Terrorism impacts our lives each and every day; whether directly through acts of violence by terrorists, reduced liberties from new anti-terrorism laws, or increased taxes to support counter terrorism activities. A vital component of terrorism is the means through which these activities are financed, through legal and illicit financial activities. Recognizing the necessity to limit these financial activities in order to reduce terrorism, many nation states have agreed to a framework of global regulations, some of which have been realized through regulatory programs such as the Bank Secrecy Act (BSA).
As part of the BSA (an other similar regulations), governed financial services institutions are required to determine if the financial transactions of a person or entity is related to financing terrorism. This is a specific report requirement found in Response 30, of Section 2, in the FinCEN Suspicious Activity Report (SAR). For every financial transaction moving through a given banking system, the institution need to determine if it is suspicious and, if so, is it part of a larger terrorist activity. In the event that it is, the financial services institution is required to immediately file a SAR and call FinCEN.
The process of determining if a financial transaction is terrorism related is not merely a compliance issue, but a national security imperative. No solution exist today that adequately addresses this requirement. As such, I was asked to speak on the issue as a data scientist practicing in the private intelligence community. These are some of the relevant points from that discussion.
Determining if a transaction is terrorism related, requires more that analyzing the anomalous nature of the activity, but the correlation of seemingly unrelated signals (profiles, transactions, interactions, etc.) through behavioral analyses. Data (enterprise, IT, open source) is the historical debris of human activity. While any single data record is associated with one person, two physical independent events can be found through the causal behavioral analysis of data chains.
Know Your Customer (KYC) is a common means through which one can learn about structures and behaviors of each individual in a community (e.g., commercial banking, insurance, etc.). It is the governing program through which customer due diligence is performed as part of compliance activities associated with on boarding and on going monitoring activities.
Over the years, through ongoing regulatory additions and changes, KYC has grown in complexity and, as a result, has become a significant multifaceted challenge to institutional employees. In additional to knowing about customer, there is now a need to know more about the customer’s customers (KYCC). There are significant deficiencies associated with determining propensity (probably), intelligence, and monitoring activities; even though most organizations are adequately dealing with a few of the ingestion, processing, and reporting activities.
There are six major components to an effective know your customer program. Terrorism Financing Monitoring is one of the least mature and the hardest technically to solve. Traditional approaches encode simple transactional behaviors found through manual investigations into rules engines and event monitoring systems, an approach that does not scale as fast as the terrorism financing activities they are designed to defeat.
Money laundering (ML), as defined by the United Nations, is the process through which the proceeds of criminal activities are disguised to conceal their origins. Fundamentally, money laundering is about financial structure (where) and behavior (how). The Financial Action Task Force (FATF) has established international standard for ML monitoring and reporting.
While the mean through which money is laundered is beyond the scope of this presentation, there are several concrete examples that have been discovered as part of an ongoing money laundering ontology. The High Invoicing Scheme is often used to launder licit funds through commercial business enterprises by exchanging low value goods for high value illicit funds.
Terrorist Financing (TF) involves the solicitation, collection or provision of funds with the intention that they may be used to support terrorist acts or organizations. In addition to understanding the structure and behavior of financial sources, understanding their intended use is also necessarily. This “intent” is one of the characteristics that make identifying terrorism financing so difficult.
Terrorism financing and money laundering are interrelated. In money laundering, funds are always illicit in their origin, where funds for terrorism financing can come from both legal and illicit sources. Because of the dual funding source and the intended use of the funds, it is extremely difficult to identify whether financial activities are related to terrorism financing.
Below is a set of real account, transactional, and international profiles. Are they normal? Are they an example of money laundering? What about terrorism financing? In additional to answering these questions, would traditional ML and TF monitoring systems identify each activity or tie them together? The answers are at the bottom of this article.
A wide variety of Anti-Money Laundering products are available today. At a baseline level, AML systems automate mandatory legal and regulatory compliance requirements and support the necessary enhanced due diligence and Know Your Customer policies.
Use cases in Risk are centered around connecting all business and financial information systems to enable enterprise regulatory, monitoring, and reporting requirements in order to further better risk decision making. Identify fraudulent behavior before it happens, with proactive intelligence and investigation tools, that are all capable of operating across multiple channels and nations.
Data and intelligence analysts, as well as KYC AML & TF specialists, face an exponentially increasing challenge to thoroughly identify new customers and monitor all customer behaviors on a ongoing basis.
What is the new TF intelligence paradigm given the global regulatory requirements, the maturation of terrorist, the complexity of financial services information technology systems, and the national security imperative to find, fix, finish (exploit, analyze, and disseminate) terrorism actions pre-boom? It starts with the recognition that tradition enterprise (ERP, CRM, etc.) and IT (transactional logs, click through, etc.) data sources are insufficient. Additional data deep web and open source data needs to integrated into the analyses as a means identify networked behaviors.
In addition to new data sources, man and machine need to be integrated into a deep learning enabled ecosystem. Modeling the behaviors of bad guys is often counter productive, given their speed of adaptation. A more viable approach leverages modeling good guys and removing them from the target population under investigation. Machines automate this process of removing good behaviors from the system through black list aggregation and human guided machine learning algorithms. Intelligence experts perform enhanced investigations through Human, Physical, and Cyber Intel programs. All of these activities are wrapped in deep learning machines that learn from those highly utilized behaviors, driving the search from new data source and intelligence procedures.
The new enterprise solution delivers (outside the box) the identity of bad people and organizations, behavioral activities, FinCEN SAR filings, and xml integration into the banking enterprise. In order to achieve these outcomes, banking enterprise and IT data, 3rd party black lists, and deep web and open source data is consumed. Bank AML and TF experts work in conjunction with Data Science, Behavioral, and Intelligence teams. As part of an enterprise learning system, the intelligence results are feedback into the platform as a means through which knowledge is grown.
In enterprise architecture language, capabilities are “the ability to perform or achieve certain actions or outcomes through a set of controllable and measurable faculties, features, functions, processes, or services.”(1) In essence, they describe the what of the activity, but not necessarily the how. For a data science-driven approach to deriving insights, these are the collective sets of abilities that find and manage data, transform data into features capable of be exploited through modeling, modeling the structural and dynamic characteristics of phenomena, visualizing the results, and learning from the complete round trip process. The end-to-end process can be sectioned into Data, Information, Knowledge, and Intelligence.
Data science is much more than just a singular computational process. Today, it’s a noun that collectively encompasses the ability to derive actionable insights from disparate data through mathematical and statistical processes, scientifically orchestrated by data scientists and functional behavioral analysts, all being supported by technology capable of linearly scaling to meet the exponential growth of data. One such set of technologies can be found in the Enterprise Intelligence Hub (EIH), a composite of disparate information sources, harvesters, hadoop (HDFS and MapReduce), enterprise R statistical processing, metadata management (business and technical), enterprise integration, and insights visualization – all wrapped in a deep learning framework. However, while this technical stuff is cool, Enterprise Intelligence Capabilities (EIC) are an even more important characteristic that drives the successful realization of the enterprise solutions needed to address the emerging KYC ML and TF threats.
Terrorism financing came into the limelight after the terrorist attacks in the United States on the 11 September 2001. Global anti-terrorism programs, now manifested themselves through nation state regulations such as the Bank Secrecy Act, can be more effective through the use of deep learning ecosystems that integrate both machine and man. This is one such platform capable of achieving this goal.
Post – The financially related transactions above where those associated with the 9/11 terrorists in 2001.
Categories: Application, Deep Learning, Enterprise Intelligence Architecture, OSINT
Leave a Reply