Posted by & filed under Negative News, Research & Investigation.

Risk Intelligence databases, used by thousands of financial institutions as part of AML, fraud investigation and anti-corruption compliance programs, are believed to be the best way to identify public negative news or adverse media information. Unfortunately, that is not true.

What are “risk intelligence” databases and how are they constructed?

Risk intelligence databases gather negative news data from public information sources like media articles and government enforcement and regulatory publications. Database companies attempt to identify and organize this adverse media information related to financial crime risk into structured data (imagine a spreadsheet of names) lists of individuals, businesses, and government entities alleged or convicted of engaging in some sort of unlawful activity such as money laundering, fraud, drug trafficking or hundreds of other highly risky endeavors.

The Risk Intelligence database typically provides its users with what is called a “profile” – a brief summary explaining the reason a database vendor believes the person or entity poses financial crime risk.

Information in these databases must be pulled together, sifted through and selected for inclusion by people whose job it is, is read piles of publications and pick out names they believe may be of interest to AML and financial crime compliance professionals. These employees then go through a manual process of typing information, creating URL links, and categorizing the reported offenses.

Herein lies the problem.

Risk Intelligence databases are constrained by the limits of human effort, attention, and consistency.

The amount of negative news information about people and entities involved in financial crime is too large to fathom. So, database vendors must selectively choose which negative news information to review and they must rely on humans to read, record, input and create profiles. Such reliance on employees, who are scattered around the world, means error and omission occur every day (as is depicted in this article). Risk data is missed because these database companies cannot hire enough people to read the new information entering the public every day. And even in those cases were a person can read an article about an alleged financial crime, how certain can you be that all of the relevant information was identified and entered into the database accurately.

Moreover, the leading risk intelligence databases market that they have more than 2,500,000 “profiles” (i.e. list of names) but this is a claim with little meaning. Sure, 2,500,000 is better than 1,000,000, but what if the public information domain contains enough data where there should be 10 million or 20 million or 50 million such profiles?

A far better approach is for AML compliance professionals to use an application that finds all relevant negative news in real time enabling analyst to make better decisions faster and with much stronger supporting evidence.

Posted by & filed under AML Presentations.

If you didn’t get a chance to watch it last night, 60 Minutes in connection with Global Witness aired an excellent segment titled “Anonymous, Inc“.  The exposé focuses on the ease of laundering money through shell corporations and proposed beneficial owner rules. Definitely recommended viewing for anyone whose job involves any aspect of AML or KYC.

Below is a Global Witness’ undercover investigator posed as an advisor to an African minister of mines who wanted to bring millions of dollars of suspect funds into the U.S.

 

Posted by & filed under Research & Investigation.

The deep web is a topic that has been getting a lot of attention recently.  Unfortunately,  there is frequently a lack of clarity on the terms being used to describe the topic.  This post is part one of a planned series on the Surface, Deep and Dark Web.  The goal of this article is to provide a high level overview and frame of reference of these terms for future articles.

Surface Web

The Surface Web is the portion of the World Wide Web that is able to be indexed by commercial search engines, such as Bing and Google.  The Surface Web is also known as the Visible Web, Clearnet, Indexed Web, and Indexable Web.

Deep Web

The Deep Web is any part of the Web that is not indexed by standard search engines.  This may include web content contained in public databases, private web sites that require login credentials, web pages without any other sites linking to them, or many other categories.

Virtually everyone who uses the Web visits what could be considered Deep Web sites on a daily basis without even knowing it.  The Deep Web is also known as the Invisible Web, Deep Net, and Hidden Web.

Dark Web

The terms “Dark Web” and “Deep Web” are often interchangeably, but this is incorrect.  The Dark Web is a part of the Deep Web, but it requires special software to access (e.g. TOR, Freenet, I2P).  Although the most infamous of the three categories, it makes up only a very small portion of the Deep Web.

 

deep web

Additional Reading

The above is only a high level overview of a potentially complex topic.  For additional information, check out some of the more in-depth resources.

Posted by & filed under Information Security.

password_lockToday,  SplashData has published a list of the 25 most stolen passwords of 2015.  The list is based on over 2 million leaked passwords made public over the last twelve months.

It is clear that the rise in popularity of Star Wars has had an impact on the list with princess, solo, and starwars all new additions this year.  Maybe 2016 will be the year that chewbacca cracks the list.

If you are using any of the below, it’s time for an update.

1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 1)

5. 12345 (Down 2)

6. 123456789 (Unchanged)

7. football (Up 3)

8. 1234 (Down 1)

9. 1234567 (Up 2)

10. baseball (Down 2)

11. welcome (New)

12. 1234567890 (New)

13. abc123 (Up 1)

14. 111111 (Up 1)

15. 1qaz2wsx (New)

16. dragon (Down 7)

17. master (Up 2)

18. monkey (Down 6)

19. letmein (Down 6)

20. login (New)

21. princess (New)

22. qwertyuiop (New)

23. solo (New)

24. passw0rd (New)

25. starwars (New)

You can find the 2014 list here

Posted by & filed under Negative News, Research & Investigation.

missing_pieceNo, this is not a blog post about finding where you left your glass of Scotch.  There is a prevalent belief in AML departments that analysts and compliance officers are consistently finding all of the information relevant to the cases they are working.  Unfortunately, this is not true, and it causes a large gap in current AML and KYC processes.

Instead of discussing hypothetical information gaps, let’s dive right into an example where we are actually searching the web for information.

Everyday, thousands of AML analysts review alerts generated by alert monitoring systems and internal and external referrals.  It is an extremely challenging job, and these professionals are frequently expected to make decisions with incomplete information.  In this fictional example, we are reviewing an automated alert where a client of our financial institution received a wire outside of her transactional profile from an individual named “Johnny Walker” with an incomplete address in Michigan.

One of the main ways AML analysts attempt to identify relevant risk information is to search the web for news and adverse media using commercial search engines.  So, let’s get started (feel free to search along, as your results might differ)!

Search 1 – Broad (Johnny Walker)

It’s a good strategy to start as broad as possible.  In this case, the search engine changed our search term, and due to the commonality of the name, there is not much usable information with this search.

broad-search

 

Search 2 – Narrow with a known location (“Johnny Walker” Michigan)

To avoid references to “Johnnie Walker” the alcohol, adding quotes to the name will keep the search strict and adding the known location will filter it even more.  Still, while this type of query may help with find some identifying information, none of the results appear to increase the risk of the transaction.

name_location_quotes

Search 3 – Narrow with negative news search string (“Johnny Walker” fraud OR launder OR crime OR criminal OR terror)

Many AML groups have a standardized negative search string to help identify risk relevant information.  In this case, there are still 367,000 results returned and only about half of the first page’s results could be considered negative.

negative-string-quotes

Awesome! No negative news! Wait a minute…

At this point, all but the most diligent analysts will continue the process to disposition the alert under the belief that there is no potential risk relevant information on the web regarding this individual.  But hidden on page 8 among that 367,000 results from the “negative news” results is the below. Link to FBI Press Release

We are still not certain that this is the same counterparty to the transaction we are investigating, but the name and location are a match, and at a minimum it is a piece of information that any compliance professional would want to be made aware of before dispositioning an alert.

highlighted-result

 

How is this possible; I followed procedures!?

The issue lies in the growing volume of information continually available to investigators, and the lack of tools to harness this information.

After attempting to find this information on the web, you may have searched your department’s curated risk intelligence database and gotten a match.  In fact, I would be surprised if you didn’t as the above is from a highly authoritative source (FBI press release), which most risk databases should cover.  The point of this exercise wasn’t to show that the information is impossible to find, but to highlight a very real example where the coverage of information is not what many believe.  And for every piece of information that the risk intelligence database identifies, I would argue that there are at least ten that the search engine does and the database doesn’t.

For a more in-depth description on the strengths and weakness of the current state of AML tools, please check out our recently released whitepaper for good a overview.

Posted by & filed under Research & Investigation.

When conducting KYC for higher risk client types, it is not uncommon for a bank’s AML policy to require an in-person meeting or on-site visit.

While not every client will require this level of due diligence, visiting a company’s website is a common task that takes place at several stages in the AML process from onboarding through transaction monitoring.

Below is a list of tools that can help in evaluating a company’s website past its marketing copy.

Whois Lookup

whois

A Whois search can provide information on a domain name; including information on ownership, date and place registered, expiration date, and the name servers assigned to the domain.

Knowing this information can be helpful in identifying or confirming individuals affiliated with the company, or finding potential discrepancies with company information.  For example, a company may claim to have been in business for 10 years, but only registered their company website a week ago.  There may be several valid reasons why this occurred, but knowing this information will allow an investigator to ask informed questions.

It is important to also note that domains can be registered privately, so ownership information will not always be provided.

Internet Archives: Wayback Machine

wayback_machine

The Wayback Machine is a digital archive of the World Wide Web and other information on the Internet created by the Internet Archive.  The site allows users to search for past indexed versions of a website.  It is an extremely useful tool if a webpage has been taken down, or if you want to compare information currently on a webpage to what was previous listed; such as to identify company executives that may have been removed.

Reverse Image Search

tin-eyeIt is common for websites to use stock images that can be found across many other sites, but re-used website images can also be an indicator of something more going on beneath the surface.

A reverse image search allows you to upload or paste the link to an image URL and search for websites that contain the same or similar images.  This could potentially uncover if a website is an exact copy of another website, if executive identities are accurate, or to verify any image of something that should be unique to the company.

 

The above all can be valuable tools in gaining additional insight into a company’s website, but it is important to also take into consideration on-page factors, such as spelling,  grammar, and the over look and feel of the site.

 

UPDATE:  Check out part 2 of this blog post here

Posted by & filed under AML Presentations, Research & Investigation.

AML investigations can often be complicated, and there are a whole host of advanced software tools available to help AML investigators visualize transactions and relationships.

Structuring Example

While these products can be beneficial, there is a tool that virtually all AML investigators have access to everyday that can greatly aid in detailing complex relationships, PowerPoint.

Attached are six free PowerPoint templates that the TransparINT team has developed for common AML investigation scenarios.  The templates can be used as part of AML presentations or as visualization tools to help map out complex relationships.

The attached file includes six slides containing the following:

  • Structuring Example
  • Rapid Movement of Funds Example
  • Funnel Account Example
  • Wire Activity Example
  • Transaction Flow Example
  • Ownership Structure Example

Feel free to use these templates in whole or as building blocks to fit your specific need.  Also included on the final slide are notes on some of the tools used to put these templates together.

Click here to download the AML presentation templates

Ownership Chart Example

Posted by & filed under Negative News, Research & Investigation.

TransparINT_White_paperKnowing Your Customer (KYC) is, “the cornerstone of a strong BSA/AML compliance program.” The purpose of KYC is to identify customers, counterparties, beneficial owners and others doing business with a financial institution who pose greater money laundering, financial crime, or terrorist financing risk.

Identifying what is known as “negative news” is an essential way to determine who among this group poses risk. Negative news, also known as “adverse media” is discovered by searching the public information domain, where news items, publications, and other print or electronic records exist. Negative news research is an indoctrinated core of KYC compliance.

Anti-Money Laundering (AML) and financial crime compliance professionals rely on just a handful of applications to discover the misdeeds of those they are researching. Nearly every financial institution uses these applications, or tools, and has done so for the past decade. The tools include risk intelligence databases, archived news libraries, and internet search engines such as Google. Many believe these tools are an effective way to discover past risky activity. Most in the industry accept that if there is a record of wrongdoing to be found, it will be found by using these applications.  That belief is wrong.

Applications financial institutions use to discover negative news fail to identify significant amounts of publicly available risk information. This poses substantial compliance, operational, legal and reputation risks.

This paper addresses how current industry practices for complying with the second element, KYC regulations, fall well short of fulfilling regulatory requirements and how TransparINT enables institutions to fully comply with AML laws, properly identify risk, and protect themselves and their employees from penalties.

Click here to download the full paper!

Posted by & filed under Company.

David_CarusoWe are very happy to announce that David Caruso has joined TransparINT as Chief Operating Officer.

David comes with almost 20 years of industry experience, and has been at the forefront of the toughest issues in anti-money laundering compliance.  David’s prior positions include roles as Chief Compliance Officer of Riggs Bank and CEO of Dominion Advisory Group.

David joins TransparINT as Chief Operating Officer to continue TransparINT’s recent success providing compliance tools to financial institutions in the United States and internationally.

We could not be more excited to welcome David to the TransparINT team.  Throughout his extensive career, David has seen and thrived in just about every aspect of the AML industry.  TransparINT is dedicated to providing truly innovative tools that actually work for modern day compliance officers and analysts, and David will play a key role in forwarding this mission.

Read full press release here

Posted by & filed under AML Presentations.

Recently the TransparINT team had the opportunity to give a presentation to AML groups at Standard Chartered Bank on the heightened risks involving shell companies.

To highlight this complex topic, we used a case study involving well know nominee director Erik Vanagels to provide a real-world example on how to investigate these high risk entities.  Please find the full presentation below.  Enjoy!