AFC Network-Centric Masterclass
Conducting network-centric investigations to improve AFC outcomes
Hi, I’m Alex Davies. I’m the Head of Customer Success at Blackdot Solutions and today we’re going to explore why network-centric investigations should play an important role in your AFC processes.
What are network-centric investigations?
First of all, we need to understand what the phrase ‘network-centric investigations’ means.
When we talk about network-centric investigations at Blackdot, we mean investigations that analyse the wider network of a subject of interest. Rather than focusing only on information that is specific to the subject, network-centric investigations look at their relationships with people, organisations and other entities to gain a fuller picture of the situation.
For example, if you’re investigating a client’s involvement in a suspicious transaction, you will certainly want to look at their transaction history and the KYC data you have already collected on them, as well as that of the counterparty involved in the transaction. However, in some cases, this is not going to be enough to resolve the case. You may need more information to provide additional context on the transaction.
In these circumstances, looking at the individual’s network may be useful: perhaps you can see that the subject has recently become a director of a business in a country where the transaction took place, or that the counterparty they have transferred an unusually amount to is in fact a close relative. These are very basic examples of network-centric investigations, but their use and purpose can be far more advanced and complex.
Why are network-centric investigations useful?
To explain how complex network-centric investigations can be, we’re going to look at why they’re so important in the context of anti-financial crime investigations.
Traditionally, AML/ AFC investigators tend to be required to meet certain criteria and work according to particular rules and processes. This can be effective for the earlier stages of the AFC process, where the focus is on identifying possible criminal activity. For example, automated systems are considered to be a generally useful part of transaction monitoring processes because they are based on rules, such as flagging cash transactions above a certain amount.
However, as criminals become more sophisticated, they have more diverse tactics and are able to avoid the patterns of behaviour that can be picked up by these standardised, rules-based investigative processes. This is why it’s important to broaden your investigative approach. It won’t be news to anyone that, in cases of money laundering, funds are frequently laundered through networks so that the individuals involved either look innocent, or are able to conceal their identity. In these cases, analysing the internal data that is available on an individual themselves is unlikely to yield many results. Analysing the networks around them, however, may reveal that they’re connected to a number of shell companies registered in jurisdictions where there is little visibility of ownership structures – giving an entirely different picture.
External data is vital
This brings me on to my next point – that external data is essential if you are going to look at networks. Internal data and transaction data are both essential, of course, and should be a first point of call in case an investigation can be resolved easily. Many organisations will also do adverse media, sanctions and PEP screening, where names are screened against preconfigured databases. However, these checks are not enough for a full network-centric investigation. A thorough investigation will look at external data as well. The simplest and most common source of external data in these instances is open source data- publicly available data, usually accessed online through search engines and other platforms.
Examples of the kinds of external or open source data that might be useful as part of a network-centric investigation include:
- Corporate records data: this is an essential source of information about companies which are often used as vehicles for money laundering and other financial crimes
- Data from search engines: this could be articles, blog posts, personal websites and any of the information on them
- Adverse media: this is already very commonly used as part of AFC investigations processes, but should be used in conjunction with other sources in order to get the fullest picture possible
- Social media data: where social media is publicly accessible, it can be a great source of information about connections, which are after all the basis of a network-centric investigation
At Blackdot, we work with lots of financial institutions who are keen to introduce network-centric investigations into their AFC investigation processes. We tend to find that this kind of investigation works best at a L3/ complex investigation level, although it is also useful for fraud investigation and other crimes where networks are commonly involved.
The key benefit of network-centric investigations in this context tends to be increased insight – you are more likely to find relevant information that allows you to close a case and – hopefully – your organisation to avoid involvement in activity that could result in fines or reputational damage. When information that could inform your investigation is readily available online, it’s hard to find an excuse for not using it.
Network-centric investigations basics summary
So, let’s just quickly recap what we’ve looked at in this section.
- Network-centric investigations involve looking at a subject of interest’s network, rather than data in isolation, to resolve a complex AFC case.
- Building a complete picture of an individual is more likely to help you resolve a case where complex financial crime is involved because it can reveal things like money laundering networks that wouldn’t be obvious if you were just looking at transaction or internal data.
- External data such as corporate network and social media data is key to these types of investigations because it gives further context to the investigation.
Now we’re going to move on to looking at some best practices for network-centric investigations.
Network-centric investigation best practices
When you’re conducting a network-centric investigation, it’s important to understand that there’s no one-size-fits-all approach. This means that these best practices are guidelines and might not apply to all situations.
Human investigator required
The first thing to bear in mind is that, in most cases, these kinds of investigations can’t be fully automated. It’s difficult to write rules for how they should be conducted and an investigator is needed to interpret the information they unearth and decide what they should look at next. These kinds of investigations draw on the intelligence-led, investigator-centric approach often used in government, where an investigator examining a complex case carries out a ‘freeform’ investigation, exploring all of the avenues they suspect might be interesting in order to reach the best possible outcome.
That said, there are some aspects of these kinds of investigations that can be automated and we’ll be looking at those in the next section.
Sources to cover
We’ve already discussed how external data is useful for this kind of investigation. Now, we’re going to look at some specific sources that might be helpful to your work.
Firstly, we’ll look at corporate records. Individual national registries are often the most reliable places to get information from, but they aren’t always the simplest to access. For this reason, there are a number of other sources that are useful.
If you’re a fan of Ray and Graham’s work at the Dark Money Files you’ll probably already be aware of Open Corporates. It’s a fantastic source of free information about companies, officers, agents, addresses and more.
The International Consortium of Investigative Journalists is the organisation responsible for investigations like the Panama Papers and Paradise Papers which contain data about many offshore companies which would normally be very difficult to find. If you reach a dead end in your investigation – for example, an ultimate beneficial owner based in a location like the Cayman Islands – the ICIJ’s data may be able to offer additional insight.
OCCRP is an international consortium investigating and reporting on organised crime and corruption. Their data set is comprised of ground-breaking leak data and public records, including many national corporate registries. Searching OCCRP can be a great way of identifying if people, companies and addresses of interest are implicated in organised crime or corruption.
The data you can find in search engines is highly valuable, but they can be difficult to navigate because they are often designed to show the most popular result, rather than the one most useful to your investigation. We’ll talk in the next section about how we tackle this problem.
You’re likely to already be using adverse media throughout your compliance and investigations processes, and we would suggest also using your preferred adverse media vendor here – for example, Dow Jones Factiva or Refinitiv’s WorldCheck services. The key for a network-centric investigation is to combine data from this source with that from other sources.
Where social media content is publicly viewable, it can be a really useful for identifying networks. Examples of this include friends lists, likes and group memberships which might suggest certain interests or connections, especially in investigations into CFT and predicate crimes of money laundering.
Here, you can see a much wider list of sources that you might consider using for a network-centric investigation. You won’t need to use all of these sources for every investigation, but they’re useful to have as part of your investigative toolkit.
Each of these sources is very useful by itself but the real benefit of network-centric investigations comes when you layer data from several sources. This gives you important context and helps you to build this coherent picture of a subject of interest, so that you’re less likely to miss key information and more likely to get the insight you need to close the case.
As with all types of investigation, network-centric investigations using open source data can sometimes raise ethical questions. At Blackdot we use five key principles to guide our approach to investigations, which are as follows:
Public information only
This means that we only facilitate research into publicly available or publicly licensable information. We would never gather non-public information or interact or engage in any way with a third party, including investigative subjects, in the course of the investigation. As a bank, you may have access to additional information such as that collected as part of your KYC processes, and transaction data, but any external information you collect should always be public.
Focused data collection
We recommend only collecting targeted information directly related and proportionate to the investigation you’re conducting, rather than collecting bulk or non-targeted data. If you’re subject to GDPR or other data protection regulations, this will help you to comply more easily.
As we’ve already mentioned, human investigators are an essential part of the network-centric investigation process. Because it’s difficult to predict the direction of an investigation, an investigator needs to be on hand to decide what to do next and to make judgements about what the data you’ve found means.
It goes without saying that it’s essential to record your work so that you can demonstrate compliance with regulatory requirements. This might include things like a list of the searches you’ve conducted, the sources you’ve visited and screenshots of any evidence you’ve gathered so that you can prove that your investigation was thorough and fair.
We would recommend agreeing ethical principles for this type of investigation within your organisation to ensure that investigators are able to work effectively and fairly.
Best practices summary
Before we move on to discussing the challenges involved in this kind of investigation, let’s recap the best practices we’ve discussed here:
- Human input is important. Network-centric investigations can be partly automated, but their lack of predictable shape means that human judgement is often needed to understand and draw conclusions from the data that’s been gathered.
- There are a number of sources that you might want to draw from, but you can use these to maximum effect by combining the data from them to gain a full picture of the subject of investigation.
- Investigations using external data should be conducted according to ethical principles that have been agreed within your organisation
Challenges of network-centric investigations and how to solve them
We’ve already touched on some of the problems that investigators face when conducting network-centric investigations, but now we’re going to talk about them in more detail – and discuss how to solve them.
Large data volumes
Many of the sources we’ve discussed – and especially search engines – are likely to produce very large volumes of data that are hard to sort through. One way of increasing the relevance of your searches is by constructing advanced searches, but these require additional expertise. Technology can also be really helpful here – the way our software platform Videris tackles this is by bringing back all of the results that may be relevant, then allowing the investigator to filter through and categorise them. This helps the investigator to be certain that they’ve checked every relevant result and haven’t missed important information, but allows for huge efficiency gains – it takes about 10% of the time you would spend manually assessing all of the data.
Understanding data and finding connections
When you’re looking for networks across multiple, disparate sources, connections can be very hard to identify. In these cases it is often useful to have a charting or visualisation tool to help you to understand this data. When you can see connections it’s much easier to understand a situation and draw conclusions from it. Some tools will also help you to identify these connections by suggesting possible similarities. This is a great example of where automating part of the investigative process – but still including the investigator – can enhance the effectiveness of network-centric investigations by making them more efficient and providing additional insight.
When conducting sensitive investigations online it’s vital to ensure that your identity and the nature of your investigation is protected. This can be easier said than done, but using tools that can anonymise your work can be very useful to avoid human error.
We’ve already talked about the need to record sourcing in case anything changes, but this can be extremely time-consuming. If you miss just one source and it ends up being the crucial piece of evidence, you’re in trouble! Again, technology can be really useful here as some investigation tools will log your activities and automatically capture sourcing where it’s needed.
Finally, we’re going to bring all of this theory to life by taking you through a short case study that shows you a network-centric investigation in action.
Talk through this video.
Thanks for watching this masterclass. We hope that you agree that network-centric investigations are an important part of the AFC investigator’s toolbox. If you’d like to ask any questions or find out more about how to implement these investigations in your organisation, feel free to get in touch.
Transform Your Financial Crime Investigations With Videris
Get in touch to see how Videris can enable your team to collect, analyse and visualise open source data faster and more accurately with all your investigation tools in one platform.
Fill in the form on the right and we will get in touch shortly.