Banks have a wealth of information
Publication date 08-03-2022, 9:44
Gitty Kanters, FIOD Eindhoven
Recently the Fiscal Intelligence and Investigation Service (Fiscale Inlichtingen- en Opsporingsdienst or FIOD) conducted a criminal investigation further to the ING Bank having reported an incident to the Police. This report proved to be the beginning of finding a goldmine of information. The result was that seven suspects were arrested who presumably formed part of a criminal organization involved in substantial fraud as well as the use of many ‘money mules’ who were being used to launder the money obtained.
This article aims to once more inform the banks of the interest in their role of detecting financial crime. In addition, we wish that investigating officers or financial investigating officers draw on the use of technical/identifying data which are available to banks and which proved to be of crucial importance in the investigation concerned.
What was it that made ING’s information so valuable to the FIOD investigation?
The reason for ING reporting the incident was a detection signal from an account which had conspicuous transactions (read: a-typical transactions for the account holder, i.e., a substantial credit from abroad followed by an immediate withdrawal in cash). Subsequently, ING conducted investigations into the various devices that had been logged in on the personal MijnING account (electronic banking) of the account holder concerned (ING assigns a uniqueDeviceID to devices logging in. They subsequently provided an overview of the DeviceID’s that had logged into the accounts of several accountholders. It showed the same conduct in relation to conspicuous transactions as was shown in the accounts of other accountholders. This information was clearly set out in the report of the incident. In addition, it contained the information that was known as to which DeviceTag (the name a user can give to a device) belonged to a DeviceID. This information proved of prime importance when it came to identifying the first suspect. At a later point, a cookie was found on the telephone of this suspect showing a DeviceID which was used for several accountholders referred to in the report of the incident. The report of the incident and the appendices also contained the IP addresses associated with the login dates on the various MijnING accounts. These IP addresses could be linked to residential addresses after which they were compared to IP addresses which the suspects used at other moments in time. The report also contained camera images of the cash withdrawals as secured by the bank and these were added to the report of the incident. During the course of the investigations, it was possible to recognize the suspects, not being account holders.
In summary, it shows that in respect of this specific investigation, the bank included very valuable information in its report of the incident. The ‘preparatory activities’ by the bank proved of crucial importance to tracking down the presumably criminal organization. The accounts used by the purported criminal organization were presumably accounts from ‘money mules’. Equally, these ‘money mules’ themselves, by making their accounts available have possibly committed a criminal offence. The file of the criminal case is currently at the Public Prosecutor’s Service.
It is not known when the case comes to court.
 As an investigating officer, consider what information can be of additional value to the investigation. In addition to the proportionality test and the subsidiarity test carried out by the Public Prosecutor, such considerations prevent banks from getting too much unnecessary work.