A Conversation with Juan Zarate, Author of “Treasury’s War: The Unleashing of a New Era of Financial Warfare”
As bad actors devise elaborate ways to move and launder illicit assets and authorities around the world demand more, financial crime teams—and the regulatory regime more broadly—need to adapt to be more effective at countering illicit finance.
With this evolution, the proper and innovative use of technology and data is an increasingly important piece of the puzzle in combating financial crimes.
Explore the intersection of regulatory reform and technological advancement in the world of financial crime through this Q & A, based on a recent webinar, with Juan Zarate, global co-managing partner at K2 Integrity, co-founder and chairman of Consilient, and author of “Treasury’s War.”
Q: To start, what are some regulatory changes we’ve seen in the past few years and what has been the impact of these reforms?
- Anti-Money Laundering Act of 2020
- Codification of a risk-based approach to AML in the US
- Fifth and Sixth AML directives in the EU, covering everything from ownership transparency to a renewed focus on the enablers of money laundering.
- First and subsequent nationalistic finance strategies from the US Treasury, released in 2022 just a few weeks ago.
Additionally, we should factor in the rampant financial crime that preceded Russia’s invasion of Ukraine as a geopolitical backdrop.
With these reforms and over the past few decades, we’ve eliminated the straightest and shortest causal path between corruption and financial crime on the one hand, and all out nation state war on the other.
Q: What about the current global state of play in financial crime reform, especially given the current situation in Russia and Ukraine?
The starting point is that the Russia-Ukraine conflict has accelerated what was already in formation in terms of dealing with illicit finance, exposing some of the weaknesses of the anti-money laundering system, and the acceleration of the use of sanctions. These issues had been on the front burner but hadn’t been given as much priority as they should have been.
Stepping back, we were already on a march toward great transparency, accountability, and traceability in the global financial system. This was apparent in the wake of the Pandora papers, with strides toward understanding beneficial ownership and corporate registry in the US, and with the expansion of CFIUS (Committee on Foreign investment in the US) with FIRMMA (The Foreign Investment Risk Review Modernization Act of 2018).
Previous to the Russia-Ukraine conflict, the US had been debating the overuse of sanctions and the need to be judicious given the consideration of externalities and the effects on human rights and other issues. The Russia-Ukraine situation accelerated the reliance on sanctions—the hunt for assets, seizures of yachts and properties—as a way of responding to the invasion to cripple the Russian economy. We’ve also had to think more aggressively about anti-corruption measures, seen in part in the Global Magnitsky Sanctions in the US, but also the Biden administration’s anti-corruption strategy, which puts anti-corruption at the center of national security.
Everything we’ve been focusing on has been met with a moment of geopolitical and geo-economical crisis, and the weight of that response is now pushing all the measures that were put in place to the test. So now the question is, how effective is the system? What more can be done with data, and how can technologies help us? These are the questions that have become more central.
>>Watch our Masterclass on How to Track the Assets of Russian Oligarchs Using Public Data.<<
Q: What is effectiveness and what does a push toward that mean for the role of technology in fighting financial crime?
There are several things that have changed over the past few years: 1) Recognition, including in AMLA 2020 that the purpose of the Bank Secrecy Act (BSA) isn’t just to follow the money and catch criminals, but the use of AML tools and systems as a means of prevention, proactively protecting the integrity of the financial system. This is, by design, a very different model with a very different set of requirements for institutions. 2) There’s a maturity as to what the expectations are for a culture of compliance, and for what it means to understand and manage financial crime risk.
It’s clear that the most successful organizations are those that have actively sought to try to manage their risk fundamentally, as part of the foundation of their institution, using not only new technologies, but new methodologies that have made regulators more comfortable.
A good example of this is HSBC, with their dynamic use of ML and AI to capture anomalous behavior in their systems. They’re working very closely with the Financial Conduct Authority (FCA) in the UK and regulators to shift toward this new dynamic risk assessment model that they are planning to expand. It’s a great signal that there’s an opening in the marketplace and an ethos of innovation in the space.
Q: What about the idea that there must be a tighter feedback loop between law enforcement and industry to really optimize for effectiveness? Is there evidence of closing that gap?
More broadly, many authorities, including the US government, are grappling with how to operationalize the public-private cooperation that is required to manage risk. This is particularly apparently in the cyber domain right now—where over 80% of the cyber infrastructure is in the private sector’s hands—with more operational coordination and experimentation in terms of how to manage especially-dynamic and dangerous risk. Because we are facing increased risks from illicit, rogue actors and nation states that that abuse core systems, like water, energy, etc., and combatting this requires more information sharing between the public and private sectors, then we should be moving toward more real time operational models for what this looks like. We’re working on a lot of that with our clients at K2 Integrity.
In the financial space, there are examples of a closer operational coordination where everyone is sharing more openly and in near real-time, which is getting investigators closer to the problems that are most important, like human trafficking. This happens best when the “rules of the road” are established so that data privacy laws aren’t violated, and law enforcement feels comfortable. The company I co-founded, Consilient, is doing a lot of work to reframe the way that we think about information sharing in general.
Q: Alongside effectiveness and information sharing, what are some of the other common themes or requirements across complex financial threats?
To start, there’s a better sense of all the issues around investment security, including CFIUS and FIRRMA, export control, trade transparency, AML, and more widely, dealing with anti-corruption rules. All of this is now part of the same regulatory and policy conversation, whereas 20 years ago, they were all separate silos. Now, by understanding the nature of the risks we are dealing with, we’re acknowledging risk as a full spectrum, which has created a core sensibility around transparency. In turn, that culture of compliance causes a greater expectation and demand on financial institutions to do more to understand who they’re in business with.
Q: Should institutions be considering the feeds of supply chain data as an input to the overall program design? With that in mind, what about all the multinationals who are transporting illegal goods with a fraction of the regulatory scrutiny that financial institutions are subject to?
Yes, the sanctions regime must apply and be enforced against other sectors beyond the banking system. However, as explained in my book, Treasury’s War, the banks were seen as key nodes and clearinghouses that could help discipline and regulate the financial system and thereby, the commercial system. The hope is that because banks control access to the capital, there will be a downstream impact and a network effect, but that’s imperfect and doesn’t account for everything. The rest must be part of the evolution of the sanctions regime beyond relying on banks to implement and be enforced against.
In terms of the role of technology in this, we know technology can raise new risks, but it can also enable our ability to discover and manage where risk lies. The natural evolution in the regulatory response is to accept that technology can introduce risk, but also help provide transparency to solve the more difficult problems.
Q: Banks have now begun adopting technology to try to automate low level processes. Will there ever be enough data points from transactions that are verifiably related to proliferation finance to train machine learning models? Or does there still have to be a human analyst involved in the investigation?
We can try to automate what we can and create systems and assurances within those automated processes but keeping humans in the loop in terms of how we design them and leveraging humans for more complicated issues remains imperative and a better use of the human mind. Keeping in mind how we are segmenting risk within institutions, there are three layers of depth with data and analytics in this space. The first is accessing the data. The next is how to validate what comes from that data. The third is how to decision from that data—how to program the model to make the decision—and that is where humans need to be involved. All of these layers can benefit from automation and machine learning tools, but they also require human intelligence.
Sayari provides instant global visibility on complex corporate structures and commercial networks to give regulators and investigators the technological advantage in their fight against financial crime.
Sayari Graph, the first purpose-built platform for navigating these networks, harvests billions of pages of official government documentation to create a living model of financial relationships around the world with ownership hierarchies, related parties, and risk intelligence, sourced from over 200 jurisdictions worldwide—including hard-to-access regions like Eastern Europe, Asia, and Latin America.
Sayari—which means “universal” and “interconnected” in several languages—continues to chart a clear course through the labyrinth of registered businesses and shell corporations that shields illicit actors. Since 2015, Sayari has earned the trust of top global financial institutions, Fortune 100 corporations, government agencies, and more than 3,000 front-line analysts in over 35 countries.
To learn more, please visit sayari.com.
About K2 Integrity
K2 Integrity is the preeminent risk, compliance, investigations, and monitoring firm—built by industry leaders, driven by interdisciplinary teams, and supported by cutting-edge technology to safeguard clients’ operations, reputations, and economic security. The firm helps clients understand and manage risk so they can lead with confidence in a complex world—and build organizations that are safer, more transparent, and more resilient. By encouraging and enabling organizations to act with integrity, we aim to increase trust in institutions and promote prosperity and growth throughout the world.
K2 Integrity represents the merger of K2 Intelligence, founded by Jeremy M. Kroll and Jules B. Kroll, the originator of the modern corporate investigations industry, and Financial Integrity Network (FIN), founded by Juan Zarate and Chip Poncy, former senior Treasury and U.S. government officials responsible for helping shape the modern AML/CFT regime.
Founded through a partnership between K2 Integrity and Giant Oak, Consilient is the 21st century answer for best-in-class anti-money laundering and countering the financing of terrorism (AML/CFT) compliance solutions.
Consilient’s solution is a behavioral-based, machine learning-driven utility and governance model design that enables financial institutions to more effectively share information about risks and illicit actors in real time, while adhering to privacy protections and data localization restrictions. Consilient uses federated learning, which allows financial institutions to access and interrogate data sets in different institutions, databases, and even jurisdictions to discover previously unknown but existing risks.