Capítulo III: Evaluación Externa
3.2. Análisis Competitivo del País
up an increasingly reliable picture in answer to a series of questions about suspicious activity:
• Who is involved?
• What are they doing and why? • With whom are they doing it?
• What or who is the object of that activity? • Is there an innocent explanation?
• Is the activity potentially harmful?
The picture is based on financial information and the inferences that can be made from it. By combining this data with other types of (non-financial) information, the true nature of actors and activities can be uncovered. The size of an individual transaction and its apparent nature can be important, but its full value relies on further information with which to establish context and relevance. For example, an internet subscription might lead to content analysis of a suspect’s online activity to learn about their intentions, contacts and movements. The same applies to any other transaction or set of transactions which may establish a pattern. The information gained can relate not just to individuals but to networks and mechanisms used and abused by terrorists.
1.2.2 The Prevention of Terrorist Attacks
If suspicions are confirmed, timely intervention based on economic data may be possible. It may take the form of action against individuals, but it can also involve action against their assets and infrastructure: • Confirmed terrorists may be tracked by use of the credit card or bank account they are known to use.
The type of purchase, eg, a hotel reservation or flight details, may give useful information on plans and timing.
• If a terrorist has money to finance an attack deposited with a bank, the bank may be asked to freeze the account.
• If a business is unwittingly providing facilitation to terrorists, such as storage, it will be possible to either monitor or disrupt activity.
Financial institutions may be asked to provide this information in near-real time during critical incidents, putting strain on both their systems and resources, but such information has proved crucial to successful disruption of terrorist attacks.
1.2.3 Harm Reduction
Harm reduction is generally orientated towards hardening possible targets – making them more difficult to approach and resistant to attack – if the prevention of an attack is not possible. It is also about mitigating the impact of an attack once it has occurred. The targets here are not just individuals and physical locations, but infrastructure that can be abused by terrorists, such as the financial system, the provision of professional services, and markets for goods, which are easy to turn into cash.
These are of course the same structures used by money launderers, and AML measures can also be applied to reduce harms to business infrastructure caused by TF. The harm lies in the abuse of the institution or individual providing goods and services and the wider damage done to their reputation and that of the sector when abuse is uncovered.
Lastly, harm reduction also includes making sure the measures necessary to fight TF do not do the terrorists’ work for them by alienating the public that the measures seek to protect. Thus, one objective of TF is to find proportionate responses to threats, not disproportionate ones that adversely impact economic activity for no material gain in safety.
1.2.4 The Prevention of Further Acts
Combating TF on the basis of common sense measures principles or by exploiting similarities with ML is not only possible but, as we have seen, desirable. The activity is sufficiently different from ML to allow analysis of trends and techniques in their own right. The history of successful attacks shows that it is, unfortunately, not possible to prevent all attacks. However it is possible to learn from them, and to use such knowledge in the prevention of further attacks.
Economic analysis can help prevention in a number of ways:
• Analysis of clues from an actual attack, eg, bank card checks on individuals, and fare purchase records suggested by analysis of CCTV footage, can help establish the identity, bases and homes of attackers.
• Analysis of personal finances can establish social behaviour and interaction with other individuals and groups.
• Analysis of these groups and individuals can help identify other potential suspects or establish if it was an isolated occurrence.
• The type of abuse of financial infrastructure necessary for an attack to be possible can be isolated and loop holes closed, where possible.
• Wider economic research among the populations from which terrorists emerge can isolate economic factors that give rise to extremism and economic arguments that are used to justify it.
In particular, financial investigations have come to rely heavily on identifying telecommunications transaction data (especially internet and mobile phone bills) to establish links between individuals and groups. Combined with other financial information, such data can be used to compare methods and approaches and identify those who may otherwise go undetected, so reducing the chances of successful terrorist attacks.
4
1.3
The Challenges of Combating Terrorist Financing (TF)
Learning Objective
4.1.4 Understand the challenges of combating the financing of terrorism: potential erosion of due process and human rights; risks of incorrect or inadequate controls; challenge of detection given low visibility; reliance on intelligence
1.3.1 The Potential Erosion of Due Process and Human Rights
In many countries, legislation addressing terrorism, terrorist organisations and TF expanded greatly after 9/11, in response to UN activity and pressure from affected countries. Government organisations and officials gained extensive powers to designate groups as terrorist organisations; designate individuals as terrorists; and to access wide categories of confidential information. However, the results of keenness to eliminate risk often entailed the curtailment, omission or other erosion of procedural safeguards, intended to protect individual and corporate economic actors against mistakes and abuse.
Specifically, laws in some countries authorised government officials to target individuals and organisations on the basis of secret evidence, some of which was gathered on the basis of mere hearsay or happenstance. Some individuals and organisations found they were suddenly caught up in the application of CFT measures without charges being formally filed, and without having opportunity to respond or of access to meaningful judicial review. Assets could be frozen pending investigation on the basis of non-judicial decisions by officials.
Finally, at the corporate level, NPOs with agendas that are legal, but opposed to the action of governments and influential stakeholders, or which support legal causes in countries with a history of terrorist activity, may be targeted by disruptive inquiries under CFT powers. It can be difficult and expensive for organisations and individuals who may be unfairly or unjustly targeted or sanctioned to obtain advice and support, as potential advisers fear being branded as supporters of alleged terrorists.
1.3.2 The Risks of Incomplete, Incorrect or Inadequate Controls
In such an environment it is easy for incomplete, incorrect or inadequate controls to be introduced. The main problems arise when controls:
• do not target the risk they are intended to prevent, or do so in a way that conflicts with other principles or rules; problems also arise when controls require knowledge or technology that is not easily obtainable;
• do not reflect the way individuals, groups and firms behave in the normal course of business and the marginal cost imposed by new controls on firms and individuals;
• are hard to police or require very intensive policing to be effective; • require complex underlying arrangements to be put in place; • are easily overtaken by events and lack design resilience.
As a result, the wrong people can be targeted and innocent parties affected, alienating communities and exacerbating tensions. Sometimes, the causes can be trivial. For example, controls that require foreign names and addresses to be compared with lists of suspected individuals assume there is uniformity in the spelling (and transliteration) of a name and the organisation of addresses. This may be true in some economies but it is not the case in others. Effective controls take time and experience to develop and, until they are refined by experience, they risk under- or over-regulating activity. This fact is well known to terrorists and is part of the response they seek to provoke, as over-reaction, especially against minority groups, can act as a recruiting sergeant for terrorism.
1.3.3 The Challenge of Detection Given Low Visibility
Not unsurprisingly, terrorist groups go to great lengths to avoid detection, especially those operating international networks, which require a response on global, regional and national levels. Whether they are a network of networks (or franchise) structure or individually mounted suicide attacks, terrorists have secrecy as a common trait. A great number of strategies and tactics designed to remain unnoticed are known, taught and being used. Terrorist groups are likely to have good access to false documentation, when required, and networks of ideological sympathisers, who, whilst not involved in terrorist acts, may provide logistical and financial support, using their legitimate businesses.
Indeed, some terrorists hide in plain sight, using their own names and normal (ostensibly legitimate) financial arrangements to fund their activities. Detecting that a particular individual is using some of his salary to rent a storage unit for terrorist purposes, rather than the numerous possible legitimate explanations for this activity, is approaching impossible, in the absence of other evidence or intelligence.
Unfortunately for the financial sector and DNFBPs, such other intelligence (when it exists) is often in the hands of the authorities and cannot, or is not, shared.
1.3.4 Reliance on Intelligence
Good financial intelligence is thus of major importance, but its true significance may only be recognised when combined with other intelligence, sometimes derived from very sensitive sources. Successful early detection, prevention, and investigation of terrorism are dependent on the smart combination of signals and pieces of evidence from a wide range of public and private sources, nationally and internationally.
Unfortunately for those charged with identifying suspected terrorists in their customer base or suspected terrorist activity through their transaction monitoring, they will only see a fraction of this intelligence, often only that in the public domain, making their job extremely difficult. Efforts have been made by the authorities to share more intelligence with the private sector when possible, but even then the intelligence may not be in a useful form for the controls operated by firms.
4
1.4 Sanctions
Learning Objective
4.1.5 Know the purpose and application of sanctions screening
Sanctions are generally imposed by international bodies such as the EU and the UN, and individual countries. They prohibit certain activities with targeted individuals, entities, organisations and countries. Sanctions are normally used by the international community for one or more of the following reasons: • to encourage a change in the behaviour of the target(s);
• to apply pressure on the target(s) to comply with international standards or objectives; • to prevent conflict and human rights violations;
• as an enforcement tool when international peace and security has been threatened and diplomatic efforts have failed;
• to prevent and suppress the TF and terrorist acts;
• to prevent the proliferation of weapons of mass destruction.
As far as financial institutions are concerned, the prohibited activity may include conducting business, operating accounts or facilitating transactions. They may be required to freeze the assets of listed entities. Sanctions regimes require absolute compliance and impose criminal penalties on those individuals and firms who breach them. Sanctions screening is designed to avoid such breaches.
Sanctions apply, and therefore firms are at risk of a breach, immediately an individual or entity is placed on an applicable list for a sanctions regime. Financial institutions must put systems and controls in place that will identify whether they are conducting business with any such individuals or entities, which can be a considerable challenge for large firms conducting millions of transactions daily. Such firms are likely to use one of several commercially available automated systems, which will update sanctions lists automatically. Smaller firms may use more manual processes and efforts have been made by the authorities involved to supply the data in a timely and usable format. In the UK, HM Treasury publishes a consolidated list of sanctions targets in a variety of data formats7.
The screening process will throw up names of possible matches with the list. These possible matches must be reviewed by trained staff and confirmed matches reported to the authorities. Screening should be carried out against all customers, at the time of establishing a business relationship, and it is good practice to carry out periodic reviews – for example of the whole customer list, or when the consolidated list changes. Firms should also put in place measures to screen transactions (ideally in real time, ie, before a payment instruction is executed).
The JMLSG has published guidance on compliance with the UK sanctions regime in Part III of its Guidance8. The Wolfsberg Group has also addressed the issue in their 2009 paper on AML Monitoring,
Screening and Searching (2009).9 The FATF has also issued guidance for jurisdictions, such as their
paper on International Best Practices: Freezing of Terrorist Assets (revised in 200910) and Guidance on
implementing financial provisions of UNSCRs to counter the proliferation of weapons of mass destruction (published in 2007).11
In addition to the risk of breaching sanctions, firms must also be aware of their regulatory risk. In the UK, the FSA took an interest in systems and controls for sanctions compliance. In April 2009 it published a report on financial services firms’ approach to financial sanctions12, which found that there was
significant scope across the industry for improvement in firms’ systems and controls. To quote Philip Robinson, then the Director of Financial Crime at the FSA:
The use of financial sanctions to deliver public policy objectives has risen rapidly up the political agenda in the UK, in the European Union and at the United Nations. It is important that firms understand that having systems and controls relating to financial sanctions is an integral part of complying with the FSA’s requirements on financial crime.13