An ever-evolving array of software is aiding private-sector and government investigators in tracing trails that may end at the doorsteps of terrorist leaders or the groups that fund them. Citing security concerns, government officials won't discuss the tools military, criminal, and intelligence officials use to track terrorists and their money. But experts say data-mining, statistical and financial analysis, and link-analysis tools all play a part in tracking down terrorists and their supporters.
Such tools have long been used by forensic accountants working in private industry to combat insurance fraud, embezzlement, and other white-collar crimes. Forensic accounting incorporates accounting, auditing, and investigative skills to analyze financial and other records (such as telephone and travel data) that are used as evidence in civil and criminal proceedings.
Financial institutions and other sources of such records use different IT systems that don't automatically link to each other, or even directly to a centralized system maintained by government officials. There are all sorts of reasons for this-privacy concerns being a top one. But the lack of integration could result in suspicious transfers of money flying under the radar. That's where auditing tools, such as ACL from ACL Services Ltd., come into play. They help forensic accountants analyze and mine data related to a particular case from many IT environments. ACL can read nearly any type of database format and export its findings to a variety of systems, including link-analysis programs.
Link-analysis software lets forensic accountants quickly tie thousands of bits of information together to better understand the case they're developing. Two leading link-analysis tools are NetMap Analytics Inc.'s NetMap and i2 Inc.'s Analyst's Notebook. Customers include the FBI and the Treasury Department's Financial Crime Enforcement Network, known as FinCen.
NetMap, an enterprise system that employs data marts to help organize information, can query a wide range of databases using SQL. NetMap decomposes data, such as a name or bank account number, to its simplest form, called a node. Then it seeks common links among nodes. FinCen analysts working with federal investigators can combine data from suspicious activities reports that banks file with the government for suspicious transactions of $5,000 or more with information culled from public sources, credit reports, and subpoenaed records to show links between suspected terrorists who might share bank accounts or credit cards or between suspected terrorists and supporters that might have channeled money to them.
Link-analysis tools also give visual clues: NetMap generates charts that use the line thickness or colors to show connections between individuals or accounts. "Looking at something graphically makes it easier to comprehend how a transaction works," says Craig Greene, a partner at Rohan & Associates, a Chicago accounting firm that specializes in fraud investigations.
How fast are link-analysis systems? In a recent test at Prudential Financial, two investigators with about a half-dozen boxes of documents took two weeks to analyze a complex fraud case; NetMap says its tool did the job in 15 minutes.
NetMap's link-analysis software also reveals unusual activity within a bank account that might escape notice. Federal law requires most cash transactions exceeding $10,000 to be reported to FinCen, but terrorists can transfer hundreds of thousands of dollars a day in small amounts, using accounts that might begin and end each day with a $100 balance.
Other vendors are helping financial institutions ferret out unusual account activities or search for variants of certain key words in exposing irregular deeds. A system from Mantas Inc. uses algorithms that seek out abnormal activities in accounts, such as wire transfers where they never occurred before. "It's critical to look at every transaction in order to understand behavior" of suspected lawbreakers, Mantas president Richard Spires says. "It's not good enough to set a threshold and look only at large transactions." The system can include the names of individuals and groups on the government's terrorist watch list. But Spires cautions, "There's no silver bullet. No one algorithm solves all problems."
Unusual behavior or the use of certain words in a transaction don't necessarily point to illegal activity. Once alerted by software to such events, financial institutions must further investigate before notifying authorities. Compass Bank, a subsidiary of the $22 billion Compass Bancshares Inc. in Birmingham, Ala., uses Fundtech Ltd. software to look for suspicious transactions, but in the last year not one flagged by the software was related to criminal activity. Still, the events of Sept. 11 have confirmed the company's vigilance. "The only thing that's really changed is that we question things more than we used to," says Terri Yancey, VP of wire transfers.
Funneling money to terrorists is as much a global problem as is laundering drug money. But there's no way for foreign governments to effectively share related data with the United States. "Overseas, these systems are just being considered. There's little in place to handle monitoring," says GM Stetter, executive VP of marketing and strategic planning at Fundtech, whose Wirehousing software stores records of wire transfers, showing patterns of illicit account activities over time.
Governments and their allies must develop systems to track terrorists' financial activities, and cut them off. "The way to stop this," says John Daly, CEO of America Software, a maker of analytical software that looks for shady bank transactions, "is to get the money out of their pockets."
--With Eileen Colkin