Follow the money

Follow the money

Analyst Albert James Galloni looks at how intelligence generated by financial information can be a valuable asset in security terms 

Financial services are one of the fastest-growing sectors in the Middle East, currently increasing in revenue, contribution to the GDP and strategic commercial importance across the Gulf States and the wider region. From the growth of the UAE as a key node for international finance as well as a global trade facilitator to the diversification drive in the Kingdom of Saudi Arabia and the expected benefits brought about by the 2022 World Cup in Qatar, financial services are truly coming of age in this region.

As access to financial instruments and products increases and the volume of activity generated by their use continues its growth so does the body of data generated by transactions and interactions. And it is this very data that when curated, contextualised and developed into actionable intelligence can become a very useful security tool alongside physical infrastructure and operators. In fact, it can help drive the better use of existing and new assets.

To understand how this can be so, we need to trace it all back to the ‘Exchange Principle’ theorised by French forensic scientist Edmond Locard: ‘Every Contact Leaves A Trace’. In the context of Financial Services, this is true of virtually every record and I will use the term FININT (Financial Intelligence) to describe this body of data once it’s been processed through the intelligence cycle. From traditional Ledgers to Blockchain through the records generated by everyday banking and electronic transactions through even informal records held by Hawaladars, each and every movement of funds or even just value, each income and expense, transfer and receipt leaves a trace.


Of course, this is already very much a tool in the hands of investigators and financial data is being used to great effect post-event to assist enquiries, including by law enforcement in this region. But this use is often limited to the reactive and tactical investigative value and the intrinsic intelligence benefits, including an element of predictive analysis, is lamentably often overlooked.

Let’s take, for instance, the body of data that can be gleaned from invoices and financial records in the fight against terrorism. The assembly of explosives,for instance,be they used for IEDs,VBIEDs or any other type of conventional or unconventional bomb, requires the purchase of component parts which can often be perfectly lawful in isolation but, when bulk-bought or originating or destined from and to specific locations, can indicate more sinister end uses.

The ability to identify patterns of receipt and expenditure of funds or even the ability to identify commonalities between the generic ‘shell companies’ mis- used to facilitate this dark trade is a predictive ability that can be exploited to its maximum effect through a combination of human know-how and data analytics. And at tactical level, analysis of a suspect’s – or a network’s – income and expenditure or even just movement of value can indicate readiness and preparation on the ground, ahead of an attack. This could easily be exploited to target surveillance or even aggressive preventative action.

The same methodology applies to the analysis of ordinary activity such as the withdrawing of cash or small value transactions in attempting to identify Foreign Terrorist Fighters (FTFs) attempting to enter a theatre of war. It would be entirely counter-productive to exemplify here how this works in practice in order to maintain full competitive advantage over the adversary but the reality is that a combination of financial data and geo-location can identify an incoming FTF attempting to evade detection by means of avoiding known entry routes. Equally, and again not much detail is provided to preserve competitive advantage, the same methodology can be applied to identify an exiting FTF through financial patterns of usage potentially preventing, or at least providing the ability to shadow, a radicalised and trained adversary attempting to attack.

This is also true of other applications for security, for instance building/premises security. Where a security detail may find it challenging to identify and observe an hostile actor looking to reconnoitre a premises or even stalk an individual, their pattern of spend – especially if electronic – can leave a valuable trace which can not only place and individual in a certain place at a certain time (the reactive approach I describe above). It can, when suitably analysed, form a pattern that can be used for counter-surveillance effectively turning the tables on the adversary by anticipating their moves based on pattern. The same methodology, expanding the focus, can also be used to attempt and identify any other actors linked to the main operative.

Recognising and formulating a strategy for acting upon patterns is also crucial in what I refer to as ‘upstream targeting’. Upstream Targeting can be different things to different stakeholders tactically but at strategic level it’s a straightforward concept: incapacitating the threat before there is no option left but to intervene, often with no choice but to do so kinetically.

It can be a truly proactive approach that institutions (public and private) can take, for instance, cutting off a flow of funds prior to use for criminal activities based on previous usage analysis and suspicion of the adversary’s motives. It can also be a method for neutralising the threat based on forcing the adversary to take a course of action pre- determined for them based on intelligence. Again, without sharing tactical details, there are means and ways to – financially – effectively offer an adversary no route other than one which suits one’s tactical objectives including forcing the target to physically move and change their plans.

Financial institutions, under increasing regulatory spotlight as well as increasingly co-opted elsewhere in the world to assist in the achievement of tactical outcomes by Law Enforcement and Security Agencies, can mitigate their risk and reduce their exposure by intelligently utilising FININT to move beyond customer screening and monitoring based on static principles which can leave them exposed in the event of incidents, especially from a reputational standpoint.

The ability to identify patterns of receipt and expenditure of funds or even the ability to identify commonalities between the generic ‘shell companies’ mis-used to facilitate this dark trade is a predictive ability that can be exploited to its maximum effect through a combination of human know-how and data analytics.

Ultimately, those who wish to mis-use products and services for their benefit are neither static nor troubled by existing checks which are, in the main, repetitive and predictable and therefore weak from a security standpoint.

In a way, the Middle East is in somewhat of a privileged position in terms of maximising the value of financial data and turning it into actionable intelligence. As a growth environment with increasing and widespread penetration of technology, including in the financial space and a largely young and connected population as well as a strategy to adopt the likes of electronic payments and e-commerce as well as digital environments for interaction in both leisure and business, all the pillars are there for a fertile environment as far as the generation and capture of data is concerned.

Where both public and private enterprise – or even a combination of both, each playing to its strengths – can embrace the smart use of FININT, security and even defence dividends can be yielded. The potential is as wide and largely untapped as it is tangible and it takes many shapes, from the preservation of life at one end to the financial returns at the other through a safer environment and the protection of the public realm among others.

A safer environment, intelligence-led from asymmetric and largely under-used intelligence. Although a comparatively new discipline, FININT can assist achieve key strategic outcomes.

Albert James Galloni is an analyst with vast experience developing FININT into actionable insight as well as other Intelligence disciplines and is also a Financial & Economic Crime (FINECONCRIM) investigator and advisor. He’s the director of Interoperable Services Ltd, a British Private Intelligence Company leveraging Intelligence holistically to assist clients achieve their outcomes including the fields of Security and Defence.