Anti-money laundering breaches investigated with RelativityOne
Financial regulator leverages the analytical power of RelativityOne to investigate claims of anti-money laundering compliance breaches at an international bank.
A financial regulator filed proceedings against a bank alleging anti-money laundering breaches involving $50 million in transactions.
The investigation involved 0.5TB of data or approximately 10 million documents.
How did icourts help the regulator leverage technology to find the needle in the haystack?
A whistle-blower contacted the regulator concerned about anti-money laundering (AML) breaches and provided client names with suspected involvement in AML activity.
After interviewing the whistle-blower, the regulator launched an investigation and issued the bank a notice to produce.
In response to the notice, the bank provided the regulators with a hard drive containing 0.5 TB of data – approximately 75 million pages.
The files produced were emails and attachments from across the entire organisation – there were millions of communications.
Where did the investigation team start?
Early case assessment
Time is of the essence when performing an investigation.
The icourts analysts performed an early case assessment to defensibly remove duplicate documents from the review set. They also ran email threading over the data set to eliminate emails from the same chain with duplicate content.
The data set contained many duplicate documents, but the regulators wanted to preserve the evidence so culling at the ingestion stage was not an option. To avoid pushing the duplicate data into the review workspace the icourts analysts ran a script over the emails to perform an ‘artificial deduplication,’ this preserved the raw data while tagging emails ‘master’, ‘unique’, or ‘duplicate’. The analysts were then able to select only documents tagged ‘master’ and ‘unique’ and push them to the RelativityOne review workspace so the team could analyse the most applicable documents.
The duplicate documents were retained in the repository workspace – which is billed at one-third of the cost – to maintain evidential integrity.
By performing a structured early case assessment, the regulator saved both time and money from the outset by only hosting and reviewing the necessary documents.
Setting review strategy
Once the refined documents were in the review workspace the investigators wanted to establish – ‘What data have we got? What words and concepts are connected?’
The investigators needed to focus on the key documents to piece together the story from the outset. If the parameters of the search were too wide – they risked running out of time.
Using the information provided by the whistle-blower the icourts analysts ran a narrow search-term report and batched those documents out for review. The investigators did not want to rely solely on search terms as they might miss additional relevant information suggesting other nefarious activity.
Then the icourts analysts provided a helicopter view of the data by overlaying concept searching and clustering, which provided a visual representation of all the conceptually similar documents and connections.
Using this strategy, the investigators were able to identify lots of documents relating to tax filings but very few relating to AML policy, procedures, and actions.
The clustering also identified a number of documents related to ‘Friday Drinks’ that could be grouped and excluded. Similarly, although they included the AML policy, documents related to HR onboarding new team members that were not relevant could be grouped and excluded.
The icourts analysts also overlayed the documents coded as relevant from the initial search-term review to determine the richness of the set. Heat maps across the clustered visualisations showed how conceptually similar documents were to relevant documents.
The investigators needed a high-level overview of the key actors in the compliance team and their workflows.
What was the organisational structure? Who were the key players in the compliance team?
The investigators used RelativityOne and keyword searches to find the organisational chart clearly showing the names, roles and titles of everyone in the compliance team. This was checked in combination with policies, procedures and training throughout the wider organisation.
The icourts analysts enabled name normalization, to identify the aliases of each member of the compliance team. Any communication tied to ‘Jim’ regardless of whether it was from a different email address or display convention was linked and searchable under the entity filters. RelativityOne automatically groups multiple aliases into a single entity, making it easier to follow every communication to and from the compliance team.
The icourts analysts then switched to the communication analysis visualisation – this showed the investigators that one person was clearly at the centre of all related communications. The bulk of communications went through him. He was clearly the middleman.
Email threading also enabled investigators to visualise the flow of communication – duplicate content and attachments from the same email chain were grouped. The investigators only needed to check the top chain or middle chains for any new information. Email threading highlighted when the conversation branched off for side chat which was easily checked for suspicious activity. Email threading allowed the investigators to review everything in context with the other communications – painting the compliance team’s story from the beginning.
By adopting a holistic approach, integrating and overlaying several RelativityOne analytics features, the team was able to answer integral questions in the investigation quickly:
When suspicious behaviour prompted a red flag who reported it? Who was it escalated to? At what stage was it referred to the police for investigation?
The whistle-blower had provided a series of client accounts with suspected involvement in AML activities. RelativityOne identified all the documents associated with those client names or client IDs.
The icourts analysts then set up case dynamics and used the search term results and only batched out the inclusive emails for the investigators to review with a chronology of events.
The chronological organisation allowed the investigators to quickly answer questions vital to the investigation:
- When onboarding new clients – did the bank open accounts despite missing vital information such as proof of income?
- If information was missing, did they follow the procedure and contact the client within the mandated timeframe?
- When a client moved money, did large transactions trigger a red flag?
- What action was taken after that red flag? Was it escalated? Was it referred to the police?
Using RelativityOne’s short message review feature, the investigators could follow a timeline of internal conversations across instant messenger and emails to establish – who did what concerning these suspicious client accounts.
Case dynamics enabled the investigators to build out the profiles of key players by adding other case notes such as job titles, connections and elements of the story such as ‘defendant argued with Sue from finance in June’. The investigators also used case dynamics to plan the next steps in the investigation and who to interview at the bank.
Once the investigators had identified the key players to interview, the icourts analysts added a new field so the investigators could code the key documents to refer to during the interview, for example, ‘question 2 for Sue.’
The documents tagged for the interview were batched and referred to in the system during the interview, ensuring the chain of evidence was auditable.
The video of the interview was transcribed using an app in the RelativityOne app hub.
The investigators annotated directly onto the transcript. RelativityOne provides the option to colour code, add notes, and link to the relevant document using case dynamics.
The pattern of non-compliant behaviour
Through analysing activity on several key accounts, the investigation team was able to identify a pattern of non-compliant behaviour among senior compliance managers at the bank.
Red flags of suspicious behaviour were being escalated through to senior levels of the compliance team where activity was being given the ok and not referred on to the police.
The investigators were able to follow the money after it was moved into a foreign bank and obtain the information necessary to prosecute the domestically registered and regulated bank.
Managed services and client upskilling
The analysts at icourts provided the regulator with in-house consulting support and used the investigation as a real-world training exercise to technically upskill the investigation team.
The blended approach of project-based support with external advisory and training ensures the regulator continues to extract the most value out of the next-generation investigations technology, RelativityOne.