The
pendulum of public sentiment swinging from concern for data privacy
to security suggests now may be opportune for Europe to embark on a
Terrorist Finance Tracking System (TFTS), says Paul Cochrane,
whether independent or additive to the US Terrorist Finance Tracking
Programme (TFTP).
Concerns
about the US-EU Terrorist Financing Tracking Programme (TFTP) have
abated, notably regarding oversight and data-sharing issues. But the
issue remains controversial, with a potential EU version of the
system still being debated within the EU executive, the European
Commission, whether to be standalone or complementary to the
USA-promoted TFTP. Meanwhile, with Britain voting to leave the EU,
renegotiations may have to take place whatever is decided by the
remaining members of the EU.
The
TFTP caused a lot of controversy when it was exposed by the media in
2006. The programme, secretly enacted post September 11 2001,
provides data to the US through an agreement with the Brussels-based
Society for Worldwide Interbank Financial Telecommunication (SWIFT).
In 2010, the European Union (EU) legitimised the agreement. It was
slated for renegotiation in 2015, but the EU did not amend the
treaty, meaning it has remained unchanged since 2010, prolonging the
agreement for another year.
Analysts
attribute the acceptance of the TFTP to the concerns of EU
authorities mainly being addressed, with oversight of data and
information transfers to US intelligence now handled by Europol,
which had not been the case prior to 2010. The issue also dropped off
the media radar, despite the ongoing surveillance and data privacy
concerns raised by US whistleblower Edward Snowden.
“The
rhetoric in the media, especially back at the time (in 2006 to 2010),
was quite emotive, but a middle ground seems to have been reached and
accepted,” said Tom Keatinge, Director of
the Centre for Financial Crime and Security Studies at RUSI in
London.
Europol,
the EU’s enforcement agency, and the US have been more forthcoming
in releasing information about intelligence leads stemming from the
TFTP, claiming more than 22,000 leads have been provided since 2010,
while 15,572 leads (out of the total) were from 2015 to April 2016.
(1)
Further
driving acceptance – and reducing
the pressure to
renegotiate the TFTP treaty - has been a renewed push to develop a
European equivalent to the TFTP, the EU Terrorist Financing Tracking
System (TFTS). The system was initially proposed in 2011, but was
dismissed by the EU Commission, and again in 2013, as not being cost
effective, with set-up costs for a hybrid-model EU-TFTP projected at
€33 million to €47 million (US$36.9 million to US$52.6
million), and annual operating costs ranging from €7
million to €11 million (US$7.8 million to
US$12.3 million). (2)
“In
2011, the conclusion was it was very expensive and not really needed,
but five years down the road things have changed,” said Dr.
Michelle Frasher, an independent research scholar who recently
published a paper with the SWIFT Institute on Transatlantic AML/CTF
and Data Privacy Law.(3)
The
shift in mindset may be attributed to the recent terrorist attacks in
France and Belgium and concerns about foreign terrorist fighters
returning to the EU from Syria. One issue is that the TFTP has not
been effective in gathering intelligence in Europe as the Single
European Payments Area (SEPA) system was not included in the TFTP
(which is still the case); as of February 2016, all EU member states
have to carry out credit transfers and direct debits in Euro through
SEPA transactions, even those that have not officially adopted the
Euro as a currency, while as of end October 2016, all non-EU SEPA
countries will have to comply – this includes four European Free
Trade Agreement (EFTA) member states – Iceland, Liechtenstein,
Norway and Switzerland – as well as minnows Monaco and San Marino.
“It
is estimated that only two percent of all SEPA data transactions goes
through SWIFT, as SEPA data goes through different channels,” said
Dr Mara Wesseling, a Research Associate at the Centre de Sociologie
des Organisations at Sciences-Po, Paris. She added that some EU
authorities wanted SEPA within the TFTP, but this was dismissed due
to data protection issues.
“With
the changing security situation in EU there is more appetite for SEPA
data and to make a similar programme to the TFTP. The mindset has
changed a lot. It’s not that data protection is not a priority in
general. It is rather that the rationales of ‘data protection by
keeping EU data on EU soil’ and ‘limiting the total amount of
data that is gathered and shared’ don’t seem to be top priorities
now compared to 2010 and 2013,” she explained.
The
EU had earlier insisted on keeping data within the EU to abide by
data protection laws. Changing that within the TFTP would have
required renegotiating the treaty. The current thinking is to not
have a standalone TFTS but to complement the existing TFTP treaty,
which would increase the amount of data provided even if that means
more people are subjected to surveillance as a result.
“Originally
when the TFTS was brought up it was
looked at as an alternative to the TFTP but is now viewed as
complementary in particular covering the gap created by the arrival
of SEPA. Members states seem happier with that,” said Keatinge.
According
to a EU Commission note, the EU TFTS will be “complementary to the
current EU-US TFTP Agreement,” and is “to be completed by the end
of 2016”. Analysts, however, expect it will take much longer to
implement, also hinging on the implementation of the Fourth EU ML/TF
Directive.(4)
“TFTS
was only a matter of time, and with the terrorist events in Europe
this has pushed the political will along,” said Frasher. “We need
to have better European and TransAtlantic coordination, as there is a
massive gap there due to SEPA data not being included. They are now
trying to figure out how to make it happen, which involves many
countries, law enforcement, and the privacy aspects as any system
must conform to EU technology and privacy regulations.”
But
while the focus is on a complementary system, other alternatives are
being considered to better connect data within institutions, both
public and private, in the EU.
“There
is an idea to upgrade the competencies of financial intelligence
units (FIUs). Another is a central register to make visible all the
different bank accounts one person holds to make it easier to link
data to each other, and visualize networks. It is still not sure a
TFTS should be created,” said Wesseling.
Such
an alternative system would require greater public-private sector
cooperation – between intelligence agencies, regulators and
financial institutions – to provide better data on terrorist
financing and financial crime. This is being spearheaded to a degree
by the Fourth EU ML/TF Directive (MLD4), which includes data
protection measures.
Regardless
of what system the EU opts for, Britain will have to implement the
TFTS or its equivalent, and then renegotiate its position towards the
TFTP following the Brexit vote, assuming the TFTS is set up before
the UK exits the EU. “It is presumed the UK will continue with the
programme, but formally there would need to be a new treaty, to have
a US-UK TFTP,” said Wesseling.
Britain
would also have to ensure a continuing working relationship with
Europol. “One risk the UK faces when it’s outside the EU is that
as the EU tries to make cross-border information sharing easier, the
UK may no longer be part of that loop, particularly if it does not
maintain equivalent status with the EU on data protection,” said
Keatinge.
Notes
-
An EU Terrorist Finance Tracking System, Mara Wesseling, RUSI Centre for Financial Crime and Security Studies - https://rusi.org/publication/occasional-papers/eu-terrorist-finance-tracking-system
-
https://www.swiftinstitute.org/wp-content/uploads/2016/07/SIWP-2014-008-Conflicts_US_EU_AML_CTF_FINAL-1.pdf
-
The EU Commission was slated to provide an update on the TFTS in December 2016.