The issue of terrorism financing has become a major international concern in the past few years. For instance, in the aftermath of the 9/11 attacks, the US President George W. Bush decided to target finances, and therefore issued Executive Order 13224. Similarly, the November 2015 Paris Attacks have resulted in further efforts to targeting terrorism financing, such as the UNSCR Resolution 2253.
Strife’s William Moray discusses these issues, and others related to financial crime, with Tom Keatinge. Mr Keatinge is the Director of the Centre for Financial Crime and Security Studies at RUSI, and an Alumnus of King’s College London, where he read an MA in Intelligence & International Security. He advocates the importance of Financial Intelligence (FININT) and argues in favour of shifting the international community’s approach from solely focusing on ‘attempting to stop terrorists’ finances’ to ‘using finance to stop terrorists’.
All enquiries as to this article’s content should be sent to Strife Blog.
WM – What is financial intelligence? What purpose does it hold?
TK – The financial sector produces a vast amount of data. This information is owned by the private sector, and is generally not shared with the public sector, i.e. the security authorities. There are mechanisms, such as suspicious transaction reporting, that require the private sector to share this information with governmental authorities. However, a considerable amount of financial information is never used by the authorities, because it was never shared with them in the first place, and so effectively, it is thrown away.
So, the question is, can a more intelligent use of that broad information collected by the financial institutions be used? Can we create mechanisms that can allow the security authorities to access such data, as they can for example with mobile phone companies? If you just think about your own use of your ATM card, or you credit card, and so on, it tells you a huge amount about yourself. It generates a huge amount of information, and arguably intelligence about who you are, what you do, or who are you connected with.
We feel very strongly, here at the Centre for Financial Crime and Security Studies, that we need to do more to use this vast amount of bulk information that financial institutions generate, just as we use the bulk information that internet service providers and mobile companies produce.
WM – How could this information be used in counter-terrorism (CT)?
TK – In a CT effort, financial intelligence has proven to be very effective at accelerating the ability of the security authorities to develop networks. There tends to be a reason for people paying money to one another, as they tend to be subsequently connected. That can help you identify not just who is connected to whom, but also how the balance of power lies, who might be the leader, or where have these people travelled together. The point is that the vast quantity of situational information that can be generated from financial transactions opens a similarly significant number of networks and facilitates generating further leads to investigate.
From a CT perspective, we obviously want to have every opportunity to identify actors who are planning attacks. For example, regarding the London Bridge attack: who are the perpetrators connected to? Of course, not everyone they have financial relations with will be terrorists or terrorist-related. However, there might be more people worth watching more closely, and those connections are sometimes easier to identify in this day and age through financial means than through communication means – communications data is often encrypted nowadays, whereas financial connections are not encrypted, because at the beginning and the end are banks, and banks are legally required to share their suspicions and to share data when requested with the authorities.
WM – So financial intelligence would not just help in a terrorist investigation, it might also help in the prevention of attacks?
TK – I am very cautious to say that financial intelligence is somehow a silver bullet. I would not suggest that. What I would suggest is that it adds an additional, extremely valuable dimension to the picture that the authorities can create, when undertaking CT operations. There may well be information, as well as connections and activities that are not exposed by CCTV cameras or by communications data, but that are revealed by financial intelligence.
WM – Isn’t there a risk here to data privacy / data collection?
TK – Historically, the relationship between the authorities and banks was founded inbank secrecy and privacy. For instance, the authorities told the banks ‘We trust you to manage your data, to look after your data. If you see anything suspicious, please let us know’. In other words, the authorities respected bank secrecy. Yet, over the years, this trust has declined; banks have proven – either wittingly or otherwise – to facilitate money laundering, tax evasion, and so on. Therefore, bank secrecy is perhaps not as sacrosanct as it used to be. What we clearly need to be cognisant of is that banks hold a huge amount of personal data on all of us, and that data needs to be used responsibly. People got very concerned about the kind of access that the authorities might have to communications data over recent years; consider amongst other things, the reaction to the Snowden leaks. We need to make sure that we do not fall into the same trap with financial data, that privacy is protected, and subsequently that there are the right protections on access that the authorities can have to our financial data.
In an extreme situation, just like the case of Apple with the iPhone and the San Bernardino shooting, you may find that some banks might say ‘You customers can trust me, I am going to be the Apple bank, I will only provide the authorities with the information I am legally required to. And I am not going to allow access to any additional information on a voluntary basis’.
So I think there is an important need for a debate about privacy and financial intelligence to be taking place now, before we end up in a situation where people discover their data is being used for CT purposes without them really realising what is going on.
WM – I suppose that you are in touch with various institutions such as banks to discuss financial intelligence. What is their reaction?
TK – When dealing with a financial institution, I think it is important to divide it into two parts.
On the one hand, you have those who are responsible for financial crime and compliance, who often have a law enforcement or a security background, and completely understand the power of data, and indeed perhaps even that of financial intelligence.
On the other hand, you have staff who are doing the business on the trading floor, in the branches and so on; they of course can feel a long way away from the financial crime compliance department and thus are less likely to understand the value of financial intelligence; it’s not part of their job
There is also a public relations issue in all of this: the banks obviously have had very bad press and PR in recent years; and thus, demonstrating that you as a financial institution are either contributing to the disruption of human trafficking, of wildlife trade, or contributing to CT efforts, is obviously a positive message to deliver to your customers.
I do not want to sound completely cynical, the financial institutions clearly do see the importance of doing this from a social and security perspective. But there is also an obvious desire to show that they are, as one of the banks has it as its tagline, ‘here for good’, and that they are not just here for profit.
WM – Moving on to the state perspective, who is more likely to be involved? The intelligence community and/or law-enforcement agencies?
TK – There are different forms of information sharing models around the world.
In the UK, the information sharing partnership is called the Joint Money Laundering Intelligence Task Force. It is a partnership between the private sector and the public sector that is effectively run by the National Crime Agency. So here, we are not talking about security authorities, but law enforcement. There is a working group which looks specifically at terrorism financing but again, these initiatives are run by law enforcement, not by the security authorities.
But clearly information sharing goes beyond CT alone. The process of sharing information aims to identify and disrupt a range of different kinds of financial crimes, not just terrorist financing. Different countries have different priorities: in the UK, these are human trafficking, trade based money laundering, corruption, terrorism financing. In Hong-Kong, they have a Fraud and Money Laundering Intelligence Taskforce, as fraud is one of their big focuses.
In other words, the sharing of information underpins tackling threats that are particular to each individual country, not just terrorism.
WM – What are your views on the impact financial intelligence, information sharing might have on intelligence cooperation?
TK – One of the great frustrations a financial institution has is that it holds information in different countries, and yet it is often legally unable to get the benefit of bringing that information together and looking at it holistically. And even in the cases banks can do that, if they succeed in creating a complete picture out of all this information, the law often restricts them to only give a slice of the picture to the relevant country. For instance, if they draw on information from the UAE, from Singapore, from the UK, and from Mexico, they cannot give the whole picture to each country, they have to give just the Mexican slice to the Mexicans, the UAE slice to the Emiratis, and so on.
The financial sector has tremendous difficulties with cross-border information sharing. At the same time, I have to say that the financial sector has more ability to get a transnational global picture with its analysis than countries do. Therefore, I think there is an opportunity for financial institutions to facilitate the creation of global threat pictures, where sometimes governments are more restricted on what they can and cannot share. I am thinking about cases where banks simultaneously operate in Five Eye countries and in African or South-East Asian states, such countries where information sharing with Five Eyes is probably zero. Whereas the banks have a pretty good picture of the financial flows and thus potentially have a pretty good picture of some of the emerging threats that might be developing. The question then is how do they use that information? Can they help governments overcome some of these cross-border information-sharing challenges? Again, that brings us back to the issues of data privacy, data collection; we should not be using the financial sector as a back door to circumvent the protections and procedures imposed on the ability of states to share information.