Utilities – an important tool in fighting financial crime | Deloitte UK has been saved
Illicit finance is one of the most serious issues facing society today, threatening international security and prosperity. It can underpin and enable the most heinous of crimes, with estimates suggesting an overall cost to the UK alone of at least £37 billion a year.
Tackling illicit finance is difficult. Organised criminal gangs continuously evolve their operations to exploit and defeat controls put in place by law enforcement and the regulated sector. They exploit weaknesses in the system, deliberately moving money between multiple institutions and jurisdictions. This is in the full knowledge that challenges in information sharing between financial institutions will make it difficult for authorities and institutions simply to "follow the money".
In a previous white paper, we outlined a number of reforms that could improve the effectiveness of the response to tackling illicit finance. Essential among these was the development of innovative data and information-sharing utilities. These include mechanisms that allow the same process to be undertaken once on behalf of many organisations — for example, know-your-customer (KYC) utilities — or which enable siloed datasets to be brought together to identify patterns and networks that could not be seen by looking at data in isolation, such as transaction-monitoring (TM) utilities.
In recent years, there has been much more interest in utility models and a number of jurisdictions have begun to plan, pilot and explore approaches to information sharing. For example:
In the UK an information-sharing proof of concept facilitated by the UK Home Office and UK Finance is in progress, with the aim for multiple banks to share information about customers who pose the highest financial crime risk.
Pilots have shown that utilities are viable and valuable, demonstrating that it is possible to set up information sharing across multiple financial institutions and that the processing and outcomes can identify new risks, enhance intelligence and improve suspicious activity reports (SARs), as well as potentially releasing capacity across the system. To realise the full benefits, however, greater clarity in legal and supervisory frameworks would help.
Other sectors already successfully use utilities, from which the AML community should learn. For example, the benefits of information sharing utilities are well-understood in the fraud and cyber domains, where utilities are integral to business-as-usual (BAU) processes.
The public sector has a vital role to play and utilities work best when they use intelligence insights. This means that public-private collaboration, sharing intelligence about threats and risks, is a significant enabler of success. The public sector could play an even greater role, however, including the provision of data sets, clarification of guidance and clear encouragement for utilities through enabling regulation and legislation.
Managing data privacy requirements that protect the personal information of individuals when sharing data is a genuine challenge, but one that can be addressed. Privacy-enhancing technologies (PETs) such as homomorphic encryption could help.
The use of PETs should be balanced with discussion on the need for regulatory and legal clarity on information sharing and the use of data to support technological innovation. Wider use of cross-regulator sandboxes, for example, covering both data privacy and financial crime, would support greater sharing of best practice, particularly in relation to how data privacy and AML laws can be balanced.
Sharing information across borders is even harder, necessitating the management of data privacy regulations among jurisdictions. For example, the requirements of the EU General Data Protection Regulation (GDPR) still hold, regardless of a company's base or location, if they are collecting data from an individual within the EU. This affects the way entities share their data, and the efficiency with which they can do so.
Incentivisation is essential. The absence of regulatory recognition currently limits the time and resources that entities will invest in such initiatives when balanced against the need to meet wider regulatory obligations.
Leadership is critical and, coupled with an overarching governance structure, can drive forward and implement utilities where there are large and complex groups of stakeholders. Senior support within organisations can also unblock internal issues and help to resolve matters with other participants in utility models.
Lastly, there is opportunity to exploit existing points of data aggregation, such as the national payments architecture. A particular priority should be to test how centralised analytics could be run across these existing points of data aggregation to identify and disrupt financial crime and assess the effectiveness and efficiency of doing so.
Looking across information-sharing frameworks, in the authors' view there are four stages to driving a well-functioning utility system:
Organisations are likely to need one or more partners to provide many of the supporting services on this roadmap, such as project management or technology, if they are to fully realise the benefits of a well-functioning utility model.
Despite the potential challenges of developing utilities, they have the ability to transform the effectiveness of the anti-financial crime framework. This is especially true when public and private sector insight is brought together to enable utilities to be truly intelligence-led and aligned with the prioritisation of threats. As such, the development of utilities and the required investment and innovation should be actively encouraged.
 The economic and social costs of crime (publishing.service.gov.uk)
 Monetary Authority of Singapore Consultation Paper on FI-FI Information Sharing. (mas.gov.sg)
Link to Thomson Reuters Regulatory Intelligence article for subscribers: http://go-ri.tr.com/xvcZOV
Chris is a Director in the Financial Crime team within Deloitte's Forensic practice. He has over 15 years’ experience in intelligence, investigation, policy, and partner support roles within national law enforcement agencies. Chris has worked extensively with overseas law enforcement, industry and regulators to deliver operational objectives and build capability.
Luisa has worked with Deloitte’s Forensic technology team for more than 10 years following on from nearly 10 years’ experience of working on data, information and technology projects. Her career has spanned both the public and private sectors, and her technical work has included research and data analysis utilising a variety of software tools. Her previous experience covers work in the defence industry and the UK police service. At Deloitte, she has worked on FSI projects particularly in the area of Financial Crime. Luisa has experience of leading large, multi-disciplinary teams and has considerable experience of project management. She has also been awarded a PhD for academic research undertaken early in her career and is a chartered physicist.
Simran is a consultant within Monitor Deloitte and has worked across a variety of public and private sector clients. Simran supports organisations to better understand illicit finance risks and develop system solutions to detect and disrupt illicit financial flows.