The Financial Intelligence Ecosystem

Financial intelligence is not an easy area to get into. There are not that many textbooks on the subject. There are also many information silos, and what one sees is often limited to the immediate surrounds of where one sits in the entire ecosystem. Having spent the last 2.5 years working with practitioners of financial intelligence across government and industry, I think I now have some basic understanding of the overall picture, which I would like to share with newcomers to the field. The following diagram is not a bad place to start. It shows the general information flow from financial institutions to financial intelligence agencies and, from there, to law-enforcement agencies.

A reporting entity is a company that provides financial services that are regulated under anti-money laundering and counter-terrorism financing laws; KYC = Know Your Customer; ECDD = Enhanced Customer Due Diligence; TTRs = Threshold Transaction Reports; IFTIs = International Fund Transfer Instructions; SMRs = Suspicious Matter Reports; FIU = Financial Intelligence Unit; API = Application Programming Interface; an intelligence product is a analyst report on specific threats or some macro or environmental threats.

One can see that there are safeguards and risk monitoring all over the ecosystem, and there is a reasonable mix of automation and human intervention in those risk-monitoring and risk-reduction processes. The parts of the diagram that are painted in brown are areas of the financial intelligence ecosystem where advanced analytics like predictive and prescriptive modelling can play an important role, mostly because the data volume that need to be processed at those places are enormous and the relationships that need to be mastered and managed, including cause and impact relationships, are often complex.

A key thing to understand about financial intelligence is that financial crimes cannot really be detected from financial transaction data alone. Here are the sort of things we can say about anomalies in financial transactions: (1) the source of fund cannot be explained; (2) there are rapid movement of fund through different channels, which may indicate intention to hide the money trail; or (3) the financial transaction behaviour is inconsistent with a customer’s expected business profile. These sort of activities, in themselves, are not strictly illegal. It is only when these activities accompany some predicate crime — tax evasion, welfare fraud, drug trafficking, etc — that criminality can be established and treated. For that reason, one needs law-enforcement presence throughout the ecosystem to supply leads and the risk contexts for the whole system to work well. In particular, pure discovery work in financial transaction data is quite difficult but commercial entities of interest lists like World Check and external datasets like those from RP Data and ASIC can be very useful in adding context behind financial data.

The overall system is far from perfect but, by and large, the regime works reasonably well in deterring, detecting, and disrupting financial crimes. The main limitation is perhaps in the links that are not there in the ecosystem. First of all, there are literally tens of thousands of reporting entities in a mature economy like Australia. These reporting entities are largely limited in what intelligence and data they can share with each other because of legal impediments around sharing SMRs between reporting entities to minimise the risk of (accidental) tipping offs. There is also not a lot of feedback loops built into the system, including that between reporting entities and a financial intelligence unit, and that between a financial intelligence unit and law-enforcement agencies. This is the one area where our best minds on legal, policy, and technology need to spend their time on.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s