This morning while doing my regular catch up with the news, this one popped up in my feed from The Cipher Brief: “Terrorist Networks Eye Bitcoin as Cryptocurrency’s Price Rises”. Author Yaya Fanusie is a former CIA analyst. He highlights instances and clear signs that terrorist organizations are using (or looking to use) cryptocurrencies to fund their operations. The article is very clear in that while the signs are there, the total amount that has been tracked and proven to have moved, isn’t that significant. It is also clear that this is one of the many mechanisms that terrorist organizations utilize to fund their operations, and that none of us needs to be an expert to also know that compared to other funding mechanisms, crypto must be a minimal speck within the overall terrorist funding operations. Also, we can safely speculate that there is far more criminal activity through crypto than just the ones named in the article.
By no means am I trying to minimize the potential use of cryptocurrencies for the funding of terrorism. And by no means am I reducing the importance of stopping funding of terrorism by all means possible. Every $1 we help our clients stop from being laundered is a big win and large motivator for all of us at IdentityMind Global.
We are constantly looking for ways to better inform our platform analysis to produce more accurate results. Sometimes, coming with very accurate guidance, is not easy. Coming from years of experience in computer security, fraud prevention and anti-money laundering, I can tell you that risk is everywhere, and in hindsight, when doing forensics, you question how you ended up missing a particular risk indicator. Obviously the issue is that there is not enough money to pay for analysts to vet every possible risk signal. The cost of doing so would bankrupt every business in the world. As a result, knowing that they can’t afford to do every possible analysis, companies and analysts have to focus on those incidents that are more likely to pose risk to their business. Often in the process, you end up disregarding something that may result in the realization of that risk. So, what can be done?
As part of our platform’s automated analysis on the identities behind transactions and their potential risk, we perform affiliation and affinity analysis.
Conceptually, affiliation and affinity analysis allows you to understand the likelihood that an individual is associated with groups of individuals or organizations that have proven ties to nefarious activities. This might be fraud rings, terrorists, human trafficking, etc. For example, the San Bernardino terrorist who took a loan from an online lender to fund the purchase of the firearms used in the attack, wasn’t flagged. His wife, unfortunately, was known to have ties to terrorist organizations. Had the online lender known ahead of time that this individual’s wife was connected to a terrorist organization, I am convinced they would have not have given the loan that helped fund this terrorist act.
Regulatory-wise, almost any service that sells financial products has to vet the customer against Sanctions Lists. The intent is that these lists collect the names of individuals, businesses, and even countries that are known bad actors. These include terrorism, rogue states, human trafficking, drug cartels, etc. There are many of these lists, and many countries have their own government body to handle them (In the U.S. the Office of Foreign Assets Control — OFAC develops and maintains these lists) and our platform is one of several that can be used to check against these lists in real time. However, of course, these lists may not have the names of family members, friends, business liaisons, and so many other potential connections that may be relevant while doing this sort of analysis. So the lists’ scope, especially when dealing with online actors, may be very limited.
In the article, there is reference to how social media platforms have been able to remove some accounts that were being used to promote the funding operations — commendable without a doubt. However, me, dreaming, would prefer that these accounts would not have been opened in the first place. Or that the funding would have been stopped at the time of the actual transaction … a perfect world, I know.
Our goal is to provide accurate affiliation and affinity analysis in real-time. We’d like each one of our clients to be able to check the likelihood of whether the individual behind the transaction is connected to any of these nefarious organizations, to avoid creating accounts where they can receive funds, send their messages, and so forth. Or, to stop the actual transaction before it happens.
A digital representation of actors is fundamental — referred to as digital identities, and the crux of our technology. We have the key parts of the puzzle in our solution, but there is more to do. The analysis based on digital identities allows us to map relationships across identities and entities, both online and offline in real-time. The data models allow us to understand ties through social media, dark web, offline data sources and such. But the potential to tag the wrong organization and the people behind them is still a problem we are wrestling with.
At the end, of course, it is all a game of risk and accuracy. As I said before there is risk everywhere, and every bad actor stopped is a win. We just need to make it accurate and automated enough that it is cost effective.
If you have questions about what our platform does today to this regard and our plans for the future, or if you believe you have credible and accurate sources of data, please reach out, happy to start a conversation.