Marc Fungard is the Managing Director of Technical Services at K2 integrity. Prior to that, he held several roles at HSBC, where he created and led its financial intelligence unit (FIU), with a focus on tactical and strategic intelligence analysis, complex investigations, risk assessments, and data-driven risk detection. HSBC’s FIU has served as a model for other firms and is widely recognised as an industry-leading facility.
Earlier in his career, Marc held several roles with the U.S. Government, including acting as senior advisor to the Director of the Financial Crimes Enforcement Network (FinCEN), where he worked to reform and strengthen the intelligence and analytical capabilities of the U.S. Financial Intelligence Unit.
He also served as Director of the Office of Illicit Finance for the U.S. Department of the Treasury, developing technology used to provide sanctions-targeting support.
What is the role and purpose of FIUs within a typical financial services organisation?
Financial crime investigations
Many large financial institutions have an FIU, to uncover and investigate customer transactions associated with money laundering or terrorist financing.
FIU approaches often vary
Some organisations choose to adopt a more operationally focused perspective by making their FIUs responsible for the day-to-day management of anti-money laundering (AML) alerts. This involves scrutinising alerts generated by transaction monitoring systems for potentially suspicious activity, to identify and escalate cases that require more thorough investigation.
Other financial institutions design their FIU capability to be intelligence-led, to focus on emerging and complex risks, or those that cross institutions and jurisdictions.
In HSBC’s case, their FIU strived to balance the typical aspects of investigations with more strategic thinking to build a picture of criminal networks across jurisdictions and shed light on the origin and patterns of criminal activity.
FIUs also seek to understand emerging financial crime threats, gauge how a financial institution may be exposed to these threats, and feed this back into the overall financial crime risk management of the firm.
FIUs typically perform more complex investigations
FIUs investigate complex financial crime cases. These may be particularly challenging owing to their sheer size and cross-border nature, or because of more sophisticated criminal typologies.
Complex cases are sometimes visible to larger organisations with broader risk profiles; however, they nearly always implicate multiple institutions of varying sizes.
The biggest money laundering organisations work hard to develop and maintain complex, multi-banked networks to increase their own resilience to disruption.
FIUs within large institutions are therefore responsible for analysing a larger surface of networks because of the bank’s engagement with international subsidiaries.
For example, a major bank’s FIU may have visibility on illicit activity flowing through an Asian affiliate back to a Western affiliate via a correspondent relationship with a third party.
Where does an FIU typically sit within an organisation, and who does it report to?
There’s no ‘one size fits all’ FIU
FIU-related functions can be positioned differently within the structure of a financial institution, so there is no standard template, per se.
Some institutions use their FIU as a investigative-focused arm, while others maintain an exclusively external focus to inform risk appetite at a client or business level.
Leading organisations do not limit their FIU by placing it within any one particular risk silo, such as in the AML or sanctions teams.
It is important to avoid constraints when searching for illicit money flows, as focusing on a particular regulatory impact can hinder a team’s ability to identify and prevent broader financial crime. A more comprehensive approach allows FIUs to communicate with individual policy teams and introduce specific regulatory expertise if needed to support subsequent investigatory action.
FIUs within the broader risk management process
Some large financial institutions have evolved so they no longer have a dedicated FIU department.
In these instances, many of the functions originally conceived in the FIU gradually diffuse across the bank’s ecosystem to become part of the wider financial crime and operational risk management universe.
Consequently, the complex investigations aspect may evolve to become part of the overall financial crime investigation process, and strategic intelligence can shift into broader risk assessment functions.
Best practices for FIUs
Adopt a comprehensive approach to identifying financial crime
An FIU should be all-encompassing in its approach to identifying financial crime, and should not be restricted by one type of risk, one jurisdiction or one set of transactions.
A broad, investigative approach can significantly improve the effectiveness of financial crime detection by exposing links between entities, highlighting relationships and interconnected transactions that characterise money-laundering activity.
FIUs should be proactive, rather than reactive
The volume of typologies and risk assessment materials published by governments, national FIUs, and other organisations is immense.
Leading firms analyse situations, transactions, and external threats to identify risk drivers and assess the probability and potential impact thereof.. Proactive financial crime risk management improves an FIU’s ability to manage existing and emerging risks and to adapt quickly to events.
The importance of outcome-feedback loops
An effective outcome-feedback loop is vital. If firms can aggregate findings from their FIU and feed back into their front line anti-financial crime controls, it will unlock a cycle of process improvement to promote robust, ongoing financial crime detection and prevention.
The key challenges of running an FIU
FIUs are extremely data-hungry but must have the capability to aggregate data and analyse it appropriately.
Not every organisation is inherently well-structured to collate customer and transaction data to paint a coherent picture of unlawful behaviour. Information silos often exist within large organisations, making it difficult to locate and share information.
Data protection and data security need to be considered to prevent the exposure of sensitive information. For international institutions, data protection regulations (such as the EU’s General Data Protection Regulation) can slow down data sharing between entities in different jurisdictions. Firms must consider the legitimacy of their data sharing carefully and whether they have the right to share such information across borders.
A lack of process standardisation
The work carried out by FIUS is not repetitive, with thousands of cases requiring a similar response, instead, investigations are far more bespoke, which is difficult to standardise.
Therefore, FIU processes typically lack fully embedded and operational workflows. This can make it difficult to disseminate learnings and new control measures from successful investigations into wider, banking functions. Specific cases might require changes in control frameworks and there is a great deal of process design involved in improving policies and procedures that may be exposed during FIU investigations.
How might emerging technologies address the challenges that FIU’s face?
Improved data analysis boosts FIU effectiveness
Innovations such as Artificial Intelligence (AI) offer enhanced data analysis capabilities for FIUs. Unstructured and structured data sets can be aggregated and analysed efficiently to derive new insights and highlight suspicious activity.
Rules-based systems for monitoring transactions tend to generate high levels of false positive alerts (in some cases, this can be as much as 95-99%), each of which needs to be investigated by an analyst. By implementing novel technologies, financial institutions can greatly reduce false positive volumes by as much as 40%.
In its most basic form, financial crime detection is a pattern-matching problem. Exposing money laundering involves identifying behaviours that fall outside of an individual's typical or expected behavioural patterns.
AI is a powerful pattern matching tool suited to detecting suspicious behaviour. Automation can release team members to focus on investigative functions rather than perform repetitive tasks.
The biggest challenges in AML
A low return on investment
Currently, most institutions detect approximately 5-10% of financial crime despite investing large sums of money and resources in its prevention. In any other endeavour, with low returns such as these, an organisation would not continue to deploy capital. However, regulatory obligations require firms to continue to invest in and maintain their financial crime compliance capabilities.
Adopting advanced technologies has enormous potential to improve the effectiveness of AML functions, but there is still a long way to go to tip the balance in favour of financial services firms.
There are inherent limitations in the controls that most organisations use to prevent financial crime, and most control frameworks in the AML space are between 10 and 20 years old. Banks attempt to augment legacy technology with a catalogue of modern “bolt-on” applications, increasing the complexity of those systems to update.
However, this does not eradicate the scalability, security, and financial challenges that the legacy systems present to the institution.
The future of AML
The ‘Utility Approach’
Industry participants have talked about the ‘utility approach’ for close to twenty years.
This approach involves collecting and sharing information among multiple banks. The reason this has not happened yet, is because it is difficult to share information and knowledge in a way that is also privacy-enhancing.
Emerging technology presents a real opportunity for institutions to collaborate and learn together without having to share underlying data.
Reaching a collective effort in financial crime prevention would be a huge step forward for financial institutions. Opportunities are also increasingly available for information sharing both in public/private partnerships and in large, multinational organisations with multiple subsidiaries.
If the financial services sector can collaborate its efforts to tackle financial crime, the outcome will be far superior to that achieved by individual efforts.
Improve your compliance processes with an award-winning solution