Introducing OASIS STIX-FCI: The Open Standard to Combat Financial Crime

We’re proud to announce an exciting new initiative: the OASIS Financial Crime Intelligence Extension for STIX (OASIS STIX-FCI). This project aims to create the world’s first open standard for exchanging financial crime intelligence—covering everything from money laundering and fraud to corruption.

This isn’t just a technical proposal; it’s a call to action for a more collaborative, data-driven approach to tackling some of the most pressing global financial challenges. While STIX is an established standard for cyber security threat intelligence, we are now extending its powerful, machine-readable framework to the financial sector.

The Problem We’re Solving

Today, the fight against financial crime is fragmented. Financial institutions, regulators, and law enforcement agencies often operate with different data models, making it difficult to share intelligence securely and at scale. This lack of a common language creates significant obstacles to:

• Timely investigations: Critical intelligence is often buried in unstructured reports or incompatible systems.
• Proactive defence: Without a standardised way to share threat patterns, organisations struggle to anticipate emerging criminal typologies.
• Cross-border collaboration: Jurisdictional differences in data formats can slow down international cooperation.

This is where OASIS STIX-FCI comes in. It provides the structured, interoperable foundation needed to overcome these barriers and strengthen our collective defence against financial crime.

Key Data Covered by STIX-FCI

STIX-FCI builds on the existing STIX foundation to enable the secure, structured, and interoperable sharing of:

• AML (Anti-Money Laundering) Attributes: Detailed data on suspicious transactions, risk assessments, and unusual activity reports.
• KYC (Know Your Customer) and KYB (Know Your Business) Intelligence: With a focus on detecting suspicious inconsistencies or risk factors in customer and business profiles and uncovering the Ultimate Beneficial Owner (UBO).
• Corruption and Fraud-Related Indicators: Specific intelligence on bribery schemes, fraudulent activities, and other deceptive practices.
• Entity and Relationship Data: Structured definitions for customer and beneficial ownership data, business entity structures, Politically Exposed Person (PEP) status, and sanctions list matches.

By standardising these objects, we can move from simple information-sharing to true intelligence exchange, enabling faster analysis and more accurate identification of anomalies.

Driven by a Core Mission

Our work on STIX-FCI is primarily driven by our experience in Third-Party Risk Management (TPRM) services. In TPRM, assessing the integrity, ownership, and potential risks of partners, suppliers, and intermediaries is a core requirement. By integrating structured financial crime intelligence into TPRM processes, organisations can proactively detect corruption risks, fraudulent practices, and money laundering activities in their supply chains and wider business networks.

This initiative is a powerful tool for promoting integrity and transparency in both public and private sectors, aligning with global anti-corruption goals.

A Call for Collaboration

An open standard is only as good as the community that builds and uses it. Your expertise, resources, and network could play a pivotal role in shaping the attributes, governance, and adoption of STIX-FCI. We welcome your input on:

• Essential corruption-related attributes for inclusion.
• Best practices for ensuring openness, trust, and accessibility.
• Joint efforts to promote adoption among governments, financial institutions, and relevant networks of stakeholders.

We would be pleased to arrange a discussion, share technical drafts, and explore how your organisation could participate in the review or pilot implementation phases.

Thank you for your time, and we look forward to the possibility of working together to advance global standards in the fight against financial crime.

Supporting Documentation

To provide further insight into this initiative, we have included the following documents for your review:

• OASIS STIX Financial Crime Intelligence Extension —This presentation introduces STIX-FCI, as a global standard, outlining the problem, our solution, its benefits, and how you can get involved.
• Financial Crime Research: Threat Profiling of Fraud, Corruption, and Money Laundering—A research brief mapping criminal typologies and risk patterns relevant to financial crime investigations.
• STIX-AML Extension Proposal: Structured Intelligence for Financial Compliance—Technical proposal detailing the object model, attributes, and interoperability approach for extending STIX to cover AML/KYC/KYB intelligence.