Enhancing Financial Crime Controls with OSINT
The United Nations Office on Drugs and Crime estimates that between 2-5% of the global GDP is laundered globally in one year, totaling $2 trillion US dollars. Financial institutions are bound by laws and regulations intended to stop criminals from disguising illegally obtained funds as legitimate income to combat this criminality.
To comply with these money laundering regulations, financial institutions are required to conduct checks against customers often referred to through acronyms including AML, KYC, CID, CDD, and EDD.
Anti-money laundering (AML) is a process that outlines how a company plans to prevent money laundering. AML checks is a term often used collectively to include Know Your Customer (KYC) verification, Client ID (CID), and Client Due Diligence (CDD). AML checks ensure institutes meet their regulatory requirement to undertake ongoing customer due diligence. These checks ensure institutions know who their customer is, verify customers are who they say they are, and ensure an accurate understanding of any risks associated with doing business with that customer.
Know Your Customer (KYC) refers to verifying the identity of customers, including both existing and new customers, to identify and prevent risks. The control processes applied during KYC checks ensure that the institution has the necessary information about the customer to open an account and determine the customer's risk level. Outside of regulation, KYC can also involve understanding a customer’s goals to ensure appropriate advice can be provided.
Similar to KYC, Client Due Diligence (CDD) combines identity verification with understanding the purpose and nature of the potential business relationship an institution will have with a customer. Financial institutions collect and evaluate relevant information about potential customers to determine the potential risks of doing business with a particular organization or individual by analyzing various sources.
Client ID (CID) involves identifying and verifying who a customer is, based on documents or information independent of that provided by the customer.
Finally, Enhanced Due Diligence (EDD) is the process of investigating a higher-risk customer more thoroughly than lower-risk individuals.
The UK’s 2020 National Risk Assessment of money laundering and terrorist financing published by the FCA last month presented the risk that criminals may be attracted to the fast onboarding process of challenger banks, particularly when setting up money mule networks. The FCA argues that to facilitate opening accounts quickly, challenger banks are collecting insufficient information at the account opening stage to validate CDD and CID checks and identify higher-risk customers for EDD.
The FCA outlined in the review several areas for improvement, including:
- Financial crime control resources, processes, and technology have not been proportionate with expansion. The FCA has advised challenger banks to continuously make sure their financial crime controls remain fit for purpose through growth.
- Key weaknesses in CDD, specifically failure to obtain details about customer income and occupation, resulting in an incomplete assessment of the purpose and intended nature of a customer’s relationship with the bank. Relying on transaction monitoring systems to identify higher-risk customers, the banks failed to get a complete picture of the risk associated with the relationship, which ultimately made their transaction monitoring less effective.
- Some challenger banks were inconsistently applying enhanced due diligence (EDD) in higher-risk circumstances.
OSINT can play a powerful role in enacting financial crime controls, facilitating KYC, CDD, CID, and EDD checks, and Anti-Money Laundering investigations. Digital footprints are trails of public data left behind when someone interacts with internet services and platforms. Within digital footprints, there is a vast amount of online data about people and businesses. Financial institutions can corroborate customer-provided data by cross-checking it against publicly available information from the internet, including consented consumer records, social media, business and financial records, court records, and news articles. Information freely available on the internet is often not factored into customer onboarding checks, however, during financial crime investigations and due diligence checks, OSINT can deliver new levels of effectiveness in detecting risks and strengthening CDD and EDD checks.
With the vast amount of customers requiring CDD and CID checks every day, manual OSINT investigations across an extensive range of sources would be a monumental task. To manage the task, financial institutions require an easy-to-access platform that all of their team can utilize to conduct comprehensive intelligence checks and identify risks that would otherwise escape detection.
Similarly, during EDD checks, where high-risk customers are identified, evaluating the digital footprint of those individuals is proving vital. Today, it is largely impossible for an individual not to have a digital footprint, with people increasingly sharing more about themselves online. Identifying a lack of a digital presence can enable instant identification of false identities and potential fraudulent actors.
Incorporating the automated evaluation of digital footprints into AML workflows enables financial institutions to better identify, assess, and report financial, regulatory, compliance, and reputational risks identified through analysis of disparate sources of information. Manually scanning these sources for each customer would be a monumental task, however, incorporating AI and machine learning into the process enables organizations to conduct these checks quickly and effectively, enhancing the comprehensiveness, speed, and consistency of due diligence checks company-wide.
Integrating an automated, centralized platform can deliver significant operational efficiencies in time savings and the ability to spend further time on more complex investigations. It is also becoming increasingly clear that OSINT will become part of best practice for compliance measures for AML, which will require financial institutions to implement OSINT solutions into their AML workflows.
To facilitate instant OSINT checks into the AML process, Skopenow developed Pre-Check. Pre-Check automatically evaluates customer-provided data to trace and validate existing digital records, automatically screening applicants for digital presence during Customer Identification (CID) and Commercial Due Diligence (CDD) checks.
Pre-Check is a significant leap forward in automating risk analysis and improving workflow efficiencies in OSINT investigations, facilitating significant time savings and optimizing output for investigation teams.
Pre-Check instantly evaluates the digital footprints of individuals at scale, enabling organizations to assess thousands of potential threat actors at once to support quantified and transparent decision-making. An identity confidence score, risk score, and investigation decision are automatically generated for each assessed individual to support human decision-making in prioritizing high-risk individuals for full investigations.
In less than ten seconds, Pre-Check immediately references thousands of internet sources to identify if an individual's information has a match, including name, location, employment, education, leaked data, vehicles, social media accounts, digital marketplace activity, and criminal records.
Skopenow customers can easily integrate Pre-Check into case and claims management systems through API, ensuring digital footprint assessment can be integrated into existing workflows.
With cases evaluated and triaged, investigators can conduct Skopenow Workbench searches, instantly building comprehensive, court-ready, digital records on applicants to verify their application details against their digital footprint.
Pre-Check has transformed how Skopenow customers conduct OSINT investigations. Pre-Check enables claims teams to assess individuals within their case management system and identify high-risk individuals to pass to investigators for further investigative activity in Skopenow. Pre-Check customers have feedback estimated savings of hundred to thousands of man-hours spent on OSINT investigations per annum.