Neural Network vs. Terrorist Financing?

Sunday, June 20, 2010

Michael O'Connor


Historically, to facilitate money laundering criminals opened a legitimate business as a cover, and then used the business account to deposit and legitimize large sums of money. Large deposits into accounts were routinely overlooked by banking institutions and law enforcement alike.

As laws have passed and restrictions to limit money laundering have been put into place the criminals have had to become a little more creative to fly under the radar.

One devious method is to co-mingle ill-gotten gains with existing legitimate accounts (“layering”).

Another method is called “smurfing”, where over the course of time many smaller transactions are deposited. Thus, no transaction is large enough to gather suspicion.

In addition, the FATF has found that many organizations are now using Alternative Remittance Systems (ARS), especially terrorist financing operations.

This informal funds transfer is also known as “underground” or “parallel banking”. ARS institutions generally have far fewer (or zero) restrictions in place and are thus much easier to utilize for the transfer of large amounts of illicit funds.

As Eric Gouvin points out in his Baylor Law Review article entitled Bringing Out the Big Guns: The USA Patriot Act, Money Laundering, and the War on Terrorism, there are two very different purposes and methodologies with typical criminal organizations and terrorist groups.

Gouvin quotes FinCEN director James Sloan as stating that terrorist financing is “almost money laundering in reverse” (Gouvin, 2003).

With criminal money laundering law enforcement can trace events from the crime(s) to the money. However, terrorist methodology uses money to fund an activity which has not yet taken place.

Enforcement efforts are placed on stopping the crime before it occurs. The challenges are at opposite ends of the spectrum.

The outcome of money laundering in a criminal case is the apparent legalization (or obfuscation) of criminal funds, whereas the outcome of money laundering in a terrorist case is a planned terrorist activity.

Gouvin points out several key challenges faced by law enforcement and governments with regard to recognizing and stopping money laundering by terrorists. These are outlined in his article as:

A. Terrorist Attacks Are Not Expensive to Fund
B. The Sources of Terrorist Funding Are Hard to Identify
C. Terrorists Move Money Through Hard-to-Regulate Non-Bank Channels
D. Interactions with the Underground Economy
E. Alternative Sources of Wealth (Gouvin, 2003)

Without addressing each of the above challenges in length, one can see that fighting terrorist financing is a completely different ball game than fighting criminal money laundering.

With no crime to follow toward the money, law enforcement personnel are driving in reverse, and it is very difficult to see through the back of your head!

Gouvin argues that our present financial system is simply not equipped well to locate and follow terrorist financial activities.

The compliance programs that are currently in place (BSA, KYC, Patriot Act, elements of Patriot Act II, etc.) are producing mountains of CTR’s and SAR’s that are backlogging in a system that was never designed to review them.

Criminals and terrorists alike know the kind of patterns and sizes of deposits that are being scrutinized and they either work around the system or in different systems entirely (such as the hard-to-regulate non-bank channels Gouvin mentions).

OFAC lists are easily circumvented (simply don’t use your real name if you are on the list). Money laundering is not being effectively discovered or prevented, nor are terrorist financing efforts being thwarted.

As with most illegal activities, I do not believe there is a fool-proof way to completely eliminate criminal money laundering or terrorist financing. However, I do believe we can learn from what is not working.

Hundreds of thousands of backlogged reports are not working. More scrutiny, harsher restrictions, and invasive policies are not working.

Something more basic, creative, technological, automated, and practical is needed to surmount these challenges.

In my career in payment fraud prevention I have seen some very impressive minds create some very remarkable analysis and scoring systems that are geared at establishing a “risk score” for financial transactions.

My recommendation would be to hire private-party software engineers such as these and task them with the creation of a system-wide (and eventually worldwide) financial filtering program.

I would then fund an implementation effort where program interfaces could be disseminated to all financial institutions, in phases.

To remain compliant with government regulations (and escape penalties) each financial institution would have to “tap in” to the system and report their transactions.

The reporting would be automatic, and would be aggregated into a neural network that was programmed to look for known indicators of criminal money laundering and terrorist financing.

The most suspicious activities would be filtered out for a small, highly trained human review team to investigate.

The main weakness in such a program would be its lack of penetration into the unregulated non-banking systems. My only recommendation for that would be to utilize some of the resources and personnel who were now twiddling their thumbs with no reports to review (since the bulk of them would have been eliminated by the finance neural network) to spend their time researching, investigating, and tracking the activities of nontraditional financial institutions, then report findings to appropriate local law enforcement or intelligence agencies.

International cooperation and teamwork would be paramount to not only implement the financial neural network worldwide but also combine forces to keep an eye on the unregulated institutions.

Our greatest challenge would remain the ARS organizations in countries that are already uncooperative or unfriendly with us.

In such cases, I suppose more traditional methods of intelligence would have to continue to be used (e.g., paid informants, cell penetration, covert ops, etc.).

If your day-to-day duties include AML efforts, do you find yourself inundated with compliance protocols? Has your institution been effective, in your view, in discovering and ceasing laundered funds?

If you have any involvement in finding or tracing terrorist financing, what methods in general have been most effective (or would you have to kill us if you told us)?


Possibly Related Articles:
Security Awareness
terrorism crime
Post Rating I Like this!
Rob Lewis A technology designed for financial and intelligence community is the best tool available for looking for the proverbial needle in a haystack (terrorism), and the would be Palantir, able to gather enormous quantities of information – in real time – and then analyzes the data and helps connect the dots.

Traditional money laundering often involved some form of insider collusion, and therefore an insider threat protection that offered immutable audit logging, domain separation and mandatory access controls to enforce least privilege and role separation, as well as resist anti-forensics tools would be a great tool for that purpose, as well as combatting the usual insider fraud.
Fred Williams My company, SAS Institute, in Cary, NC has the SAS Fraud Framework ( that uses advanced analytics to uncover fraud. The SAS Fraud Framework can aggregate alerts from multiple systems, allow customers to design a customized fraud model tailored towards their business and leverage external datasources such as the fraud consortium database.

Several high profile customers in banking, insurance and government use SAS Fraud framework such as HSBC bank, PBS, Expedia and RBC Bank.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.