Few working in financial crime compliance would dispute the value of intelligence in the fight against financial crime. Transaction monitoring as a means of identifying suspicious activity is notoriously inefficient, with typically fewer than 3% of monitoring alerts converting into suspicious activity reports (SARs) filed with law enforcement. Even so, the volume of SARs can be overwhelming to law enforcement bodies and identifying the valuable insights within a wealth of data shared – often shared more to protect a financial institution than because the information clearly demonstrates illicit activity (so-called defensive SARs) – can be extremely challenging.
Criminals laundering money will deliberately use networks of accounts across multiple financial institutions and across borders in order to obscure the funds flow. Having mechanisms in place to facilitate information sharing where criminal activity is either known or strongly suspected is therefore of paramount importance in order to be able to join the dots and reveal a full picture of connected activity. It also allows law enforcement and financial institutions alike to concentrate valuable resources on known illicit activity and have a greater impact in the fight against financial crime.
With this background in mind, Grant Thornton UK LLP’s Financial Crime Team hosted our third financial crime breakfast briefing of the year, where Partner Tom Townson set out previous efforts to encourage intelligence-sharing, challenges that still remain and whether the new provisions in the Economic Crime and Corporate Transparency Act do much to improve the situation. We held an interactive session using poll technology and gleaned some really interesting insights from our audience.
Historical efforts to improve information sharing
Over the last decade or so there have been various attempts in the UK to improve both public-private and private-private information sharing. The implementation of the Joint Money Laundering Intelligence Taskforce (JMLIT) in 2015 was one of the most significant, providing a forum to bring together banks, law enforcement, and regulators to discuss both emerging typology information (through the six expert working groups) and specific tactical intelligence (through the operations group) which facilitates an extremely rapid response to events such as terrorist attacks, as well as the sharing of information to support longer term investigations into serious organised crime. JMLIT is seen internationally as an example of best practice, but retains limitations, including the restricted membership and the high degree of coordination required with the public sector.
In 2017 we saw the introduction of ‘super SARs’ through the Criminal Finances Act which allowed regulated entities to initiate information sharing with other regulated entities, subject to a notification to the National Crime Agency (NCA), and then to submit a joint SAR to the NCA. This sounds very useful in theory, as the combining of information held by two institutions seems much more likely to demonstrate an actionable pattern of activity, but the amendment has not been as successful as was anticipated and a show of hands in the room suggested that few attendees had any personal experience with super SARs.
The creation of the National Economic Crime Centre (NECC) in 2018 was another initiative designed to enhance the UK’s ability to fight financial crime, bringing together law enforcement, government departments, and regulators with the aim of better intelligence sharing and collaboration between the public and private sectors.
Commonly cited challenges to intelligence sharing include concerns around data privacy and other legal limitations, as well as more practical considerations of how to share information and how to get sufficient coverage, given restricted membership of forums such as JMLIT.
During the briefing we polled our audience to get their view of the blockers to information sharing, asking ‘what has stopped you from sharing financial crime-related information with your peers in the past?'
Interestingly 50% considered that the biggest blocker was a lack of opportunity, in terms of having a clear channel through which to share, or group to share with. Legal advice or risk concerns came in next, being cited by 38% of the audience.
The new information-sharing provisions
The Economic Crime and Corporate Transparency Act 2023, which received Royal Assent on 26 October, contains some key provisions that aim to make information sharing easier. In summary:
- The provisions allow for direct sharing of information between entities in the regulated sector
- There may be indirect sharing of information via a third-party intermediary for firms in the financial sector including electronic money institutions, payment service providers, and cryptoasset exchanges
- Information shared must be for the purposes of preventing, investigating or detecting ‘economic crime’, which is broadly defined and includes money laundering, terrorist financing, bribery, sanctions evasion, tax evasion, market abuse, and fraud
- There is no need for a notification to the NCA, and no need to have received a ‘sharing request’ from the receiving firm
Participating firms receive protection against a breach of confidence or other civil liability, if the disclosure is made for the purposes of preventing financial crime, and the party sharing the information must already have decided to take action against the customer.
These provisions undoubtedly represent a step forward from the existing position, but questions still remain. It is unclear how the third-party mechanism for indirect sharing will work and the Government has made it clear that any such mechanism needs to be developed by the private sector. Additionally, it is not entirely clear what constitutes a sufficient decision to ‘take action’ against a customer – an exit decision on the basis of financial crime risk would likely suffice but could a more limited action also meet the test, such as choosing to applying heightened monitoring. It is also true that institutions have other regulatory obligations and need to continue to comply with data protection principles, treating customers fairly and the conduct regime, all considerations which need to be balanced with information sharing.
When we polled our audience, 95% considered that these provisions would help them exchange intelligence that they do not currently share
– an overwhelmingly positive response which suggests the legislation does well to address the challenges earlier identified in the room as blockers to information sharing.
We concluded our session by flipping the script and asking attendees if they, as members of the public, trusted their bank to share information about them with other private institutions. 60% voted ‘no’. Perhaps being professionals operating in this space on a daily basis makes us more attuned to things that can potentially go wrong with information sharing, or perhaps we want to have actionable intelligence only when it suits us and to retain our personal rights to privacy.
Either way, these changes are now live, and we will watch with interest the implementation of the Act and subsequent developments in this crucial area in the fight against financial crime.