When financial service providers detect suspicious activity, their understanding of that activity may be limited by their own perspective, and represent only a glimpse of a wider criminal enterprise. That limitation offers criminals the chance to use different financial institutions to perpetrate money laundering schemes, layering deposts of illegal funds and exploiting a lack of awareness between organisations to evade anti-money laundering (AML) or counter-financing of terrorism (CFT) controls.
To address the money laundering threat, banks and other financial institutions must participate in a collaborative culture, sharing data and information (within the parameters of data protection laws) that might aid in the detection of money laundering. The Financial Action Task Force (FATF) includes information sharing in its 40 Recommendations, and releases guidance on how governments may facilitate information sharing in the private sector. In July 2022, the FATF released a report into data sharing between private institutions with the goal of helping jurisdictions “responsibly enhance, design and implement information collaboration initiatives”.
The 2022 report sets out the potential benefits and challenges involved in information sharing, along with advice on the integration of technology platforms to help firms better collaborate in the fight against money laundering.
Why is sharing information important for AML?
The FATF report included a range of case studies that demonstrated the effectiveness of information sharing for AML/CFT purposes. In particular, the report highlighted examples of firms struggling to identify a “complex suspicious transaction pattern” but then using shared information from other institutions to expose money laundering activity – or, conversely, remediate transactions as safe. Information sharing is even more important on a global scale, since money launderers may seek to use regulatory disparities between jurisdictions to move illegal funds across borders without triggering AML alerts.
What are the benefits and challenges of information sharing?
Information sharing delivers a number of important AML compliance benefits including:
- Structuring and layering: Closer coordination between financial service providers may prevent criminals from introducing illegal funds into the financial system in different accounts or via different institutions, in amounts below AML reporting thresholds.
- Identity verification: Where money launderers falsify their identities or submit incomplete documentation during onboarding, financial institutions may be able to collaborate to alert each other to the elevated AML risk.
- Cybercrime: When criminals use internet-enabled fintech products to launder money or commit cyber-crimes, firms may be able to identify them by sharing certain data, including, for example, IP addresses that have previously been associated with criminal activity.
- Criminal methodologies: Financial institutions may be able to share information about new money laundering methodologies or compliance blindspots that helps the wider financial community identify criminal activity.
Despite the clear AML utility, inter-organisational information sharing also involves a spectrum of administrative and legal challenges:
- Data privacy: Most jurisdictions have implemented strict data privacy regulations, such as the EU’s General Data Protection Regulation (GDPR) that limit what organisations can do with the information they hold on their customers. While firms may use personal data to meet AML/CFT compliance obligations they must be careful to adhere closely to data handling rules.
- Technology limitations: While firms may be willing to share information, their technological infrastructure may prevent them from doing so. Technology limitations may require firms to upgrade or change compliance software.
- Scope: Firms may struggle to determine the scope of their information sharing requirements and capabilities. Data privacy regulations may also limit the scope of the information that can be shared.
- Competition: Firms may be reluctant or unwilling to share information out of caution that they suffer adverse business consequences for doing so, or lose a competitive edge against rivals.
Information sharing initiatives between financial institutions
The FATF’s report suggests that private sector firms may be encouraged to participate in information sharing practices via specially designated government initiatives. These initiatives provide secure platforms for private sector institutions to collaborate within clear regulatory objectives and data protection limitations.
In 2015, the UK established the Joint Money Laundering Intelligence Task Force (JMLIT), characterised as “a partnership between law enforcement and the financial sector to exchange and analyse information relating to money laundering and wider economic threats”. JMLIT currently has over 40 private sector financial institutions that work with the UK’s Financial Conduct Authority (FCA) and law enforcement agencies such as the NCA and HMRC.
In order to prepare to participate in information sharing initiatives, the FATF suggests that firms should:
- Become familiar with the data sharing technologies that the initiative will involve, including understanding interoperable data formats.
- Assess internal data protection and privacy (DPP) policies to ensure alignment with national regulatory standards.
- Implement data sharing agreements with other parties involved in the initiative in order to set out participatory expectations.
- Engage and communicate regularly with the financial and law enforcement authorities tasked with supervising the data sharing initiative.
- Develop indicators or metrics for measuring success as participants in the data sharing initiative.
Innovations in data sharing
Information sharing initiatives encourage a culture of collaboration and strengthen collective efforts to detect and prevent financial crimes across the world. Similarly, collaborative initiatives may offer individual financial institutions access to valuable AML innovations.
In 2022, for example, the FCA launched a study into the potential for algorithmically-generated “synthetic data” as a way to expand access to data in the private sector, and create novel opportunities for firms to share data. Synthetic data would also avoid many of the data protection challenges that affect or prevent firms sharing personal customer data. The US is also exploring data and information sharing innovations: in January 2021, the Anti-Money Laundering Act 2020 introduced new requirements for US financial institutions and authorities to develop “appropriate frameworks for information sharing” backed by suitable security measures.