Editorial

COVID & SARs (No, the Other One)

Great guest blog Lindsay Whyte at 4iQ on Intelligence Transformation and the importance of the data source.

Posted 14 October 2020 by

Recent revelations about Suspicious Activity Reports (SARs) in the UK briefly distracted those in the world of financial journalism away from tumbling stock markets to the world of money laundering. 

These SARs – formal reports made by companies to law enforcement agencies for the purpose of alerting potentially unlawful financial behaviour – had their impact called into question. 

Revisiting the anatomy of fraud reporting was a long time coming, anyhow. Today, the volume of reported fraudulent activity is seemingly unmanageable. 

According to the National Crime Agency’s annual report, between 2018-2019 the UK government received short of half a million (478,437) SARs. Reports that specifically requested ‘defence against money laundering’ rose noticeably by more than 50% to 34,543. 

At the other end of the spectrum, we have the likes of Action Fraud UK who administer consumer-level fraud. Phishing emails, shopping scams and auction fraud are all spiking. 

Just in one month (March to April), the specific area of ‘pet scams’ saw 669 victims (who lost a combined total of £282,686), after having put down deposits for pets they saw advertised online. The Crime Survey for England and Wales (CSEW) shows that there were an estimated 3.8 million incidents of fraud in the year ending March 2019.

In 2008, we laughed at the suggestion of reporting crimes online, epitomised by the TV show ‘Peep Show.’ 

In one episode, the main character is busy wrestling a burglar on the floor of his flat. When his lazy roommate emerges, he makes the excuse for not calling the police, stating ‘it’s probably all done online these days’. But it’s now a reality. 

Even for reporting phishing emails, the Suspicious Email Reporting Service (SERS) was launched in April 2020, allowing people to forward any suspected phishing email to a dedicated government inbox. According to the NSCS’s website, ‘as of 30 September 2020 the number of reports received stand at more than 2,930,000 with the removal of 13,291 scams and 30,344 URLs.’ In case you’re interested, it’s report@phishing.gov.uk.

But is the ease with which we can now report suspicious behaviour…working?

In the UK, only 30% of SARs for money laundering defence actually resulted in criminal investigations. 0.8% of Action Fraud cases are solved, 96.3% are unsolved (the remainder pending). Compare this to the 60% of crimes relating to weapon possession that go solved.

Seeing the wood for the trees, and the harmful from harmless, is getting more difficult. 

And the answer is not more data. It’s more intelligence. 

Absolute increases in partial evidence must be accompanied by a matched increase in innovation.

And this isn’t simply a problem for us as victims. Takedowns are key to business success, fighting agitprop and hampering strategic attacks state or otherwise. We all have an interest in ensuring fraud is spotted quickly and preempted effectively. 

But before we waste energy making banks (in the case of SARs), governments or individuals submit ‘more data’ in a relevant reporting channel, we need to make sure we’re deriving intelligence from said data. Here lies the key to exerting real tactical power over criminality. 

The good news is that ‘overhauling’ and lengthy ‘transformation’ isn’t necessary. The reality is that, nowadays, companies and governments can easily surface the contextual data required to turbocharge their reports: the answer is open source data. 

Innovations in open source data aggregation make it easier than ever to pair internal datapoints with external identifiers relating to perpetrators (or indeed victims) of financial crime, at any scale. Law enforcement too can enrich data shared from financial institutions with tools designed with these specific outcomes in mind. The dark web – that great fairground of breached data and financial crime – coupled with social media data is fast becoming a key source of criminal intelligence. 4iQ reports that one dark web data broker alone exposed 1 billion identity data records in 2019. Gone are the days when governments and businesses were reluctant to accept readily available unclassified information as too ‘low grade.’

A sign of this recent shift came from the FCA. In March 2020, in an open letter to UK CEOs struggling with remote Know Your Customer (KYC) in light of restricted travel and COVID they recommend alternatives to ‘traditional’ KYC:

‘…use commercial providers who triangulate data sources to verify documentation provided;

 gather and analyse additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers…

Because even dark web data lakes are accessible at scale and in a normalised form, these extra puzzle pieces can be obtained without the need for an overhaul.

If you do choose, however, to ‘overhaul’ your approach to external sources of data, it’s not all bad news.

Intelligence as a board-level item

Imagine if you not only plugged into the dark web and social media for security and financial crime. Imagine if that same data could be used for 

  • Reputation protection (What do Twitter users in LATAM think of my brand?)
  • Screening (Do our employees or suppliers have work email addresses floating on the Dark Web?)
  • Executive protection (Does our CEO get threats online? Who’s responsible?)
  • Risk management and IPR (Are there counterfeit websites imitating us out there?)
  • Go-to-market strategy (What do new regional markets say online about our products?)
  • Customer KYC (Can we validate this customer’s identity? Is it stolen?) 
  • Data leak scanning (I need to be first to find out if I have business data leaked on the internet…)
  • Benchmarking (What are our competitors up to? Where are they having success?)

If intelligence transformation is on the menu, let’s just say you’re covered for internal sign off for broader digital risk protection. 

‘Looking outside’ provides convergence in a few areas. Traditionally this has been the reserve of competitor analysis and industry trends, but now for the first time it’s a security- (and potentially compliance-) related issue too. 

Your customers are outside, but so is your data. It’s not enough to rely on a catalog of historic press releases as the standing of your reputation.

All in all, every organisation needs to have access to open source data. Avoid an over-reliance on internal, confidential data. Such preoccupation will be at the expense of better tactical and strategic intelligence. 

Blog by: Lindsay Whyte @ 4iQ

Lindsay Whyte is an ex-military intelligence operative and now UK regional director at 4iQ, the identity intelligence company. He was on the founding teams at cybersecurity startup CybSafe and Yapily, and consults on investigative techniques, open-source information and the Dark Web.