ACAMS in Omaha: How Hybrid Threat Networks Exploit Financial Markets

Topics: Corporate Legal, Financial Crime, Financial Fraud & Anti-Money Laundering, Fraud, Government, Risk Management, Thomson Reuters


OMAHA, Neb. — The heroin epidemic. Russian election interference. Terrorism. Gun Violence. Iran’s and North Korea’s nuclear programs. Human trafficking.

What do all these illicit activities have in common? Money laundering.

A crowd of more than 100 risk and compliance professionals from the financial sector listened as expert Debra Geister, CEO of Section 2 Financial Intelligence Solutions, explained the serious threats transnational criminal organizations pose to our financial markets. Geister, whose work focuses exclusively on the tracking and documentation of the “hybrid threat”, spoke at a recent event hosted by the Association of Certified Anti-Money Laundering Specialists (ACAMS) Greater Omaha Chapter in partnership with Thomson Reuters.

The goal of the afternoon was to educate the audience on better ways for financial institutions to detect serious threats presented by criminals and other bad actors.

Money Laundering: A Common Denominator

Approximately 99% of money laundering is committed by so-called threat organizations — criminal enterprises that are usually transnational and hierarchical, she told the audience.

Sound a little like the corporate structure of a Fortune 100 company? There is a reason.

Transnational criminal organizations operate like global corporations with a board of directors, a human resources department, and some of the best accountants and lawyers that dirty money can buy. (Have you seen the Netflix series, The Ozarks? It is a little like that, but much more intricate than Hollywood can portray in a binge-watching worthy show starring sometimes funny guy, Jason Bateman.)

For example, Geister explained, Hezbollah is a Lebanese Shiite-Islamic terrorist organization that operates globally from Iran to Columbia, West Africa, and yes, even the United States. Hezbollah officially answers to Iran and is among the world’s largest drug smugglers — and with being a large supplier of illegal drugs, comes even larger profits that get laundered, often through trade-based money-laundering.

It’s from this type of organization that Geister gets the term “hybrid threat.”

Hybrid Threat

Geister explained that a hybrid threat is a military term that denotes the interconnected, coordinated attacks of an enemy on many fronts. “Hybrid threats are networks of people, capabilities, and devices that merge, split, and coalesce in action across all of the operational variables of the operational unit,” she said.


Debra Geister, CEO of Section 2 Financial Intelligence Solutions, speaks at the ACAMS-Omaha event

In layman’s terms, that means the bad guys are an interconnected group of hostile and sanctioned nation-states, organized criminals, and terrorists. Like Hezbollah, these high-risk groups are more sophisticated than ever, tapping into intricate money laundering techniques to fund their activities.

Rethinking Money Laundering and Transaction Monitoring

What is a financial institution to do? Geister urged financial institutions to rethink their approach to money laundering and transaction monitoring because “the majority of money laundering is conducted by threat networks, not individuals.”

Geister said she believes it is critical for financial institutions to better recognize this paradigm because anti-money laundering (AML) policy, detection, and investigations should be both targeted and pragmatic.

Know Thy Enemy

As Sun Zhu, the well-known, and oft-quoted, military strategist once wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

Geister said that in order minimize AML detection problems such as high rates of false positives, everyone needs to rethink how we are looking at transaction monitoring. “The focus should be from an actor AND action-centric point of view, not just an action-centric point of view,” she added.

To put it in Sun Zhu’s perspective, it is time to better know your enemy and to start looking at transaction monitoring more from the lens of targeting the person or entity that is behind the activity rather than the only looking at actions.

Going back to our previous example of Hezbollah, it’s important to understand that their chain of command starts with Iran. But it would be a mistake to think the Hezbollah acts alone. Indeed, they work across multiple groups, regionally and domestically, by using tactical cells for narcotics trafficking and counterfeit goods production to achieve their nefarious purposes.

And all this money needs to be laundered to continue the group’s illicit activities.

Some questions a financial institution should ask itself are:

  1. Who are my customers (or customer’s customer) population groups, and what are their risk profiles?
  2. What products do I offer and what are the unique risks associated with each?
  3. In what geographical regions do I offer those products?
  4. Who are my customers’ counterparties or who are they doing business with?

Measuring the Cost of AML Enforcement

Geister urged financial institutions to think about the cost of AML enforcement not simply as dollar and cents. When banks run afoul of these enforcement obligations and are fined, there are bigger issues of concern, including:

  •  Stock share values decline an average 5.5% the day fines are announced.
  •  Cease & desist orders result in loss of new programs, vendors, and business plans.
  •  Remediation costs over first 18 months are 12 times greater than the fine itself.

Leaving the audience with a final warning, Geister told them to “target the threat network and follow the money.”

To hear more from Debra Geister follow her on Twitter @DebraGeister1. Geister is also writing a blog post series for Thomson Reuters on cryptocurrency money laundering detection. Follow the Risk & Compliance page to stay up-to-date.