Open-source intelligence refers to the practice of gathering and analysing data from publicly available sources – including the Internet, online publications, social media etc – to help with decision making. As individuals, often daily, we search the Internet and use open-source data to help us with making a purchase or solving a problem. However, that publicity available open-source data is also a critical tool to help businesses and law enforcement agencies when carrying out fraud investigations or enhanced due diligence checks – For example, to do background investigations on individuals, assets, and the businesses linked to those individuals. Understandably, as that open-source data is being used to offer insight for investigations and compliance checks it has come to be known as Open-Source Intelligence.
Open-source data crucial for affordability and AML checks
The recommendation to use open-source data has been added to guidelines for AML checks by the UK Financial Conduct Authority (FCA), the Financial Action Task Force (FATF) and the EU Parliament as part of its periodically-released Anti-Money Laundering Directives (AMLD).
It has also been mandated by the Gambling Commission with regard to affordability and AML checks:
In the latest social responsibility code provision 3.4.3 which comes into effect from 12th September 2022, the gambling commission talks about the use of effective open-source data “which can help licensees assess affordability for their Great Britain (GB) customer base and improve their risk assessment for customer interactions”. Equally, in their Compliance and Enforcement report published on 9th December 2021, the UKGC also suggests under AML best practices that “Operators should also satisfy themselves as to a full range of risks to which they may be exposed. For example, carrying out local or open-source information checks such as press reports”.
How to make best use of open-source data?
With the Gambling Commission recognising the importance of open-source intelligence, the question then arises for operators to how they can make sure they have carried out their open-source checks in a sufficiently detailed manner to pass scrutiny if audited. If an operator simply relies on social media information, adverse media or googling it is often not enough:
Social media – Social media sites have issues as a sole source of information as they can be self-curated versions of a person’s self, failing to include detail that might reveal vulnerability.
Adverse media – While adverse media that only trawls mainstream national media for news on an individual can miss so many other data sources where information is available.
Googling – Your search results from simply googling in the search engine are tailored to your browsing needs, meaning that key information might not necessarily be even on the first 10 pages or so.
The answer is to use a smart and consistent open-source strategy, utilising more varied sources of data. This approach means you can find out a lot more information about an individual and the assets they are linked to giving you as an operator a more complete story of who the customer really is and more accurately assess their affordability.
For instance, we can use open source to find out whether someone is linked to a social housing property, we can also find information about their career, seniority, and other key individuals they may also be linked to that individual. Using Open Registers like Companies House, we can find out how many businesses that person is linked to, and how many dissolved businesses as well while also accessing company accounts. The Gazette is another great example, which will confirm whether someone has been declared bankrupt or insolvent and the businesses connected to them. There have been plenty of examples of our prospective customers, who originally took all the information presented to them at face value, to find working with us, that there was a lot more to their customers than they had previously realised.
Real life example 1 – A vulnerable player who looked ‘okay’
Synalogik has carried out extensive research around identifying and risk assessing vulnerable individuals. In one such case found on the surface an individual who appeared to have no apparent vulnerabilities, however, through investigating more OSINT data sources, we were able to find mentions of his gambling addiction on several forums. If we had only used a limited number of data sources, this would have been missed, creating the potential for harm to the player and the operator.
Real life example 2 – A player with a common name that was missed
In another case, a player’s severe money handling problems were not spotted because they had a common name and the analyst at the time had not looked past page 1 on Google results. By continuing to pages 9 and 15 on Google we were able to find that information.
Real life example 3 – A player with an uncommon name but was not linked to a location
Finally, another player was known to law enforcement; however, they could not be found by location and address + city searches as their location was unconfirmed at the time of the investigation. This turned out to be an AML risk and something that would have led to a fine for the operator.
How technology can help
Of course, using open-source intelligence not only requires expertise in knowing what to look for but also takes time. With the incredible amount of open-source data available on the web, one of the key drawbacks of open-source intelligence is the volume of data returned when you carry out a search, and the consequent time spent manually trying to collate and draw links across the results. Synalogik’s open-source tool automates that process, saving up to 85% of your time. In a recent case study with Betway Group, it was found that our open-source tool reduced the time needed to perform a search from 2 hours to 5-10 minutes.