Helene Erftemeijer, ahead of her talk to GRC World Forums next month, discusses an innovative collective transaction monitoring project in the Netherlands and why we must break down siloes to keep up with the criminals
“It came from a gut feeling - that if criminals are well organised and have a lot of dirty laundry, they’re unlikely to put that into one washing machine, “says Helene Erftemeijer .“More likely, they’ll spread it across different institutions, different banks, so that nobody really knows how dirty their laundry is.”
Erftemeijer, Know Your Customer (KYC) Lead, at ING, is talking to GRC World Forums about Transaction Monitoring Netherlands (TMNL) – an eye-catching and much talked about project under which five banks, including Erftemeijer’s ING, pool their resources to collectively monitor transactions.
The project is one of several fincrime “utilities” globally currently that are intended to increase effectiveness through increased collaboration, joint obligations and information-sharing. Next month’s FinCrime World Forum features a whole stream of sessions on this next generation of fincrime partnerships, which are being seen as potentially a crucial tool to tackle crime, particularly when aided by the use of new technology.
We catch up with Erftemeijer, ahead of her appearance at FinCrime World Forum, to talk about utilities and partnership working.
When it comes to the issues facing the banking sector in the Netherlands specifically, Erftemeijer is well-placed to know the score. In addition to her current role at ING, she has also held positions at Rabobank and ABN Amro, meaning she has worked for three of the five banks in the partnership (the others being Triodos Bank and de Volksbank). Erftemeijer’s current role as KYC Lead involves connecting KYC activities across the bank, including customer due diligence, pre-transaction screening in addition to transaction monitoring, interbank collaboration and her work on public private partnerships.
Erftemeijer believes that banks need to move away from only looking in their own siloes for financial crime risks, as this leads to criminals “operating in the dark space” between institutions.
“We will be easily caught out by criminals making use of the fact that we only operate in silos”, she says.
“So we thought, ‘what if we would do our transaction monitoring jointly on the combined data set? Would banks then find suspicious behaviour that they cannot find on my own?”
TMNL has already started to collectively monitor transactions for legal entities, which has fewer data protection considerations than monitoring transactions of individuals.
“The first question was, can I do that in a secure way? Can I bring that together in a secure way? That’s where the answer was Yes,” says Erftemeijer. “Can I then combine it in a meaningful way? So that I can see across institutions based on that? And that answer was a yes as well.
“And then we run the analytics to see if our gut feeling that there is suspicious behaviour that I cannot detect on my own. And that got proven right as well”.
“We will be easily caught out by criminals making use of the fact that we only operate in silos”
All of this suggests TMNL, which Erftemeijer says has benefited from the fact the Netherlands is a small country with close-knit banking community, has got momentum.
The trickier aspect comes with the monitoring of individual customers and concerns over infringement of data protection rights and breaches of the General Data Protection Regulation (GDPR).
Erftemeijer describes these issues as a “tug of war” between anti money laundering (AML) and privacy, which she hopes will come down on the side of AML when people realise “it’s about catching criminals”.
Nevertheless, the banks in TMNL are careful to comply with data protection requirements.
She says: “We’ve done data minimisation in accordance with GDPR as much as we can, just having the data fields we actually need to run our analytics.
“All personal data that I as a bank deliver to TMNL has been pseudonymised.”
Erftemeijer is also hopeful that technology can be a “peacemaker” between data privacy and AML by allowing information to be shared in a way that provides useful insights without sharing customers’ personally identifiable data with other institutions. Last month, TMNL partners ABN Amro and Rabobank, along with scientific research organisation, reported ‘promising results’ from a multi-party computation project to allow information-sharing. The personal data is encrypted, split up and fed into an algorithmic system. The banks are confident, following a test on synthetic data, that the scheme will allow them to access information that can help them determine which of their clients may be involved in high-risk transactions, without accessing individuals’ risk scores.
So assuming the issues around data privacy can be ironed out where might TMNL go next?
We want to be the gatekeeper, not just moving those flows around but taking the money away from the criminals.
Erftemeijer says there are some legislative barriers. She would ideally like to see the project expanded to cover alert handling. However in the Netherlands there is a prohibition on the outsourcing of continuous monitoring, which would have to be removed for the project to be expanded in this way.
There are also discussions with the government about ways the data of private individuals can be combined in a “meaningful way” says Erftemeijer. When it comes to legal entities, the Trade Registry Number can be used as a match. But unfortunately the closest thing to an equivalent for individuals, the citizenship ID number, cannot currently be used for AML purposes under the law.
Conversations about potential changes to legislation have been derailed slightly by the Dutch government collapsing in January following a scandal over false allegations of welfare fraud.
In terms of the impact TMNL has had with the legal entities’ monitoring to date, Erftemeijer says it is simply too early to be able to say anything.
She concludes by saying that she keeps me in mind the horrific crimes that generate the laundered money.
“To me this job is not about the money it is about where the money comes from,” she says. “That’s why we want to be the gatekeeper, not just moving those flows around but taking the money away from the criminals. If I can contribute to that, I love that.”