The Intersection between AML and OSINT – A Potential Path

Something that has been of interest to me lately is the art and science of anti money laundering (AML).  I came to this interest sort of by default.  I’m in a three way fork in my career that points either towards security management, cyber security/infosec, or investigations/compliance.  The security management field requires more travel than I’m comfortable with, is really competitive, and has relatively few job openings in North America.  Cyber Security/Infosec presents too many barriers to entry for my skill set and have proven to be the equivalent of watching paint dry on the wall for me, despite multiple attempts and methods of learning it.  The final destination leads me down the compliance/financial route which is something I’ve been exploring over the last few months.  There is a fourth route, which is deeper into the intelligence field, but that will suck me into the gravitational pull of Washington and I don’t want to end up in it’s orbit.  I’d like to put my OSINT skill set to work in the AML/Fraud industry eventually, so I figured I’d get started learning a bit of the terminology. So the following is sort of the path I’ve discovered from corporate security with a military background to AML/BSA/Fraud etc. and how the intersection between OSINT and that industry is found.

The Path

So the foundation for AML is a combination of auditing, investigations, and law, in a nutshell.  These aren’t necessarily the characteristics of the field, which I cannot attest to due to my lack of experience in it, but they are a noticeable set of skills required for the craft.  I’m going to break each one of them down in a way that I understand it best.  The first, auditing, is sort of a combination of basic accounting and finance combined with investigations skills.  But the examination/investigation skills are often internal with external aid.  With investigations, in the classic sense of the term (think PI and background checks), the information is flowing from external sources into an analyst’s eyes.  This is where the OSINT skill set is valuable. The final characteristic, once again–the way I see it, is law which contains the Bank Secrecy Act (BSA), Know Your Customer (KYC), US Patriot Act (USA), and various other regulatory references.  Those are the 3 areas I’m going to focus on and what I’ll be spending the better part of a year developing.  So how do I plan to do it?

Certified Fraud Examiner (CFE)

This is a certification I’m striving to obtain by this fall, the latest.  The only thing holding me back is the required 2 years of ‘fraud related’ work of which I only have about a year and a half considering my previous background is very much global, strategic intelligence.  This certification will prove competency in the first area I mentioned, accounting, finance, and internal investigations.  Getting a grasp on this content will set me up for the next certification that I think will be the lynchpin in this operation.

Certified Anti Money Laundering Specialist (CAMS)

This certification is the gold standard for AML ops.  The curriculum covered for this cert reinforces the information learned in the CFE and applies it directly to the area I’m interested in.  It also covers the knowledge required to understand the rulebook, or the laws that govern this type of work like BSA, KYC, and Patriot Act, among others.  I should have this one completed by next year sometime.

*The combination of CFE, CAMS, an undergrad degree, and a little bit of related experience should get you past the gatekeepers, but I usually go over the top.  Let’s keep going.

Bonus Round

OSINT-related Certification

This is a tricky area of discussion because there aren’t any “gold standards” in this field, in my opinion.  You have options like SANS if you have a boulder of gold you can chip away at to attend courses.  You have options like the McAfee Institute which still kinda gives me the creeps.  Then you have other off-brands that emerge as the “selling information that’s available online for free but I gathered it for you” economy emerges in the OSINT community.  You can choose to grab one of these if you don’t have any provable “OSINT related” experience on your resume.  Not an issue for me.

Cryptocurrency Investigator

A lot of illicit finance is happening through cryptocurrency.  Whether it’s Bitcoin or Monero (the smart ones), more and more transactions are happening this way every day and it’s important to understand how this technology works, how bad actors are using it, and investigative techniques to analyze the information provided by the blockchain.  A couple companies offer certifications into cryptocurrencies.  The shady Mcafee Institute provides one at a bloated price of near $3000.  Tomoko Discovery is another that provides the course.  If this is something you have the coin to obtain, it may be useful not only from an AML perspective, but an OSINT perspective as well.  Many open source investigators out there are looking into the blockchain and the wealth of information it provides.

Masters of Business Administration

As a disclaimer, this is a personal goal of mine.  My undergraduate studies were in international relations.  I learned about international policy, economics, conflict, migration, etc. but I never really dug into international business aside from the economic perspective and I definitely didn’t get into finance, minus one course about China.  Furthermore, my exposure to accounting, auditing, business law, etc. is fairly limited.  If I can combine my work experience, the above certifications, and this credential, I’d say it’s possible to be a golden goose of sorts.  Time will tell I suppose.

The Connection

Now that I’ve outlined the path I’d take, and most likely will take, to make a bridge between OSINT and AML, let’s talk about where this intersection actually lives and what tools you can use as an OSINT investigator to contribute to the AML community.

OSINT investigators collect large swathes of data related to social media, email addresses, IP addresses, physical addresses, and more.  They are able to analyze that information to find people’s real identities, places of work, close associations, and more.  When applying this skillset to the goals of a financial institution, you can easily see where this information may become valuable.  Specifically with AML, finding external information about accounts linked to suspicious activity may be a valuable addition to an internal investigation.  Conducting link analysis on the IP addresses of flagged transactions may also reveal troves of data.  Collecting, analyzing, and exploiting social media networks of alleged terrorists may also be beneficial to counter terrorism financing (CTF).  Let’s break this down in a way that’s easy to understand.

OSINT Collection – Tools


You can use Spiderfoot to take one piece of data, such as an IP address, and find information that’s associated with it online.  You can then export and plot that data using a visualization tool like…


Using the community edition of Maltego, or the commercial edition if you have the scratch, plus a handful of transforms can allow you to visually see connections between data points, but also communicate that information in a way a non-technical user will understand.


Because the chain of custody is important and fragile in large cases of anti money laundering, counter terrorism financing, or any crime that may be taken to court, having a solid, recorded, trail of breadcrumbs is important.  You can use Hunchly to log all the OSINT you’ve collected towards your AML/CTF case.


If your initial OSINT query using a tool like Spiderfoot has led you to a social media account or network of accounts on a platform like Twitter, you can use Twint to extract all Twitter-related information, export it, and visualize accordingly.  You can analyze that information to see if you can draw even further connections or conclusions.

These are just a few examples, but this list could literally go on forever.  The point is, knowledge is power in any investigation.  The more information you have, useful or not, the better off you are drawing a desired conclusion.

I don’t claim to be an expert at AML/CTF investigations, nor to I claim to be an OSINT expert.  This outline I’ve presented is simply a culmination of the research I’ve done over the last month or so and I’ve finally gotten to the point where I’ve laid out a pathway, drawn some connections from a field I am familiar with, and have set some goals. I hope this was helpful and any feedback you may have or suggestions are openly welcome.  I will be adding an interview with Andrew Rudd, an AML expert, later on this week to compliment this discussion.  I will also be doing a podcast on an article Rudd has written for ACAMS further discussing the connection between OSINT and AML.  Make sure to subscribe for future updates as we explore this topic further.


2 thoughts on “The Intersection between AML and OSINT – A Potential Path

  1. I have been working the AML industry as an investigator going on 10 years now. I think you are on the right track looking at getting your CAMS certification. But I really wouldn’t waste your time with CFE certification. Its good to have but very few banks and financial companies care about it any more. They are all looking for people with CAMS, CFCS (Certified Financial Crime Specialist), and CFA (Chartered Financial Analyst). If you would like any other info or tips, please let me know.


    1. Thanks for the feedback. I primarily want to get the CFE for personal reasons and to aid in my current work while exploring AML as an alternative. I’ll look into the other certifications you’ve mentioned as well though.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s