Why OSINT is the key to implementing the new EU anti-money laundering package 

Last week, the EU Council and Parliament made a provisional agreement on its new anti-money laundering package, which aims to improve the way that national systems work together to fight financial crime.  

The European Council states that the agreement is focused on harmonising rules throughout the EU, closing loopholes that previously allowed criminals to launder money. This is a step forward in terms of preventing crime – but what are the implications for financial institutions and other regulated entities?  

In this article, we’ll look at why OSINT will become key to the ‘obliged entities’ affected by the agreement and how they can prepare for the new regulations coming into force.  

What are the new regulations?

1. More types of organisation will need to conduct due diligence 

An ‘obliged entity’ is how the EU describes any organisation subject to AML regulations. Under current laws, financial institutions, real estate agencies, asset management services, casinos and merchants are already included. The new agreement will widen this group further, so that the following entity types will be considered ‘regulated’ and need to conduct customer due diligence: 

• Crypto-asset service providers (CASPs): when carrying out transactions amounting to 1000 Euros or more.  
• Traders of luxury goods such as precious metals, luxury cars and art. 
• Professional football clubs and agents: member states will need to consider these as obliged entities where there is greater risk of money laundering associated with the football industry.  

2. More thorough due diligence will be required in some cases 

New enhanced due diligence (EDD) measures will now be required for situations where there is a higher money laundering risk, including: 

• New measures for cross-border correspondent relationships for CASPs 
• Requirement for credit and financial institutions to conduct EDD where relationships involve handling large assets for High Net-Worth Individuals (HNWIs)  
• Obliged entities which have transactions and business relationships with certain high-risk third countries will need to conduct additional EDD.  

3. Clearer Beneficial Ownership

Several changes will be implemented to improve the quality of information in beneficial ownership registers and to ensure that access is granted to those who need it. 

These include: 

• Verifying information submitted to central beneficial ownership registers, and flagging associations with sanctioned entities where they are identified. 
• Allowing company registries to perform in-person inspections of premises to verify information submitted where needed.  
• Allowing register access not only to public authorities and obliged entities, but also to members of the public with legitimate interest. 

 What are the implications?

Whether these measures signal a move towards more emphasis on fighting financial crime within the EU remains to be seen. Regardless, over the next few years, a wider range of organisations will need to equip their teams to perform better due diligence and identify the signs of money laundering. 

OSINT will be essential to regulatory compliance 

Using Open Source Intelligence (OSINT) is key to ensuring obliged entities are able to comply with these new regulations. Searching publicly available information, including live, unstructured internet data as well as corporate records, sanctions and PEPs databases, can reveal the insights entities need to understand beneficial ownership and identify risk as part of EDD.  

While basic checks may rely on using curated ‘risk’ databases, using these sources alone is rarely sufficient to identify more nuanced risks that are reason for concern in an AML context.  Not only do they contain limited information, especially in less transparent and higher risk jurisdictions this information can become outdated quickly. To ensure thorough coverage, investigators should also review news media, blogs and forums, publicly available social media and the other sources available only through the live internet. 

Leveraging all available open source data when conducting EDD will ensure compliance with the newly formed regulations, as well as improving the quality and efficiency of risk management. Adopting technology that enables entities to conduct secure, effective EDD across the range of data sources required, will be key to ensuring obliged entities can meet these new regulations efficiently and effectively. 

Obliged entities must have the tools to understand networks  

The ability to investigate network connections is essential to thorough financial crime investigations. The war in Ukraine has brought the importance of understanding a customer, counterparty or partner’s associations into sharper focus, with the concept of being ‘sanctioned by extension’ or association to an already sanctioned entity now widely understood. More broadly, the ability to understand network connections is key to tackling money laundering because laundered funds often travel through multiple individuals, companies and addresses.  

Relying on manual techniques to gather network data will reduce the efficiency of obliged entities’ investigations teams. Useful information may be found in disparate locations including corporate records, publicly available social media, adverse news, blogs and forums; but checking multiple sources securely and collating relevant information is a slow, error-prone process. Similarly, understanding network data without mapping tools is unlikely to be successful. 

To overcome these challenges whilst complying with new regulations, obliged entities will need network visualisation tools that allow for fast, intuitive understanding of the networks used to launder funds, so that they can draw accurate conclusions from their due diligence investigations. Similarly, those in charge of beneficial ownership registers must have the ability to map corporate networks so that they can visualise the entities registered with them and spot irregularities more easily.  

More investment in anti-financial crime technologies and people 

Finally, organisations will need to review their current processes and plan a strategy that  will ensure both compliance and effectiveness. Investing in technology solutions will play a key role: the right OSINT solution will increase a team’s effectiveness by facilitating the use of all available open source data in EDD and AML investigations. At the same time, these investments send a clear message to the regulator that an entity is serious about its anti-financial crime obligations at a time where fines for contravening regulations are getting harsher. 

New requirements will mean that obliged entities need to not only invest in the capability support in-depth investigation, but also demonstrate compliance. OSINT technology isn’t only useful to help investigators work faster and increase accuracy: it can also provide auditability. Solutions like Videris automatically log each step of an investigation and capture evidence, helping investigators (and the entities they work for) conduct and provide evidence of clear, thorough and consistent processes.   

A deeper, more consistent approach to fighting financial crime 

By introducing regulations that require deeper, more thorough investigations, the EU has made OSINT a necessity for obliged entities. True enhanced due diligence and detailed understanding of beneficial ownership is only achievable using live, unstructured internet data in combination with corporate records and sanctions lists 

Although most of its provisions will not come into force for three years, obliged entities need to invest in the tools, people and processes needed to for compliance ahead of time. 

Find out how our OSINT solution, Videris, to find out how you can enhance your organisation’s Enhanced Due Diligence with live internet data, without compromising efficiency.