The pendulum of public sentiment swinging from concern for data privacy to security suggests now may be opportune for Europe to embark on a Terrorist Finance Tracking System (TFTS), says Paul Cochrane, whether independent or additive to the US Terrorist Finance Tracking Programme (TFTP).
Concerns about the US-EU Terrorist Financing Tracking Programme (TFTP) have abated, notably regarding oversight and data-sharing issues. But the issue remains controversial, with a potential EU version of the system still being debated within the EU executive, the European Commission, whether to be standalone or complementary to the USA-promoted TFTP. Meanwhile, with Britain voting to leave the EU, renegotiations may have to take place whatever is decided by the remaining members of the EU.
The TFTP caused a lot of controversy when it was exposed by the media in 2006. The programme, secretly enacted post September 11 2001, provides data to the US through an agreement with the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT). In 2010, the European Union (EU) legitimised the agreement. It was slated for renegotiation in 2015, but the EU did not amend the treaty, meaning it has remained unchanged since 2010, prolonging the agreement for another year.
Analysts attribute the acceptance of the TFTP to the concerns of EU authorities mainly being addressed, with oversight of data and information transfers to US intelligence now handled by Europol, which had not been the case prior to 2010. The issue also dropped off the media radar, despite the ongoing surveillance and data privacy concerns raised by US whistleblower Edward Snowden.
“The rhetoric in the media, especially back at the time (in 2006 to 2010), was quite emotive, but a middle ground seems to have been reached and accepted,” said Tom Keatinge, Director of the Centre for Financial Crime and Security Studies at RUSI in London.
Europol, the EU’s enforcement agency, and the US have been more forthcoming in releasing information about intelligence leads stemming from the TFTP, claiming more than 22,000 leads have been provided since 2010, while 15,572 leads (out of the total) were from 2015 to April 2016. (1)
Further driving acceptance – and reducing the pressure to renegotiate the TFTP treaty - has been a renewed push to develop a European equivalent to the TFTP, the EU Terrorist Financing Tracking System (TFTS). The system was initially proposed in 2011, but was dismissed by the EU Commission, and again in 2013, as not being cost effective, with set-up costs for a hybrid-model EU-TFTP projected at €33 million to €47 million (US$36.9 million to US$52.6 million), and annual operating costs ranging from €7 million to €11 million (US$7.8 million to US$12.3 million). (2)
“In 2011, the conclusion was it was very expensive and not really needed, but five years down the road things have changed,” said Dr. Michelle Frasher, an independent research scholar who recently published a paper with the SWIFT Institute on Transatlantic AML/CTF and Data Privacy Law.(3)
The shift in mindset may be attributed to the recent terrorist attacks in France and Belgium and concerns about foreign terrorist fighters returning to the EU from Syria. One issue is that the TFTP has not been effective in gathering intelligence in Europe as the Single European Payments Area (SEPA) system was not included in the TFTP (which is still the case); as of February 2016, all EU member states have to carry out credit transfers and direct debits in Euro through SEPA transactions, even those that have not officially adopted the Euro as a currency, while as of end October 2016, all non-EU SEPA countries will have to comply – this includes four European Free Trade Agreement (EFTA) member states – Iceland, Liechtenstein, Norway and Switzerland – as well as minnows Monaco and San Marino.
“It is estimated that only two percent of all SEPA data transactions goes through SWIFT, as SEPA data goes through different channels,” said Dr Mara Wesseling, a Research Associate at the Centre de Sociologie des Organisations at Sciences-Po, Paris. She added that some EU authorities wanted SEPA within the TFTP, but this was dismissed due to data protection issues.
“With the changing security situation in EU there is more appetite for SEPA data and to make a similar programme to the TFTP. The mindset has changed a lot. It’s not that data protection is not a priority in general. It is rather that the rationales of ‘data protection by keeping EU data on EU soil’ and ‘limiting the total amount of data that is gathered and shared’ don’t seem to be top priorities now compared to 2010 and 2013,” she explained.
The EU had earlier insisted on keeping data within the EU to abide by data protection laws. Changing that within the TFTP would have required renegotiating the treaty. The current thinking is to not have a standalone TFTS but to complement the existing TFTP treaty, which would increase the amount of data provided even if that means more people are subjected to surveillance as a result.
“Originally when the TFTS was brought up it was looked at as an alternative to the TFTP but is now viewed as complementary in particular covering the gap created by the arrival of SEPA. Members states seem happier with that,” said Keatinge.
According to a EU Commission note, the EU TFTS will be “complementary to the current EU-US TFTP Agreement,” and is “to be completed by the end of 2016”. Analysts, however, expect it will take much longer to implement, also hinging on the implementation of the Fourth EU ML/TF Directive.(4)
“TFTS was only a matter of time, and with the terrorist events in Europe this has pushed the political will along,” said Frasher. “We need to have better European and TransAtlantic coordination, as there is a massive gap there due to SEPA data not being included. They are now trying to figure out how to make it happen, which involves many countries, law enforcement, and the privacy aspects as any system must conform to EU technology and privacy regulations.”
But while the focus is on a complementary system, other alternatives are being considered to better connect data within institutions, both public and private, in the EU.
“There is an idea to upgrade the competencies of financial intelligence units (FIUs). Another is a central register to make visible all the different bank accounts one person holds to make it easier to link data to each other, and visualize networks. It is still not sure a TFTS should be created,” said Wesseling.
Such an alternative system would require greater public-private sector cooperation – between intelligence agencies, regulators and financial institutions – to provide better data on terrorist financing and financial crime. This is being spearheaded to a degree by the Fourth EU ML/TF Directive (MLD4), which includes data protection measures.
Regardless of what system the EU opts for, Britain will have to implement the TFTS or its equivalent, and then renegotiate its position towards the TFTP following the Brexit vote, assuming the TFTS is set up before the UK exits the EU. “It is presumed the UK will continue with the programme, but formally there would need to be a new treaty, to have a US-UK TFTP,” said Wesseling.
Britain would also have to ensure a continuing working relationship with Europol. “One risk the UK faces when it’s outside the EU is that as the EU tries to make cross-border information sharing easier, the UK may no longer be part of that loop, particularly if it does not maintain equivalent status with the EU on data protection,” said Keatinge.
An EU Terrorist Finance Tracking System, Mara Wesseling, RUSI Centre for Financial Crime and Security Studies - https://rusi.org/publication/occasional-papers/eu-terrorist-finance-tracking-system
The EU Commission was slated to provide an update on the TFTS in December 2016.