Abstract

Analysing large amounts of financial information within databases can be hardly accomplished when dealing with money laundering. The main reason is the lack of digital forensics and proper database analysis procedures within the anti-money laundering strategies of financial institutions. Also, analysing single or grouped financial events related to money laundering is difficult when the Know-Your-Customer Policies in these institutions are not enforced, or even used as evidentiary instruments to gather digital evidence and track suspicious customers through the whole investigation life cycle. Even though the relevant data sources to get information from can be identified and used to create Suspicious Activity Reports, they need to be protected from money laundering events, and by these means, prevent their confiscation. Hence, in this article, we propose a methodology for combining digital forensics and database analysis in order to enhance money laundering detection. Additionally, in order to tackle the lack of synergy between the KYC policies and Information Security requirements, we enhance our previous model by analysing the FATF recommendations, the Basel Frameworks along with the BS ISO/IEC 27001, 27002 and 27037 standards in order to incorporate some of their best-practices into a methodology for money laundering detection model to deliver a set of requirements and activities for customer verification and financial evidence extraction before, during, and after a suspicious activity takes place.