Tracking money trails with technology

American and foreign banks are under intense pressure to divulge huge amounts of data from which investigators hope to pick up the scent of terrorist activity. But many are balking at the prospect of increased costs and lowered productivity as resources get diverted to tracking cash withdrawals, deposits and wired money transfers.

With a medium-sized bank conducting more than 90,000 daily wire transfers and millions of ATM transactions, investigators are more likely to drown in the data than to successfully spot signs of trouble. This is one of the main issues Treasury Secretary Paul O'Neill hopes to address this weekend at the International Monetary Fund and World Bank meetings in Ottawa.

While it may be impossible to spot all questionable financial activity, smaller measures can be taken to assist banks in mining financial data, according to Konrad Feldman, the chief executive of Searchspace, a company backed by HSBC Bank that develops and uses artificial-intelligence software.

"If you think of starving the terrorists, what you want to do as quickly as possible is to remove their ability to have banquets and identify how they are going to eat," said Feldman, who co-founded Searchspace in 1993. "If they are going to eat, they should be forced to eat the smallest and least nutritious pieces. That way you limit what it is these organizations can do."

CNET News.com recently talked to Feldman about the pitfalls and strengths of technology in the investigation and about the accompanying concerns regarding consumer privacy.

Q: Hackers always find a way around new security measures. Won't the same happen when the U.S. tries to track suspicious money flow?
A: You hit the nail on the head with respect to a key problem in addressing these types of issues, which is that the environment's continually changing. Take your average bank: Its customers change every day. But, more to the fact, if you introduce a mechanism to stop some form of abuse, be it fraud or money laundering, of course that doesn't stop people from wanting to perpetrate fraud or launder money. They just look for different ways to do it.

There was a regulation introduced in the U.S. that required deposit-taking institutions to report cash deposits in excess of $10,000. It used to be a very popular way to launder money. People would literally turn up at the bank with a suitcase full of cash and pay it in.

But as soon as the regulation was known by the banks, it was known by the launderers, who stopped doing it. A phenomenon known as "smurfing" emerged, where teams of people went to different banks and deposited into the same account--but always for less than $10,000. That was a way that people changed their behavior to get around it. That is certainly the case; the problem is non-static.

What role does the Internet and surveillance software have to play to find terrorist money trails, especially since they are said to operate in a world that eschews the electronic financial system used by most banks?
One aspect is the impact the Internet and general direct-access technologies have had on banking--whereby individuals no longer have to go into a bank branch to conduct transactions they can do over the Internet or call center--and the general reduction in visibility that has created. So there is a greater need to look for suspicious patterns in transactions, rather than to look for suspicious individuals coming to the branch.

Alternative monetary schemes like hawalas (a traditional system used in the Muslim world to transfer cash across borders) traditionally move funds around, and they are clearly physical pieces that are being moved physically through the world and will perhaps require more traditional surveillance and law enforcement intelligence-gathering exercises to do that. You need other forms of surveillance to deal with hawalas. I am sure that law enforcement agencies are working on (it), but we are not directly involved.

Does money transferred through hawalas have to wind up in our system at some point?
Inevitability, funds are going to enter financial systems. Certainly in the U.S, there are a number of people who spend their money and it ends up in the financial system. And the amounts can be quite small. That is the problem. Traditional money laundering was concerned with high-value crimes, and certainly the narcotics trade was a big focus of the anti-laundering push; the concern was to identify substantial quantities of illegitimate funds finding their way into the banking system.

There has been a recognition that there is another aspect to money laundering, which involves very small funds. Sometimes, even legitimate money finds its way to people who will be using it for illegitimate purposes.

So that means you have to essentially cast a wider net to look at all the monetary activity, rather than at those areas that traditionally were associated with high-value transactions, like private banking. Like all forms of crimes, you can't stop it at one go. And what you want to do is to effectively limit the rate at which funds can find their way to any illegitimate party for illegitimate purposes.

Still, can the tools of our modern world be used against people who are transporting goods through hawalas and even in pots of honey?
Electronic transaction-processing systems--while they have proved effective at handling an enormous number of transactions and allowing organizations to scale and manage cost--I don't think you could have enormous financial organizations function without technology. But with the size, they lose that personal contact as part it.

Offshore operations are especially troubling. And now Internet casinos, which are mostly located offshore, are beginning to pull in more money. Are they playing a growing role in money laundering and other shady money transactions?
Internet gambling was picked up specifically as something in the (House of Representatives') bill as something that required greater scrutiny. The Patriot Act (the recently passed anti-terrorism bill) requests that enhanced scrutiny is paid to operations, corporations and banks that exist in jurisdictions often considered higher risk. They are considered higher risks for a number of reasons. One is that they are known to be closely associated with the drug trade. Another one has been known to harbor terrorist organizations, while a third is that the lax banking laws or their regulations don't require that anyone check whether the banks adhere to regulations. Another is when there are countries that seem to do an unnatural amount of transactions, given the scale of their economy.

The focus becomes, Why are those transactions going there? There must be some advantage for all these organizations to be located there, and often one advantage is secrecy. And while it is clearly not possible to interfere in the laws of another sovereign state, what international bodies like the G8 can do is put pressure on those countries by effectively not dealing with them until they have adequate regulations and disclosure to deter the use of that country and its financial institution for illegitimate purposes.

Can you cite any evidence for specific Internet casinos?
I am not referring to any specific companies involving Internet gaming. I can say there are lots of legitimate businesses involved in Internet gambling. But I think gambling has always been a popular mechanism for money laundering. A lot of the first casinos in the U.S. were set up by gangsters who had to launder a lot of money.

Tracking illicit terrorist financial transactions may be harder than first thought. How much of the problem is political and how much is technological?
I don't think there is an enormous political problem. I think the entire country and vast majority of the world see the need to do this, the need to address it and identify at the earliest opportunity these forms of activities. There is an enormous intelligence-gathering (movement) actively going on involving every law enforcement agency in the world to identify and trace the trail of money of terrorist cells.

There are two aspects in addressing the current issues. One is the use of technology to better identify transactions as suspicious. Another very important one is better and more effective public-private cooperation in terms of info sharing that can help ID some of this activity. The technology aspect is another part of the solution. There are other parts: appropriate legislation, effective intelligence gathering, and good training in the private sector at financial institutions.

Tech is an important part of the overall solution. It's just not possible for any organization to understand everything that is happening at a financial organization through what people see. There are so many transactions taking place each day, with so little visibility of the underlying activity, that it is impossible to address this without technology. What is more, no organizations would want to address it without technology. It would be incredibly expensive, and that cost would be passed on to the customers.

If you are a very, very small bank, then you potentially actually know your customers individually and see what they are doing. But the vast majority of financial transactions are conducted by a larger financial services (entity) that moves trillions of dollars a day around the world.

Most people are sensitive about their privacy, but when it comes to their finances and health info, they tend to be even more demanding. What kind of resistance do you think there will be to mining people's financial transaction habits? Is it already happening? Why aren't people made aware that this is happening?
Software--and certainly (Searchspace's) software--doesn't collect any more info about (the banks') customers than they already have. The same information that is used to provide you with a statement at the end of the month is the info that helps computer systems ID high risks.

We're not talking about the bank looking at every customer and trying to understand why they have been spending money at certain places, such as what they have done with their paychecks every other week. We are talking about providing a mechanism whereby computer systems can automatically highlight the highest-risk cases so the banks can appropriately conduct their due diligence in a way that doesn't cost the banks huge sums of money that ultimately will have to be passed on as additional charges to consumers.

Bear in mind that banks have been required to report under the bank secrecy act for many years. They have been required to report currency transactions involving deposits of $10,000 or more and suspicious activity for any activity they deem to be suspicious.

What happens if they tell the person that they are doing this surveillance? Does that person just disappear?
The banks aren't permitted to tell the customers that they are making a filing with the treasury department. In the Patriot Act, there are provisions in the law that protects the financial-services community from civil action from making such disclosures.

People trying to sneak money across borders may change their patterns for doing business.
It will identify that. Ultimately, the way anyone uses a service, be it a telecom service or financial service, is unique to them, so you can always ID a change in behavior. Now, a change in behavior isn't necessarily of interest, but if it is a change associated with high-risk traits or characteristics, it might be flagged as worthy of further analysis.

It's not saying that this is absolutely money laundering. It is saying that as an organization, the bank can only afford a limited number of people to conduct the due diligence procedures without passing on the cost to the rest of the community. Technology can help the banks target their resources at those items identified as the highest risk.