The Investigator-Centric Approach: A Practical Guide

By Charles Brown

Investigator centric approach

    Get the latest news and insights sent straight to your inbox

    In our article ‘Investigator-Centric Approach to Financial Crime: Back to the Future or Back to Basics?we discussed some of the core deficiencies at the heart of current AML/AFC risk management frameworks, and how some FIs are moving towards a more effective approach, described as an investigator-centric approach (ICA).

    Whereas the previous article outlined why an ICA is required, this article intends to focus on how FIs can structure the way in which they introduce innovation within their FCRM frameworks to operationalise a more proactive, intelligence-led model.

    What innovation is needed?  

    The key to the investigator-centric approach is the adoption of innovations modelled on frameworks that are used by government investigations and security agencies. 


    Within an ICA, triggers for the identification and investigation of suspicious activity still come from customer and transaction alerts. However, they can also come from a range of other sources of intelligence, including:

    • News and other publicly available data sources,
    • Enquiries/production orders from law enforcement
    • Intelligence provided within financial intelligence sharing partnerships (FISPs)
    • Any other source of intelligence deemed relevant by a team of experienced financial crime investigations and intelligence practitioners

    That data is analysed and “leads” are pursued based on the priorities of national FIUs and other relevant law enforcement bodies. 

    Once these proactive, intelligence-led investigations have been carried out, decisions made and SARs filed (if appropriate), lessons learned from the process – eg. discovery of new typologies etc – are fed back into the system. This makes transaction monitoring and screening activities smarter, as well as enhancing future investigation practices.  

    A close-up of a car dashboard

Description automatically generated with medium confidence


    The most innovative AFC investigations and intelligence units appear to be staffed by individuals with law enforcement, security services or military backgrounds. Hiring people with expertise in investigating and dismantling criminal networks, and a solid grounding in intelligence analysis and investigative best practice bring obvious benefits to AML/AFC teams.

    People from these backgrounds also often bring a (much needed) desire to see mandatory obligations as a minimum output, rather than the sole aim, as well as a positive cultural bias that is aligned with the original intention of AML/CFT regulations – that is, to detect financial crime and to provide valuable intelligence to FIUs.

    New call-to-action


    Historically, technology investment has focused on “volume issues” – such as customer screening and transaction monitoring. Apart from workflow and case management tools, that mostly serve as administrative aids, AML investigators have been ill-equipped and under-resourced. Without dedicated investigations tools, investigators spend much of their time undertaking highly manual investigations processes, collecting and processing data, and maintaining explainable audit trails.  

    The key therefore is technology that automates as much of the investigative process as possible, freeing up human investigators to work on the highest-risk cases, and the most valuable activities – such as analysing data, and making decisions.

    The aim of this innovation in technology is to improve outcomes by providing investigators with a more complete view of the customers, parties and transactions involved in potentially suspicious activity. Critical to obtaining a more complete view of risks is the utilisation of tools that are able to draw on the broadest selection of data sources – especially open source, or publically available data – and allow individual customers or transactions to be viewed in relation to their role within networks, rather than viewing them in isolation.

    OSINT and Network Analysis

    OSINT (open-source intelligence) is the end result of a process that involves turning publicly available information into actionable intelligence upon which critical decisions can be made. Although it is widely used within government investigations agencies, OSINT (eg. information from corporate records, news media, social media, import/export data and other sources) is often neglected by financial institutions in favour of analysing internal data and using third-party risk and compliance databases.  

    Relying on a ‘walled garden’ of internal data, and structured and curated datasets to spot risk, is short-sighted and ignores the vast ocean of data sitting in external sources. To put things into perspective: the total amount of data on the internet is estimated to be 1200 petabytes. When compared to the 6 petabytes of data provided by some larger risk and compliance data companies, it’s clear that failing to review all available data might lead to crucial intelligence being missed.

    But it’s not just about having access to a broader set of data sources – crucial to the success of the investigator-centric approach is the use of technologies that map the networks of corporate entities and individuals connected to customers and transaction counterparties. When used in the right way, OSINT can help investigators to understand the context surrounding the client and their behaviour, identifying risks that might otherwise have been missed. 

    The role of technology 

    Whilst OSINT and network analysis can provide great benefits to AML investigations and financial intelligence professionals, making use of them can be highly manual and time-consuming. Technology can help in several ways. 


    Technology can help investigators save significant time by automating manual tasks where possible. However, it’s vital that the human investigator is still able to use their skills and judgement to make decisions. The solution to this is Intelligent Automation, which uses technology to speed up tasks that do not require complex decisions to be made – such as the targeted collection of data and sourcing of information – leaving investigators with more time to focus on the analysis of data. This approach can substantially increase efficiency whilst still ensuring effectiveness.

    Network visualisation 

    Networks can be hard to understand when described in narrative form, making it easy to miss subtle connections between entities – for example, shared phone numbers or addresses. Visualising networks using technology can help the investigator to overcome this difficulty: investigators can quickly develop a detailed understanding of context and risk, and visualisations are useful for demonstrating risks and explaining decisions to stakeholders later.    


    Security is an essential consideration in every investigation but can be especially difficult to achieve when working with live internet data. Not only do investigators need to be sure that they aren’t susceptible to viruses or malware online, they also need to remain anonymous. Unwittingly tipping off the subject of an investigation can derail it or damage the financial institution’s reputation. Here, technology can automatically ensure that the investigator remains both secure and anonymous without any risk of human error. 

    Professionalising the investigative process 

    Transparency – the ability to explain how and why certain decisions were taken – is required by regulators and law enforcement. Similarly, a degree of consistency in the way investigations are conducted is an essential way of ensuring standards and professionalism. However, logging each step of an investigation manually, including screenshots, is very time-consuming. Again, technology can automate this to ensure that evidence is captured and activities are logged, allowing investigators to carry out professional investigations to a consistently high standard. 

    The Benefits of an Investigator-Centric Approach 

    By introducing the necessary innovations in people, process and technology required to bring about an investigator-centric approach, financial institutions can be confident that they are taking a comprehensive approach to financial crime risk mitigation. By adopting a more proactive and intelligence-led approach that utilises open source intelligence and network analytics, FIs will transcend the limitations of rules-based TM and customer screening systems, and limited “walled garden” datasets, leading to both enhanced compliance, as well as greater effectiveness.

    If you’d like to talk to an expert about how the investigator-centric approach can transform the effectiveness of your AFC investigations, get in touch

    New call-to-action

    More insights