Banks, Authorities, and CTF: A Missed Opportunity and Security Weakness

Wallet and Credit Cards

Photo: United States Navy/Wikimedia Commons.

A recent ISN blog by Owen Frazer highlighted the implications of the post-9/11 ‘Financial War on Terror’ for civil society groups as they grapple with the vulnerability global authorities believe they represent in the struggle against terrorism. But there is a third, critical party in this field that is not often contemplated from a security perspective, namely the Financial Services Industry (‘FSI’).

Following 9/11, the first step of the Bush administration’s ‘War on Terror’ was to sign Executive Order 13224, which aimed to launch ‘a strike on the financial foundation of the global terror network’ in order to ‘starve the terrorists of funding.’ This assault was led by the Financial Action Task Force (‘FATF’), a body originally set up in 1989 to co-ordinate a global response to the laundering of drug money through the banking system. Adding counter-terrorist financing (CTF) to the mandate of the FATF seemed logical at the time, and the Task Force expanded its original 40 Recommendations to include 9 Special Recommendations focused on CTF.  These additional recommendations were recently revised and amalgamated to create a new set of 40 Special Recommendations. In effect, this regime has led global authorities to delegate the frontline implementation of CTF policies to the FSI.

Expectations of what the FSI can achieve in this frontline role are high, with some, such as former UK Chancellor Gordon Brown calling for the creation of ‘a modern Bletchley Park’, and equating the importance of financial forensic work with previous breakthroughs in crime-fighting such as the use of DNA-evidence and fingerprinting.

This might make sense if the FSI were treated as a partner by authorities and policymakers, but to a great extent it is not. In fact quite the reverse is often the case. As Frazer noted in his blog, ‘too much policymaking around charities and counter-terrorism has been like a strict form of parenting: lots of restrictive rules, threats and punishments, and little trust.’ He concluded that ‘the dynamics in the relationship need to change.’ The same certainly holds true for the way in which most authorities engage with the FSI.

The FSI finds itself in an invidious position between blind and costly compliance with an ever-mounting burden of regulation and the threat of sanctions imposed by the authorities if compliance failures are identified. This means that the FSI now practices ‘defensive compliance,’ in which the quantity of so-called Suspicious Transaction Reporting is more important than the quality, and where the industry does whatever is necessary to meet its regulatory requirements in an almost entirely unguided manner. Indeed, much of the action taken by the FSI may be viewed as excessively conservative but, given the limited co-operation between the FSI and authorities, this conservatism may be the best form of protection.

A dysfunctional relationship

While there is no doubt that the implementation of the FATF’s guidelines has raised compliance standards and risk awareness within the FSI and other sectors deemed vulnerable to abuse by terrorist organizations, the effort required to do so has reached a point of diminishing returns.  At best, it now results in actions that add cost but no value to the global CTF regime.  Often, it wastes time and resources on ‘countering threats of the past’ rather than creating a partnership that enhances counter-terrorism efforts today.

Serious risks to security come from this misalignment of incentives and asymmetry of perspectives. For the FSI, the costs incurred in complying with the rising regulatory tide are rarely mirrored by the support received from the authorities.  Moreover, the expectations placed upon the FSI are not matched by the outcomes generated by compliance.

KPMG’s 2011 Global AML Survey highlights the core issues: banks desire more guidance from and collaboration with the authorities in meeting their AML/CTF obligations.  The one-way flow of information that currently exists is a counterintuitive and depressing state of affairs given that the authorities are relying on the FSI to be a front line of defense in counter-terrorism. Taken together, the lack of meaningful assistance from the authorities, the limited evidence-based motivation – with a mere £91,000 frozen by UK authorities as of 30 September 2013 – and the requirement to comply with ever-widening and deepening CTF regulations creates a strong sense of dictatorship rather than partnership.

Recent developments in the field of cyber-security provide a model that could improve this dysfunctional relationship. In March 2013 the UK government announced a Cyber Security Information Sharing Partnership (CISP). As the Rt Hon Francis Maude emphasized in a speech in March, the ‘CISP is all about: government and industry working together to build a comprehensive picture of the cyber threat and coming up with the best defences,’ and recognizes that ‘The private sector…is the most important line of defence…’ and that ‘government and industry [should be] working hand-in-hand to fight a common threat.’ While there are clearly differences between the threat posed by cyber-attacks and by terrorist financing, the sentiment expressed in the establishment of the CISP could lead to effective and valuable partnership in the CTF arena.

It may be the case that informal, high-level contact does in fact take place between the authorities and the FSI in accordance with such a model. Nevertheless, the creation of a modern Bletchley Park (within the confines of data protection and privacy laws) will require a more systematic and collaborative approach. The FSI commands highly sophisticated data and technology capabilities that could be immensely useful for counter-terrorism, yet current efforts remain tactical and event-driven, rather than strategic. A strategy focused on sourcing and deploying financial intelligence (‘FININT’) in partnership between authorities and the FSI would be far more appropriate than the current approach.

Richard Barrett, the former co-ordinator of the UN al-Qaeda and Taliban Monitoring Team, has underlined this point, stressing that ‘States cannot expect the private sector to have a better idea of what terrorist financing looks like than the states themselves.’ At best, the current situation is a missed opportunity. At worst, it is a security weakness that needs to be addressed urgently.


Tom Keatinge is a former investment banker at J.P. Morgan and an analyst of terrorist and extremist financing. He holds an MA in Intelligence & International Security from King’s College London.


For additional reading on this topic please see:

Baseline Study on Anti-Money Laundering and Countering the Financing of Terrorism in the IGAD Subregion

Encouraging Public-Private Partnerships to Fight Financial Crime

Enduring Challenges in the Governance of Money Laundering


For more information on issues and events that shape our world please visit the ISN’s Weekly Dossiers and Security Watch.

Comments Off