By Gareth Evans, Senior Fraud Prevention Consultant, BAE Systems
Criminals love silos, and the financial sector, currently weathering generational change, has more than a few. By their very nature, well-run banks and other financial institutions have enclaves and internal borders that ensure checks and balances, help enforce compliance and prevent fraudulent misbehaviour or mishaps. The inherently confidential nature of banking as well as the fact that banks compete commercially make it hard to share knowledge and data—both internally and externally—on fraud, attacks or compromises. Attackers can exploit this. They capitalise on divisions and borders within banks—and the wider financial sector—and turn an institution’s defences upon itself.
The good news
There are plenty of reasons for optimism. It just requires us to think differently and adopt a new approach to breaking down silos. A more collaborative mindset within a financial institution can reap huge rewards for a relatively minor cost. Industry or sector-wide initiatives promise even greater benefits. To address the silo problem, banks should look to these types of common operating models, as well as open data-sharing (internally and externally) and industry-wide collaboration.
More for less
This approach seeks to fight financial crime without a huge outlay, or a glacial roll-out spread over many years. It’s worth noting that this approach is not about collapsing hierarchies or structures within a bank. We’re recommending connecting different nodes, not destroying them. Individual silos can be a positive force, often nurturing and developing specialist knowledge. Experience and workflows would be effectively wiped out by removing internal borders altogether.
The intelligence-led approach, involving closer collaboration and communication, can foster a pragmatic, insight-led and strategic approach to tackling financial crime. We’ve broken down the approach into five steps.
#1 Start with the data
Data is both a huge opportunity and a huge headache. The trouble is, the vast and varying data held by financial institutions is rarely ever uniform. The fields, thresholds and structures for which one business unit looks are often not the same as others. Combine this with multiple platforms and stores of diverse vintages, and simply managing the variety, volume and velocity of the data your organisation processes is a significant task. Then there are other more human considerations, such as the cultural, legal and organisational issues around managing, accessing, modifying, storing and using data. All of a sudden, finding a rigorous approach to data management and adopting a strong governance framework becomes extremely difficult.
Searching for answers
One seemingly obvious option might be to create a big-data lake. The catch here is that it’s neither practical nor desirable to immediately build some sort of “brave new big data world”. With wildly different qualities, multiple datasets will quickly turn a new data lake into a data swamp. A more sophisticated and structured approach is needed. Then there are single-detection engines and real-time analytics platforms. There’s no doubt that they’re the future, but to properly harness their potential, data needs to be in the right place. Not always easy, especially if an organisation has been through mergers and acquisitions. Then there’s the cost to consider. Existing data warehouses might appear to be an easy answer from a non-technical manager’s perspective. Yet, they’re built for batch processes, and there’s no room for real-time analysis.
Solving data-silo dilemmas
Thankfully, there are short-term, and reassuringly practical, options. The key first step is getting agreement between the compliance, fraud and cyber teams that a data problem exists and that data held in other silos can provide performance or efficiency improvements. The next phase is to then hone in on the data itself. Specifically, that means taking the time to understand the lineage of each piece of data and subsequently adopting a robust approach to data management—complemented by a sufficiently stable governance framework.
This dedication to understand the data is a crucial part of the equation—allowing an organisation to rationalise and maximise the value of the data it holds. It goes almost without saying that an investment in capabilities to help exploit that data, and experiments to find hidden patterns of use and behaviour, is a must. Business-intelligence (BI) tools can be added into the mix, helping to simplify the reporting landscape and alleviate some of the burden information-technology (IT) staff will bear.
#2 Tackle specific use cases
It’s worth looking for small, measurable wins. Starting with the basics to prove the theory works can demonstrate the value while also allowing you to fine-tune approaches and build alliances, too. Here’s one short-term scenario: mule accounts. Compliance departments are often the first to spot these, but they are also highly relevant to other business units. Sharing intelligence, information and data with the fraud-strategy team allows the account to be blacklisted or hot-listed. Then the cybersecurity team needs to be made aware; mule accounts are often the result of hacked or otherwise compromised accounts. Other areas, such as payment fraud, may not call for an integrated approach in the short-term. But while a bank’s immediate focus is on aggregate transactions, for the longer term, there will still be a need for real-time fraud detection.
The value of staying specific
By focusing on explicit issues, challenges or instances in which silos pervade, you’ll prove value, build momentum and encourage buy-in. In the case of our example above, improving the flow of intelligence and information between internal departments when tackling mule accounts brings a number of benefits that will attract business-wide support.
The first and most obvious is that once a compromised or fraudulent account is identified, it can be closed down; but this can also lead to the identification of other suspect accounts, transactions and entities. Secondly, it empowers individual teams with the tools and knowhow to begin investigating the fringes of a suspicious, potentially fraudulent event.
#3 Involve compliance, fraud and cyber teams in new channel designs
The fast-paced nature of modern banking sees a continuous stream of new channels and services entering the market. That’s why it’s critical that security, fraud protection and compliance are built in at the beginning, not brought in at the end of a new product or channel’s development.
With more and more customers moving from in-branch interactions to phone, online and device-based app channels, the opportunities for criminals are flourishing. By ensuring fraud, compliance and cyber teams are involved from the inception of a channel, the internal teams setting up these new channels can help to identify possible risks and avenues of compromise early on.
Behavioural insights to dissuade potential wrongdoing can be powerful—and can prevent criminality before it begins, not after it has wreaked havoc. For example, KYC (know-your-customer) procedures built into new channels can collect invaluable information, especially in P2P (peer-to-peer) channels.
Old and new
Many banking IT systems are often agglomerations, the result of M&A (merger and acquisition) activity; they are typically big and cumbersome. Banks must, therefore, augment the information collected and employed by these old core systems with fresh data and systems. The silver lining to this cloud, however, is greater insight into customer behaviour. Meanwhile, challenger banks and smaller Tier 2 operations do not necessarily have a competitive advantage resulting from a lack of legacy systems or their eager adoption of new channels. Challenger banks often have fewer resources and people devoted to fraud, if not cybersecurity and compliance.
#4 Adopt an entity-centric approach
Rather than looking at individual episodes of compromise, fraud and money laundering, there should be an effort to combine the insights, intelligence and data of all three teams to view patterns at the level of individual entities and groups of entities. Building this entity-centric approach gives financial institutions a better understanding of customer behaviour and a better understanding of risk. Some organisations will task their staff with investigating suspicious transactions. Others take an entity-centric view of alerts and a network view of the problem. By adopting the latter approach and plugging alerts into an entity’s profile, banks can improve their understanding around the impact that a certain activity may have and the risks that it presents.
#5 Risk score across lines of business
Similarly, another set of silos to break down are those between lines of business. A customer or entity may make large savings deposits but also have a “lively” current account set up and a suspicious range of loans and mortgages. Building an encompassing risk score for an entity is a powerful business tool, but also means that high-credit-risk customers can be monitored more closely by fraud and compliance teams. It also boosts visibility.
Removing silos allows for the swifter and simpler exiting of risky customers across all lines of an institution’s business, as well as highlighting others that show subtle signs for concern. For example, as a fraud team exits a customer from one line of business, they may realise that same person is a director of an organisation that’s a customer of another line of business, such as insurance or wealth management. By adopting this entity-centric, risk-scoring mantra, they benefit from greater visibility and a more comprehensive, intelligent fraud-detection approach.
In conclusion
In recent years, financial institutions have thrown massive resources towards ensuring compliance and managing fraud risk. Despite this, they’ve still struggled to keep pace with the rapidly evolving financial-crime and fraud landscapes and to respond to the growing impacts of related cybercrime. The next stage in the evolution of financial-crime fighting is about increasing efficiency and getting better results with the resources available. Many banks aspire to a single operating model with data fusion, enabled by machine learning, artificial intelligence and any other hyped technologies in the long-term. But, as we’ve discussed, there are steps that can be taken here and now to break down silos without creating chaos in the process.
Focus on building the right culture
The most successful financial-crime teams are focused primarily on the positive impacts for customers and wider society. In other words, first and foremost they want to do the right thing by driving criminals out of the bank. Compliance is often a secondary outcome. And a culture of collaboration is vital. By far the most effective means of fighting financial crime is improving internal lines of communication and cooperation. Even seemingly small steps can generate noticeable improvements and help to establish the human relationships that make a united defence possible.