Information-sharing partnerships between banks and national law enforcement agencies are being adopted at pace globally in the fight against financial crime, but they are, in their current form, not sufficient to tackle the scale and complexity of the challenge, according to experts.
Instead, banks and authorities should move towards a networked approach to transaction monitoring and analytics, which would involve an overhaul of the decades-old suspicious activity reports, or SARs, they said.
'Needle in a haystack'
Today, banks around the world are required to proactively identify and report suspicious activity to national financial intelligence units, but much of what they are filing is "rubbish" and causing authorities to "drown" in SARs, according to Graham Barrow, an anti-money laundering banking specialist who has helped uncover scandals such as one at Danske Bank and the FinCEN files leak.
Wim Mijs, CEO of the European Banking Federation, has previously described SARs as being comparable to a haystack delivered to police every week for them to find a needle.
The FinCEN files, documents leaked from the U.S. Financial Crimes Enforcement Network indicating that banks including HSBC Holdings PLC, JPMorgan Chase & Co., Barclays PLC and Standard Chartered PLC helped facilitate suspicious transactions, illustrated how financial institutions use SARs as a "defense mechanism" to pass liability onto other stakeholders, according to Rachel Woolly, director of financial crime at regulatory consultancy Fenergo, speaking to CNBC.
To address this challenge, countries around the world are keenly exploring a public-private partnership model in which authorities and banks exchange insights relating to financial crime threats and risks.
Particularly within the last 12 months there has been "an explosion" of such partnerships, said Martin Andersson, a partner of financial services at Oliver Wyman. These collaborations are helping banks to become "more targeted" in their suspicious activity reporting, whereas before they received little feedback as to the quality of the submitted reports, he said in an interview.
There are 23 financial crime information-sharing partnerships in existence today globally, according to a study released in August by the Future of Financial Intelligence Sharing research program at the Royal United Services Institute.
The U.K. was the first to put in place such initiative with the creation of the Joint Money Laundering Intelligence Taskforce, or JMLIT, in 2015, which has since led as an example for other nations, according to the study.
The outcome has indeed been measurable in the fight against financial crime. As of June 2020, JMLIT has led to closures of 3,400 accounts, £56 million in assets being seized or restrained as well as 210 arrests, the study found.
But while public-private partnerships have been producing "interesting results," they are not substantial compared to the size of the financial crime challenge, said Nick Maxwell, head of RUSI's Future of Financial Intelligence Sharing program and author of the study.
"It's been a useful tool, but it's not responding to the scale of financial crime that is assessed to exist in most major economies or financial centers," he told S&P Global Market Intelligence.
The number of regulated entities involved in such partnerships is often small; so is the volume of information shared and the public sector resourcing of partnership efforts, according to Maxwell.
The key challenge, though, is that banks' alerts to authorities continue to be based on a suspicious activity reporting system created in the 1980s, where transaction monitoring sits within the individual financial institutions, said Maxwell. It means that the first stage of analysis is being conducted using "fragmented data," he said.
Illicit transactions by criminal networks may easily pass unnoticed for that reason. Transactions that may appear unproblematic to one financial institution could be found to be suspicious when analyzed in a broader context, Andersson said.
As a result most of the successful SARs today cover the "low-hanging fruit," helping to detect the "stupid people at the bottom of the criminal food chain, who are easy to catch," Barrow said.
"Criminals operate very well across multiple financial institutions, they operate well within a network of criminal entities, they operate well across borders," Maxwell said.
Collaborative analytics is therefore needed if banks are to identify such networks, he added. This is not currently something that is done through existing public-private partnerships, where information sharing tends to be "human-centric" rather than data-driven, Maxwell said.
"All of the partnerships that are currently active rely on humans to share information with each other, previously around the table and now through virtual calls," he said.
Even the frontrunner initiative JMLIT is essentially "a more structured discussion club," Andersson said, adding that it still based on the traditional SARs system and the manual handling of those reports.
Centralized transaction analysis
To effectively scale up and tackle the increasing scope and complexity of money laundering, a public-private partnership needs to be complemented by centralized transaction analysis, according to a February report in which Oliver Wyman explored what a new model could look like in a Swedish context.
"To really gain the effectiveness of this you need to start feeding all the data into a common data center. Then you can start to do something that makes a difference," said Andersson, who co-authored the report.
That requires technology and an overhaul of the SARs as they look today. The report suggests the establishment of a system where banks automatically submit broader transaction data meeting predetermined criteria directly into a centralized database, where it is analyzed centrally using tools such as pattern recognition, clustering and artificial intelligence, to more effectively detect suspicious activity.
Under this model, banks would have to "report more, not less," Andersson said. Enriched by historically reported data and intelligence from authorities, the financial intelligence unit would be able to do "more meaningful things" with the bank-level information, he added.
But moving towards technology-led information sharing and analytics — between banks or within a public-private partnership — is not going to be an easy journey. As Andrea Sharrin, Barclays' head of financial crime for Americas and investment banking, described it at the Sibos financial services conference Oct. 6, "just getting platforms to talk to each other within a single institution can be difficult," so the challenge in sharing information between multiple entities can only be imagined.
And once banks have overcome the technological limitations — which Sharrin said she was "confident that we will be able to" — they still face significant barriers from the existing legal framework, where laws on secrecy and personal integrity, such as the EU's GDPR, limit information sharing possibilities for banks.
"Technology can help, but really, it's a policy challenge," Maxwell said. "There needs to be policy recognition that the threat is only going to be addressed through collaborative analytics and system-wide understanding of networks of financial crime. And that's the big leap that needs to happen."