levels:
– Primary Level
• Commercial entities that comprise the financial system
– Banks, Insurance firms, Stock Brokerages, Metals Dealers,
leasing firms, etc.
• This is by far the best level at which to detect money
laundering.
– KYC happens here.
– Low levels views of activity happen here
– Governmental Level
• Regulators of Financial Institutions
• Financial Intelligence Unit
• Law Enforcement/Prosecutors
AML Organizational Components
Sharing
Analysis
Watch
List
Regulators
Data Collection
CTR/SAR
Financial Institution/
Reporting Entities
FIU Functions
Tax Data
Consumer Data
Customs Data
Natural Persons
Legal Persons
Other
Primary Level Technologies
• Risk Management Software
– Designed both for regulatory compliance and
protection of reputation
– In general, software highlights two types of
transactions
• Those transactions which match a known pattern of financial
crime
• Those transactions which don’t match the normal patterns for
the individual or legal entity
• Example: a customer places several deposits each just
below a mandatory reporting threshold.
• Example: a business account for a small flower shop
suddenly has a large wire transfer in and out of the account.
• Example: several unusually large cash deposits are placed in
(in different accounts) close proximity in time
Primary Level Technologies
• Risk Management Software (cont).
– Can automate reporting requirements
– Can automate record keeping requirements
– Rare that these technologies are used in developing
economies
• Expensive
• Works in conjunction with existing automated transactions
processing systems
• Many banks are pocket banks, with small number of
customers and transactions.
• Still possible to do same things at low cost
• Identification Software
– Watch List Matching (e.g. OFAC matching SW)
Government Level Technology
• Regulatory Technology
– Not well developed
– Especially important in developing economies without
reliable primary level institutions
– Management of Firms subject to Regulation
• basic database application
– Compliance Detection
• Audit Selection
– Key to Efficient Allocation of Audit Resources
» Industry based, Geographically based
– Tools to compare expected vs. actual level of reporting
» Instances where large gap between expected vs. actual
levels are subject to greater compliance examination
Government Level Technology
• FIU Technologies
– Different types of Financial Intelligence Units
• Administrative
– Basically serves as a repository for mandatory reporting data.
Acquires and organizes data in a manner suitable for retrieval
by law enforcement
– Performs Macro-level analysis (e.g. trend analysis)
• Investigative
– Same functions as Administrative, but also adds value through
in-depth analysis and pro-active case development.
– Typically has access to additional data beyond mandatory
reporting data.
– Both need data, but Investigative needs much more
FIU Technologies-Data Sharing
Agreements
• Need to define formats for interchange of data.
The format constitutes a contract between the
FIU and the provider.
– Some formats are better than others! (e.g. XML
format usually better than delimitated format)
– Well-defined formats can reduce costs on both sides
by automating transfers and (depending on the
format) potentially eliminating errors
• Need to define mechanism for interchange
– Security is an issue, but need to be realistic!
– Use workgroups
– Recognize mutual interest
FIU Technologies—Making Data
Useful
• Need to “clean” data
• Need to “normalize” data
• Cleaning essentially enhances the quality of data.
“Keveen” becomes “Kevin”
– Use of dictionaries (surnames, given names, streets, cities, etc.)
– Correction of transposition errors
• Normalizing is putting in the same format.
– For example, an address can be represented as one field, or as
several fields. The order of fields may vary.
- “Joey” or “Joe” become Joseph (gets tricky!)
- Without cleaned and normalized data we can’t match,
without matching, we can’t do significant value-added
analysis. High-tech analysis tools won’t help.
FIU Technologies
•
Basic FIU Technologies (common for both types)
– Data Acquisition
•
•
•
•
Security. Encryption. Public Key Infrastructure.
Document Management
Document Formatting Standards (e.g. XML)
Communication Technology (e.g. internet, dial-up, magnetic media)
– Data Organization and Data Quality
• Database
• Extraction, Load, Transformation (ELT)
• “Cleaning” technologies for normalizing data
– Data Retrieval
• Query tools
• Web-based tools
•
Advanced FIU Technologies (for Investigative FIUs)
– Generally requires non-reporting data from other sources
• Other government ministries
• Other governments
• Private sources (e.g. credit data)
– Allows data from different sources to be matched
Basic FIU Technologies
• Document Management
– Often overlooked by FIUs. A Key tool for any financial
investigation.
– Low tech, easy to use, low cost
– Much (even most) useful data comes in
“unstructured” formats.
– Databases do not do a good job of dealing with
unstructured data
• E.g. Can be in unsuitable formats such as spreadsheets or
word processing documents
• May come in a paper form
• Difficult to design a database that effectively captures and
organizes unstructured data
Basic FIU Technologies
• Document Management Systems
– Stores documents in a file system rather than a
database.
– Identifies documents by associating “meta-data” with
the document, e.g. data about the document itself
– Allows paper documents to be scanned to create an
image
– Images can then be converted to text via Optical
Character Recognition (OCR) process
– Text can be indexed and searched
– Useful for all types of investigations (including FIU, of
course)
– Alphabets can be a problem (e.g. Georgian, Thai)
– Language is usually not a problem
Advanced FIU Technologies
• Data Matching
– First need to Identify Entities based on their attributes
• Sometimes Entities can be matched exactly based on unique
identifiers
• Sometimes Entities can be matched “fuzzily”, based on a
probabilistic estimate (A and B are “probably “ the same.)
• Identification is a key Technology
– Data Matching Allows Us To:
• Match against national, international, and FIU Watch Lists
• Build a comprehensive picture of an entity's financial and legal
relations based on transactional and reporting data.
• Investigate possible money laundering activity
• Pro-actively develop money laundering cases
• For example, if a entity in a report can be matched with a tax record,
and if the declared income is not consistent with the amounts on the
report, suspicion is heightened
Currency Transaction Report (CTR)
Institution
Name
Account
Number
Passport
Number
Tax
ID
Account
Name
Transaction
Amount
FirstBank
112233
9281038
1301830
Ivan Smith
10,000
FirstBank
332211
2938203
1290878
John Petrovich
20,000
Unambiguous
(exact)
Match
Ambiguous
(“Fuzzy”)
Match
Tax
ID
Taxpayer
Name
1290878
Jon Petrovich
Tax Records
...
Declared
Income
2,300
Advanced FIU Technologies
• Link Analysis
– The “holy grail” of financial analysis
• Uncover deliberately obfuscated webs of financial
transactions by following links among people, accounts,
physical objects, legal entities, activities, etc.
• Match linked patterns with stored patterns of money
laundering
– Still a manual activity, but great potential for
application of technology.
– Data acquisition, cleaning, normalization,
identification, and matching are prerequisites that are
almost never met.
– Can ask questions such as: What is the link between
entity A and entity B?
Example: Link Searching
Question: What is the link between Ivan Smith and Ace Flower Ltd.?
Answer 1:
Ivan Smith
Telephoned
Bob Jones
Ace Flower Ltd.
Received Wire
Transfer From
Answer 2:
Share
Address
Ivan Smith
Alex Piper.
Employed By
Eva Piper.
Owns
Owns
Acme Tools.
Ace Flower Ltd.
Advanced FIU Technologies
• Link Visualization
– Very Popular among FIUs
– Often misunderstood as Link Analysis tools
– Useful for rapidly communicating essential aspects of
a case to managers and decision makers, law
enforcement, prosecutors, juries.
– Useful tool for analysts to store information about a
case
– Not very useful for analysis per se
– Not a panacea, or anything close to it
– Fundamental technologies already described are far
more important, albeit less colorful and dramatic
Governmental Level Technologies
• Law Enforcement/Prosecution
– Can use same tools as FIU
– Case Management Tools
– Forensic and Hacker Tools
Case Management Tools
• Possible Features
– Serve as Repository for Case Related Documents (e.g.
depositions, investigators notes, other documents)
– Sometimes linked with Evidence Management Systems
– Can control access to case files
– Search features
– Can generate “alerts” when case files are updated or viewed
– Can coordinate activities of multiple investigators
– Can be integrated with a workflow process for case initiation,
case promotion, case referral, case closure.
– Can have management functions for scheduling activities and
resources, identifying cold cases, etc.
Forensic and Hacker Tools
• Turning the suspect’s computer into a weapon
against him!
– Creating the web of companies and accounts and
transactions necessary for advanced money
laundering is a complicated undertaking
– The unsophisticated money launderer will keep paper
records, that are subject to search and seizure
– The more sophisticated money launderer will store
this information on their computer
– The most sophisticated money will store the
information in an encrypted form
Forensic and Hacker Tools
•
•
Computers are subject to the same search and seizure as documents.
Suspect computers can make an investigator’s life easier
–
–
–
–
•
Single storage location for all financial information
Lists of contacts
Easily Searchable
Can be monitored remotely in some cases using the computer equivalent of a
wiretap.
When Data is Encrypted Hacker Tools Can be Employed
– Social Engineering.
• Getting a suspect to voluntarily reveal information (e.g. password)
– Tools installed on a suspect’s computer
• Key loggers
– Tools for breaking encryption
• “Brute Force” rarely works on modern algorithms
• Dictionary attacks are very effective since many passwords are common words
• Sometimes users store passwords in unencrypted files. Indexes of words (see
Document Management) on user’s computer can be used for a dictionary attack.
Integration
• Multiple Kinds
– User Interface
– Business Process
– Data
• For AML, first priority is integration at Data Level
– Think of a common form for exchanging information
among FIUs as data level integration
• Next priority is integration at business process
level
– Think of having that form integrated with your analytic
system, and translation system, and e-mail system as
being integration at the level of the business process
Software Sources
COTS, Freeware, or Custom?
•
Some Problems
– No Comprehensive Commercial FIU Solution
• Most products address only part of the problem
• Need integration
• E.g. OFAC List matching products, or data cleaning products for US-based addresses
only
– Borrowed software not “productized”
• No support guaranteed
• Documentation not always available
• Not intended to be used in multiple environments
– Shoehorning can be as expensive as building from scratch.
– In general, unless something was designed to be shared, it won’t be easily sharable
– Definitely no silver bullet!
– Custom SW
• Good news is that labor is cheap In many places where we work!
– What is easily Reusable?
• Processes
• Requirements
• Designs
What Can You Do?
•
Develop a plan!
–
–
–
Begin at the beginning
Resist temptation to buy a product, no matter which expert recommended it!
Focus on free things first
•
•
Document Processes
Document Interfaces
–
–
Then focus on things that are necessary, but not glamorous
•
•
•
•
•
–
Data retrieval tools
Data manipulation tools
Then start thinking about automated tools
•
•
•
–
Collecting data
Cleaning it
Organizing it
Document Management
Writing matching algorithms that work for your jurisdiction
Then start thinking of basic manual analysis tools
•
•
–
Form workgroups with reporting subjects and data suppliers
Risk based selection
Watch list matching
Workflow
And don’t forget about security!
Analytic Processing
Workstations and Clients
Local
DB
Local Visualization Workstation
(I2, Watson)
Internal Thin Client/Browser Client
External Thin Client/Browser Client
Other External Clients
(e.g. Remote Analytic Agents
Internet
FMC LAN/WAN
Web Server/Portal Server
Data Center Applications
(Data Mining, Case Selection
TBD)
Commerical Server Apps. (TBD)
J2EE Application Server
Data Access Layer
Case
Mngmnt
Raw Data
Report Formatter (Servlet, JSP)
Business Rules (EJB)
CTR
Processed Data
Data Warehouse
Internal Data
Data Center
SAR
Security
Query Processor
FMC Conceptual Software Architecture
Web Clients
Other FMC-Developed Clients
J2EE Application Server
Data Access (PL/SQL, SQL, JDBC, OCI, etc.)
Raw Data
Transformation
Library
Oracle Forms
Cleaning
Library
Loading
Library
SQL Loader
Stand-Alone
Applications
(e.g. Watson)
EJB, Servlet, JSP
Custom and 3rd party
extraction and load tools
JMS, CORBA, RMI, ...
Web Server
Integrated
Applications
(Document
management,
other
integrated
external
systems)
Processed Data
Stand-Alone
Applications
(e.g. I2)
Stovepipe
Applications
- email
- HR
- Procurement
FMC Phased Processing Concept
Data
Warehouse
3rd - Party Data Source
Data Acquisition
(ELT Processes)
Other
Data Entry
FMC DB
Tips
Case
DB
SARs
Online
Analysis /
Investigations
Automated
Selection
Accounts DB
Identification
Data
Mining/
Pattern
Discovery
ComputerAssisted
Analysis
(Visual
Query Tool)
Case
Mngmt.
External
Sharing/
Requests
Phase I
Phase II
Data Acquisition and Quality Processing
Remote Agent
Web Client
SAR
SAR
CBR
SAR
Government/3rd Party Data Suppliers
(online/batch)
CTR
Custom Parser/Loaders
Custom Parser/
Loaders
Data Access (PL/
SQL, SQL, JDBC,
OCI, etc.)
Data Access Component Layer
(Business Objects--EJB)
SQL Loader
Data Access Technology(PL/SQL, JDBC, OCI,
etc.)
Oracle Forms
Cleaning
Library
Transformation
Library
Unstructured Data
Structured Data
Loading
Library
Aggregation/
Denormalization
Library
Index Optimizer
GDMLP Automated Analytic Capability
Background
Processes
Document
Database
Query Tools
Third Parties
Pattern Matching
State Bodies
Data Warehouse
Identification
Risk Based
Selection
CTR
GDMLP
Analyst
Dossier
Dossier
Link Discovery
GDMLP
Analyst
Dossier
Watchlist Lookup
SAR
Link Visualization
Watchlists
Dossier
Selected Reports
(w/dossiers)
GDMLP
Analyst
GDMLP
Director/Analytic Head