Three reasons why audit must be a part of your AML investigation process

By Caroline Tatam

Contents

Get the latest news and insights sent straight to your inbox

Open Source Intelligence (OSINT) is the process of gathering and analysing publicly available data to produce actionable intelligence. It’s a powerful weapon for any Financial Institution in the fight against crime. The effectiveness of regulatory compliance processes such as anti-money laundering (AML) and know your customer (KYC) relies on an in-depth understanding of clients and counterparties, risk actors and threats. By using OSINT, financial institutions can extend their investigations outside of siloed commercial databases and internal systems for a more expansive, up-to-date and proactive understanding of illicit behaviours, connections, and risks.

Having access to a comprehensive audit framework providing chain of custody for all evidence gathered in AML investigations is vital. Here are three reasons why.

#1 Proving compliance with regulations

Increasingly, regulators are scrutinising whether banks have taken appropriate action and completed thorough investigations to prevent business dealings with nefarious individuals.

A substantial proportion of fines for AML transgressions are related to due diligence failures. Having access to clear audit data gives banks the opportunity to prove to regulators that the appropriate level of due diligence was completed before a customer was onboarded. Audit data can prove that sanctions lists were consulted, a customer’s business relationships and company holdings were reviewed, and an adverse media check was completed.

Working with dynamic OSINT data can cause problems for investigators if the data is later removed from the internet. Having access to Videris’s audit framework means there is always a record of the information, even once it’s no longer available online.

#2 Preventing misuse

OSINT can be an incredibly powerful tool in anti-money laundering investigations. However, many organisations fear their analysts may be using OSINT – and any supporting software – for personal gain; to investigate personal contacts or acquaintances. Whilst regulators stress the need for compliance with anti-money laundering regulations, they are also concerned with possible breaches of data protection laws. Recent incidents have seen the Bank of Ireland, Morgan Stanley and others, fined for breaching data regulations. Balancing the need to allow investigators to examine publicly available data and the risks of abusing these privileges is a constant challenge.

Being able to access audit data such as search terms and target entities allows organisation administrators to ensure that their users are only collecting information directly related and proportionate to the remit of their assigned investigations.

Videris helps the analyst maximise the accuracy and relevance of collected information, but audit allows administrators to make sure their users are not misusing these tools.

Audit data can also be used to ensure all employees are adhering to your institution’s policies around legitimate use cases.

#3 Improving investigative consistency

Audit data provides a clear record of all the steps taken in each investigation. This can be useful when presenting that data to the wider business; or when revisiting a case, to be able to see what was covered in earlier investigations.

Having access to audit data means banks can review all investigative activity centrally to ensure consistency and that analysts are carrying out a satisfactory level of investigation for all subjects of investigation.

Often, different individuals or teams have different approaches to investigations. By reviewing audit data of existing investigations, banks can identify gaps and professionalise a process that can otherwise be disparate.

Videris provides audit tools essential to financial crime investigations

Videris provides administrators with comprehensive audit tools, allowing them to review activity at an action, user, or case level. Audit data is secure and can only be accessed by selected users at your organisation. This extensive audit framework has benefits for everyone involved in AML investigations:

Heads of Financial Intelligence Units and Money Laundering Reporting Officers are reassured that Videris provides full chain of custody of all investigations, whilst maintaining control over how teams are using sensitive OSINT data
Investigators and analysts can focus on completing investigations efficiently, without extensive manual record-taking
Regulators can recommend the use of OSINT knowing protections are in place to ensure adherence to data regulations and avoidance of abuse.

To find out more about how Videris can support your OSINT investigations with audit, book a demo now.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-30568652-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_ga_K2NT2CSZ1K	2 years	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.