Counter terrorist financing

Are we really stopping the bad guys?

5 min view

sibos_compliance_1_ctf_part1_light.mp4

The nature of terrorist attacks has shifted in recent years, with a greater focus on 'lone wolf' or small cell attacks. A panel discussion at Sibos 2017 considered the evolving nature of terrorist financing, the challenges faced by counter terrorist financing teams and how to measure success effectively.

Key takeaways

High-value terrorist financing hasn’t gone away, but we are seeing more lone-wolf attacks – which cost less to orchestrate.
As regulation develops, the conflict between security and privacy may be problematic.
Developments such as robotics and AI could help to drive down the cost of compliance, but the number of people involved in reviewing alerts will still be costly.
Often the compliance industry is motivated by fear – so it’s important to “extract the positive” and learn from past successes.

Rise of ‘lone wolf’ attacks

'Lone wolf' type attacks are increasingly common – and they are difficult to spot. They also cost less: tactics like weaponizing a van may cost hundreds of dollars, rather than hundreds of thousands of dollars. As a result, “terrorists are hiding in plain sight.”

This leads to difficulties when chasing down leads. For example, automating rules or triggers, and focusing on factors such as vehicle rentals, means that “your false positive rate just goes through the roof” – so it’s important to address this intelligently.

“We have shut down a lot of the traditional avenues of funding. The new avenues of funding are emerging. They’ll always be emerging. We must respond to that.”

Mark Gem, Chairman of the ISSA Financial Crime Principles Work Group, ISSA

Evolving regulation

Aside from new regulations around beneficial ownership for companies, “there hasn’t been a great deal of change” in the US where AML is concerned. But the US Financial Intelligence Unit is using existing regulations to analyse activity in a more targeted way.

We have seen efforts to bolster information sharing in Canada under the Bank Act, but this was “watered down” following lobbying from privacy advocates. There is a conflict between security and privacy: “You can’t have absolute protection of privacy and be able to collect information to be able to prevent attacks, at least in my view.”

In Europe, the Fourth Anti-Money Laundering Directive seeks to emphasise a more risk-based approach - so the way in which regulation is applied can be tailored on a risk-led basis – although, as one expert said, “it’s still quite prescriptive.”

Adapting existing processes

So what can banks do to adapt the processes they already have in place? A common challenge is the “gap between technical compliance and effective compliance.” It’s possible to have well-written policies and procedures, and execute perfectly against them. “But if we’re looking over here, and the bad stuff’s happening over there, it’s not very effective.”

Costs could be driven down through the use of robotics and artificial intelligence, but significant numbers of people will still be needed to review files and alerts, which comes with significant cost.

Fintechs that process payments “should be subject to the same standards as banks” from a regulatory perspective.

Measuring success

The rise in low value attacks could be seen as a measure of success, in that the tactics used to finance terrorist organisations in the past are no longer possible today - but CTF is always going to be a moving target.

Although banks are unlikely to hear that their actions have prevented an attack, when analysts report high quality files, they receive acknowledgements that investigations have been opened. “To me, that’s a measure of success.”

FinCEN periodically publishes acknowledgements of successful cases, and while banks are not named, “I guarantee that if any of your staff worked on any of those cases, they know who they are. They are absolutely thrilled.”

Extracting the positive

In the compliance industry, people tend to be motivated by the fear of auditors and examiners – and that it’s important to “extract the positive.” For example, if an analyst’s work has been recognised, it’s important to dissect that case and consider what was different about it in order to become more effective in the future.

“How do we measure success in way that is something other than the absence of failure?”

Alan Ketley, Managing Director, AML Strategy, MUFG

Financial Crime Compliance

Anti-money laundering (AML)

AML compliance is one of the most costly and challenging issues facing the industry today. We’re...

Learn more

Follow #SWIFT

Get personalised insights straight to your inbox

Stay connected

Discover Swift

Shaping the future of finance

Innovate with us

Swift Partner Programme

Swift Institute

Careers

Press

Legal

Banking & payments

Financial Crime & cyber security

Data & technology

Capital Markets

Corporate treasury

Market Infrastructures

Swift platform evolution

Global Financial Messaging

Interfaces and Integration

Compliance and Shared Services

Services

Corporates

Market Infrastructures

All our products & services

ISO 20022

Standards releases

Data Standards

Market practice

Community APIs

MyStandards and Swift Translator

Document centre

News

Events

Webinars

Subscribe to Swift insights

Sibos

Join the Swift network

Access your application

Contact us