Jusletter IT

Tracking of financial movements

  • Authors: Janos Böszörmenyi / Erich Schweighofer
  • Category: Articles
  • Region: Austria
  • Field of law: SMART-Workshop--Surveillance-Technologies-and-Privacy
  • Collection: Tagungsband IRIS 2014
  • Citation: Janos Böszörmenyi / Erich Schweighofer, Tracking of financial movements, in: Jusletter IT 20 February 2014
The use of automated systems is a necessity to detect criminal activities, such as money laundering, terrorism financing and fraud in today’s highly complex financial systems. The legislator passes on responsibility to the private sector which deals with the challenges of crime prevention and detection by deploying different means provided by a vibrant industry. Compliance as a regulation model decreases infringements of fundamental rights by public authorities, but raises several new problems which need to be dealt with.

Inhaltsverzeichnis

  • 1. Introduction
  • 2. Grounds for Establishment
  • 3. Transaction Monitoring
  • 4. Watch Lists
  • 5. Fundamental Rights
  • 6. Best Practices
  • 6.1. GIANOS
  • 6.2. Ma³tch Technology
  • 7. Conclusions
  • 8. References

1.

Introduction ^

[1]

This paper is based on the results of a largely empirical research in the framework of the EU project RESPECT1. For the research we developed a questionnaire, which was sent to numerous financial institutions, public authorities and software vendors and was also used as an interview guide2. All partners of the RESPECT consortium participated in disseminating the questionnaire and/or conducted interviews. Further, the European Banking Federation and FIU.NET, the EU computer network for financial intelligence units, were so kind to support this task by sending the questionnaire to their members. Additionally, we and our consortium partners compiled country reports3 containing an overview of the respective financial systems in various EU Member States. Further, we conducted in-depth desk research: studying software vendors’ websites, available publications, public watch lists and more.

[2]
Financial institutions need sophisticated software to comply with international, European and national regulations. Software is necessary to fulfil inter alia Know Your Customer (KYC)4 requirements; watch list screening and transaction monitoring. Monitoring software vendors provide highly sophisticated software that monitors and analysis transactions (see Chapter 3), while enhanced watch lists are offered by commercial watch list vendors (see Chapter 4). Both vendors are able to offer software for KYC and other solutions; also, monitoring software can provide interfaces and screening engines to integrate public and/or commercial watch lists.5

2.

Grounds for Establishment ^

[3]
Automated systems are used to detect, prevent and/or prosecute crime by tracking financial movements. The main areas of application are anti-money laundering (AML), combating the financing of terrorism (CFT) and fraud detection. AML and CFT are addressed by international, European and national legislation.
[4]
The European Commission (hereinafter referred to as Commission) estimates, referring to researches by the International Monetary Fund (IMF) and the United Nations Office on Drugs and Crime (UNODC), that annually around 330 billion euros are laundered in the EU.6 For the purpose of terrorism financing the main cost drivers are maintaining terrorist networks or cells, recruitment and planning. Individual terror attacks do not require significant amounts of money. The Commission assumes that the 2005 London bombings cost approx. 10 000 euros and the 2004 Madrid bombings around 8 000 euros.7 The US software company FICO developed a Fraud Map for Europe using data provided by Euromonitor International. For 2012 the Fraud Map shows that total card fraud level amounted to 1.5 billion euros.8
[5]
International attempts to tackle money laundering date back to the 1980s.9 They originate in the USA, where policy makers were eager to target the profits of crime and were concerned by the vulnerability of the economy.10 Subsequently in 1989, the (then) G7 established the Financial Action Task Force (FATF)11 and gave it a mandate to consider efforts to prevent the utilisation of the banking system for the purpose of money laundering.12 Less than one year later the FATF published 40 Recommendations, which were to become the main international standard on combating money laundering. In the aftermath of the 9/11 terror attacks, recommendations to combat the financing of terrorism were added.13
[6]
Besides the FATF, the most noteworthy stakeholders on the international stage are the United Nations, the Egmont Group of Financial Intelligence Units14, the Organization for Economic Co-operation and Development (OECD), the World Bank and the IMF.15
[7]
On the European level, the Council of Europe’s MONEYVAL evaluates participating countries.16 Moreover, for EU Member States, the EU’s legal framework, consisting of the Third AML Directive17, implementing Commission Directive 2006/70/EC18, Council Decision 2000/642/JHA19 and the Fund Transfers Regulation20, is applicable. Currently the EU’s legal framework is under review. The Third AML Directive, Commission Directive 2006/70/EC and Council Decision 2000/642/JHA are supposed to be replaced and merged by the Fourth AML Directive21 and a new Fund Transfers Regulation22 shall replace the one in force.
[8]
Financial institutions primarily adopt AML/CFT measures to comply with obligatory regulations and to avoid damage to their reputation. They undertake own initiatives to counter risks, deriving from money laundering, terrorist financing and fraud. As explained in a circular of the Basle Committee in 1988, banks face several risks, such as: «reputational damage, loss of public confidence in banks, or material damage as a result of fraud.»23 Especially, to avoid reputational damage, financial institutions developed self-regulatory principles, such as the Wolfsberg principles (2000). Banks can opt voluntarily to become subject to this code of conduct. In a certain way, banks are forcing each other to comply with regulatory requirements, because the sector is aware which banks are not compliant with AML/CFT legislation, thus the reputation of such banks is damaged.24

3.

Transaction Monitoring ^

[9]
To monitor customers’ transactions, financial institutions screen large amounts of data and apply data mining techniques to determine whether suspicious transactions are being carried out. Data mining involves techniques ranging from statistics to artificial intelligence, machine learning and pattern recognition.25
[10]
Suspicious (or atypical) transactions generate alerts which prompt employees to carry out investigations. Legal provisions expressly require ensuring that transactions are consistent with the customer’s business and risk profile.26 It is for instance possible to assign a customer to a peer group and observe the customer’s behaviour in comparison to the average behaviour within the group.27 When applying this solution an individual profile for each customer can be avoided. However, this technique might be satisfying for the purpose of AML/CFT; yet, to detect fraudulent activities it seems necessary to have more detailed knowledge about the individual customer’s behaviour. Especially, in regard to credit and debit cards, to detect fraud in real-time, profiling is an important tool.28
[11]
There are often similarities between the behaviours of criminals. To avoid the iteration of criminal activities with similar patterns, one can learn from previous cases and establish scenarios (rule sets) for the detection of similar modus operandi. For this purpose indicators can be derived from known money laundering cases. According to an Egmont Group compilation, the most frequently observed indicators are «large-scale cash transactions», «atypical or uneconomical fund transfers to or from foreign jurisdictions», «unusual business activity or transaction», «large and/or rapid movements of funds», «unrealistic wealth compared to client profile», and «defensive stance to questioning».29 Knowing these indicators known patterns can be detected by using for instance rule-based classifiers. This technique classifies input using rule sets (based on mathematical logic, and often expressed as a collection of «IF … THEN …» rules).30 The above mentioned indicators could be used to create a scenario: IF «unrealistic business activity» AND «large-scale cash transactions» THEN «trigger alert». Of course, in fact, both mentioned indicators for themselves are already scenarios, thus to trigger an alert, this rule set would require a succession of «IF» «THEN» conditions.
[12]
Thus, the algorithms embedded in the software are screening transactions whether they match rules based on indicators derived from known suspicious scenarios. Rule sets can be pre-defined either by the software vendor or by the financial institution. Also the software learns from the compliance officer’s31 behaviour and proposes adjustments. It uses different methods including artificial intelligence techniques, such as neural networks, support vector machines and anomaly detection. To develop new rules, the software needs about 2 to 3 thousand transactions.32 As a result, even yet unknown suspicious scenarios can be detected.33
[13]
Besides rule-based logic, some software vendors offer products capable to apply behaviour-based logic. Especially, as regards to fraud detection, the algorithms do not search for matches with pre-defined rule sets. They rather search for general anomalies and/or unusual transactions compared to the individual customer’s profile. For fraud detection highly sophisticated techniques like predictive analytics are applied.34 Additionally, some systems carry out link analysis. Data is analysed across disparate data sources to disclose an individual’s identity and/or to spot hidden relations in a customer’s network.35

4.

Watch Lists ^

[14]
Commercial watch list vendors offer products containing over 2 million profiles.36 This includes the content of public watch lists, such as sanctions lists and local police lists, and information about approx. 400 00037 politically exposed persons (PEPs)38. Also, financial institutions are required to know about the beneficial owners of legal entities.39 Software vendors offer knowledge about beneficial owners, additionally some vendors carry out detailed background research on demand.40
[15]
As illustrated in Chapter 2 terrorist financing does not require significant cash flow, hence it is difficult to detect it by monitoring transactions. The financing of terrorism is therefore often targeted by using sanctions lists. Smart sanctions try to circumvent the disadvantages of traditional sanctions, like embargos. Their aim is to punish actual wrongdoers and spare innocent civilians.41
[16]
In regard to the financing of terrorism special significance can be attributed to United Nation Security Council (SC) Resolutions 1368 (2001), 1373 (2001) and 1390 (2002). These resolutions declare international terrorism a danger to international peace and security and permit to target potential terrorists without relation to a particular country or territory.42 SC Resolution 1267 (1999) is the basis for the United Nations most prominent list, the Al-Qaida Sanctions List43, which was since its establishment reaffirmed and modified by more than a dozen resolutions.44 Its European Union implementation is available in the EU’s consolidated sanctions list45.
[17]
To ensure accurate sanctions screening performance and comprehensive detection of PEPs and other potential higher risk customers, software vendors offer screening engines, which automatically match the names of customers and the names of payers of incoming and payees of outgoing transactions against watch lists. The screening engine «performs several logical tests to produce possible matches, such as detection of anagrams, inversion of letters, missing letters, misspellings, abbreviations, phonetics similarities, synonyms and aliases.»46

5.

Fundamental Rights ^

[18]
The fight against money laundering and terrorism financing is a two stage procedure, because public authorities outsource a major part of their tasks to financial institutions. It is the duty of financial institutions to detect whether something could be wrong and to notify authorities through reports. The advantage of this regulatory model is that the infringement of privacy rights is lower in comparison to direct access to data by state authorities.
[19]
Yet, transaction monitoring software can be used to create detailed profiles about customers. The European Data Protection Supervisor warns about the dangers of profiling customers.47
[20]
Both, public and commercial watch lists infringe fundamental rights of concerned persons. Besides interfering with property rights, they breach the right to privacy, cause stigmatisation and limit the freedom of movement. Therefore, the lack of proper procedures to be removed from many watch lists is worrying. The European Court of Justice’s (ECJ) Kadi case is a good example to illustrate the problem. The ECJ decided in 2008 that Mr Kadi shall be removed from the EU’s sanctions list unless the Commission repairs the legal basis which put him there. The ECJ’s decision was seen as criticism of the United Nations delisting procedure, where as a response the Office of the Ombudsperson was installed48 and further steps were taken to improve the procedure49. After being placed there for eleven years, Mr Kadi was finally removed from the UN’s Al-Qaida Sanctions List in 2012 and subsequently from the EU’s sanctions list as well. Nonetheless, in 2013 the ECJ stated in a second Kadi judgement that the UN’s delisting procedure still does not meet the requirements of a fair trial.50 Mr Kadi is still on a US watch list51 and even if he were removed, he might remain on commercial watch lists for the rest of his live. In absence of effective remedies Mr Kadi depends on the good will of watch list vendors, whose discretion is very limited due to regulatory requirements.
[21]
PEPs, their associates and family members, have no remedy at all to their disposal. The simple fact that they perform a certain public function qualifies them as PEPs and thus they are placed on watch lists. In most cases PEPs will not have to fear disadvantages, however, the fact that they are under observation is already an interference with their right to privacy. Also, they might remain on commercial watch lists many years after they cease to exercise their functions.52

6.

Best Practices ^

6.1.

GIANOS ^

[22]
An extraordinary product is the Italian GIANOS, produced by software vendor OASI Diagram-Outsourcing Applicativo e Sistemi Innovativi S.p.A., a company of the Banking Group Istituto Centrale delle Banche Popolari Italiane.53 GIANOS (eng. Generator of Abnormality Indexes for Suspicious Transactions) is remarkable due to different reasons. Approx. 99% of Italian banks are using GIANOS which was created by an inter-bank group, co-ordinated by the Italian Banks Association.54 The Italian FIU is involved in determining GIANOS’ algorithms and decision tables. As stated in a World Bank study this reduces pressure on financial institutions’ employees trying to fulfil their reporting obligations.55 The group responsible to create the rules, algorithms and decision tables is the «ARMA Committee», a working group of specialists within the Italian Banks Association.56 GIANOS is mentioned here as best practice, because it limits pressure on financial institutions through the involvement of relevant actors; this does not imply that it is considered as the best available software.

6.2.

Ma³tch Technology ^

[23]
The EU’s financial intelligence units communicate with each other through the FIU.NET network, which deploys the Ma³tch technology to avoid the unnecessary exchange of sensitive personal data. The national FIUs store their respective data in their own databases, but have with Ma3tch an effective tool to convert relevant FIU data into uniform anonymised filters without sensitive personal data. These filters are then shared with other FIUs. Thus, FIUs can identify relevant information in each other’s databases. For instance, FIU A creates a filter, containing information about suspects converted into irreversible and therefore anonymised codes. FIU A sends this filter – containing one anonymized key for the entire dataset – through a secure communication line to FIU B, without the actual data ever leaving its premises. FIU B matches the names in its own database against FIU A’s filter. If data concerning an individual in FIU B’s database had been added to FIU A’s filter, there will be a hit (hit/no-hit System) and the name (or other information) of a suspect will pop up in an interface. FIU B can then decide whether it wants to request further information.57
[24]
Balboni and Macenaite describe the Ma³tch technology as «hashing the hash». They argue that encrypted texts can be decrypted and hashed texts can be traced back by using rainbow tables. In contrast, filters created by the Ma³tch technology cannot be traced back to an individual.58

7.

Conclusions ^

[25]
A major advantage of the current regulatory model to track financial transactions is the two stage procedure. Instead of public authorities, private sector stakeholders collect the information. Nevertheless, highly sophisticated software collects and analysis huge amounts of information, thus infringements of privacy rights are pre-programmed. Also the right to property and further fundamental rights are easily violated, often without a fair trial.
[26]
In the future technical possibilities to track transactions will most likely increase. Therefore best practice models should focus on solutions to protect the individual’s privacy but at the same time to allow law enforcement to detect criminal activities. Especially FIU.NET’s Ma³tch technology seems to be a good example for possible future developments.

8.

References ^

Balboni, Paolo/Macenaite, Milda, Privacy by design and anonymisation techniques in action: Case study of Ma3tch technology. In: Computer Law & Security Review: The International Journal of Technology Law and Practice 29, pp. 330-340, http://www.sciencedirect.com/science/article/pii/S0267364913000964 last accessed 3 January 2014 (2013).

Chatain, Pierre-Laurent et. al., Preventing Money Laundering and Terrorism Financing: A Practical Guide for Bank Supervisors, World Bank Publications, Washington DC (2009).

Council of Europe, Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL), Evaluations. http://www.coe.int/t/dghl/monitoring/moneyval/Evaluations/About_evaluation_en.asp last accessed 26 December 2013 (2013).

Dahme, Gudrun, Terrorismusbekämpfung durch Wirtschaftssanktionen, Mendel Verlag, Witten (2007).

Egmont Group, FIUs in Action, 100 case studies demonstrating FIUs in action. http://www.egmontgroup.org/ last accessed 28 December 2013 (n.d.).

European Data Protection Supervisor, Press Release (EDPS/2013/07, Brussels, 4 July 2013), EDPS finds major deficiencies in anti-money laundering proposals. https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/ PressNews/Press/2013/EDPS-2013-07_AML_EN.pdf last accessed 3 January 2014 (2013).

FATF/OECD, 20 Years of the FATF Recommendations. http://issuu.com/fatf/docs/20_years_of_recommendations/1?e=0 last accessed 25 December 2013 (2010).

FIU.NET, FIU.NET Unlimited, Ma³tch. https://www.fiu.net/fiunet-unlimited/match/match3 last accessed 3 January 2014 (n.d.).

Financial Action Task Force, History of the FATF. http://www.fatf-gafi.org/pages/aboutus/historyofthefatf/ last accessed 25 December 2013 (2013).

Financial Action Task Force, The FATF Recommendations. http://www.fatf-gafi.org/MEDIA/FATF/DOCUMENTS/RECOMMENDATIONS/PDFS/FATF_RECOMMENDATIONS .PDF last accessed 3 January 2014 (2012).

Fair Isaac Corporation, Evolution of Card Fraud in Europe. http://www.fico.com/landing/fraudeurope/Evolution_Europe.html last accessed 25 December 2013 (2013).

Fair Isaac Corporation, Fact Sheet, Link Analysis and Visualization Provide Insight to Complex Anti-Crime Regulations (2013).G7 Summit 1989, Economic Declaration, Drug Issues. In: University of Toronto, G8 Information Centre (ed.), http://www.g8.utoronto.ca/summit/1989paris/communique/drug.html last accessed 26 December 2013 (1989).

Info4c, Fact Sheet PEP DeskTM. http://www.info4c.net/en/docs/Factsheet_PEP_Desk_E.pdf last accessed 8 January 2014 (n.d.).Kroon, Udo, Ma3tch: Privacy AND Knowledge, «Dynamic Networked Collective Intelligence». http://ieeexplore.ieee.org/ xpl/articleDetails.jsp?tp=&arnumber=6691683&queryText %3DUdo+Kroon last accessed 23 January 2014 (2013).

Nice Actimize, Anti-Money Laundering, Comply with Anti-Money Laundering Requirements from Regulators Worldwide. http://www.nice.com/financial-services-solutions/anti-money-laundering last accessed 28 December 2013 (n.d.)

OASI, The GIANOS System and The GIANOS Procedure, Powerpoint (2005).

Ohler, Christoph, Die Verhängung von «smart sanctions» durch den UN-Sicherheitsrat – eine Herausforderung für das Gemeinschaftsrecht. In: Europarecht (EuR) 2006, Heft 6, pp. 848–865 (2006).

Prost, Kimberly, Lecture at the Washington University School of Law, 15 October 2012. http://mediasite.law.wustl.edu/Mediasite/Play/%201e4546751a1b42fe83203a356ba55a69 last accessed 4 January 2014.

SWIFT, Solutions, Sanctions Screening. http://www.swift.com/assets/swift _com/documents/products_services/SWIFT_Sanctions_Screening_factsheet.pdf last accessed 28 July 2013 (2012).

Tan, Pang-Ning/Steinbach, Michael/Kumar, Vipin, Introduction to data mining, Pearson/Addison-Wesley, Boston (2006).

Thomson Reuters Accelus, World-Check, IntegraScreen Reports. https://www.world-check.com/de/our-services/integrascreen-reports last accessed 3 January 2014 (n.d.).

United Nations Office on Drugs and Crime, Money Laundering: Related Link. http://www.unodc.org/unodc/en/money-laundering/links.html last accessed 26 December 2013 (2013).

Verhage, Antoinette, Between the hammer and the anvil? The anti-money laundering-complex and its interactions with the compliance industry. In: Crime, Law and Social Change (2009) 52, pp. 9–32, Springer (2008).

World Compliance, About Us, Our Solutions. http://www.worldcompliance.com/en/ worldcompliance/world-compliance-solutions.aspx last accessed 3 January 2014 (n.d.).

European Union Documents

COM(2013) 44 final, 5 February 2013.

COM(2013) 45 final, 5 February 2013.

ECJ, Joined Cases C‑584/10 P, C‑593/10 P and C‑595/10 P, Commission and Others v Yassin Abdullah Kadi, Judgement of the Court of 18 July 2013.

OJ L 271, 24 October 2000, p. 4. Council Decision of 17 October 2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information.

OJ L 309, 25 November 2005, p. 15. Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing.

OJ L 214, 4 August 2006, p. 29. Commission Directive 2006/70/EC of 1 August 2006 laying down implementing measures for Directive 2005/60/EC of the European Parliament and of the Council as regards the definition of «politically exposed person» and the technical criteria for simplified customer due diligence procedures and for exemption on grounds of a financial activity conducted on an occasional or very limited basis.

OJ L 345, 8 December 2006, p. 1. Regulation (EC) No 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds.

SWD(2013) 21 final, 25 December 2013.


 

Janos Böszörmenyi

Projektassistent, Universität Wien, Arbeitsgruppe Rechtsinformatik

Schottenbastei 10-16/2/5, 1010 Wien, AT

janos.boeszoermenyi@univie.ac.at

 

Erich Schweighofer

Ao. Universitätsprofessor, Universität Wien, Arbeitsgruppe Rechtsinformatik

Schottenbastei 10-16/2/5, 1010 Wien, AT

Erich.Schweighofer@univie.ac.at; http://rechtsinformatik.univie.ac.at

 


  1. 1 See for more details: http://respectproject.eu/.
  2. 2 Information obtained from financial institutions, public authorities or software vendors through a questionnaire or interview are indicated in footnotes.
  3. 3 Information based on country reports are indicated in footnotes.
  4. 4 Throughout the KYC procedure the financial institution ascertains itself of its customer’s personal information. This starts by obtaining information for identification as the customer enters a business relationship, and includes collecting information about the customer’s transactions and business partners. The intensity of the information gathering depends on the customer’s risk profile (interview with financial institution 2) in accordance with the so called risk-based approach of the FATF. KYC is used in this paper as a synonym for Customer Due Diligence (CDD), which is the common term in legal texts.
  5. 5 Software vendor 2.
  6. 6 SWD(2013) 21 final, 25 December 2013, p. 12.
  7. 7 SWD(2013) 21 final, 25 December 2013, p. 13.
  8. 8 Fair Isaac Corporation, Evolution of Card Fraud in Europe. http://www.fico.com/landing/fraudeurope/Evolution_Europe.html last accessed 25 December 2013 (2013).
  9. 9 FATF/OECD, 20 Years of the FATF Recommendations. http://issuu.com/fatf/docs/20_years_of_recommendations/1?e=0 last accessed 25 December 2013 (2010), p. 4.
  10. 10 Verhage, Antoinette, Between the hammer and the anvil? The anti-money laundering-complex and its interactions with the compliance industry. In: Crime, Law and Social Change (2009) 52, pp. 9–32, Springer (2008), p. 11.
  11. 11 Financial Action Task Force, History of the FATF. http://www.fatf-gafi.org/pages/aboutus/historyofthefatf/ last accessed 25 December 2013 (2013).
  12. 12 G7 Summit 1989, Economic Declaration, Drug Issues. In: University of Toronto, G8 Information Centre (ed.), http://www.g8.utoronto.ca/summit/1989paris/communique/drug.html last accessed 26 December 2013 (1989).
  13. 13 Financial Action Task Force, History of the FATF. http://www.fatf-gafi.org/pages/aboutus/historyofthefatf/ last accessed 25 December 2013 (2013).
  14. 14 A financial intelligence unit (FIU) serves as a national centre for the receipt and analysis of suspicious transaction reports, other information relevant to money laundering, associated predicate offences and terrorist financing, and for the dissemination of the results of that analysis (FATF Recommendation 29).
  15. 15 A more detailed list is available on the webpage of the UNODC. SeeUnited Nations Office on Drugs and Crime, Money Laundering: Related Link. http://www.unodc.org/unodc/en/money-laundering/links.html last accessed 26 December 2013 (2013).
  16. 16 Council of Europe, Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL), Evaluations. http://www.coe.int/t/dghl/monitoring/moneyval/Evaluations/About_evaluation_en.asp last accessed 26 December 2013 (2013).
  17. 17 OJ L 309, 25 November 2005, p. 15.
  18. 18 OJ L 214, 4 August 2006, p. 29.
  19. 19 OJ L 271, 24 October 2000, p. 4.
  20. 20 OJ L 345, 8 December 2006, p. 1.
  21. 21 See COM(2013) 45 final, 5 February 2013.
  22. 22 See COM(2013) 44 final, 5 February 2013.
  23. 23 Verhage, Antoinette, Between the hammer and the anvil? The anti-money laundering-complex and its interactions with the compliance industry. In: Crime, Law and Social Change (2009) 52, pp. 9–32, Springer (2008), p. 11.
  24. 24 Verhage, Antoinette, Between the hammer and the anvil? The anti-money laundering-complex and its interactions with the compliance industry. In: Crime, Law and Social Change (2009) 52, pp. 9–32, Springer (2008), p. 12.
  25. 25 Tan, Pang-Ning/Steinbach, Michael/Kumar, Vipin, Introduction to data mining, Pearson/Addison-Wesley, Boston (2006), p. 6.
  26. 26 Compare Article 8 (1) d of the Third AML Directive.
  27. 27 Financial institution 1.
  28. 28 Software vendor 1.
  29. 29 Egmont Group, FIUs in Action, 100 case studies demonstrating FIUs in action. http://www.egmontgroup.org/ last accessed 28 December 2013 (n.d.), 172.
  30. 30 Tan, Pang-Ning/Steinbach, Michael/Kumar, Vipin, Introduction to data mining, Pearson/Addison-Wesley, Boston (2006), p. 207.
  31. 31 The compliance officer, or anti-money laundering officer, is responsible to detect cases of AML/CFT within the organisational structure of a financial institution.
  32. 32 Software vendor 2.
  33. 33 Nice Actimize, Anti-Money Laundering, Comply with Anti-Money Laundering Requirements from Regulators Worldwide. http://www.nice.com/financial-services-solutions/anti-money-laundering last accessed 28 December 2013 (n.d.).
  34. 34 Software vendor 1.
  35. 35 Fair Isaac Corporation, Fact Sheet, Link Analysis and Visualization Provide Insight to Complex Anti-Crime Regulations (2013), p. 2.
  36. 36 World Compliance, About Us, Our Solutions. http://www.worldcompliance.com/en/worldcompliance/world-compliance-solutions.aspx last accessed 3 January 2014 (n.d.); Software vendor 3.
  37. 37 Info4c, Fact Sheet PEP DeskTM. http://www.info4c.net/en/docs/Factsheet_PEP_Desk_E.pdf last accessed 8 January 2014 (n.d.).
  38. 38 Financial institutions are legally obliged to identify PEPs (Article 13 (4) of the Third AML Directive). PEPs are individuals who are or have been entrusted with prominent public functions (FATF Recommendations Glossary).
  39. 39 Compare Article 8 (1) b of the Third AML Directive.
  40. 40 Thomson Reuters Accelus, World-Check, IntegraScreen Reports. https://www.world-check.com/de/our-services/integrascreen-reports last accessed 3 January 2014 (n.d.).
  41. 41 Ohler, Christoph, Die Verhängung von «smart sanctions» durch den UN-Sicherheitsrat – eine Herausforderung für das Gemeinschaftsrecht. In: Europarecht (EuR) 2006, Heft 6, pp. 848–865 (2006), p. 850.
  42. 42 Dahme, Gudrun, Terrorismusbekämpfung durch Wirtschaftssanktionen, Mendel Verlag, Witten (2007), p. 23.
  43. 43 Dahme, Gudrun, Terrorismusbekämpfung durch Wirtschaftssanktionen, Mendel Verlag, Witten (2007), p. 21.
  44. 44 Financial Action Task Force, The FATF Recommendations. http://www.fatf-gafi.org/MEDIA/FATF/DOCUMENTS/RECOMMENDATIONS/PDFS/FATF_RECOMMENDATIONS.PDF last accessed 3 January 2014 (2012), p. 39, Footnote 3.
  45. 45 The EU’s consolidated financial sanctions list can be visited under http://eeas.europa.eu/cfsp/sanctions/consol-list_en.htm last accessed 3 January 2014.
  46. 46 SWIFT, Solutions, Sanctions Screening. http://www.swift.com/assets/swift_com/documents/products_services/SWIFT_Sanctions_Screening_factsheet.pdf last accessed 28 July 2013 (2012), p. 1.
  47. 47 European Data Protection Supervisor, Press Release (EDPS/2013/07, Brussels, 4 July 2013), EDPS finds major deficiencies in anti-money laundering proposals. https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/PressNews/Press/2013/EDPS-2013-07_AML_EN.pdf last accessed 3 January 2014 (2013), p. 1.
  48. 48 See Security Council Resolution 1904 (2009). During a lecture at Washington University the UN Ombudsperson explicitly referred to the ECJ’s Kadi judgment as the reason for the creation of the Office of the Ombudsperson: Prost, Kimberly, Lecture at the Washington University School of Law, 15 Octobre 2012. http://mediasite.law.wustl.edu/Mediasite/Play/%201e4546751a1b42fe83203a356ba55a69 last accessed 4 January 2014.
  49. 49 Security Council Resolution 2083 (2012) carried out the latest amendments in this regard.
  50. 50 For more background information see ECJ, Joined Cases C‑584/10 P, C‑593/10 P and C‑595/10 P, Commission and Others v Yassin Abdullah Kadi, Judgement of the Court of 18 July 2013.
  51. 51 See:http://sdnsearch.ofac.treas.gov/ last accessed 5 February 2014.
  52. 52 Software vendor 3.
  53. 53 Country Report Italy, p. 8.
  54. 54 OASI, The GIANOS System and The GIANOS Procedure, Powerpoint (2005), slide 13.
  55. 55 Chatain, Pierre-Laurent et. al., Preventing Money Laundering and Terrorism Financing: A Practical Guide for Bank Supervisors, World Bank Publications, Washington DC (2009), p. 64.
  56. 56 OASI, The GIANOS System and The GIANOS Procedure, Powerpoint (2005), slides 20-22.
  57. 57 See for more details:Kroon, Udo, Ma3tch: Privacy AND Knowledge, «Dynamic Networked Collective Intelligence». http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6691683&queryText%3DUdo+Kroon last accessed 23 January 2014 (2013); FIU.NET, FIU.NET Unlimited, Ma³tch. https://www.fiu.net/fiunet-unlimited/match/match3 last accessed 3 January 2014 (n.d.); Public Authority 1.
  58. 58 Balboni, Paolo/Macenaite, Milda, Privacy by design and anonymisation techniques in action: Case study of Ma3tch technology. In: Computer Law & Security Review: The International Journal of Technology Law and Practice 29, pp. 330-340, http://www.sciencedirect.com/science/article/pii/S0267364913000964 last accessed 3 January 2014 (2013), p. 333.