24 May 2021
By Zann Maxwell, AusPayNet Policy Analyst
The Australian Institute of Criminology has estimated that serious and organised crime cost Australia up to $47.4 billion in 2016/17. Since then, the COVID-19 pandemic has seen an increase in fraudulent activity in Australia and around the world.
Even before the pandemic, criminal syndicates were constantly developing new ways to exploit vulnerability and launder the proceeds of crime. For these reasons it is likely that even greater emphasis will be placed on building further capacity to identify and disrupt this criminal activity across the financial sector.
The purpose of anti-money-laundering and counterterrorism financing (AML/CFT) regimes is for financial institutions to identify suspicious activity within their businesses and alert AUSTRAC, the AML/CTF Regulator.
However, the implications of the current legislation results in financial institutions being concerned they are unable to effectively share information with specialised Financial Crime Teams across financial institutions (private-to-private pre suspicion information sharing). This is a significant barrier to better detection and disruption of financial crime.
This dynamic is why an increasingly important part of efforts to combat financial crime will be the development of information-sharing partnerships between financial institutions.
Through different jurisdictions, information sharing partnerships vary in their financial crime objectives, legal basis, and their membership structures. However, according to a paper from the UK’s Royal United Services Institute (RUSI), in general they support two main types of output:
The two main ways that these outputs are shared are through ‘private-public’ partnerships (where private financial institutions share information with public regulators and law enforcement), and ‘private-private’ partnerships (where information is shared between private financial institutions).
Though information-sharing regimes now exist in many jurisdictions and are growing in importance and sophistication, they are still in the relatively early stages of development. Their overall impact on combatting financial crime at this point is considered to be low relative to total efforts to disrupt financial crime. However, some models are seen as very promising should they be able to be scaled:
The Joint Money Laundering Intelligence Taskforce (JMLIT) is a voluntary arrangement which complements the UK’s existing suspicious activity report regime. Since its establishment in 2015, JMLIT has become a model for public/private information sharing and an international example of best practice.
The JMLIT shares information through an Operations Group and several Expert Working Groups. The Operations Group assists ongoing ML/TF investigations by sharing live tactical information with investigators. The bank-led Expert Working Groups provide a platform for members to discuss current or emerging threats, and to identify innovative ways of collectively combating these threats.
The UK’s National Economic Crime Centre says that:
“If the UK is to tackle high-end money laundering schemes which are most commonly complex, multi-institutional, and multi-jurisdictional, then a forum to share information on new typologies, existing vulnerabilities, and live tactical intelligence, is essential. There has been a real willingness within the banking sector to share information through the JMLIT to combat economic crime.”
Five Dutch banks have come together to establish Transaction Monitoring Netherlands (TMNL). This is an initiative that will, like the JMLIT, run alongside the banks’ individual transaction monitoring activities.
The five banks initially studied whether collective transaction monitoring is technically and legally feasible. They also looked at whether TMNL can add material value with a focus on identifying unusual patterns in payments traffic that individual banks cannot identify.
Their research showed that “…combining transaction data will provide new (inter-bank) information that will be useful in the fight against financial criminality”. However, while the formation of TMNL ties in with the Money Laundering Action Plan announced by the Dutch Government in mid-2019, an amendment of their AML/CTF Act is required to enable full-scale collective transaction monitoring. TMNL are expecting this change to occur around September 2021.
Like the Netherlands, financial institutions in many other jurisdictions face legal and policy barriers to sharing financial crime information on specific customers, including Australia.
That is why the 2019 RUSI report included among its recommendations for improving information sharing regimes across the world that:
“National Policymakers and Inter-Governmental Authorities work to address legal and policy barriers inhibiting financial information sharing, both domestic and cross border, providing clear guidance where appropriate” (Recommendation 5).
Privacy regulations are a key part of this reform agenda that RUSI calls for.
In Australia there are thirteen Privacy Principles (APP) which present barriers to private financial institutions wishing to share certain types of information with one another. Chapter 6 of the APP does currently provide an exemption where an APP entity believes that a disclosure is reasonably necessary for law enforcement related activities. However, Australian financial institutions are concerned that they are unable to effectively share information with specialised industry based Financial Crime Teams, as opposed to law enforcement agencies like AUSTRAC. This is a significant barrier to better industry wide detection and disruption of financial crime.
While there may be a strong case for policy reform in this area, technological innovation may eventually offer some solutions too.
‘Privacy Enhancing Technologies’ (PETs) include specialist cryptographical capabilities that allow for computations to take place on data, without the data owner necessarily divulging any Personally Identifiable Information (PII). It is designed to enable institutions to share data in a way that is compliant with regulatory principles, appropriately protects the privacy of individuals and safeguards the confidentiality of business processes.
Nick Maxwell is head of the Future of Financial Intelligence Sharing (FFIS) research programme, within the RUSI Centre for Financial Crime and Security Studies. He believes that PET capabilities have the potential to support information sharing regimes that might otherwise be inhibited by privacy legislation and regulation.
Australia is already exploring the potential capabilities of PETs to steer the reporting of financial crime risk.
Australia’s own AUSTRAC is building a platform to run privacy preserving analysis over the Australian retail banking market. The approach is intended to help identify patterns and typologies of crime and determine how suspicious accounts are linked across multiple financial institutions without revealing any account or transaction information. Only when a threshold for suspicion has been reached would AUSTRAC use normal regulatory notices to request the underlying details of the relevant accounts and transactions.
The COVID-19 pandemic may have seen an increase in fraud and financial crime, but it may also contain the seeds of a shift in attitudes that will clear the way for progress. As Nick Maxwell points out:
“The coronavirus pandemic has increased familiarity and general literacy with regard to decentralised analytical tools that rely on personal data, and public debate has developed in relation to the use of this private data to support social benefits.”
This nascent shift in attitudes may represent fertile ground for either policy reform to enable more information sharing, or greater use of technology such as PET, or both. This would be a major step forward for combatting financial crime in Australia and around the world.