Inside AML: How Australia’s banks joined forces to break open a “cuckoo smurfing” syndicate

Australia’s world-leading Fintel Alliance has secured a major win in the fight against organised financial crime, after teaming up with state police for a “week of action” on cuckoo smurfing.

A partnership between the major banks, the police, the financial intelligence unit (FIU) and criminal intelligence teams late in 2020 led to the arrest of five individuals who were involved in a major international laundering syndicate.

The project has demonstrated the power of public-private partnerships to detect and disrupt criminal activity that would have gone undetected in the absence of a coordinated multi-agency approach.

The project was initiated by ANZ Banking Group, which has invested heavily in recent years in its real-time financial crime detection framework. The bank’s typologies for detecting cuckoo smurfing, developed alongside the Fintel Alliance partners, have allowed the authorities to detect and even pre-empt the time and place of suspicious deposits.

AML investment drives success

The success of the project hinged on a strategic decision made by ANZ a number of years ago to enhance its financial crime data and analytical capability. The bank’s aim was to keep abreast of the changes in the criminal threat landscape and to ensure it could provide genuinely useful intelligence to the Australian Transaction Reports and Analysis Centre (AUSTRAC) and its partners.

The program also aimed to free up investigators from the fundamental aspects of creating and collating data and producing alerts. Instead, through automation and investment, the bank believed analysts would be able to expand their risk coverage and develop better investigative capabilities.

The first step in this journey was to create a single data repository for all the datasets across the organisation that financial crime teams need to do their work. The lack of a “single source of truth” on customers within financial institutions is a major obstacle to improving financial crime intelligence gathering.

The bank also set out to acquire additional data that would provide new opportunities to detect suspicious activity. Once the sources of critical data were pooled into a central repository, analysts could do the equivalent of a day’s work with two clicks of their computer mouse.

The investment in this framework has since paid off handsomely, enabling the bank and its partners to derive greater value from intelligence and investigative work, said Milan Gigovic, head of financial crime intelligence and threat management at ANZ. This has included better fraud detection, the identification of far-right extremism and more effective counter-terrorism financing work.

Link analysis

During the second stage of the project, ANZ also invested heavily in its network link analysis capability. This has allowed analysts to rapidly correlate and explore different datasets across the bank.

“The number one pain point for many financial crime investigators, I believe, is the time and effort taken to manually extract data and trace transactions. This new system is taking a simple transaction description that appears in the bank statement and transforming that into our highly enriched view. This enables our investigators to make better-informed decisions and to rapidly interrogate significant transactional history details. It really precipitated the development of … our transaction tracing tool,” he said.

Analysts are now able to view a number of years’ worth of activity in seconds, simply by entering an account number and clicking a button.

Dynamic algorithms

The third phase of ANZ’s project was focused on developing greater detection capability through what the bank terms “dynamic algorithms”. This is supported by tools such as open-source data collection, automated media monitoring and entity resolution.

“The algorithms are really a strong departure from the traditional ‘binary’ nature of existing detections. So we’re using the widest variety of data that we have available and using a concept of ‘relative activity’ for an account or a customer, rather than a hard threshold value to monitor,” Gigovic said.

“These algorithms are much faster and also better able to detect suspicious activity across areas that we traditionally found difficult to detect. Far-right extremism and terrorism financing are good examples.”

Cuckoo IT

The use of dynamic algorithms has also significantly reduced the number of “false positives”, which also saves analysts’ time.

The bank has received encouraging feedback from regulators and law enforcement partners on these alerts. The subsequent reporting is driving actionable outcomes, Gigovic said.

In addition to the focus on next-generation detection and capability uplift, the financial crime team is also keen to integrate the various capabilities into a larger financial crime intelligence ecosystem. This involves looking at questions such as how entity resolution can be better integrated with dynamic algorithms.

The bank is also exploring how its network and link analysis can be expanded to provide enhanced risk coverage in areas such as fraud prevention, as well as being used as a learning platform.

In the future, ANZ aims to “overlay and integrate” other forms of technology, such as machine learning and artificial intelligence.

Case study: Funds flew over the cuckoo’s nest

To detect suspicious activity, ANZ’s financial crime data hub and the financial crime compliance team conduct regular thematic reviews of customers, products and challenges. In doing so, they are looking for any changes or deviations from normal customer behaviour.

This approach delivered a major win last year when “anomalies” were detected across ANZ’s branch network in Western Australia.

As a result, algorithms were developed specifically to target “cuckoo smurfing” activity through institutional accounts. The AML/CTF team identified that a money laundering network was attempting to move funds through unsuspecting customers’ accounts. The bank then pulled in additional data such as CCTV footage. AML staff used this to identify a syndicate operating in particular areas of Western Australia.

Armed with this knowledge, ANZ proposed a joint operation between Fintel Alliance members and law enforcement partners. This culminated in a “week of action” where the major banks and WA police shared tools and data in real-time to disrupt major money laundering syndicates.

ANZ shared the detection algorithm it had developed with the other participating banks, which then confirmed that the laundering network was targeting their institutional customers.

Cuckoo pic 2

“This confirmed our hypothesis that all major financial institutions were being targeted,” Gigovic said.

ANZ’s link analysis capability allowed the rapid interrogation of combined banking datasets. This analysis identified the locations and the time of day in which the network was likely to be operating. These details were provided directly to law enforcement officers during the week of action. The police then used this to guide their physical surveillance teams. The result was the detection of A$5.4 million that moved through 167 bank accounts across the major banks. On a single day, the syndicate made 87 deposits at ATMs in Perth totalling A$193,500.

On day two of the week of action, this “real-time intelligence” from the banks enabled WA police to arrest five members of a professional money laundering network. They also seized cash, methamphetamines, cocaine, firearms, luxury vehicles and encrypted communication devices.

“The close partnership has allowed law enforcement and financial institutions to focus on prevention and deterrence, with intelligence generated from the investigation leading to the arrest of additional offenders and the seizure of an additional A$4 million,” AUSTRAC said in a statement.

Community outreach

The banks have since launched a community awareness campaign to educate customers about the risks of “cuckoo smurfing”, based on some of the key the lessons from the project. AUSTRAC has also produced a risk insight assessment for the other Australian banks.

The Fintel Alliance member banks learned enough from the project to improve their own internal control environment. This created a feedback loop that allowed ANZ to continue to improve its original detection algorithms, using insights from the broader data sets.

“This was a real bonus. It shows the value of using and sharing intelligence,” Gigovic said.

“Greater information sharing allows us to identify criminal activity that would otherwise have remained undetected.”

Join our financial intelligence webinar …

and our esteemed panel:

Robert Mazur, President, KYC Solutions Inc

Michael Messier, Private Consultant & Senior Advisor, Financial Crimes and Compliance 

Nathan Lynch, APAC Manager, Regulatory Intelligence, Thomson Reuters

for their discussion on the future agenda for AML/CTF compliance.

Register to watch this webinar now!

Subscribe toBusiness Insight

Discover best practice and keep up-to-date with insights on the latest industry trends.

Subscribe