I started with Neotas about three months ago having spent the previous five years in financial crime. What I have learned in this short time period has blown my mind and if I had known then what I know now, fraud investigations would be dealt with in a completely different manner. Without a doubt, open source intelligence (OSINT) is the future of due diligence and KYC (Know Your Customer).
Working in Financial Crime, I regularly had to investigate cases of fraud or money laundering and prove, without doubt, that a customer had been a victim of fraud. The problem is that fraud investigators are more often than not required to work on gut feelings and instinct more than on actual proof. Don’t get me wrong, working in fraud requires a lot of instinct and trusting that gut feeling, however having evidence to prove the fraud would also be more than helpful. While fraud investigators do have tools to aid their investigations like bank checks and credit files checks, you’re often left questioning what does that really tell you about the person? That they have good credit and their bank account matches their identity? What if you had a husband and wife working together to scam the system? She may be telling you that she and her husband are separated and he has stolen her details. As an investigator you are not able to talk to the husband as he isn’t your customer, therefore you have to take the wife’s word as fact. However by using OSINT you can learn more about the individual including looking at their social media profiles to see if there is any evidence of a divorce or separation. Moreover, is there any evidence to tell you they are working together? If a child has impersonated their parent and both mother and daughter have the same name and live at the same address, there are only two companies in the world whose internal checks would be able to tell them apart. Most companies would accept an application in the mother’s details and send the money to the daughter’s bank account however by using OSINT you can look deeper into the daughters online behaviour, have they recently come into money? Are they talking about it?
Whether we realise it or not, almost everything about you is online. From date of birth on birth records, to your address, email addresses, phone numbers, interests, and key individuals, the list is often endless. The reason for this is simple. Most people do not read the endless pages of terms and conditions or adopt privacy settings, moreover most people feel that they can be themselves online and that is where they will often give away their plots and plans. By using OSINT you can find out a multitude of sins. A professional money launderer may look like the perfect customer from the outside: the credit file looks good; the bank matches; and they use the product regularly and always pay back on time. Someone like this may show up on a CDD or EDD list but after a few simple checks no issues would be found. If compliance departments and fraud departments had knowledge of OSINT they could look deeper into the individual, the house they are living in, can they afford that on their salary? The company they are a trustee or director of, does it make sense that the customer is involved with a company like that? OSINT paints a picture of what is going on and tells you what a standard background and credit check cannot.
Simply put, most financial crime departments do not have enough knowledge of OSINT and therefore follow “a checklist system” that was written in a policy because the regulator told you to. The problem is that as long as you are following the minimum requirements put forward by the regulator, financial companies will believe that the check list system is sufficient. It is not and this is allowing fraudsters to continue to get away their crimes while they are laughing at you publically on Facebook. Don’t get me wrong, I’m not saying that fraud investigators are not doing enough, what I am saying is investigations need to go further, OSINT is the future and before long the FCA will make this a requirement.
Neotas is a due diligence company that has developed an analyst driven Open Source Intelligence platform. The platform is used in many areas from financial regulations such as KYC/AML, Anti-Bribery, Modern Slavery Act, plus staff background screening, due diligence for VC and PE investments and lastly human vulnerability assessments as part of a cyber security strategy.