Stop me if you’ve heard this one before, ‘public private partnerships (PPPs) in the anti-money laundering (AML) sector need to be improved’. Or perhaps this one, ‘PPPs need to do more’. These statements are incorrect because PPPs don’t need to do or be anything other than what they are. There is ample evidence to confirm that PPPs are a successful tool for the AML sector to bring private companies and law enforcement/regulatory authorities together to ensure serious and large money laundering cases don’t continue to occur.
However, just because they don’t need to be more, doesn’t mean they can’t be more, or be the foundation to develop another useful tool.
It comes down to one dominant issue, a lack of a permanent collaborative and information exchange infrastructure between the private and public entities of the AML sector. The traditional PPP setup achieves this for singular cases or investigations, but not in perpetuity.
The major consequence of this issue is the development of siloed work environments, meaning that each side rarely collaborates with the other outside of the PPP structure and the submission of suspicious transaction reports (STRs). Consequently, both sides of the industry have developed their own priorities, understanding, and outputs relating to AML and financial crime. This is evidenced by the general reporting of risks and typologies that lack sufficient context connecting predicate crimes and threats to financial products, services, customer types, etc. Or the misunderstanding relating to STRs, where regulators often claim to ‘drown’ in the volume of STRs submitted, or their being used as a method to transfer accountability from banks to other stakeholders. The point is, there is a disconnect in understanding and language between the private and public sectors of the AML industry that needs to be addressed nationally and transnationally.
We can use some existing examples, of infrastructures that connect various stakeholders, to identify whether it is possible for the PPP structure to improve communication and sharing of information between the private and public sectors.
On a national level, the Joint Money Laundering Intelligence Taskforce (JMLIT) in the UK is reaching a wider audience of stakeholders with vital information and updates on money laundering risks and typologies. The AML Center in Lithuania, established in 2021, is developing knowledge and best practice sharing initiatives, among others, for its private sector stakeholders. On a transnational level, the Europol Financial Intelligence Public Private Partnership (EFIPPP) encompasses private and public sector stakeholders attempting to develop understanding of AML threats and risks, facilitate information sharing and promote the use of new tools and technology. So, the PPP structure has already been expanded and developed, it simply requires central coordination, stakeholder motivation, and policy implementation.
However, while these examples have been successful to varying degrees, and point to a hopeful future for being able to scale PPPs globally, the addition of many stakeholders to a network can cause it to operate slowly, inefficiently and reactively, often being unable to keep up with developments occurring outside of the structure itself, particularly in the criminal world.
How can we ensure that attempts to scale up PPPs are not bogged down by enormous volumes of information being shared and stakeholder input? Technology and a common taxonomy.
The obvious and most immediate role for technology in the expansion and development of PPPs is to facilitate the sharing of all kinds of information between thousands of stakeholders in a fast and efficient manner. It should also allow the AML industry to operate proactively against sudden criminal discoveries and developments. It is time to move beyond pdf documents and emails, and to build upon round-the-table conversations!
Whether it is an online messaging system or a common information database, we must develop technological tools that will allow us to share information on risk, typology and threat trends, updates and developments in real time, and using a common taxonomy. We should not have to wait for annual updates, at best. If a particular country or region identifies a new trend of using non-fungible tokens (NFTs) and virtual currencies to launder illicit funds, it should be communicated immediately or put into an information repository that everyone can have access to, not included into a report that will be published the following year and shared online, with the reader still having to search for it on a website.
This is why central coordination in a PPP structure is adamant, to manage the implementation and governing of such tools.
Stakeholder input is crucial for sharing new information, developing standards, and implementing policy changes. Unfortunately, stakeholder input can become repeatable and redundant when there is a lack of common understanding and language, often when needing to translate, or clarify a translation or misunderstanding. Without a common language and standardized definitions, any technology developed to facilitate fast and reliable sharing of information will continue to be an enormous challenge for the industry.
A simple example if the use of gambling accounts to launder illicit funds. There is no standard definition for ‘gambling account’, and it can even be referred to as a ‘player account’, in multiple languages. Furthermore, do ‘gambling accounts’ differ between games, such as online poker, horse racing, and sporting events. If we cannot agree on these basic points, how can we further analyze the connection and relevance of ‘gambling accounts’ to banking products and customers in various areas around the world?
Similar to existing examples of expanded PPP structures, we can also look to an existing example of the development of a common taxonomy in cyber security, the MITRE ATT&CK knowledge base. It is a globally accessible knowledge base of cybercrime methods and techniques, used to develop threat models for more effective cybersecurity. It was developed by stakeholders throughout the cyber security community, including private companies and law enforcement. Important features of ATT&CK include standardized definitions and descriptions of cybercrime terms, typologies, adversary groups trying to carry out a cyber-attack, and even mitigating methods that can be used to prevent attacks. Furthermore, the knowledge base includes a visual layout of the crime spectrum that helps understand and detect how criminals might prepare for, launch and execute their attacks.
Having a common taxonomy in financial crime will help break down those self-created silos by allowing everyone to speak and refer to the common AML language. It will facilitate the development of useful AML risks and typologies, based on standardized definitions and including the necessary context, as well as the sharing of such information in a faster way and to a wider audience. Furthermore, it will remove the need to translate and clarify information, allowing for stakeholder input to be targeted, essential and useful. Finally, the standardization of financial crime information will improve the technological tools and platforms we develop to connect our professional community around the world because a tool is only as good as one’s ability to use it.
Yes! We have already achieved much using PPPs, but we can take it to the next level. PPPs can be the platform upon which we develop a standardized taxonomy for financial crime, and with the help of technology it can scale our connection and collaboration globally.
Such aspirations will take time and investment. However, none are more important than the development of the right technological tools, stakeholder input and policy development to facilitate these changes.