OSINT Blog / Post

May 21, 2024

From Checklist to Checkmate: How to Really Know Your Client

Does your customer know you better than you “Know Your Customer”? Over the past two decades, U.S. regulators have handed out billions of dollars in fines and deferred prosecution agreements (DPAs) for the facilitation of money laundering, sanctions evasion, or terrorist financing. But the $2 trillion worth of suspicious transactions detailed in last month’s leaked FinCEN files – just a fraction of the total suspicious activity reports (SAR) filings for the period in question,which in turn represent only a portion of those transactions obvious enough to trigger computer-generated AML alerts–suggest that banks and financial institutions have yet to implement compliance protocols capable of effectively deterring criminals from entering the system, and of catching them out when they do.

Know Your Customer (KYC) and Anti Money Laundering (AML) procedures typically start with automated checks or alerts, based on predefined criteria, to identify obvious red flags or unusual behavior. To the sophisticated criminal, what is predictable quickly becomes manipulable: from cookie-cutter compliance checks through to entrenched legal processes.

Emerging technologies and OSINT (open source intelligence) led capabilities offer an alternative to lacklustre automation, allowing banks and financial institutions to shift their investigative protocols from passive and reactive to dynamic and proactive. Ability to capitalise on this potential will be vital, if firms are to design new strategies disruptive enough to put criminals back on their back foot.

The Dangers of Complacent Compliance

In the fight against financial crime, trigger-happy alert systems do more harm than good. A 2009 study by economists at Utrecht University found that at the start of the decade, the Netherlands saw a sharp decline in SARs filed by banks, whilst the United States saw a steep increase. Over the same period, conviction rates for money laundering-related offences in the Netherlands increased whilst the US saw no great change. Evidently it is not the quantity of reporting, but the quality of the information provided, that makes the difference.

And yet, the bar for both KYC and AML is set surprisingly low across most institutions. This is largely because protocols are passive and defensive. Institutions face serious repercussions if they fail to conduct industry-standard due diligence on an incoming customer, but will plead “best effort” if this standard proves too simplistic to catch sophisticated criminal activity. Similarly, an institution will be penalised for failing to file an SAR on a customer who is later caught laundering money, but not for crying wolf. 

The result is high-quantity, low-quality reporting that features little by way of action or follow-up. Institutions who count on tick-box due diligences and poorly substantiated SARs to sidestep responsibility will rarely go out of their way to investigate suspicious activity in depth, let alone to stop it in its tracks. Yet, when scandal bites, it bites hard– and it is foolish for any institution to take a complacent attitude to compliance. 

Danske Bank, a sobering example, is still dealing with the fallout from 2018’s revelation that it had allowed more than $227 billion of dirty money to flow through its Estonian subsidiary. The bank’s then-CEO, Thomas Borgen, was charged by Danish prosecutors last year for his involvement, and faces separate legal action worth an estimated $420 million. Danske itself remains subject to ongoing criminal and regulatory investigations in Denmark, Estonia, France, and the United States. It faces 276 separate legal actions in Denmark worth around $1 billion, and a separate investor lawsuit worth up to $200 million.

Beyond SARs: Shaking up the Criminal Comfort Zone

Institutions looking to avoid a similar storm will need to take a radical look at their approach to both KYC and AML. In the age of globalised financial crime, compliance doesn’t need to think bigger: it needs to think smarter. The question is how to do this at scale, in a way that enhances efficacy without compromising on efficiency. Technological advances should be utilized not to bolster outdated protocols, but to level them up through deployment within dynamic, OSINT-led strategies that enable decision-makers to see the bigger picture.

Successful criminals are successful precisely because they know what to expect from standardized compliance procedures, and how to make abnormal behavior look sufficiently normal within the system. They know what questions will be asked, what will and won’t be flagged, how likely a given flag is to be investigated in depth, and what protocols that investigation will entail. 

Knowing all this, they can prepare the right image. Transactions can be framed a certain way; identities can be faked; credit history can be polished; affiliations can be hidden; shell companies can obscure the flow of funds; interests can be attributed to proxies; for the right price, adverse reporting can be buried. In short, what is framed as “normal” in the spotlight of compliance may carry an entirely different meaning in the light of day. Relying on standardized, largely automated checks to catch sophisticated criminals with evolving methodologies is like casting a net with holes big enough to let the sharks in.

Where technological efficiency is combined with human ingenuity, intelligent software can lay the groundwork for OSINT analysts to understand activity in its critical context. Forward-looking compliance strategies should embrace three key principles: quality, dynamism, and lockdown immunity.

QUALITY: The ability to rapidly collect, analyse and synthesize data that is high in quality, as well as quantity, is critical. This requires depth, breadth and lateral pattern detection. A seasoned criminal will expect their transactions to be scrutinised–but they won’t necessarily expect analysis that uses patterns in corporate nomenclature to detect undeclared shell companies, combines social network mapping with information drawn from website domain infrastructure to identify potential proxies, or links that information to social media and photographic metadata to trace undeclared interests.

DYNAMISM: Where criminal behavior is suspected, entrenched legal proceedings or forensic accountancy-led investigations give fraudsters their two favorite things: time, and a predictable course of events. The “big picture” focus of OSINT-led strategies generates lateral thinking, strategic adaptability, and targeted investigative protocols to take a criminal well outside their comfort zone. Human intelligence (HUMINT) operations, for example, can be a fast and deadly way to legally elicit critical information–as in the recent Wirecard scandal, where whistleblowers played a crucial role. But targeted HUMINT requires effective OSINT groundwork to identify and analyse the Subject’s network, identify well-placed and reliable sources, and assess their motivation to cooperate.

LOCKDOWN IMMUNITY: Many institutions have been using global lockdowns as an excuse for reduced, limited or low-level compliance and crisis response. Yet financial crime is intrinsically cross-border: to be limited by jurisdiction is to fight blind. Institutions looking to succeed in a post-COVID world will need to pursue criminal activity across international boundaries, and within opaque or hostile jurisdictions, irrespective of lockdown limitations. OSINT-led investigations allow teams to bypass landlocked legal or investigative processes to identify suspicious activities and charge complicit actors, by using critical contextual analysis as an alternative window into opaque networks.

Typically, high-level OSINT-led strategies are only deployed in high-stakes, post-crisis investigations or certain enhanced due diligence protocols. But prevention is always better - and less costly - than cure. Institutions who capitalise on emerging technologies to scale these strategies across their compliance infrastructure will see significant long-term gains in resilience and reputation, as well as in efficiency and efficacy. Skopenow gives you the technological capability to quickly, comprehensively and discretely search the wider open source intelligence environment, analyse subtler patterns in diverse data points, and remain alert to new or developing signs of trouble well beyond standard “red flag” protocols. Take your OSINT investigations to the next level and try Skopenow for free, today.