Since September 11, the international financial community has been under increased pressure to deny terrorists access to funds. As with other types of organised crime, the authorities hope that closing down terrorist groups' money supply will go a long way to prevent future atrocities.
But as governments have learned from their long cat-and-mouse games with international drugs cartels, policing money markets is not easy. Money markets offer easy shelter to criminal transactions: the volumes of foreign exchange traded each day are vast; most trades take place in just a few currencies; and currency is a very liquid commodity. Trades settle quickly, so fraudsters can take their profits and cover their tracks with speed.
The structure of foreign exchange markets also works in the criminals' favour. Most money market transactions are "over the counter", where banks deal directly with other banks, rather than through exchanges.
In other commodities and in equities, routing transactions through an exchange provides a vital central point for supervision, as well as a way to share the costs.
"Monitoring individual transactions in the FX markets is really down to the compliance departments of individual banks," says Peter Clay, a financial services specialist at London-based PA Consulting. "Unlike organised markets, such as equity exchanges, FX is not subject to surveillance."
Instead, banks are responsible for their own checks, both to filter out customers who might have links to crime and to detect transaction patterns that suggest criminal behaviour. Under Federal law, banks in the US have to report transactions over $10,000 to the US Treasury Department; even under $10,000, "suspicious" transactions must be reported.
Even in the largest banks, this is still a process that relies heavily on human judgement rather than technology. As a result, the growing political pressure on banks to clamp down on suspicious transactions, as well as criminals' growing sophistication, is pushing up compliance costs.
Criminal planners
"Fraudsters have their technology product development plans," warns Nick Caunter, European managing director for security software company ReD. "They have already planned what they will do next, if one of their routes is blocked."
Even where technology is used, industry observers warn that banks rely too heavily on relatively simple rules-based computing systems. These software programs will refer all transactions with pre-determined characteristics, such as a monetary value or place of origin, to a security officer for checking. Unfortunately, rules-based systems are rigid and relatively easy for fraudsters to bypass.
"The banks are getting good at the basic checking of people," says Dan Marsden, technology director at NCorp, a company that develops computer technology in fields including fraud detection. "But the technologies that have been applied to transactions are basically rule-based systems based around 'if' statements. It is all very manual, and can only go so far."
Tricks as simple as splitting a large transaction into a series of smaller deals can be enough to hide a deal from security officers. Criminals also move money in steps, so its place of origin is hard to trace."
The real worry is where the money has been moved around a large number of times, and the bank can become almost a third party to the fraud," says Farouk Ahmad, of security company Baltimore Technologies.
"Determining the source and the entry and exit points of the transaction can be very difficult," he adds.
The solution gaining ground among banks is a second tier of security software based around neural computing techniques and pattern recognition. Pattern recognition software scans vast numbers of transactions in order to spot trends or suspicious characteristics that would be missed by a rules-based approach.
"These systems will analyse transactions and provide a higher level of comfort to the banks," says Mr Ahmad.
New systems now being examined by banks should also be able to "learn" from the data they process. This will give security departments important advantages in the battle to combat money laundering and financial fraud.
Unlike strict rules-based computer systems, learning systems will track changes in data and adapt to it. Learning systems reduce the banks' reliance on external experts to update or write new rules when circumstances change.
Suspicious trends
If economic growth in a country means that the typical money market transaction is increasing, a learning-based system will be able to adjust its idea of a normal transaction, rather than flagging an ever-greater number of deals as suspicious.
A learning system should be able to allow for seasonal trends, and they should become more effective over time, as in-house security experts train them to distinguish between clean and suspicious data.
However, the sheer volume of transactions - estimated globally at $1,500bn a day - poses a challenge to even the most sophisticated fraud detection software.
To make the results more accurate and to cut the number of false alerts reaching security officers, developers are looking beyond pure transaction data - which contains relatively little information - to unstructured or textual information.
Adding this type of information to a fraud detection system puts market activity in context: there will be more foreign currency movement in south America during the coffee harvest, for example. Some information comes from intelligence reports, but much of it is mundane and freely available, such as data on weather or harvests.
Autonomy, the Cambridge-based information analysis software business, is working on techniques to add news feeds and other text-based information to security systems. "It is part of general risk management," explains Richard Gaunt, chief technical officer. "There may be items in the news that you are not aware of, but which modify your risk profile."
Systems that can work with both structured and unstructured data are also good at bringing together data from disparate sources. With global markets and around-the-clock trading, banks can no longer rely on security officers sharing information and "working on gut feeling".
A computer system cannot replace the human mind entirely, but it can quickly spot a trend from unconnected data.
"The core competence of a security system, whether it is rules based or neural, is to spot what the security officers cannot spot on their own," says Mr Caunter at ReD. "Banks need the best people and the best technology if they are to stay just one step behind the fraudsters."
