|
Can transaction monitoring be used to track down the financing of terrorism? Can transactions provide any (meaningful) information in this context? Do the benefits outweigh the costs? I would not claim that the entire system of transaction monitoring does not work, says researcher Esmé Bosma: ‘But the current system is neither efficient nor effective, while it also has undesirable effects for customers and society.’ Bosma recommends: ‘Balance the capacity of the public and private actors in the chain. Set realistic expectations for private actors and allow banks to do work that is not purely compliance-oriented, but which actually helps to combat the financing of terrorism.’
At
the end of 2021, political scientist Esmé Bosma will defend her
doctoral dissertation at the University of Amsterdam as part of the FOLLOW project.
This five-year long European project has studied the actors in the
chain aimed at countering terrorism financing. Bosma researched the role
of banks. Her colleagues studied the role of the investigative
authority, the Finance Intelligence Unit (FIU), and the (national and
international) court cases on this topic.
Bosma: ‘I researched the role of banks as gatekeepers. In particular, the countering of terrorism financing at the human-technological interface. Technology and the underlying data play a crucial role during customer screening (know-your-customer) and transaction monitoring by banks, and in the rise of new public-private partnerships.’
Field
work at (Dutch and British) banks was an important part of the study,
Bosma says. ‘Banks encounter daily dilemmas in their transaction
monitoring. They are legally required to detect and report to the FIU
any ‘unusual transactions’, i.e. transactions that could point to money
laundering or the financing of terrorism. My conclusion is that there is
a gap between the regulation and practice. Banks are being given more
and more responsibilities. However, in practice it turns out that
detecting and preventing terrorism financing in a traditional manner -
i.e. by means of rule-based transaction monitoring systems - is
very difficult, if not impossible. Furthermore, in the quest for usable
indicators, banks quickly face the problem of profiling. Terrorism is
often financed with small amounts and can also be financed with
legitimate funding sources, such as loans or grants. And as soon as a
transaction leaves the bank and sometimes also the country, the bank
loses sight of it.’
Bosma: ‘In short: terrorism financing is not
being detected via the current systems. But banks are indeed expected to
detect and report terrorism financing. Prevention actually depends on
other forms of detection, such as informants or other surveillance by
police or security agencies. In other words: banks search their systems
for leads on terrorism financing. But without a concrete reason or
lead, that is extremely difficult to find.’
Bosma: ‘Another thing I noticed was that in practice it is becoming increasingly complex to create a customer-risk profile. The growing importance of technology and data in this process gives rise to new dilemmas between commercial and security considerations. After all, banks depend on filtering and monitoring techniques to detect whether a customer is doing something illegal. For the detection of terrorism financing, banks are also increasingly dependent on links with commercial lists and on systems that screen news sources. Can a news report provide enough reason for a bank to screen a customer or stop doing business with them? The use of these kinds of public sources is growing. But the question remains how reliable this information is and what banks should do with it. It is an ethical issue because who decides which customer poses a heightened risk? Because of high compliance costs, growing pressure from regulators and what is referred to as reputational risk, banks are increasingly opting to no longer do business with high-risk customer groups such as (religious and other) foundations, aid organisations, embassies, sex workers and now also – in the Netherlands - parties that spread disinformation. Fortunately, attention for the undesired effects, such as financial exclusion, is also growing at the international level.’
Banks are certainly looking for solutions, Bosma observed: ‘On the one hand, in the form of technological innovation: could artificial intelligence provide solutions? On the other hand, banks search for in the form of intensifying public-private partnerships, like the one with the Dutch Terrorism Financing Taskforce (TF Taskforce). In this context, banks receive customer’s names to enable them to search their systems for signs of terrorism financing before a criminal investigation is taking place.’
The compliance costs of the private sector are not proportionate to the yields, is one of Bosma’s conclusions: ‘When I started my research four years ago, a few hundred people were working on this topic at every Dutch major bank. Now that this number has grown to several thousand at each bank, while a public actor like the FIU, which processes reports, only employs 76 people. These kinds of figures do not say much about the substance of the work, of course. But they do indicate the tremendous growth of the financial crime compliance industry. And although the privacy impact of the current system is enormous, you could say that the yields throughout the chain are still very little, . A Europol report from 2017 indicated that just 10% of reports resulted in further investigation and detection. The percentage of criminal money flows detected is estimated at 1-2%.’
When asked how the current system could be better balanced, Bosma replied: ‘Firstly: balance the capacity of the public and private actors. If necessary, increase the FIU’s capacity and consider to what extent it makes sense for banks to hire even more people to do this work. It could also be investigated how measures in relation to financial transparency relate to combating financial-economic crime, see for instance the work of Transparency International and the Tax Justice Network. Finally, I suggest that banks should do work that actually helps to track down crime, and not work that is purely focused on compliance. Deploy a risk-based approach that provides for the acceptance of some residual risk. Public and private actors should work together to determine priorities, figure out what is realistically possible and stop ineffective practices. This prevents that implementation as well as supervision ‘goes overboard’.
Bosma concludes: ‘You often hear people say: it’s ridiculous that banks have this task. But you also hear them say: banks should be doing much more. The question lies somewhere in between: what can you actually expect from a bank? This is also a political and societal question: what task we relegate to private actors in these kinds of far-reaching security decisions, and under what conditions?’