Money to fund terrorist activities moves through the world's financial system via wire transfers and in and out of personal and business checking accounts. It can sit in the accounts of illegitimate charities and be laundered through buying and selling securities and other commodities, or purchasing and cashing out insurance policies.
But while terrorist financing is defined as a form of money laundering, it doesn't work the way conventional money laundering works. The money frequently starts out clean - as a "charitable donation" - before being funneled to the terrorists. Terrorist financing is also more time-sensitive; freezing a suspected terrorist's account could save innocent lives.
Governments around the world are trying to combat terrorist financing by requiring financial institutions to uncover patterns and spot suspicious activities. The USA Patriot Act added securities brokers and dealers, and money services businesses to the list of institutions that need to file suspicious-activity reports. Banks had already been filing SARs and cash transaction reports before there was a Patriot Act. Failure to file timely reports can have significant consequences, especially when potential terrorist financing exists.
Zeroing In
Money laundering detection systems have been around for several years. Over time the techniques used by these systems have evolved from purely rules-based systems in the early days to today's more analytic systems that use techniques such as anomaly detection (profiling and peer grouping) and predictive modeling (neural networks and decision trees). Though these systems continue to improve, extending them to combat terrorist financing is challenging since this type of financing has unique characteristics.
Rules-based systems are designed to uncover specific transactions or patterns that are often associated with criminal financial activity. The rules are typically based on topologies presented by policy groups, industry groups, or law enforcement agencies. But, as groups such as the Financial Action Task Force have learned, there are few hard patterns with terrorist financing. In addition, terrorist financing tends to occur in much smaller transaction amounts than traditional money laundering, so it is much harder for financial institutions to set thresholds that can effectively discriminate between terrorist activities and normal legal transactions.
For instance, in studying the financing behind the events of 9/11, terrorists have been discovered to occasionally funnel money through charitable groups. A rules-based approach could flag all charitable funds that handle international wire transfers or have directors from other countries sitting on their boards. But many innocent charities would be flagged and terrorists could figure out what to list on bank applications to avoid raising those flags.
The Financial Action Task Force has recommended that programs used to detect money laundering and terrorist financing pay special attention to "unusual" transactions or activities, and many regulatory mandates incorporate similar language. Using descriptive analytic techniques, an anomaly-based approach looks for activities that would not be considered normal or usual for a given entity. Various methods can be used to define normal, such as building profiles of past account activity or creating peer groups of accounts that should behave in a similar manner. Once normal is defined, the anomaly detection engine can identify those activities that do not fall within the normal range using descriptive statistical measures such as standard deviations or variances.
The financial activities of the 9/11 terrorists provide a striking example of how anomaly detection can be used to thwart terrorist financing. The terrorists that took down Flight 11 entered the country on student visas. But unlike most students, they had bank accounts with large sums of money moving in and out - mostly via large wire transfers from known terrorist-supporting countries - and with few of the typical expenses expected of students.
One drawback to an anomaly-based approach is that there could be other valid or legal reasons for the anomaly. Care must be taken to select metrics that truly discriminate between normal and suspicious activity, rather than simply distinguish normal from unusual.
By using historical information on known suspicious and unsuspicious activities, analysts can use predictive techniques such as decision trees, regression analysis, and neural networks to build models that score any new activity as to its likelihood of being suspicious. This approach has been used very successfully in fraud detection (so much so that credit card companies run advertisements touting their ability to detect fraud before the consumer knows anything is amiss).
Though predictive modeling is a proven, valid approach for detecting such criminal financial activities as fraud, it must have historical data for known good and bad activities to train the models. Since the emphasis on money laundering, especially terrorist financing, is relatively new, these data often do not exist in many organizations. If a model is built with data that contain activities that are not flagged as being suspicious, yet under current interpretations should be, the model's accuracy will suffer.
Better Planning
Though all the above approaches have been used successfully in detecting various criminal financial activities, none are sufficient for capturing the current broad range of activities (including terrorist financing) without also generating an unwieldy amount of false positive alerts. Only when the various techniques are combined into a holistic, risk-based approach can account activity be evaluated in the context of other risk factors so that the most relevant alerts are raised.
With a risk-based approach, financial organizations can employ a combination of rules, anomaly detection, or other advanced analytics, assign a risk weighting to each scenario, and then combine the scores at the entity level to assign an overall risk score to that entity. Under this approach, a given customer or account could warrant an investigation based on a single high-risk activity or a combination of several lower-risk activities or attributes. Organizational policies and procedures would dictate what actions must be taken at various risk-score levels.
In addition to providing a more holistic approach to traditional money-laundering detection, the risk-based approach allows financial organizations to more effectively evaluate the subtle patterns of terrorist financing in the context of other existing risk attributes. And finally, the approach addresses regulatory guidance that has encouraged financial organizations to take a risk-based approach to their overall anti-laundering programs.
Complying with regulations for identifying money laundering and terrorist financing presents a unique challenge to financial institutions. Whether it is avoiding the multimillion-dollar penalties or possibly providing the key piece of information that leads law enforcement officials to expose a plot, detecting terrorist financing requires long-range planning in picking solutions to manage it.
