Something we said? Don’t leave just yet!

For more information about latest events, news and insights, leave us your email address below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form

FIUs - is the convergence of tech and data the answer to combatting financial crime?

We spoke to Marc Fungard from K2 Integrity to discover if the convergence of intelligence, tech and data could be the answer to combatting financial crime.

Napier AI
March 10, 2022

Marc Fungard is the Managing Director of Technical Services at K2 integrity. Prior to that, he held several roles at HSBC, where he created and led its financial intelligence unit (FIU), with a focus on tactical and strategic intelligence analysis, complex investigations, risk assessments, and data-driven risk detection. HSBC’s FIU has served as a model for other firms and is widely recognised as an industry-leading facility.

Earlier in his career, Marc held several roles with the U.S. Government, including acting as senior advisor to the Director of the Financial Crimes Enforcement Network (FinCEN), where he worked to reform and strengthen the intelligence and analytical capabilities of the U.S. Financial Intelligence Unit.

He also served as Director of the Office of Illicit Finance for the U.S. Department of the Treasury, developing technology used to provide sanctions-targeting support.

What is the role and purpose of FIUs within a typical financial services organisation?

Financial crime investigations

Many large financial institutions have an FIU, to uncover and investigate customer transactions associated with money laundering or terrorist financing.

FIU approaches often vary

Some organisations choose to adopt a more operationally focused perspective by making their FIUs responsible for the day-to-day management of anti-money laundering (AML) alerts. This involves scrutinising alerts generated by transaction monitoring systems for potentially suspicious activity, to identify and escalate cases that require more thorough investigation.

Other financial institutions design their FIU capability to be intelligence-led, to focus on emerging and complex risks, or those that cross institutions and jurisdictions.

In HSBC’s case, their FIU strived to balance the typical aspects of investigations with more strategic thinking to build a picture of criminal networks across jurisdictions and  shed light on the origin and patterns of criminal activity.

FIUs also seek to understand emerging financial crime threats, gauge how a financial institution may be exposed to these threats, and feed this back into the overall financial crime risk management of the firm.

FIUs typically perform more complex investigations

FIUs investigate complex financial crime cases. These may be particularly challenging owing to their sheer size and cross-border nature, or because of more sophisticated criminal typologies.

Complex cases are sometimes visible to larger organisations with broader risk profiles; however, they nearly always implicate multiple institutions of varying sizes.

The biggest money laundering organisations work hard to develop and maintain complex, multi-banked networks to increase their own resilience to disruption.  

FIUs within large institutions are therefore responsible for analysing a larger surface of networks because of the bank’s engagement with international subsidiaries.

For example, a major bank’s FIU may have visibility on illicit activity flowing through an Asian affiliate back to a Western affiliate via a correspondent relationship with a third party.

Where does an FIU typically sit within an organisation, and who does it report to?

There’s no ‘one size fits all’ FIU

FIU-related functions can be positioned differently within the structure of a financial institution, so there is no standard template, per se.

Some institutions use their FIU as a  investigative-focused arm, while others maintain an exclusively external focus to inform risk appetite at a client or business level.

Leading organisations do not limit their FIU by placing it within any one particular risk silo, such as in the AML or sanctions teams.

It is important to avoid constraints when searching for illicit money flows, as focusing on a particular regulatory impact can hinder a team’s ability to identify and prevent broader financial crime. A more comprehensive approach allows FIUs to communicate with individual policy teams and introduce specific regulatory expertise if needed to support subsequent investigatory action.

FIUs within the broader risk management process

Some large financial institutions have evolved so they no longer have a dedicated FIU department.

In these instances, many of the functions originally conceived in the FIU gradually diffuse across the bank’s ecosystem to become part of the wider financial crime and operational risk management universe.

Consequently, the complex investigations aspect may evolve to become part of the overall financial crime investigation process, and strategic intelligence can shift into broader risk assessment functions.

Best practices for FIUs

Adopt a comprehensive approach to identifying financial crime

An FIU should be all-encompassing in its approach to identifying financial crime, and should not be restricted by one  type of risk, one jurisdiction or one set of transactions.

A broad, investigative approach can significantly improve the effectiveness of financial crime detection by exposing links between entities, highlighting relationships and interconnected transactions that characterise money-laundering activity.

FIUs should be proactive, rather than reactive

The volume of typologies and risk assessment materials published by governments, national FIUs, and other organisations is immense.

Leading firms analyse situations, transactions, and external threats to identify risk drivers and assess the probability and potential impact thereof.. Proactive financial crime risk management improves an FIU’s ability to manage existing and emerging risks and to adapt quickly to events.

The importance of outcome-feedback loops

An effective outcome-feedback loop is vital. If firms can aggregate findings from their FIU and feed back into their front line anti-financial crime controls, it will unlock a  cycle of process improvement to promote robust, ongoing financial crime detection and prevention.

The key challenges of running an FIU

Data silos

FIUs are extremely data-hungry but must have the capability to aggregate data and analyse it appropriately.

Not every organisation is inherently well-structured to collate customer and transaction data to paint a coherent picture of unlawful behaviour. Information silos often exist within large organisations, making it difficult to locate and share information.

Data protection

Data protection and data security need to be considered to prevent the exposure of sensitive information. For international institutions, data protection regulations (such as the EU’s General Data Protection Regulation) can slow down data sharing between entities in different jurisdictions. Firms must consider the legitimacy of their data sharing carefully and whether they have the right to share such information across borders.

A lack of process standardisation

The work carried out by FIUS is not repetitive, with thousands of cases requiring a similar response, instead, investigations are far more bespoke, which is difficult to standardise.

Therefore, FIU processes typically lack fully embedded and operational workflows. This can make it difficult to disseminate learnings and new control measures from successful investigations into wider, banking functions. Specific cases might require changes in control frameworks and there is a great deal of process design involved in improving policies and procedures that may be exposed during FIU investigations.

How might emerging technologies address the challenges that FIU’s face?

Improved data analysis boosts FIU effectiveness

Innovations such as Artificial Intelligence (AI) offer enhanced data analysis capabilities for FIUs. Unstructured and structured data sets can be aggregated and analysed efficiently to derive new insights and highlight suspicious activity.

Rules-based systems for monitoring transactions tend to generate high levels of false positive alerts (in some cases, this can be as much as 95-99%), each of which needs to be investigated by an analyst. By implementing novel technologies, financial institutions can greatly reduce false positive volumes by as much as 40%.

Process automation

In its most basic form, financial crime detection is a pattern-matching problem. Exposing  money laundering involves identifying behaviours that fall outside of an individual's typical or expected behavioural patterns.

AI is a powerful pattern matching tool suited to detecting suspicious behaviour. Automation can release team members to focus on investigative functions rather than perform repetitive tasks.

The biggest challenges in AML

A low return on investment

Currently, most institutions detect approximately 5-10% of financial crime despite investing large sums of money and resources in its prevention. In any other endeavour, with low returns such as these, an organisation would not continue to deploy capital. However, regulatory obligations require firms to continue to invest in and maintain their financial crime compliance capabilities.

Adopting advanced technologies has enormous potential to improve the effectiveness of AML functions, but there is still a long way to go to tip the balance in favour of financial services firms.

Legacy Technology

There are inherent limitations in the controls that most organisations use to prevent financial crime, and most control frameworks in the AML space are between 10 and 20 years old. Banks attempt to augment legacy technology with a catalogue of modern “bolt-on” applications, increasing the complexity of those systems to update.

However, this does not eradicate the scalability, security, and financial challenges that the legacy systems present to the institution.

The future of AML

The ‘Utility Approach’

Industry participants have talked about the ‘utility approach’ for close to twenty years.

This approach involves collecting and sharing information among multiple banks. The reason this has not happened yet, is because it is difficult to share information and knowledge in a way that is also privacy-enhancing.

Emerging technology presents a real opportunity for institutions to collaborate and learn together without having to share underlying data.

Reaching a collective effort in financial crime prevention would be a huge step forward for financial institutions. Opportunities are also increasingly available for information sharing both in public/private partnerships and in large, multinational organisations with multiple subsidiaries.

If the financial services sector can collaborate its efforts to tackle financial crime, the outcome will be far superior to that  achieved by individual efforts.

Improve your compliance processes with an award-winning solution

Get in touch to see how our solutions can help your organisation transform your compliance; or request a demo to see it in action.

Photo by @hugoheppo on Unsplash

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.