NewImageTerrorism impacts our lives each and every day; whether directly through acts of violence by terrorists, reduced liberties from new anti-terrorism laws, or increased taxes to support counter terrorism activities. A vital component of terrorism is the means through which these activities are financed, through legal and illicit financial activities. Recognizing the necessity to limit these financial activities in order to reduce terrorism, many nation states have agreed to a framework of global regulations, some of which have been realized through regulatory programs such as the Bank Secrecy Act (BSA).

As part of the BSA (an other similar regulations), governed financial services institutions are required to determine if the financial transactions of a person or entity is related to financing terrorism. This is a specific report requirement found in Response 30, of Section 2, in the FinCEN Suspicious Activity Report (SAR). For every financial transaction moving through a given banking system, the institution need to determine if it is suspicious and, if so, is it part of a larger terrorist activity. In the event that it is, the financial services institution is required to immediately file a SAR and call FinCEN.

The process of determining if a financial transaction is terrorism related is not merely a compliance issue, but a national security imperative. No solution exist today that adequately addresses this requirement. As such, I was asked to speak on the issue as a data scientist practicing in the private intelligence community. These are some of the relevant points from that discussion.

2014 12 16 21 38 08

Determining if a transaction is terrorism related, requires more that analyzing the anomalous nature of the activity, but the correlation of seemingly unrelated signals (profiles, transactions, interactions, etc.) through behavioral analyses.  Data (enterprise, IT, open source) is the historical debris of human activity. While any single data record is associated with one person, two physical independent events can be found through the causal behavioral analysis of data chains.  

2014 12 16 20 26 13Know Your Customer (KYC) is a common means through which one can learn about structures and behaviors of each individual in a community (e.g., commercial banking, insurance, etc.). It is the governing program through which customer due diligence is performed as part of compliance activities associated with on boarding and on going monitoring activities. 

2014 12 16 20 12 24

Over the years, through ongoing regulatory additions and changes, KYC has grown in complexity and, as a result, has become a significant multifaceted challenge to institutional employees. In additional to knowing about customer,  there is now a need to know more about the customer’s customers (KYCC). There are significant deficiencies  associated with determining propensity (probably), intelligence, and monitoring activities; even though most organizations are adequately dealing with a few of the ingestion, processing, and reporting activities.

2014 12 16 20 13 04

There are six major components to an effective know your customer program. Terrorism Financing Monitoring is one of the least mature and the hardest technically to solve. Traditional approaches encode simple transactional behaviors found through manual investigations into rules engines and event monitoring systems, an approach that does not scale as fast as the terrorism financing activities they are designed to defeat. 

2014 12 16 20 13 43Money laundering (ML), as defined by the United Nations, is the process through which the proceeds of criminal activities are disguised to conceal their origins. Fundamentally, money laundering is about financial structure (where) and behavior (how). The Financial Action Task Force (FATF) has established international standard for ML monitoring and reporting.

2014 12 16 20 14 31

While the mean through which money is laundered is beyond the scope of this presentation, there are several concrete examples that have been discovered as part of an ongoing money laundering ontology. The High Invoicing Scheme is often used to launder licit funds through commercial business enterprises by exchanging low value goods for high value illicit funds.

2014 12 16 20 15 07

Terrorist Financing (TF) involves the solicitation, collection or provision of funds with the intention that they may be used to support terrorist acts or organizations. In addition to understanding the structure and behavior of financial sources, understanding their intended use is also necessarily. This “intent” is one of the characteristics that make identifying terrorism financing so difficult.

2014 12 16 20 15 58

Terrorism financing and money laundering are interrelated. In money laundering, funds are always illicit in their origin, where funds for terrorism financing can come from both legal and illicit sources. Because of the dual funding source and the intended use of the funds, it is extremely difficult to identify whether financial activities are related to terrorism financing.

2014 12 16 20 16 33Below is a set of real account, transactional, and international profiles. Are they normal? Are they an example of money laundering? What about terrorism financing? In additional to answering these questions, would traditional ML and TF monitoring systems identify each activity or tie them together? The answers are at the bottom of this article.

2014 12 16 20 17 14

A wide variety of Anti-Money Laundering products are available today. At a baseline level, AML systems automate mandatory legal and regulatory compliance requirements and support the necessary enhanced due diligence and Know Your Customer policies.

2014 12 16 23 03 48 

Use cases in Risk are centered around connecting all business and financial information systems to enable enterprise regulatory, monitoring, and reporting requirements in order to further better risk decision making. Identify fraudulent behavior before it happens, with proactive intelligence and investigation tools, that are all capable of operating across multiple channels and nations.

2014 12 16 23 05 19

Data and intelligence analysts, as well as KYC AML & TF specialists, face an exponentially increasing challenge to thoroughly identify new customers and monitor all customer behaviors on a ongoing basis.

2014 12 17 08 38 01What is the new TF intelligence paradigm given the global regulatory requirements, the maturation of terrorist, the complexity of financial services information technology systems, and the national security imperative to find, fix, finish (exploit, analyze, and disseminate) terrorism actions pre-boom? It starts with the recognition that tradition enterprise (ERP, CRM, etc.) and IT (transactional logs, click through, etc.) data sources are insufficient. Additional data deep web and open source data needs to integrated into the analyses as a means identify networked behaviors.

2014 12 16 20 20 11 

In addition to new data sources, man and machine need to be integrated into a deep learning enabled ecosystem. Modeling the behaviors of bad guys is often counter productive, given their speed of adaptation. A more viable approach leverages modeling good guys and removing them from the target population under investigation. Machines automate this process of removing good behaviors from the system through black list aggregation and human guided machine learning algorithms. Intelligence experts perform enhanced investigations through Human, Physical, and Cyber Intel programs. All of these activities are wrapped in deep learning machines that learn from those highly utilized behaviors, driving the search from new data source and intelligence procedures.

2014 12 16 20 20 37

The new enterprise solution delivers (outside the box) the identity of bad people and organizations, behavioral activities, FinCEN SAR filings, and xml integration into the banking enterprise. In order to achieve these outcomes, banking enterprise and IT data, 3rd party black lists, and deep web and open source data is consumed. Bank AML and TF experts work in conjunction with Data Science, Behavioral, and Intelligence teams. As part of an enterprise learning system, the intelligence results are feedback into the platform as a means through which knowledge is grown.

 2014 12 17 09 36 26

Ienterprise architecture language, capabilities are “the ability to perform or achieve certain actions or outcomes through a set of controllable and measurable faculties, features, functions, processes, or services.”(1) In essence, they describe the what of the activity, but not necessarily the how. For a data science-driven approach to deriving insights, these are the collective sets of abilities that find and manage data, transform data into features capable of be exploited through modeling, modeling the structural and dynamic characteristics of phenomena, visualizing the results, and learning from the complete round trip process. The end-to-end process can be sectioned into Data, Information, Knowledge, and Intelligence.

2014 12 16 20 21 57

Data science is much more than just a singular computational process. Today, it’s a noun that collectively encompasses the ability to derive actionable insights from disparate data through mathematical and statistical processes, scientifically orchestrated by data scientists and functional behavioral analysts, all being supported by technology capable of linearly scaling to meet the exponential growth of data. One such set of technologies can be found in the Enterprise Intelligence Hub (EIH), a composite of disparate information sources, harvesters, hadoop (HDFS and MapReduce), enterprise R statistical processing, metadata management (business and technical), enterprise integration, and insights visualization – all wrapped in a deep learning framework. However, while this technical stuff is cool, Enterprise Intelligence Capabilities (EIC) are an even more important characteristic that drives the successful realization of the enterprise solutions needed to address the emerging KYC ML and TF threats.

2014 12 16 20 22 31

Terrorism financing came into the limelight after the terrorist attacks in the United States on the 11 September 2001. Global anti-terrorism programs, now manifested themselves through nation state regulations such as the Bank Secrecy Act, can be more effective through the use of deep learning ecosystems that integrate both machine and man. This is one such platform capable of achieving this goal. 

Post – The financially related transactions above where those associated with the 9/11 terrorists in 2001.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.