Using Open Source Intelligence To Battle Fin Crime
Open source intelligence (OSINT) is beginning to take on a more important role as financial firms move towards greater digitisation. The advent of tools harnessing the advanced technology, as well as the global pandemic, has opened the door for many to make changes in their fight against financial crime (fin crime).
The FCA previously made their expectations clear for increased vigilance while the pandemic continues, with opportunists taking advantage of the ongoing uncertainty.
As a result, the ACFE have reported that more than 80% of organizations have already implemented one or more changes to their anti-fraud programs in response to the pandemic.
These include operational shifts, fraud prevention training and expanding risk mitigation processes to include third party tools – such as open source due diligence.
But what role can open source intelligence play in this fight against fin crime? In short – a huge one.
Understanding open source intelligence
For many firms, the pandemic has brought with it either a long overdue opportunity to review risk assessment or for the unlucky, their hand has been forced.
Interest in open source due diligence has steadily grown over the past decade, while more and more organisations realise the impact it can have on risk management.
The regulators have also begun to see the importance of this type of intelligence and now also imploring firms to do more. The recent Dear CEO letter distributed by the FCA to the heads of businesses operating in Trade Finance stated clearly that not enough is being done.
For many, the hesitation to adopt the technology can be due to legacy practices or relationships, internal objections, or a misunderstanding about the practicalities of the searches themselves. There is a misconception that the investigation of the data is somehow invasive or illicit, when in fact nothing could be further from the truth.
Open source data is entirely public information that is stored online, while open source intelligence is the actionable data points that experts like Neotas and our analysts use to deliver our comprehensive reports.
The sheer volume of information that can be accessed online can make it seem daunting or difficult to parse, which is why thorough, accurate, analysis using artificial intelligence and machine learning is needed to identify relevant, actionable risk data only.
Using OSINT to fight financial crime
Open source intelligence can play a pivotal role in preventing or detecting financial crime.
When harnessed correctly, tools can be used to gather intelligence about the behaviour, reputation and online activities of individuals or organisations, then evaluate them based on specific risk indicators relating to financial crime.
While regulatory compliance guidelines continue to evolve, what it means to truly know your customer is also changing. Open source intelligence platforms like ORCA, allow you to establish clear network analysis charts to help identify connections between individuals and organisations from within disjointed databases.
Using natural language processing (NLP), the right open source intelligence tools can also process data in hundreds of languages, no matter the jurisdiction – eliminating international blind spots from compliance.
With 42% of fraudsters shown to be living beyond their means, one of the key tools that open source intelligence checks can play is in identifying wealth mismatch as a behavioural risk.
The Fraudscape 2021 report highlighted internal threat as the core issue to be aware of this year.
The huge increase in remote working has become an instant threat for many organisations who have been forced to adapt to the landscape of the pandemic. The hasty adoption of home working practices has at times left vulnerabilities to breaches of sensitive information. Thorough, ongoing analysis of employees’ online behaviours can help determine personnel risk when considering insider threats.
Vast Data Sources
Put simply – ignoring open source intelligence is choosing to willfully ignore a huge percentage of potential fincrime risk data.
General online searches only access 4-6% of available online data, which is why internal searches without considering open source intelligence will never be sufficient for knowing your customer.
Using traditionally curated databases can serve valuable purposes from a compliance and risk point of view, however even the largest databases are limited in comparison to online sources.
Science Focus previously reported that the “Big Four” tech companies alone (Facebook, Google, Amazon, Microsoft) store over 1,200 petabytes of data, that’s excluding all other online sources. Comparatively, LexisNexis’ dataset is considered vast and includes 6 petabytes of data.
Open source intelligence searches also interrogate deep and dark web sources, which aren’t typically included in an analysts’ risk evaluation process.
In our own cases, Neotas have raised the financial crime detection rate by 400% over the industry standard (1%). These greater efficiencies can play a crucial role in improving overall detection of financial crime.
Not only will improved detection act as a deterrent, but the quicker and more efficiently the cases are handled, the more cases investigators will be able to manage.
Previously analysts were forced to complete a huge checklist of actions across a number of different platforms. They would need to remember where and how to do each check, as well as the regulations and limitations of each platform. This incredibly time consuming process is one of the key inefficiencies of the role, but has been necessary until now.
Tools like Neotas’ ORCA platform internalise that process into one configurable dashboard, combining internal and external data feeds in one place. Searches across a huge selection of channels are conducted, analysed and evidenced in one place, leading to far greater efficiencies and accountability.
Recent Case Studies
In a recent case for a European venture capital firm, we uncovered a history of fraudulent activity associated with an individual who had changed their name.
Although the name change itself didn’t constitute illegal activity, our enhanced due diligence checks revealed a number of areas of concern including hidden links to fraudulent businesses, as well as undisclosed directorships. These insights would go on to influence the investment decision for our client.
In another recent case for Channel Capital, network analysis of a European company and its Director also uncovered related parties and entities of concern.
Our report unveiled suspicious transactions between the subject company and another European entity. The transactions had seemingly been made in an attempt to inflate the books of the subject company, as a way to appeal to investors.
Following the insights delivered within our enhanced checks, Channel reported the suspicious behaviour to the authorities and halted the deal.
While traditional checks had not uncovered any suspicious activity in these cases, both outcomes were changes for our clients by introducing open source intelligence check into the financial crime prevention process.
Future of FinCrime Prevention
The ACFE has reported that the use of artificial intelligence in fraud prevention is expected to triple over the next three years, as firms continue to adopt new tech. Although this increased adoption is a positive step, those who evolve quicker will drastically reduce their exposure to risk in these cases.
The potential impact that open source intelligence can have on financial crime detection and prevention is plain to see. While the sheer scale of the open source data available can seem daunting, it’s crucial that it forms a central part of risk management processes over the coming years.
Financial institutions should continue to adapt to include open source intelligence checks into their risk assessment procedures, to help ensure an effective defense against opportunists and fraudsters.
Regulations continue to evolve and are likely to require even more data points in the future. Harnessing open source data now can note only ensure compliance but potentially protect from costly mistakes.