The Atlantic Council and Thomson Reuters released a timely report on “Big Data: A Twenty-First Century Arms Race” on June 27, 2017, at a well-attended event at the Atlantic Council’s Washington, D.C. headquarters. Policymakers all over the world should be aware of the powerful tools at their disposal such as World-Check to address political and economic threats. This is something of a theme for SIIA. Recently, for example, we wrote about how artificial intelligence (AI) can help in the anti-money laundering (AML) fight. We have also written about how FICO’s AML tool works. The Atlantic Council report contains many realistic policy recommendations, which policymakers from different regulatory “silos” should review. This is another theme for SIIA. Regulators and policymakers should engage in regular dialogue with each other. For example, financial supervisors and privacy regulators should talk to each other so as to ensure that both privacy and crime fighting equities are accommodated.
The report is divided into five chapters.
Els De Busser from The Hague University of Applied Sciences writes about the conflict between protecting privacy and securing nations and about “mechanisms for preventing or solving related conflicts of laws, and the implications for stakeholders.” Her recommendations such as creating a variation to request-based cooperation and international guidelines with a list of criteria for determining which law applies are well worth considering. In the United States, SIIA points also to the need for the Congress to act to provide for law enforcement access to data stored abroad. One possible approach is contained in the proposed International Communications Privacy Act (ICPA). This would give law enforcement authorities access to data based on whether U.S. authorities have jurisdiction over the data subject, not where the data is stored.
Erica J. Briscoe, Chief Scientist at the ATAS Laboratory at the Georgia Tech Research Institute, focusses on insider threats in her chapter. Her emphasis is on the need to protect personally identifiable information; provide tools to manage access to data – those tools should be permissive and at the same time allow for monitoring to cultivate accountability; and, the need to cultivate a cybersecurity mindset. SIIA considers strongly that the cybersecurity point is particularly important. See this April 10, 2017 SIIA letter to the National Institute of Standards (NIST), which emphasizes the importance of public-private partnerships to improve cybersecurity.
Benjamin C. Dean, President of Iconoclast Tech, explains how big data is used as the latest tool in fighting crime. He explains how data aggregation, metadata, network analysis, data fusion, predictive analytics and machine learning, and blockchain can be used to combat illicit activities. There are potential challenges with respect to privacy; false positives and negatives; ensuring that the right person(s) is identified; and ensuring an effective interpretation of results and, if needed, an effective intervention strategy. Interestingly in this day and age when the need for human skills is often questioned, Dean emphasizes in his recommendations the need for trained multidisciplinary teams to collect and analyze data. As Dean says: “While powerful when used properly, these technologies are most effective when deployed by organizations in which the staff have the appropriate skills and a realistic understanding of just what benefits the technologies can provide.”
Tatiana Tropina, Senior Researcher at the Max Planck Institute for Foreign and International Criminal Law, takes on the subject of how big data can tackle illicit financial flows. This is not new as SIIA has previously written. Credit card companies started using pattern recognition software over twenty years ago. Today, the Global Financial Integrity Network uses a database called GFTrade that is specifically geared to helping developing countries deal with under or over invoicing by providing information on approximate legitimate price ranges for a large number of goods. The UK’s tax authority uses the big data tool Connect to detect tax evasion and fraud and has recovered 2.6 billion pounds after a 45 million pound investment. Like Dean, Tropina emphasizes the need for trained practitioners. As she says: “Even the most sophisticated technical solutions require humans to use the results and determine future actions.”
Miren B. Aparicio, Counsel and Senior Consultant to the World Bank Global Practice, describes in her chapter regulatory gaps and how financial crime risk can be mitigated. There is a need for more and better tools to perform customer due diligence, customer analysis, sanctions screening, know your customer (KYC) activities, supply chain management, transaction monitoring, independent audits, and training. The chapter includes information on cutting-edge “Regtech” technologies such as biometric validation for digital identity and KYC work. There are promising digital identity tools such as Aadhaar in India. Because of their transparency, regulators are interested in blockchain, distributed ledger technologies, and smart contracts. Smart contracts could potentially (but only potentially) mitigate financial crime risk because of their transparency as such contracts are applied for digital identities, company registrations, financial data or land title recordings, supply chains, insurance, mortgages, trade finance, clinical trials, etc. Ms. Aparicio stresses the importance of international regulatory cooperation, as well as an ongoing dialogue between regulators in different areas, especially financial and privacy regulators.
The Atlantic Council June 27, 2017 event included lively discussion among highly qualified individuals participating in three panels. There was general agreement that tackling financial crime means dealing with crime networks as if they are businesses. They are driven by profit. They have to be taken down as systems; cutting off the head and/or seizing assets are necessary but not sufficient. And, regulators need to work with each other. Thomson Reuters’ Global Head of Design and Digital Identity Solutions, Robert Schukai, described how eight Financial Intelligence Units (FIUs) in Asia are working together by sharing information and using the same tools in their AML programming. Unfortunately, such cooperation is not standard throughout the world, in part because different privacy rules sometimes prevent information sharing. This should be addressed in a way that accommodates both privacy concerns and crime-fighting imperatives. SIIA provided recommendations in this regard to the European Commission in connection with its FinTech consultation. One key recommendation is that regulators should provide space for experiments along the lines of the UK Financial Conduct Authority’s (FCA) regulatory “sandbox” for Fintech and other financial innovations. And fundamentally, tools of any kind depend on reliable cross-border data flows, making secure cross-border data flows essential.