Information sharing is important in anti-money laundering (AML) and countering terrorist finance (CTF). Research should look at fundamental issues of why, when and where to share particular types of information to achieve desirable outcomes, as well as legal constraints and sharing mechanisms.
‘Effective information sharing is an important aspect of a well-functioning AML/[CTF] framework which facilitates the detection and prevention of terrorist financing and money laundering.’ So we are told by the international standard-setter in this field, the Financial Action Task Force (FATF), who were reporting on their dialogue with the private sector in late April. The recent G7 Action Plan on Combatting the Financing of Terrorism, the European Commission’s action plan against terrorist financing and the UK’s action plan for AML/CTF, issued in April, all commit to find ways to enhance information sharing, as do many other initiatives.
There is no doubt that information sharing in various forms must be central to an effective AML/CTF regime, which relies on a complicated framework within which public and private sector actors work together to protect the integrity of the global financial system and fight serious crime and terrorism.
In the private sector, banks and other financial institutions and firms carry out due diligence on their customers and monitor their activities, collecting huge amounts of data. In the public sector, law enforcement and intelligence agencies charged with detecting and preventing crime or terrorism have large files of intelligence on suspects, investigations, cases and prosecutions. Finding better ways to share this information is the focus of the current debate.
Even though information sharing has been a fundamental part of the AML/CTF framework since its inception in the 1980s, the recent proliferation of action plans and work programmes suggests that it has now been recognised as one of the central pillars of AML/CTF efforts. What has changed to bring the issue so much to the fore?
For one thing, in the aftermath of terrorist outrages in Europe, policy-makers feel pressure to ‘do something’. Just as the 9/11 terrorist attacks led to the USA PATRIOT Act and the FATF Special Recommendations on Terrorist Financing, so the recent attacks in France and Belgium have resulted in European-wide policy activity, based on perceived failings prior to the attacks. In an environment where intelligence agencies and police have to work together, and information is spread amongst a variety of public and private sector actors, information-sharing failures will surely be found.
There is also a seductive logic to the need to improve information sharing. After over 30 years of effort on AML/CTF and the expenditure of billions of dollars globally by the private sector, there are frustratingly few clear indications that the system is working: certainly we seem little closer to winning the ‘wars’ on drugs, human trafficking, corruption and terrorism on which the need for the regime is predicated.
It is easy to demonstrate that there are problems with sharing some information. Even now, global banks are not able to share information across their groups, never mind with their peers, to identify suspect networks. This is absurd. If we can get better at information sharing, so the argument goes, than the outcomes would surely also improve.
As with all policy issues, an evidence base to support this apparent logic is required. No doubt work currently being undertaken by the FATF and the Egmont Group of Financial Intelligence Units (FIUs) will provide valuable insights.
Much of the dialogue around information sharing focuses on constraints and the need to remove them. According to the FATF, ‘a number of challenges to effective sharing of AML/[CTF] information exist, including inconsistent legal frameworks for data protection and privacy across different jurisdictions.’ The FATF states that it ‘will continue to explore ways to tackle barriers to information sharing’. This is important work, but only in context. Removing a faulty tap because it does not allow water to flow may just result in flooding the kitchen.
There is also a focus on particular channels of information sharing, either at a high-level (for example between or within public and private sectors) or between specific actors, such as FIU-to-FIU or intra-group in the private sector. Again, this is valuable insight, as is consideration of various mechanisms or models for information sharing. RUSI itself has looked at some of these, including research on the US experience since 9/11. The UK’s Joint Money Laundering Intelligence Taskforce (JMLIT) is held up as an innovative model to be admired and perhaps copied.
But a considered policy response requires more than just an understanding of what is stopping information being shared and identifying ways that it might be shared between relevant actors. Better information sharing is not the same as more information sharing (indeed, better may mean less). Effectiveness relies on the right information being shared at the right time between the right people – and being acted upon.
A starting point might be to think more about what is meant by information in the AML/CTF context. The word ‘information’ appears several hundred times in the published FATF standards, but it is not defined. In information science, there is a concept of hierarchy of knowledge, often portrayed as a pyramid. At the bottom is data, then information, then knowledge and finally wisdom (giving rise to the term ‘DIKW pyramid’). Information is inferred from raw facts (data) and can be regarded as data with some meaning in a specific context. Knowledge refers to information having been processed or applied in some way, for example by being put to use; wisdom is the ability to increase effectiveness, a very desirable outcome in AML/CTF.
In intelligence circles, there is a similar distinction between information and intelligence. The latter term implies information that has gone through a process of analysis and production, from which decisions on action can be made and conclusions drawn. In the AML/CTF world, where policy-makers, intelligence analysts (in both public and private sectors), law enforcement investigators, compliance officers and supervisors all need to share information with each other to achieve their various ends, it is important to make sure that they are all speaking the same language.
More clearly articulating these distinctions is not merely an academic pursuit; it would help to identify the best place to turn data into information; or where knowledge and wisdom, which are vital to risk management, are to be found in the system and who would benefit from their insights. It is noteworthy that the UK Action Plan talks of ‘effective exchange of knowledge’ within and between sectors, as well as information sharing. In contrast, ‘knowledge’ only appears seven times in the FATF Recommendations, mostly in a criminal law context.
Another policy approach would be to use a standard tool such as impact analysis. The FATF has defined outcomes for the AML/CTF framework. An outcomes-focused way of looking at information sharing will be productive. This could begin at the level of the ‘Immediate Outcomes’ in the FATF methodology, some of which specifically mention information and/or intelligence, but a more granular approach to specific outcomes would focus on key information-sharing challenges in the system. There is apparent agreement that the time for high-level talking has passed and that operationally relevant research and action is now required. Impact analysis techniques can be used to identify the most promising information-sharing interventions in the areas of highest money laundering/terrorist financing risk.
If information sharing is so crucial to increased success, then the time has come to be bold and innovative, which implies taking some risks. The JMLIT was conceived as a pilot, to address particular challenges, with a time limit and a commitment to review and learn lessons from the experience. Whatever its own level of success, this experimental approach should be repeated in other areas, utilising legal and regulatory safe harbours or sandboxes if need be. The proof of the information is in the sharing, and until we try we will never be able to properly judge effectiveness.
These approaches to identifying various types of information and the most effective ways for sharing them to contribute to AML/CTF outcomes will be explored in an upcoming RUSI report to be published in advance of the FATF October plenary.