Anti-money laundering (AML) laws remain anchored in their 1970s design despite now being used to respond to modern terrorism financing. In the face of persistent threats from terrorism, ignoring innovation can cost lives. Several new technologies could modernize the AML framework to help law enforcement better target terrorism financing and money laundering, making the system faster, more efficient, and safer. This is the first in our series about the potential for these technologies.
While the tech world was recently stirred by the possible unmasking of the creator of Bitcoin, the financial industry remains focused on blockchain, the key technology that makes Bitcoin work. The key innovation of blockchain is having a group track and store transaction records simultaneously rather than each person or firm keeping them individually. This seemingly simple idea could fundamentally change the way that financial activities are conducted, including AML and counter-terrorism financing (CTF) efforts.
Using what’s called a distributed ledger, blockchain could give banks and regulators access to far more detailed transactional and cross-institutional data than is currently available, allowing them to peer deeper into financial networks to identify bad actors. Furthermore, the distributed nature of blockchain technology would make it very difficult for criminals to falsify transactional data to cover their tracks. All of this could take place in real-time, giving law enforcement the precious time they need to identify terrorist plots before they happen. However, this additional speed would need to be balanced against privacy concerns that could arise depending on how such a system were implemented.
The Current Anti-Money Laundering System
The Bank Secrecy Act requires financial institutions to monitor their customers, report suspicious transactions, and maintain customer records to be audited by the government. Financial institutions maintain data on ledgers and analyze them for suspicious activity. A classical ledger stores financial data such as transactions, assets, liabilities, expenses, and capital that are associated with individual people and organizations.
The example ledger above records two exchanges made between Luke and Han, each of which has a transaction entry associated with it in each person’s account. On a classical ledger, all the transactions are listed and summed to account for the bank’s cash flow. In this way, a bank knows where its customers are shopping and how much they are spending (but not what they purchased). Humans are creatures of habit and over time their spending patterns paint a picture of their lives. For instance, looking over your finances you may notice an uptick in purchases of ice cream during stressful weeks or coffee during an important project at work.
Just as your financial life provides patterns that paint a picture of your real life, the same holds for criminals. That’s why federal law requires financial institutions to monitor their books for suspicious activity, especially with regards to money laundering and terrorism financing. If a bank or other financial intermediary notices something fishy, it is required to send a report to federal law enforcement officials, who then check it against reports from other institutions. If law enforcement notices a pattern of suspicious activity they investigate further.
Issues with the Siloed Approach
One limitation traditional financial accounting places on the AML reporting framework is that the reports depend on the pooling of information housed separately, or siloed, in individual financial institutions. This is a problem because what looks normal on one institution’s books might look suspicious from a systemic view.
Every parent knows how siloed information can make detecting malicious behavior complicated. Children can play their parents off against each other when their parents don’t have the same information. For instance, if one parent grounds a child but doesn’t tell the second parent fast enough, the child may get permission from the second parent to do something that violates the grounding. Similarly, if banks only check activities on their own systems, they may miss illegal activities taking place between institutions. These are called information asymmetry problems.
Failing to detect suspicious activity taking place between institutions can have dire consequences. Before setting out to commit the San Bernardino shooting, the perpetrators reportedly drained their bank accounts and maxed out their credit. Bank account, credit card, and loan information are often provided by different institutions that store their records separately. Because each of those institutions only reports the suspicious activity taking place on its own books, law enforcement is unlikely to get the information it needs in time to stop crimes like the San Bernardino shooting.
The San Bernardino example also highlights one of the primary issues with the AML system, one that we’ve discussed before, which is that it was designed in the 1970s to catch members of organized crime families and tax evaders, not to detect terrorism financing. If someone cheats on their taxes or launders money, the difference between catching them today or a year from now generally does not endanger anyone. However, countering terrorism is different. Terrorist attacks must be stopped before they occur, which makes the slowness of the current reporting framework problematic.
BSA Recordkeeping with Blockchain
Blockchain could dramatically improve the speed and effectiveness of AML/CTF efforts by creating a system-wide ledger accessible in real time. This ledger would maintain all transactional data throughout a network of institutions rather than at a single institution. Thus, a network that included all financial institutions could avoid the information asymmetry problem above by giving law enforcement the ability to see the entire system’s ledger rather than just the suspicious activity reports currently submitted by individual institutions.
Wikipedia uses an analogous structure to maintain its articles by crowdsourcing knowledge from anyone willing to author or edit them. If someone adds erroneous information, the community’s editors will generally correct it. Since all of the articles and the history of edits to those articles are simultaneously visible to everyone who views the site, it is difficult for con-artists to make lasting changes.
Blockchain goes further than Wikipedia by storing an entire database of transactions (in the case of a financial blockchain) with each party on the network rather than on a single third-party server. This provides enormous security benefits because in order for a hacker to fraudulently edit the blockchain and thus steal money or assets, they would have to hack more than half the network rather than a single server. The more institutions that are part of the blockchain, the more difficult that becomes.
The security benefits of blockchain mean that transactions can be cleared faster because there is no need for third party verification of transactions. It also means that records of those transactions are much more trustworthy. This combination of speed and trust is an essential improvement over the current framework because of the need to prevent rather than prosecute terrorism.
A significant problem with blockchain that would need to be overcome is how to store the entire database at each institution while still protecting people’s privacy. There are good reasons for people to hide information from their bank or insurance company that have nothing to do with illegal activity. Therefore, many elements of any future financial system blockchain would likely need to be encrypted to protect personal information and corporate secrets.
With an encrypted blockchain, procedures could be put in place to grant financial regulators and law enforcement access when they needed it. This is similar to the current system except that instead of waiting for each bank to review its own transactions for suspicious activity and report them, law enforcement would be able to review the entire network at once without waiting for a bank to check its books. This could provide essential time savings in a world where terrorism is a chief concern.
Blockchain could revolutionize the financial industry in coming years. But as with all revolutions, there may be unintended consequences from its implementation. Policymakers need to consider questions of how to encrypt the ledger so that companies cannot see too much personal data or the secrets of their competitors, which procedures law enforcement should have to follow to access information from the ledger, and which institutions should participate in the verification and editing process as well as how that process should occur. In order for this new and exciting technology to be implemented, these questions and others will need to be answered.
Regulators and Congress should fully explore the potential of blockchain to improve the current AML system. For instance, trial programs could be introduced similar to the United Kingdom’s Financial Conduct Authority’s Project Innovate, which attempts to create a regulatory sandbox to allow institutions to test new products and services under the supervision of regulators. Ultimately, Congress will have to decide how privacy concerns weigh against counter-terrorism efforts. However, it is clear that the current AML reporting rules could be substantially augmented by technological advances like blockchain.