The frequency of financial crime and the diversity of attack techniques are increasing, forcing enterprises into difficult investment decisions to contain risks and comply with regulations. Traditional fraud systems don’t have the data to identify new fraud trends, nor the quick reaction time needed to detect and mitigate sophisticated omnichannel fraud.
Last year a major fraud attack occurred involving US$1 billion SWIFT messages from Bangladesh's account at the Federal Reserve Bank of New York to many other account across the globe, resulting in an US$81 million loss. Though this scheme involved only a few banks, all banks that use SWIFT were scrambling to understand if an attack could happen to them too. It demonstrates the technical sophistication and business acumen of financial criminals.
Financial institutions have teams to manage financial crimes, which include reporting suspicious money laundering activities, managing fraud losses, and preventing and stopping cyberattacks. The tools and technology supporting these functions are just as diverse and disparate as the reporting structures are for managing financial crimes. Criminals exploit this organisational fragmentation of security teams to commit a variety of frauds and other financial crimes.
Data strategy is the missing component
As a security and risk management leader focused on financial crimes, you must close the data silos in your overall financial crime management program to minimise your vulnerability. Often a financial crime strategy and roadmap are made in coordination with other line of business strategies; however, a commonly missing component is the enterprise data strategy.
Data is central to the success of the enterprise. A data strategy that involves a broader group of stakeholders will allow anti-money laundering, fraud and cyber risks to be seen holistically rather than in isolation. This will help strengthen the overall business intent to ensure that customers are receiving products and services at exceptional levels and have trust and confidence that their accounts and information are secure.
Often point solutions are implemented for several different financial crime uses. Some banks can have more than 30 different systems, which means that you could have a large expanse of applications, processes and risks to manage, which are all dependent on data being delivered accurately and timely.
What’s the best way to manage all these applications and the data that is crucial for these applications to perform well? Also, how can you avoid siloing these systems? The answer is not to buy a single easy product, as one doesn’t exist, but rather to build a data integration process with strong governance.
The first step is to build a data management process that can be supported by the enterprise through collaboration. Next, practice good data hygiene. Finally, implement new technologies, such as virtualised data models, to break down silos and promote collaboration from insights made from data analysis.
Spend extra time on data requirements to be successful
Implementing a financial crime solution that performs exceptionally with high end-user satisfaction requires that you understand the business process. Integrating fraud controls starts with knowing the business process and mapping the data consumed and created to determine the optimal timing to input it into the solution.
When the data is captured at the right time with controls for its accuracy, the results of the financial crime solution — in terms of false positives and detection rates — will be acceptable.
If you build out data-related artefacts and spend time getting all the appropriate subject matter experts required to understand data, this will help the business be proactive in preparing for regulatory reviews.
It’s important to spend time on data requirements, going beyond identifying what and how the application should ingest data-wise, so that the technology being implemented or supported maintains its output relative to the expectations of the business.
Share data issues across enterprise teams
As data requirements are being gathered and artefacts created, engaging the chief data officer (CDO) early makes the process faster and easier. It will also bring long-term benefits of performance stability, lower cost centre spend and quick resolution of data issues.
Surprisingly, security and financial crime systems ingest much more data than they create. Account, customer, transaction and channel data are consumed but not created by these systems, and are shared assets for the enterprise. Having a data steward who is responsible for this data and that represents financial crimes in the enterprise's data governance council is best practice.
The ability to quickly take action on data findings and share ideas throughout the enterprise is a hallmark of an innovative enterprise.
About the author
Danny Luong is a research director at Gartner, focused on financial crimes risk management. His area of expertise includes payment fraud, fraud analytics, customer authentication, new customer on-boarding and cross-channel/product transaction monitoring for retail, commercial banks and other financial services enterprises. Danny will speak about financial crimes at the Gartner Security & Risk Management Summit in Sydney, 21-22 August 2017.