Fusing OSINT with internal data for better risk management

By Blackdot Solutions

Data fusion

    Get the latest news and insights sent straight to your inbox


    We live in a data-rich world. From internal information collected at different touch points during a client relationship, to an expanding array of open-source intelligence (OSINT), more data is available than ever before. 

    For financial institutions, considering both internal and external data is central to the risk-based approach advocated for by the Financial Action Task Force (FATF) and required by national regulators. A risk-based approach requires treating each customer differently depending on their level of risk, allowing firms to allocate limited resources more strategically and effectively. However, financial institutions can only treat customers differently if they’re confident they understand the risk each customer truly poses. If firms rely on incomplete information to gauge risk, such as Know Your Customer (KYC) files, they might miscalculate. Fusing internal and external data gives a complete view of a client’s risk profile, facilitating this approach. 

    Public sector bodies also benefit from combining internal data with valuable external data like OSINT, to gain a more comprehensive understanding of risk factors and implement more effective and better-informed solutions. By analysing internal and external data, regulators and oversight bodies can stay on top of emerging trends and threats, identifying high-risk activities early on and serving as a warning system. They can also better measure the effectiveness of their risk management strategies by including OSINT in their analysis. 

    Suggested Reading: Financial Institutions are increasingly recognising the importance of the intelligence-led approach to investigations. Read more about this, and how it contributes to a risk-based approach, here.

    What is internal data in risk management investigations?

    Internal data refers to the information an organisation collects, processes, and retains from its operations. The type of data generated varies by organisation type, meaning the quality and diversity of internal data also differ significantly. 

    Government bodies, for example, often have access to a wide range of internal data subject to strict data handling, processing, and auditing. This means that data such as tax, census, or birth and death records can be taken with a high degree of confidence. However, data points that are self-reported or potentially outdated, such as public opinion surveys or address history, may be unreliable. 

    For financial institutions, internal data points like transactional data can be afforded a high degree of confidence. However, KYC files or risk assessment data may rely on self-reported information and/or are subject to human error and should be considered carefully. KYC files may contain limited or incomplete information, or be written by poorly trained staff. For example, they could contain only basic ID information without details of employment status, occupation, or source of wealth. Because these types of information are self-reported by the customer and may not be updated regularly, they cannot always be afforded a high degree of confidence.

    Types of internal data:

    • Transactional data
    • Know Your Customer files and other customer data
    • Regulatory or compliance databases that hold Suspicious Activity Reports
    • Procurement data
    • Census data
    • Trade records
    • Law enforcement databases
    • Employee records
    • Public services data 
    • Vital records (e.g. birth and death certificates, marital records)
    • Education records
    • Risk assessment data 

    What is OSINT data?

    External data or OSINT is a broad term encompassing publicly available information. It includes certain corporate and legal records, media reports, social media profiles, discussion forums, and public databases. Many valuable government records may be available online, though accessibility depends on the jurisdiction. In the US, for example, certain states allow public access to vast amounts of legal information such as criminal, bankruptcy and marital records. Conversely, there is patchy access to corporate records, with much more available in other jurisdictions such as the UK. 

    Government bodies can leverage OSINT by expanding their analysis to include non-traditional sources such as media articles or online forums. By engaging with this material, researchers can identify trends or emerging threats domestically and internationally, where access to internal data is limited. For example, investigating tax evasion may require looking up foreign countries’ corporate or real estate records and may also involve corroborating information with news articles or other less official sources. 

    Suggested Reading: Discover how FIUs can harness the full power of OSINT here.

    OSINT case study

    One case study recently published by Liechtenstein’s Financial Intelligence Unit (FIU) demonstrated how the FIU had conducted OSINT research in a large-scale case involving a jurisdiction in South America. In the case study, the FIU located an online article stating that “a former foreign minister had purchased gold in Liechtenstein using funds held with their offshore company account in Liechtenstein.” This finding triggered an analysis of all entities affected by the business deal, including the bank, the precious metals dealer and the local trust and company service provider. The FIU’s analysis revealed a third-party involved was known to have ties with a large-scale ongoing international investigation. 

    Although OSINT is incredibly useful, it has some practical challenges. One challenge is the sheer volume of online information, which makes it difficult to sift through findings. A huge amount of growing online data highlights the need for firms to use advanced technology solutions, preferably with artificial intelligence capabilities, that can accurately screen high data volumes and rank sources for relevance. 

    Another potential challenge of OSINT is deciphering the reliability of sources. To mitigate this, firms should have a clear process and understanding of how less reliable information fits into the investigative process. For more information on how to understand the reliability of OSINT read our blog post here.

    Types of external data/OSINT:

    • Corporate records
    • Media publications (e.g. Financial Times, New York Times, Wall Street Journal )
    • Leaked databases or investigations from reputable sources (i.e. Pandora Papers, Panama Papers
    • Court judgments and criminal records
    • Social media profiles
    • Records of campaign contributions
    • Criminal records
    • Marital records
    • Bankruptcy records
    • Online forums (e.g. Reddit)

    Data fusion: Why combine internal data and OSINT?

    Individually, internal data and OSINT are valuable in advancing risk management efforts. However, fusing these data types can greatly enhance risk management processes. For financial institutions, leveraging various data types strengthens the customer due diligence process, giving a more accurate view of risk during onboarding or when refreshing a client’s risk profile. For government bodies, corroborating information from OSINT with internal data can lead to a more comprehensive and deeper analysis. This data fusion strategy results in a broader perspective and early detection of trends or potential risk factors, which improves compliance overall.

    “Internal and external data are absolutely key in mitigating financial crime. In my view, both should have an almost equal weighting in decision making. However, both suffer from similar pitfalls – reliability, bias, and relevance, to name a few. That said, the fusion of internal and external data can help provide a clear threat picture and offer insights into how best to manage it. “ – Financial Crime Threat Intelligence Specialist

    OSINT case study

    The regulatory sentiment is supportive of combining internal data with OSINT for better risk management. For example, the US Financial Crimes Enforcement Network (FinCEN) notes the value of checking “publicly available asset declarations and published official salaries” against declarations from politically exposed persons. Recently, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) released an operational report noting the value of online information and social media profiles to provide useful leads in identifying transactions linked to the illegal wildlife trade. 

    Challenges and execution

    Executing a data fusion strategy poses some challenges in terms of practical application. In many cases, however, the right technology can support investigators to overcomes these challenges.

    Suggested Reading: Choosing the right technology solution for your organisation can be a difficult process. Read our step-by-step guide to make the experience smoother.

    Integration of internal and external data

    Investigators need access to a variety of data from both a firm’s internal records and external sources. To ensure this, investigators need a flexible investigation solution that can easily integrate any source, internal or external.

    Gleaning insights from disparate data sources

    Manual cross-referencing between different data types can make it challenging to spot connections and insights. To effectively glean the relevant information from various sources, the interface used to analyse information must be optimised for easy comprehension. Otherwise, analysts will get lost in the data. Solutions should include visualisation and analysis tools that will aid investigators in understanding the full picture.

    We’re seeing some real innovative uses of artificial intelligence and natural language processing in the FinCrime space merging OSINT data and internal data. We are also seeing a seismic shift in how large institutions, including traditional incumbent banks, are integrating these tools into their anti-financial crime frameworks. Regulators too are sending positive signals in this space – I wouldn’t be surprised if, in the near future, regulation moves to make the use of open source information a regulatory obligation.“ –  Financial Crime Threat Intelligence Specialist

    New call-to-action

    Fusing OSINT with internal data with Videris

    OSINT solutions like Blackdot’s Videris help investigators streamline their research and investigation, by combining internal and external data in a single interface. 

    Integrating data sources

    Videris allows investigators to search across multiple disparate data sources (e.g. search engines, news and social media, corporate records) to quickly identify relevant information on their subject. Teams can integrate internal data sources and analyse all data in the same, secure interface.

    Analytical tools

    With AI capabilities that screen high data volumes and rank sources for relevance, investigators can speed up their processes and improve investigation outcomes. Visualisation tools and automatic connection mapping facilitate network analysis, so that investigators can make sense of the data and identify key insights.

    Understanding data provenance

    When reporting on the results of an investigation, it’s vital that investigators know where the data behind their decisions has come from. Videris automatically retains sourcing for every piece of data in an investigation and logs each step of an investigation, so that evidence is at the investigator’s fingertips.

    If you’d like to understand how Videris could enhance your data fusion strategy, book a demo today.

    New call-to-action

    More insights