Volume 3 - Issue 1 - 2
An Anti-Money Laundering Methodology: Financial Regulations, Information Security and Digital Forensics Working Together
- Denys A. Flores
National Polytechnic School Quito, Ecuador
denys.flores@epn.edu.ec
- Olga Angelopoulou
University of Derby Derby, U.K.
o.angelopoulou@derby.ac.uk
- Richard J. Self
University of Derby Derby, U.K.
r.j.self@derby.ac.uk
Keywords: digital forensics, information security, money laundering, FATF, database analysis
Abstract
Analysing large amounts of financial information within databases can be hardly accomplished
when dealing with money laundering. The main reason is the lack of digital forensics and proper
database analysis procedures within the anti-money laundering strategies of financial institutions.
Also, analysing single or grouped financial events related to money laundering is difficult when the
Know-Your-Customer Policies in these institutions are not enforced, or even used as evidentiary instruments
to gather digital evidence and track suspicious customers through the whole investigation
life cycle. Even though the relevant data sources to get information from can be identified and used
to create Suspicious Activity Reports, they need to be protected from money laundering events, and
by these means, prevent their confiscation. Hence, in this article, we propose a methodology for
combining digital forensics and database analysis in order to enhance money laundering detection.
Additionally, in order to tackle the lack of synergy between the KYC policies and Information Security
requirements, we enhance our previous model by analysing the FATF recommendations, the
Basel Frameworks along with the BS ISO/IEC 27001, 27002 and 27037 standards in order to incorporate
some of their best-practices into a methodology for money laundering detection model to
deliver a set of requirements and activities for customer verification and financial evidence extraction
before, during, and after a suspicious activity takes place.