"Public Private Partnerships (PPPs) in the anti-money laundering (AML) sector need to be improved," I am sure you have heard before. Or how about this one: "PPPs must do more." PPPs do not need to do or be anything other than what they are, so these statements are false.
There is ample evidence that PPPs are a successful tool for the AML sector in bringing private companies and law enforcement/regulatory authorities together to prevent serious and large money laundering cases from occurring.
However, just because they are not required to be more does not mean they can not be, or that they can not serve as the foundation for the development of another useful tool.
Why should PPPs be anything other than what they are?
It all boils down to one major issue: the lack of a long-term collaborative and information-sharing infrastructure between private and public AML entities. For single cases or investigations, the traditional PPP setup works, but not indefinitely.
The development of siloed work environments, in which each side rarely collaborates with the other outside of the PPP structure and the submission of suspicious transaction reports, is a major consequence of this problem (STRs).
As a result, both sides of the industry have developed their own AML and financial crime priorities, understanding, and outputs. This is demonstrated by the lack of context in the reporting of risks and typologies that link predicate crimes and threats to financial products, services, customer types, and so on.
Or there is the misunderstanding about STRs, where regulators claim to be "drowning" in the volume of STRs submitted, or that they are being used to shift accountability from banks to other stakeholders.
The point is that there is a gap in understanding and terminology between the private and public sectors of the AML industry that needs to be bridged on a national and international level.
We do not have to start from scratch.
We can look at some existing infrastructure examples that connect various stakeholders to see if the PPP structure can improve communication and information sharing between the private and public sectors.
On a national level, the Joint Money Laundering Intelligence Taskforce (JMLIT) in the United Kingdom is providing vital information and updates on money laundering risks and typologies to a wider audience of stakeholders.
The Lithuanian AML Center, which was established in 2021, is developing knowledge and best practice sharing initiatives for its private sector stakeholders, among other things.
On a global scale, the Europol Financial Intelligence Public Private Partnership (EFIPPP) brings together private and public sector stakeholders to improve understanding of anti-money laundering threats and risks, share information, and promote the use of new tools and technology. As a result, the PPP structure has already been expanded and developed; all that is needed now is central coordination, stakeholder motivation, and policy implementation.
While these examples have been successful to varying degrees and point to a promising future for scaling PPPs globally, the addition of many stakeholders to a network can cause it to operate slowly, inefficiently, and reactively, often unable to keep up with developments occurring outside of the structure itself, especially in the criminal world.
How can we make sure that attempts to scale up PPPs are not slowed down by massive amounts of data and stakeholder input? A common taxonomy and technology
We must advance and embrace technology.
The most obvious and immediate role for technology in the expansion and development of PPPs is to make it easier for thousands of stakeholders to share all kinds of information in a timely and efficient manner. It should also allow the anti-money laundering industry to be more proactive in the face of unexpected criminal discoveries and developments. It is time to go beyond PDF documents and emails and start having round-table discussions!
We must develop technological tools that will allow us to share information on risk, typology, and threat trends, updates, and developments in real time, using a common taxonomy, whether it is an online messaging system or a common information database. At the very least, we should not have to wait for annual updates.
If a country or region notices a new trend of using non-fungible tokens (NFTs) and virtual currencies to launder illicit funds, it should be communicated immediately or put into an information repository that everyone can access, rather than being included in a report that will be published the following year and shared online, with the reader still having to search for it.
This is why, in order to manage the implementation and governance of such tools, central coordination in a PPP structure is critical.
Can't we just communicate in the same language?
For sharing new information, developing standards, and implementing policy changes, stakeholder input is critical. Unfortunately, when there is a lack of common understanding and language, such as when translating or clarifying a translation or misunderstanding, stakeholder input can become repetitive and redundant. Any technology developed to facilitate fast and reliable information sharing will continue to be an enormous challenge for the industry without a common language and standardized definitions.
The use of gambling accounts to launder illicit funds is a simple example. There is no universally accepted definition for "gambling account," and it is also known as a "player account" in some languages.
What is the difference between "gambling accounts" for games like online poker, horse racing, and sporting events? How can we further investigate the connection and relevance of "gambling accounts" to banking products and customers in various parts of the world if we can not agree on these fundamental points?
We can look to the MITRE ATT&CK knowledge base for an example of the development of a common taxonomy in cyber security, similar to existing examples of expanded PPP structures. It is a publicly available knowledge base of cybercrime methods and techniques that is used to create threat models for better cybersecurity.
It was created in collaboration with members of the cyber security community, including private businesses and law enforcement. Standardized definitions and descriptions of cybercrime terms, typologies, adversary groups attempting to carry out a cyber-attack, and even mitigating methods that can be used to prevent attacks are all important features of ATT&CK. The knowledge base also includes a visual representation of the crime spectrum, which aids in understanding and detecting how criminals plan, launch, and execute their attacks.
By allowing everyone to speak and refer to the common AML language, a common taxonomy in financial crime will help break down those self-created silos.
It will facilitate the creation of useful AML risks and typologies based on standardized definitions and including the necessary context, as well as the faster and wider dissemination of such information.
Furthermore, it will eliminate the need to translate and clarify information, allowing for targeted, essential, and useful stakeholder input. Finally, because a tool is only as good as its user, the standardization of financial crime data will improve the technological tools and platforms we develop to connect our professional community around the world.
Is it possible for PPPs to achieve all of this?
Yes! We have already accomplished a lot with PPPs, but we can go even further. PPPs can serve as the foundation for developing a standardized taxonomy for financial crime, and they can help us scale our connection and collaboration globally with the help of technology.
Such ambitions will necessitate time and money. None, however, are more critical than the creation of appropriate technological tools, stakeholder input, and policy development to facilitate these changes.
By fLEXI tEAM
Comments