Financial Crime: The Sum of the Parts is Greater Than the Whole: A NICE Actimize Whitepaper. Copyright 2016 NICE Actimize. All rights reserved.

Transcription

1 Financial Crime: The Sum of the Parts is Greater Than the Whole: A NICE Actimize Whitepaper

2 TABLE OF CONTENTS What is Financial Crime?... 3 Five Common Pitfalls of Financial Crime Prevention... 4 It s Time to Think Differently... 6 A Strategic Approach to Financial Crime Prevention: How to Do It Right... 7 The Benefits of a Strategic Approach to Financial Crime Prevention Conclusion ABOUT NICE ACTIMIZE... 12

3 What is Financial Crime? The odds are that whether you are part of a financial services organization or simply an average consumer, you have learned more about financial crime over the last few years than you ever cared to know. A seemingly never-ending stream of announcements about corporate data breaches, regulatory failings, and ethical missteps have made financial crime a mainstream issue for both the financial sector and the general public. The subject may be in constant discussion, but the term financial crime itself triggers vastly different images and examples depending on one s familiarity, professional role, and personal experience. For a truly complete understanding of the issue of financial crime, a specific, yet flexible definition can focus the discussion on today s potential threats while simultaneously remaining adaptive to new and emerging risks. A financial crime is a regulatory, reputational, or monetary act or attempt against financial services institutions, corporations, governments, or individuals by internal or external agents to steal, defraud, manipulate, or circumvent established rules. The above definition covers a wide array of activities, but also encompasses the broad and attractive targets provided by the financial services industry, including banking, trading, insurance, and capital markets. This definition includes acts focused on explicit monetary transactions, as well as issues of data, privacy, and conflicts of interest. Recent examples of financial crimes include: A criminal using sophisticated technology to hijack the online banking session of an unsuspecting customer to create a payment to the criminal s account without the customer s knowledge. A financial institution employee removing message details in a wire transaction, thereby concealing the origin of payments from a black-listed country so as to appease, and profit from, a large client. Advising a spouse to buy a significant position in a particular security with the knowledge that a client will be entering a large buy order in the same security. A branch employee using his position to access customer data (e.g. credit card numbers, social security numbers, or account numbers) to sell that data to a criminal network. The motivation for many financial crimes is easily understood, direct or indirect monetary gain, executed by manipulating a large, complex, and opaque system. However, financial institutions must focus on how these crimes are perpetrated as they look to detect crimes as they happen as well as deter future threats.

4 Five Common Pitfalls of Financial Crime Prevention Financial institutions can, and do, prevent many criminal acts through adequate controls, proper supervisory procedures, and sophisticated detection and incident management technology. However, there are a handful of shortcomings that derail the best preventive measures and result in negative headlines and regulatory scrutiny for individual employees and entire institutions alike. Financial institutions benefit from an introspective look at their current process to ensure that they are not falling prey to any of these common pitfalls. 1. A Piecemeal Approach to Financial Crime Many financial services organizations have obtained and implemented an appropriate tool for a given task or coverage area, but then have simply used such systems in isolation. Whether due to organizational siloes, the lack of a long-term channel strategy, or a rush to protect the institution against emerging threats, different solutions are cobbled together that offer a superficial yet functionally inadequate layer of protection against financial crime. Sophisticated criminals exploit the gaps between these independently operated systems, often leveraging weakness in one channel to gain access to another. As a result of this situation, financial institutions are increasingly moving towards a more consolidated approach to financial crime prevention and should match their strategy to their buying decisions. 2. Failure to Connect the Dots Across Systems By neglecting to view information across their myriad systems, many financial institutions fail to identify financial crimes as they are in progress or even after they have occurred. Especially in sectors and channels where there are no comprehensive solutions providing complete coverage, this lack of information connectivity prevents organizations from understanding the big picture of financial crime at their institution. Achieving this holistic view amongst disparate systems and data sources create a more robust financial crime prevention program and allows the institution to incorporate new technologies without increasing risk. 3. Cost Driven to the Detriment of Prevention Viewed primarily as cost centers, compliance groups, fraud detection groups, and Financial Investigation Units (FIUs) have seen budget cuts and staffing reductions following the 2008 economic downturn. Yet as regulators have increased scrutiny on the financial industry, the number and amount of fines have grown precipitously, and financial institutions must rethink the value of adequate protection and the true cost of financial crime prevention programs. No longer satisfied with merely checking the box, regulators are looking to financial institutions to do what is necessary rather than what has been deemed acceptable in the past.

5 4. Doing Too Little Too Late A regulator at the doorstep with a Cease and Desist Letter or an embarrassing frontpage news article should not be the driver to identify gaps in a financial crime prevention program. By the time such a situation has occurred, the damage is most likely done, ruining reputations and more. Being reactive and flexible to on-going threats is important, but putting safeguards in place and making the necessary investments before issues occur will save significant time and cost and enable firms to make investments that are part of a larger strategy, rather than a series of quick fixes. 5. Neglecting Organizational Behavior Changes State-of-the-art detection systems, updated processes, and well-meaning executive mandates are a positive start, but if an institution s culture does not incorporate or reflect these ideals, no technology or mission statement no matter how well implemented or planned will prevent financial crime. Prevention must be an imperative not only from the top down, but also from the bottom up to ensure protection of an institution, its customers, and assets. Technology, policy, and process should support the right actions and enable staff to take the steps needed to comply with organizational policies and prevent risk from criminal actions, conflicts, or various forms of fraud however, these elements cannot be expected to make up for failings in corporate attitudes.

6 It s Time to Think Differently Adequate and good enough were once acceptable as financial crime prevention benchmarks, but today, regulators, boards of directors, shareholders, and consumers are holding financial services organizations and their management teams to a higher standard. More is expected of financial institutions despite the obvious challenges of cost, technology, and an ever-changing threat landscape. As fines have proliferated and increased, the calculus of upfront investment versus the expense of regulatory fines, reputational damage, and loss of equity has changed, and financial institutions are rethinking how they address financial crime and the true value of their strategies as well as deficiencies. Investing in financial crime prevention strategies and tools not only increases the effectiveness of such programs, but also provides significant cost savings and increased employee efficiency. This paradox of gaining more from expenditure requires a change in the perception that financial crime prevention can only be a cost center. Viewing financial crime prevention as an investment in mitigating negative consequences, such as customer disruption, government indictments, and lost employee productivity, means such programs are more likely to thrive in the long run.

7 A Strategic Approach to Financial Crime Prevention: How to Do It Right Making the decision to transform existing distributed, siloed approaches into an integrated, holistic financial crime prevention strategy is the easy part. Bringing together information from incompatible technologies, in various formats, can pose a significant technical challenge and, if not executed correctly, can potentially derail the effort. Much as there are a handful of common pitfalls that can lead to failure or inefficiency in an institution s financial crime prevention program, there are also a number of essential components that promote their success. These basic requirements are not strictly technological or process-oriented, but a blend of tools, tactics, and attitudes that create the ideal conditions for a program s success: A unique solution: The successful solution will differ for each institution, but the results should look the same, a comprehensive, user-driven solution that balances effectiveness with efficiency. Each organization has its own goals, priorities, and a myriad of systems and technologies, and the idea behind a holistic financial crime approach is to bring these valuable, but often hard-to-use or limiting systems into a consolidated solution. A comprehensive view of activity and improved usability with the ability to access multiple streams of information from a single interface should be the final goal. A variety of detection / analytical approaches: The fact that criminals exploit variances between differing operations and systems means that institutions need overlap between endpoint technologies and coverage areas, exposing potential threats by looking for them with multiple methods and for different identifiers of suspicious activity. One example of this blended approach is using an established ruleset to find known or easily distinguishable attacks and criminal schemes, paired with statistical or analytics-based detection models providing the flexibility to adapt to new, emerging forms of manipulation that are not well established or easy to identify. A common alert & case management platform: At one time, case management was a nice-to-have, plush feature that was either a rudimentary component built into a detection system or a blank-slate, open platform with the ability to build it to do anything, but at a steep price. Case management is now essential for a holistic, comprehensive program, beyond enabling holistic view within a single interface, case management provides the means to normalize the disparate data from across the institution and combine the outcomes and data feeds from these disconnected systems into a single result. It also makes the adjustment of various systems and parameters more user-friendly, eliminating the need to access multiple systems to adjust coverage or detection parameters.

8 Enterprise-grade analytic horsepower: An analytics engine that has the ability to grow with a financial institution is required in order to centralize internal and external structured and unstructured data. It must also have the flexibility to execute its own models and rules as well as leverage the institution s existing models. That flexibility is essential to getting up and running quickly, especially in cases in which the institution s existing models are effective, were built iteratively, and are specific to a particular financial sector or use case. Incorporating both existing and newer models enriches the available data and yields improved detection results without the need to rebuild the existing models in a new technology, thereby minimizing disruption during the implementation and tuning process. By laying the groundwork, building the infrastructure, and aligning expectations for a comprehensive financial crime prevention approach, financial services organizations improve the manner in which their financial crime prevention program is implemented as well as how it is received. Siloes and divisions are by no means easy obstacles to overcome, but the need to achieve an enterprise-wide view of external and internal risks requires drastic and often decisive action. Having put the necessary tools and processes in place, the transition may still not be perfect; however, it should be the results as opposed to the initial steps that determine the program s ultimate success. Layered rules, entity profiles, network linkages, and event analytics: The concept of layered defenses is something that is easily understood in financial services, and a model that has been gaining traction over the last decade. Expanding this concept across the institution, the benefit of creating a network of information and analytics that provides coverage against complex, multifaceted attacks is obvious, especially when supplemented by taking information from one area to adjust either results or detection logic in another. Again, institutions need to remove the artificial barrier between systems and departments and allow information to flow to areas where it is needed, albeit responsibly and securely.

9

10 The Benefits of a Strategic Approach to Financial Crime Prevention Improving the way financial crime prevention technology and processes are applied can have benefits beyond creating an effective program, as the success studies demonstrated, including: Easier compliance: Ever-changing regulations and multi-jurisdictional requirements can be difficult to balance, especially in large, multinational institutions. A single, comprehensive approach allows an institution to apply policies and procedures across the entire organization, thereby taking these requirements into consideration and designing workflows and controls to ensure rules are followed and incidents are reported correctly. Additionally, organizational culture must match policies and processes in order for a culture of compliance to truly implant itself in the behavior of employees. Providing employees with the right tools and technology can be an important first step in this cultural shift, guiding the right actions and deterring unethical behavior. Lower costs: One of the most compelling, and perhaps surprising, factors resulting from a holistic approach to financial crime is the notion that investment in this strategy actually save institutions money. When the savings from greater operational efficiency, fewer losses, and reduced risk of regulatory fines are tabulated, financial institutions typically expect to achieve the results regulators and customers expect while increasing the value of their investments. Better coverage with fewer gaps: The key to effectiveness in financial crime is minimizing the blind spots common to large, complex organizations. As the specific types of financial crime threats change, so do these vulnerabilities, requiring the institution to stay flexible and react quickly. By establishing a financial crime prevention program that is both flexible and resilient, institutions can keep improving their programs and minimizing the gaps that exist, thereby simultaneously reducing risk to the organization and its customers. Consistent processes: Performing the right action for a given use case with little variation is something that gets harder to accomplish as the complexity of the scenario increases. When an institution aggregates information from various systems and feeds into a single location, it can more easily apply consistent and uniform actions and allow staff to resolve incidents more accurately, more quickly, and with fewer resources. Beyond the operational aspect of providing users with all the information needed in a common system, the fact that the institution can easily demonstrate consistent and compliant processes to regulators with a single audit trail and consolidated reporting makes regulatory visits less burdensome and costly.

11 Conclusion For many financial services organizations, the idea of aspiring to build a single, enterprisewide financial crime program seems daunting, making them hesitate to take the initial steps to lay the groundwork for such an initiative. However, as financial crime threats evolve, financial services players must continue adapting and improving to keep pace with marketplace dynamics; they must do so by building a comprehensive set of technologies that have the flexibility to evolve. Financial institutions who fail to innovate may end up being a target or focus themselves, be it by regulators, consumers, hackers, corrupt employees, or fraudsters of various stripes. The key to avoiding that risk is to move toward where that target is headed and to recognize both the direct and indirect benefits that come with an improved financial crime prevention program. Greater consistency, enhanced compliance, improved cost-effectiveness, and better coverage are all results that financial services organizations are striving for, despite the fact that the link between these outcomes and an investment in financial crime prevention may not be initially clear. With a bit of foresight and a conscious effort towards innovation, financial services organizations are more likely to achieve these benefits and stay one-step ahead of today s threats. ABOUT NICE ACTIMIZE NICE Actimize is the largest and broadest provider of financial crime, risk and compliance solutions for regional and global financial institutions, as well as government regulators. Consistently ranked as number one in the space, NICE Actimize experts apply innovative technology to protect institutions and safeguard consumers and investors assets by identifying financial crime, preventing fraud and providing regulatory compliance. The company provides real-time, cross-channel fraud prevention, anti-money laundering detection, and trading surveillance solutions that address such concerns as payment fraud, cybercrime, sanctions monitoring, market abuse, customer due diligence and insider trading. Copyright 2016 Actimize Ltd. All rights reserved. No legal or accounting advice is provided hereunder and any discussion of regulatory compliance is purely illustrative. info@niceactimize.com linkedin.com/company/actimize 01DEC14 FINCRI WP SUM