Ahead of his appearance at FinCrime World Forum, Nick Maxwell explains why public- private information-sharing, aided by fresh thinking and new technology, is crucial to tackling financial crime
Nick Maxwell has seen first hand the damage that financial crime can do.
While serving in Afghanistan as a Counter-Insurgency Threat Finance Specialist as part of a taskforce, Maxwell saw how corruption can undermine institutions and damage progress.
It was the beginning of a shift in his career towards wider financial crime matters and a focus on solutions to identify and cut off the flows of illicit funds that are created by damaging crimes.
For the past four years, Maxwell has been heading up a project looking at particular kinds of solutions that are set to have far-reaching consequences for Anti-Money Laundering and Counter Terrorism-Financing (AML-CTF) across the globe, namely public-private information-sharing partnerships.
Maxwell, speaking to us a fortnight before he is appearance at FinCrime World Forum, says: “In many ways information sharing is at the core of what the AML/CTF system should be doing anyway,” he says.
“The private sector should be identifying suspicions of crime and sharing that information with Government Financial Intelligence Units.
“But there are real challenges in terms of lack of effectiveness, huge costs of compliance and an ever-increasing data collection footprint on society.”
The need to address these issues was a driver behind the formation of The Future of Financial Intelligence Sharing (FFIS) project four years ago.
FFIS is an ongoing research programme involving the United Kingdom defence think tank Royal United Services Institute and Maxwell, via his practice NJM Advisory.
FFIS is devoted to looking at public-private partnerships and how they can be used, alongside new technologies and fresh thinking, to tackle financial crime more adequately across the world.
Maxwell says: “The concept of public-private information sharing has taken off over the last five years. This is the idea that financial institutions or other regulated entities shouldn’t just work out for themselves what criminality looks like when it comes to their business.
“It is very difficult for financial institutions to identify the real pattern of criminality and to see the necessary behaviour just within their own data, there is a need to have collaborative analytics to identify financial crime”
“That they benefit greatly from guidance from law enforcement, about the trends they’re seeing on criminality, and on particular subjects of interest. When this happens, the reporting entities can find the needle in the haystack and the public agencies are getting something more useful back. They’re getting reporting which is more responsive, or timely and ultimately more useful.”
In addition, says Maxwell, there is also increased interest in private-private information sharing as criminals become better at spreading their activities across different institutions.
“It is very difficult for financial institutions to identify the real pattern of criminality and to see the necessary behaviour looking only within their own data. Criminals operate across institutions and there is a need to have collaborative analytics across institutions to identify financial crime.”
This drive to share timely information, both between public and private bodies and between different private companies, sounds like a must, but there are some barriers. One of these concerns the sharing of information cross-jurisdiction, which Maxwell points out, is not a barrier for the criminals.
Another challenge is posed by the growing interest globally in data protection and privacy issues. Maxwell says there is a “real tension” between how data protection regulatory systems and AML systems are designed.
“Data protection, particularly in a General Data Protection Regulation (GDPR) jurisdiction, is data minimalist. So, at all stages processors and controllers should be seeking to minimise the amount of data being processed and it should only be shared for specific purposes and be limited in terms of the duration of storage, for instance” he says.
“Now on the other hand, the anti-money laundering framework is really designed under a data maximalist mindset, which is, the more data you have to understand potential suspicion, the better.”
Maxwell says however that there need not necessarily be a conflict between the two mindsets as long as governments create a legal basis for sharing data to tackle financial crime (as allowed under GDPR). Some jurisdictions do not have this legal basis and therefore “financial institutions are caught in a difficult situation where they want to be effective, but they are really bumping up against data privacy concerns”, he says.
As an example he cites a project called Transaction Monitoring Netherlands, a collective transaction monitoring initiative featuring five banks (ABN AMRO, ING, Rabobank, Triodos Bank and de Volksbank). This project has, says Maxwell, demonstrated proof of concept with synthetic data and is now engaged in a data collection exercise on corporate transaction data . However, it doesn’t yet have a legal basis for being applied to personal data in real-time. The hope is that legislation, promised before the Dutch government collapsed in January, will be enacted later this year to create the lawful basis for sharing.
“Technology is enabling the opportunity to move towards real time understanding of crime”
One factor that may put data protection bodies some reassurance is the use of technology and particularly privacy-enhancing technologies (PET). PETs vary in their specifics, including different forms of zero-knowledge proofs, secure multi-party computation and homomorphic encryption techniques. However, the basic idea is that useful analysis can be shared without the underlying personally identifiable information being passed on or disclosed in the process.
FFIS is currently running a research project on PETs, and published a new paper in January identifying case studies from around the world and sharing the very latest learning.
The sense from Maxwell is that to adequately tackle financial crime we have to move on from old AML paper-based processes and a tick-box culture towards a more intelligence-based, information sharing model aided by technology that could enable more effective results with “a smaller data intrusion footprint on society”.
“Technology is enabling the opportunity to move towards real time understanding of financial crime, the ability to detect patterns of suspicion across multiple institutions, actually without disclosing underlying sensitive data”, says Maxwell.
“And then to see that as a network across multiple financial institutions - to be able to perhaps respond in real time to the criminality that’s taking place. This would be an improvement on the current system, which was designed in the 1980s, in a paper-based banking framework, which really is just about collecting a huge amount of historic data on transactions and activity which sits in a large government database”.
Nick Maxwell is speaking at Striking the balance between Fin Crime, Privacy Law, and Encryption - What needs to change? at 5.15pm on 23 March at FinCrime World Forum