These materials are 2015 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.

Transcription

1

2

3 FRAMLx Verafin Special Edition by Amanda Karttunen and Rae Lynn O Keefe

4 FRAMLx For Dummies, Verafin Special Edition Published by John Wiley & Sons, Inc. 111 River St. Hoboken, NJ Copyright 2015 by John Wiley & Sons, Inc., Hoboken, New Jersey No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) , fax (201) , or online at Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies. com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc., and/or its affiliates in the United States and other countries, and may not be used without written permission. Verafin, the Verafin logo, and FRAMLx are trademarks or registered trademarks of Verafin Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. For general information on our other products and services, or how to create a custom For Dummies book for your business or organization, please contact our Business Development Department in the U.S. at , contact info@dummies.biz, or visit For information about licensing the For Dummies brand for products or services, contact BrandedRights&Licenses@Wiley.com. ISBN (pbk); ISBN (ebk) Manufactured in the United States of America Publisher s Acknowledgments Some of the people who helped bring this book to market include the following: Development Editor: Jennifer Bingham Project Editor: Jennifer Bingham Editorial Manager: Rev Mengle Business Development Representative: Christiane Cormier

5 Contents at a Glance Introduction... 1 About This Book...1 Icons Used in This Book...2 Beyond the Book...2 Chapter 1: Introduction to FRAMLx... 3 Introducing FRAMLx...3 Suspicious Activity Detection Challenges...5 Chapter 2: Cross Institutional Analysis... 7 How Transactions Are Analyzed at Your FI...7 Why You Need Cross Institutional Analysis...8 Collective Data...9 Connecting the Dots...10 What Are Verafin s Advanced Analytics?...13 Behavior based analytics...14 Fuzzy logic...14 Recognizing patterns...16 FRAMLx: Analytics to Help You See More...16 Link analysis...16 Genetic algorithms...17 Chapter 3: FRAMLx: Powered by the Verafin Cloud Introducing the Verafin Cloud...19 Security...20

6 iv Privacy...22 Industry Best Practices and Regulations...22 FFIEC...23 SOC Advantages of the Verafin Cloud...24 Chapter 4: Information Sharing: 314(b) Safe Harbor Examining the USA PATRIOT Act and Section 314(b)...28 Participating in Information Sharing...29 Who Can Participate in Voluntary 314(b) Information Sharing?...30 What Are You Allowed to Share under Safe Harbor?...30 Chapter 5: FRAMLx Detection Examples Cash Deposits across Multiple Institutions...36 Common Wire Receiver...38 Presentation of the Same Check at Multiple Institutions...40 Shared Watch List...41 High Cash Turnover Spanning Multiple Institutions...43 Criminals Who Repeat Crimes at Different FIs...45 Common Point of Transactions (CPT)...46 Understanding Verafin Alerts...48 How FRAMLx Alerts Catch Cross Institutional Suspicious Activity...48

7 Chapter 6: Eight Benefits of FRAMLx FRAMLx Expands the Benefits of FRAML...51 The More Data You Have, the Better the Picture...52 FRAMLx Alerts...52 Collaborative Investigation Process...53 A Holistic View of Customers...53 Enhanced Reporting...54 Loss Prevention...55 Strengthened Monitoring, Investigation, and Reporting...55 v

8 vi

9 Introduction In today s evolving financial landscape, criminals are getting smarter. They take advantage of smaller and siloed community banks and credit unions to conceal their illegal activity. To get a better view of the customers inside their own walls, institutions have taken the beneficial first step of consolidating their fraud detection and anti money laundering efforts. However, criminals have moved to using multiple institutions to hide their suspicious activity. And the individual financial institutions (FIs) often have a limited view of customer activity outside of their own institutions, so insight into cross institutional activity is incredibly helpful. About This Book This book introduces you to Verafin s FRAMLx technology, which is a new way for smaller FIs to work together to detect criminal activity. FRAMLx strengthens your monitoring, investigations, and reporting. By providing alerts that can help start a conversation, FRAMLx facilitates a collaborative approach to your investigation process and enhances your reporting capabilities. When you take advantage of 314(b) information sharing, you gain the capability to see a holistic view of your customers. When you know your customers better and are aware of their activity outside of your financial institution, you can put together some of

10 2 the pieces of their activity that were previously missing and make more informed decisions. This proactive monitoring and insight into customer behavior and activity can help mitigate losses. By using FRAMLx, you automatically become part of a greater collaboration network. In the fight against money laundering, terrorism, and the fraud tied to these criminal offenses, the cross institutional analysis and information sharing provided by FRAMLx can help you stay a step ahead. Icons Used in This Book This book uses the following icons to call your attention to information you may find helpful in particular ways. The information marked by this icon is important. It helps you easily spot noteworthy information. This icon points out extra helpful information. Paragraphs marked with the Warning icon call attention to common pitfalls that you may encounter. You might be able to get by without the technical details next to this icon, but you still might find them quite interesting. Beyond the Book You can find additional information about FRAMLx by visiting

11 Chapter 1 Introduction to FRAMLx In This Chapter Defining FRAMLx Understanding detection challenges for suspicious activity A single financial institution (FI) is often limited to the information that is presented at its organization. It knows about customer activity at its location and can easily investigate the transactions that occur there. However, this view doesn t show an institution the full picture, because customers often conduct activity at more than one institution. Due to a limited set of data, single FIs may have a narrow investigative scope. This chapter introduces you to FRAMLx, which is a way to expand analysis beyond the four walls of FIs into a broader network so that suspicious activity across multiple FIs can be detected and investigated. Introducing FRAMLx FRAMLx is a new way to detect fraud and money laundering. It expands the limited view of a single

12 4 institution and detects patterns of activity across two or more FIs. Enabled by the Verafin Cloud, FRAMLx uses advanced cross institutional analysis on billions of transactions and identifies potential suspicious activity, which would otherwise be missed at a single institution. FRAMLx enables collaboration among participating FIs through the safe harbor provided in Section 314(b) of the USA PATRIOT Act, which will strengthen your monitoring, investigations, and reporting. For more on collaboration and information sharing, see Chapter 4. FRAMLx allows you to keep an eye on evolving financial crime from a money launderer structuring cash deposits at two or more institutions to sophisticated fraud rings. FRAMLx evolved from FRAML, which is a consolidated approach to fraud detection and anti money laundering within your own FI. The two criminal activities often go hand in hand, so combining your internal investigations makes sense. FRAML includes three key components: People: Cross training individuals at your FI to understand each other s roles and to increase awareness around the different stages of the suspicious activity life cycle (prevention, detection, investigation, reporting, and recovery). Processes: Merging crime fighting endeavors to address financial crime at every stage of the suspicious activity life cycle from initial detection and alert generation, to investigation, reporting, and monitoring.

13 Technology: Facilitating workflow with a central repository for customer data, investigation, and compliance efforts. To learn more about FRAML, visit to receive your complimentary copy of FRAML For Dummies, Verafin Limited Edition. By looking across multiple FIs, FRAMLx extends the three components of FRAML (people, processes, and technology). You can work with experts at other institutions to gain a holistic view of your customers and you can strengthen your investigations and reporting. FRAMLx can help you detect more suspicious activity by analyzing data from multiple institutions. The Verafin Cloud provides the technology for improved and advanced analytics that can highlight activity that spans multiple institutions. Suspicious Activity Detection Challenges You know what your customers are doing at your institution, but wouldn t it be beneficial to know about their financial activity at other institutions? For example, here are some questions you can ask: Do you know if your customer is structuring cash deposits across multiple institutions to avoid reporting? 5

14 6 Do you know if your customer is presenting a counterfeit check more than once? Are your customers sending or receiving wires that are funded by illegal activity? It s hard to answer these questions when you can only see your own institution s data. Some of you are taking advantage of 314(b) information sharing to collaborate and investigate activity over the phone or via . Others are already working together to answer these questions by forming compliance groups, in which all members have notified FinCEN to use 314(b), to discuss local activity. This manual process takes time and effort, and sometimes a little bit of luck. Verafin helps take what you re doing today and applies technology and advanced analytics to elevate it further with FRAMLx. Using cross institutional analysis and 314(b) information sharing, FRAMLx helps you collaborate by providing contact information for other FIs in alerts so you can quickly investigate customer activity.

15 Chapter 2 Cross Institutional Analysis In This Chapter Analyzing transactions at your FI Understanding the power of cross institutional analysis Understanding Verafin s advanced analytics Using FRAMLx analytics to see more This chapter discusses the benefits and building blocks of cross institutional analysis, which is the basis for FRAMLx. It also goes over some of the analytics that Verafin uses in the FRAMLx technology. Large amounts of data and transactions are needed to perform Verafin s advanced analytics. By analyzing more transactions and more data, complex patterns of suspicious activity become evident. How Transactions Are Analyzed at Your FI To uncover suspicious activity at your financial institution (FI), whether money laundering or fraud, the Verafin

16 8 application reviews all transactions. It analyzes the transactions in the context of a customer s past activity, and compares the transactions against the customer s established behavior patterns to determine whether anything seems out of the ordinary. For every transaction, Verafin asks, Is this transaction normal and legitimate for this particular customer? When looking for money laundering, the flow of funds across all transaction channels (cash, wires, ACH, and so on) is analyzed and monitored to collect evidence and to produce a view of a customer s activity. The direction of transactions (inbound and outbound) is also taken into consideration. When looking for fraud, transactions are compared to a wide range of fraud scenarios from simple to complex. When assessing fraudulent activity, the context of who performs the transactions matters just as much as the transactions themselves. To help your institution detect money laundering and fraud, Verafin generates risk scored, evidence supported alerts based on the analysis of customer transactions and data. The alert evidence helps provide the reasons why something is potentially suspicious. By monitoring both transactions and demographic data, Verafin helps you gain a holistic view of a customer at your institution. Why You Need Cross Institutional Analysis What if your customer is banking at another FI? Do you know whether your customers have accounts at multiple institutions? How can you see what they re doing?

17 And how do you know if their activity at your institution is legitimate if you don t have the full picture? Here are a few examples: Beth has a personal account at your bank, Bank ABC. She also has another account at Bank XYZ for her small business. She opened the account at Bank XYZ because it was close to her business location, and it made night deposits easy for her staff. Has Beth shared the information about the business account with you? Robert has four accounts at four different credit unions. He could be using the accounts for normal, legitimate activity; however, having all these accounts could be Robert s attempt to conceal suspicious or illegal activity. He may be making multiple cash deposits (that are just below the regulatory reporting threshold) at different institutions. Any single FI may be hard pressed to detect this cash structuring because investigators can only see what Robert is doing at their institution. However, when you see a holistic view, you see what Robert is really doing. Institutions should ask, how well do I really know this customer? Am I seeing all my customer s activity or just a small slice of what he or she is doing? This begs the question: What do you need to see the full picture of a customer s activity and his or her transactions? Collective Data Your customers (people and businesses), accounts, and transactions make up your institution s data. 9

18 10 Data (both transactional and nontransactional) from multiple institutions is aggregated and analyzed by Verafin as a larger data set or sample set for the purpose of detecting patterns and linkages in the data. This data from multiple institutions is known as collective data. Collective data gives an institution a larger financial intelligence footprint compared to the often limited view of your institution s data set. When combined, data and transactions from multiple FIs can be analyzed to look for suspicious activity spanning institutions, and as a result can help detect money laundering, the proceeds to support terrorist financing, and fraudulent activity. The Verafin Cloud enables the analysis of collective data. For more information about the Verafin Cloud, see Chapter 3. Connecting the Dots Cross institutional analysis (the x in FRAMLx) takes transaction analysis, monitoring, and detection to the next level by looking at transactions for all institutions in a network (instead of just transactions occurring at a single FI). Because cross institutional analysis spans multiple FIs, it can uncover suspicious activity and patterns that could go undetected at a single institution. Figure 2-1 shows a network of FIs. Detecting money laundering and fraud isn t easy. It can be particularly hard for community banks or credit unions. Larger financial corporations (such as Tier 1 banks) are already part of a network because they have multiple institutions with more customers and daily transactions. It s easier for such institutions to detect new trends and patterns of

19 11 Figure 2-1: A network of institutions.

20 12 activity because of the sheer volume of transactions and data that occur within their own networks on a daily basis. For example, with the recent big box store card breaches, the larger Tier 1 banks likely knew when a terminal had been compromised and which of their customers were affected. Smaller FIs, on the other hand, may not know that a customer s card has been skimmed until the customer calls to report activity in his account that he didn t conduct. Smaller community institutions often have a harder time detecting the trends and patterns of criminal activity because the data just isn t available or the data set is too limited to detect potential suspicious activity. Larger FIs have a detection advantage because of the volume of customers and transactions they deal with on a daily basis and because they re already connected in a network. By participating in cross institutional detection, smaller institutions can become part of a much larger network of FIs. The data and transactions can be analyzed and monitored together to see if suspicious activity can be detected and whether it spans multiple institutions. This analysis can help you detect when: One person is breaking up his activity across institutions Groups of people are working together to commit crime Cross institutional analysis can uncover illegal activity (for example, structuring across institutions), and it can also help explain legitimate activity that (on its own) may look suspicious.

21 13 This broader analysis and view of transactional data can paint a clearer and fuller picture of customer activity, which in turn can lead to more informed, efficient, and thorough investigations. By analyzing the transactions and data of customers in the Verafin Cloud, patterns can be detected that no single FI would be able to see on its own. By being a part of this connected network of institutions in the Verafin Cloud, your detection capabilities are greatly expanded. What Are Verafin s Advanced Analytics? Verafin s analytics use the latest advances in artificial intelligence, Bayesian belief networks, behavior based analytics, and pattern recognition when analyzing data drawn from all of an FI s sources (both transactional and nontransactional). Verafin analyzes information such as a customer s age, occupation/industry, customer history, and expected activity when it examines that customer s transactions. Verafin also examines customer behavior to determine whether a transaction is truly suspicious or normal and legitimate for that particular customer. Using a combination of fuzzy logic, artificial intelligence, and pattern recognition, the software creates an alert when the activity isn t normal for the customer. The software rates the level of risk (for example, an 85 percent chance exists that Customer X is committing money laundering), and supplies the evidence behind this suspicion.

22 14 Behavior based analytics Behavior based systems clarify the connections between your customers behaviors and the indicators of risk for suspicious activity. These systems formulate a degree of suspiciousness for a customer s activity. For example, suppose you re trying to determine whether a customer is structuring cash deposits because they fall just below the currency transaction report (CTR) threshold. Before issuing an alert, the system analyzes the available data using a combination of advanced analytics, which involve the following: Searching for excessive cash deposits. The system does this by determining whether the total cash deposited by a customer is excessive compared with her peer group. Calculating the risk of deposits just below the CTR reporting limit. Determining the frequency at which the deposits are made. Reviewing the number of locations used for the cash deposits. Verafin s robust analysis detects suspicious activity because behavior based systems provide a detailed breakdown of the evidence used to generate the alert. Those responsible for reviewing alerts and investigating cases can better understand why the customer s activity may be suspicious. Fuzzy logic Fuzzy logic offers a way to express uncertainty about the answer to a question like, Is this customer s

23 15 behavior suspicious? Unlike rules, where the only choices are yes or no, fuzzy logic provides an answer based on probability, giving an infinite number of possible answers ranging between yes and no. Consider the following example: When asked if you expect it to rain today, applying fuzzy logic lets you answer with the probability of precipitation, ranging from 0 (no) to 100 (yes), with values in between representing the relative certainty of your answer. Here s another example to see how fuzzy logic can help you fight financial crime. Imagine you want to track large wire transactions. With a rules based system, you could ask, Has Sally conducted any wire transfers over $3,000 in the past two weeks? You receive a yes or no answer, with no way to indicate the risk of transfers under the $3,000 threshold. Perhaps she has made a wire transfer of $2,999. The rule misses the transaction by $1. In this situation, yes is 100 percent and no is 0 percent; therefore, you re unable to determine that the transaction is very risky (likely 98 percent or 99 percent) because it s presented as no risk (0 percent). To catch this, more rules are required. Fuzzy logic offers more flexibility and provides a range of possibilities rather than an absolute value. You could ask, Has Sally conducted any large wire transfers in the past two weeks, where a large transfer is $3,000? If Sally only conducted wire transfers under $1,000, then the answer would be an extremely low percentage of risk. The risk percentage increases as the wire value increases toward $3,000. If she conducted a wire transfer of $3,000 or more, the risk is 100 percent.

24 16 Recognizing patterns Behavior based software analyzes a set of data that combines static information (such as address, industry/employment details, and financial information) with the metrics of a customer s activity. This includes average daily cash deposits, maximum monthly cash deposits, total weekly transfers out, average frequency between transactions, and so on. Using this combination of static data and customer activity helps you understand each customer s pattern of behaviors. With this approach, you can also compare members of peer groups (for example, customers with similar occupations or businesses in the same industry), which helps to identify unusual behavior. The patterns and regularities in data can help you detect anomalies. FRAMLx: Analytics to Help You See More You need technology and advanced analytics to look beyond a single institution and to link customers and transactions that span multiple institutions. In order to see patterns across institutions, you need advanced analytics such as pattern recognition, link analysis, and genetic algorithms. And you also need a way to connect or link institutions so their customers and their transactions can be analyzed under a collective microscope. Link analysis Link analysis is a data analysis technique used to evaluate relationships or connections between nodes

25 17 (objects). Relationships may be identified between various types of nodes, including organizations, people, and transactions. Link analysis creates a web of connections between nodes and focuses on the analysis of relationships between the nodes. It is used for three primary purposes: To find matches in data for known patterns of interest To find where patterns are broken To discover new patterns of interest To help detect true patterns and connections, a large amount of data is needed for link analysis. With a larger data set, more patterns can be found and a larger web of connections can be uncovered. For example, when analyzing data across institutions, some simple patterns that might be detected are: Customers sharing the same home address Customers working at the same business The same customer SSN at multiple institutions Customers who send money to the same person Genetic algorithms Genetic algorithms, a machine learning technique, are used to extract information from data. This data driven approach involves performing millions of tests and tunings of system parameters to detect suspicious activity. These tuning iterations are then used to optimize and tweak the existing algorithms (or analytics) or to create new ones.

26 18 Over time, the best system tunings and parameters are retained to help detect more suspicious activity. Verafin by the numbers At time of publication (2015), Verafin was analyzing data from over 1,200 customers (with a collective asset size of over $600 billion) and 60 million transactions every day. This large data set enables Verafin to develop and keep iterating on FRAMLx analytics that are effective cross institutionally for users of the Verafin Cloud. With over 30,000 users logging into the Verafin Cloud every year, you also have the option to share information and collaborate with a large network of colleagues.

27 Chapter 3 FRAMLx: Powered by the Verafin Cloud In This Chapter Examining security Looking at privacy Industry best practices Seeing the advantages This chapter discusses the security and privacy measures that Verafin has put in place to secure the Verafin Cloud. The chapter also takes a look at some industry guidelines. Finally, it walks you through the advantages the Verafin Cloud offers. Introducing the Verafin Cloud Verafin leverages cloud computing technology to perform analysis on collective data. The Verafin Cloud is a secure solution that enables cross institutional analysis of billions of transactions. Data is combined in the Verafin Cloud and advanced detection analytics are run against that data. This combined data analysis identifies

28 20 suspicious activity and patterns that might otherwise be missed or undetectable by a single institution. The Verafin Cloud is a secure infrastructure for data storage and analysis, which provides on demand access to the Verafin application by authorized users. This solution assures confidentiality, processing integrity, security, and privacy of your institution s data. Security A cloud environment must include a comprehensive, end to end security policy and practices that address physical and logical security. It must also include systems to prevent and detect breaches. The Verafin Cloud environment provides secure data flow from the financial institution (FI) to the Verafin application and also protects data while it s stored. Both encryption at rest and encryption in transit protect the FI s data. Continuous monitoring and backups of the data ensure that an institution s data is both protected and available at all times. Encryption at rest: This feature protects your data where it is physically stored (that is, data that isn t moving). The Verafin Cloud infrastructure is maintained in a secured Tier IV Gold facility where your data is encrypted and securely stored. Encryption in transit: This feature uses established, trusted channels and encryption technology for the data transfer. All file transfers to the Verafin Cloud use NIST certified secure file transfer encryption, teamed with Transport Layer Security (TLS) and Advanced Encryption Standard

29 21 (AES) 256 bit encryption on trusted channels, and are protected by firewalls that are locked down to only authorized customer networks or environments. Access to the Verafin application is facilitated through secure HTTP (HTTPS) connections based on unique customer usernames and passwords for authorized personnel only. 24x7x365 monitoring: The Verafin Cloud and its data are monitored 24/7/365, which ensures threat management is in place. An intrusion detection system (IDS) and a security information event management (SIEM) system continuously monitor for anomalous activities. Backups and disaster recovery: In the event of an emergency or system failure, a cloud vendor should have a business continuity plan (BCP) and a separate disaster recovery plan (DRP). The BCP ensures that resources and information are available to manage emergencies and to minimize disruptions to critical business processes, and the DRP prioritizes the IT system restoration details. All data in the Verafin Cloud is regularly backed up to a disaster recovery (DR) environment. Data is replicated on an hourly and nightly basis between the production environment of the Verafin Cloud and the DR center (separate from the physical storage location of the production data). Verafin s DRP outlines both the recovery time objective (RTO) and recovery point objective (RPO), and Verafin performs regular testing of this DRP to verify recovery times and the integrity of customer data.

30 22 Privacy The Verafin Cloud ensures the integrity and confidentiality of an FI s data. Every FI in the Verafin Cloud has its own logically separated database instance that securely houses its data. That is, each FI has its own private portion of the Verafin Cloud that is exclusive to that institution and its data. This ensures only authorized individuals can access their FI s data (including personal and business customers, accounts, and transactions) in the Verafin application. Each institution owns its own data Verafin simply analyzes the data in order to alert the institution of suspicious activity. For privacy and confidentiality purposes, cloud environments must ensure that customer information is handled properly. Nonpublic personal information (NPPI) and consumer information must be protected in accordance with applicable laws. The Verafin Cloud has established controls that include a privacy policy to protect NPPI and consumer information as outlined in the Gramm Leach Bliley Act, applicable regulations, and relevant state and federals laws related to the protection of personal information. The privacy policies are reviewed annually to ensure continued compliance with applicable legislation. Industry Best Practices and Regulations Verafin follows industry best practices and regulations. This section discusses them and explains a little bit about their history and why they re in place.

31 23 FFIEC In 2004, the Federal Financial Institutions Examination Council (FFIEC) released guidance and examination procedures for Outsourcing Technology Services, and in 2012, released a public statement regarding Outsourced Cloud Computing. According to the FFIEC Outsourcing Technology Services booklet, the ability to contract for technology services typically enables an institution to offer its customers enhanced services without the various expenses involved in owning the required technology or maintaining the human capital required to deploy and operating it. These benefits aside, it s important that an FI performs due diligence and risk assessment of an outsourced technology or cloud provider. Any cloud provider must meet the institution s security policies, must be able to provide evidence of ongoing auditing and controls, and must meet legal and regulatory requirements for safeguarding information. As per FFIEC guidelines, Verafin performs vendor due diligence to determine and mitigate identified risks. SOC 2 Service organization controls (SOCs) are a set of accounting standards that measure the control of financial information for a service organization. A SOC 2 is a report on the controls at a service organization, which is intended to evaluate an organization s information systems as they relate to the five trust services principles (TSP) of security, availability, processing integrity, confidentiality, and privacy.

32 24 Most service organizations will have a SOC 2 report to assure that they have security controls in place. Verafin performs a yearly independent SOC 2 audit and makes this report available to its customers. Advantages of the Verafin Cloud Institutions that are part of the Verafin Cloud benefit from the following: Immediate access to new Verafin software releases/features and regulatory changes: Institutions that are part of the Verafin Cloud receive software and regulatory updates in a seamless manner. The Verafin application is continuously released to provide updates such as the rollout of new features and services, user interface changes, back end analytics, and any required software maintenance. Timely regulatory changes and updates are also incorporated into product releases. To stay ahead of industry dilemmas and emerging fraud and money laundering patterns, Verafin protects you with the latest advancements in analytics. In addition, FinCEN advisories are quickly incorporated into the Verafin application and rolled out to all customers in the Verafin Cloud. Less in house hardware and software to maintain and upgrade: The Verafin Cloud lightens the load on your institution s IT department and reduces the capital investment in infrastructure. Updates are quickly

33 25 released in the Verafin Cloud without involving your IT department. The Verafin Cloud alleviates typical IT department maintenance tasks that are necessary to support in house software applications and hardware equipment (such as software and hardware updates). These continuous and quick updates help ensure your institution is compliant and that you can detect financial crime sooner. Proactive customer success monitoring: Each institution has a dedicated customer success manager (CSM) who actively monitors the institution s use of Verafin. The CSM ensures the FI is getting the maximum value from the application. Infrastructure for FRAMLx innovation: In the Verafin Cloud, data from multiple institutions is analyzed and this information is used to develop new analytics (and to improve existing analytics) that can more accurately detect money laundering and new and emerging fraud trends. FRAMLx and the Verafin Cloud give FIs the capability to use advanced money laundering and fraud detection based on cross institutional analysis on nonpersonal aggregated data. For more information on cross institutional analysis, see Chapter 2. By aggregating large volumes of transactions and data (processed from multiple institutions), customer activity and suspicious activity that spans FIs is made visible. Just by being in the Verafin Cloud, your institution becomes part of a network.

34 26 According to the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce, the community cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. In this case, the shared concern is detecting financial crime that spans multiple FIs. The technology and processing power of the Verafin Cloud provide better tools for cross institutional detection and information sharing.

35 Chapter 4 Information Sharing: 314(b) Safe Harbor In This Chapter Reviewing Section 314(b) of the USA PATRIOT Act Participating in information sharing Learning what can be shared under safe harbor Verafin s FRAMLx facilitates collaboration between financial institutions (FIs). If Verafin detects suspicious cross institutional activity, a FRAMLx alert is generated and includes contact information for institutions that have sent their 314(b) notification to FinCEN. When you are alerted to suspicious activity that spans FIs, you can start your collaborative investigation. Information sharing is a key component of FRAMLx. Because it deals with sensitive information, information sharing is regulated by the Financial Crimes Enforcement Network (FinCEN) under Section 314(b) of the USA PATRIOT Act. This chapter discusses the regulations that you must comply with if you share information. Some of this stuff

36 28 gets pretty technical, but because it s of great importance, it needs to be covered! Examining the USA PATRIOT Act and Section 314(b) In a nutshell, Section 314(b) of the USA PATRIOT Act provides FIs with the capability to share information with one another. It does so by providing a safe harbor that offers protections from liability in order to better identify and report potential money laundering or terrorist financing activities. An FI can help itself stay compliant with regulations and help prevent losses by taking advantage of 314(b) information sharing. By learning about activity that is usually outside of an FI s scope, the FI can gain valuable insight that is reflected in more robust reports, which have a positive cascading effect for law enforcement as a whole. From helping compliance programs build a more defined and accurate picture of a customer s activity to aiding in identifying money laundering and terrorist financing methods, participation has benefits. Within the USA PATRIOT Act, both Section 314(a) and Section 314(b) are about information sharing. Section 314(a) contains procedures for information sharing between law enforcement and FIs to identify, disrupt, and prevent money laundering and terrorist activity. Section 314(a) is complemented by Section 314(b), which allows for voluntary

37 29 information sharing between FIs and associations of FIs. FRAMLxchange is an association of FIs under Section 314(b) of the USA PATRIOT Act and forms the backbone of the FRAMLx network. This association is comprised exclusively of FIs using Verafin and allows Verafin and member institutions to collaborate within the 314(b) safe harbor. FinCEN published the Section 314(b) Fact Sheet to help you understand how to share information between FIs. To explain how Verafin s FRAMLx technology uses 314(b), this chapter references information from FinCEN s Fact Sheet. For detailed information, see FinCEN s website at patriot/pdf/314bfactsheet.pdf. Participating in Information Sharing To participate in information sharing through 314(b) safe harbor, FIs and associations of FIs must provide a notice to FinCEN. This notice is called Notification for Purposes of Section 314(b) of the USA PATRIOT Act and 31 CFR It requires nine pieces of identifying information, including: Name of the FI or association of FIs The FI s Taxpayer Identification Number Primary federal regulator Financial institution mailing address Contact name

38 30 Contact title address of contact Telephone number of contact Fax number of contact After the form is complete, it can be sent via or mailed directly to FinCEN. FinCEN will send an acknowledgement of the notice via within two business days. This acknowledgement includes details of 314(b) participation as well as the link and information required to access the most recent participant list. Information sharing terms last for one year from the date the notice is sent. You can add multiple contacts at your FI, but each of them needs to send his or her own notice to FinCEN. Who Can Participate in Voluntary 314(b) Information Sharing? Financial institutions subject to an anti money laundering program requirement under FinCEN regulations, and any association of such FIs, are eligible to share information under Section 314(b). What Are You Allowed to Share under Safe Harbor? Safe harbor means protection under the law. Sharing information through 314(b) protects FIs from civil

39 31 liability and allows them to share information in conjunction with current laws. Information sharing involves an information request from one FI to another FI, usually via or telephone. FIs may voluntarily choose whether or not to participate. Before you share information, be sure to check out the latest participant list from FinCEN. It s up to participating FIs to ensure the contacted FIs are also participants in 314(b) information sharing. If your FI or association of FIs chooses to participate in 314(b), you must follow the implementing regulations of the Department of the Treasury. The Federal Financial Institutions Examination Council (FFIEC) states: If a FI receives such information from another FI, it must also limit use of the information and maintain its security and confidentiality (31 CFR (b)(4)). Such information may be used only to identify and, where appropriate, report on money laundering and terrorist activities; to determine whether to establish or maintain an account; to engage in a transaction; or to assist in BSA compliance. The safe harbor does not extend to sharing of information across international borders. In addition, section 314(b) does not authorize a FI to share a SAR, nor does it permit the FI to disclose the existence or nonexistence of a SAR. If a FI shares information under section 314(b) about the subject of a prepared or filed SAR, the information shared should be limited to underlying transaction and customer information. A FI may use information obtained under section 314(b) to determine whether to file a SAR, but the intention to prepare

40 32 or file a SAR cannot be shared with another FI. Financial institutions should establish a process for determining when and if a SAR should be filed. Actions taken pursuant to information obtained through the voluntary information sharing process do not affect a FI s obligations to respond to any legal process. Additionally, actions taken in response to information obtained through the voluntary information sharing process do not relieve a FI of its obligation to file a SAR and to immediately notify law enforcement, if necessary, in accordance with all applicable laws and regulations. Be sure to follow the rules to avoid fines and civil liability. During participation in 314(b) information sharing, FIs may share information with each other regarding individuals, entities, organizations, and countries for the purposes of identifying, and, where appropriate, reporting activities that may involve possible terrorist activity or money laundering. You re probably wondering if this covers fraudulent activities. Yes, 314(b) information sharing can include activity related to money laundering and terrorist financing activities, which have been compiled into a list of specified unlawful activities (SUAs). SUAs include an array of fraudulent and other criminal activities. If 314(b) information sharing participants suspect that transactions may involve the proceeds of SUAs under money laundering statutes, information related to such transactions can be shared under protection of the 314(b) safe harbor. SUA information can be shared, and

41 33 a full list can be found starting on page 201 of the PDF at afstats06.pdf. Verafin facilitates this information sharing process by producing alerts that display similar or related activity, and this includes another FI s contact information so you know whom to contact. For more information about FRAMLx alert generation, see Chapter 5. If your FI decides to file a SAR (after collaborating), make sure to mention that you used 314(b) information sharing in your SAR narrative. The existence of a SAR or the intention to file a SAR can t be shared. When your FI decides to avail of 314(b) information sharing, you may need to make some changes at your FI. Some new policies and procedures may be needed to ensure compliance with the regulations. For example, you may need to update your BSA policy to include a 314(b) section. You will need to designate at least one contact person for information sharing and you need to make sure all employees are aware of who is the contact at your FI. You will also need to educate your employees about using 314(b) and protect your FI by setting up guidelines. FIs and associations must also establish and maintain procedures to safeguard the security and confidentiality of shared information, and must only use shared information for the purposes of: Identifying and, where appropriate, reporting on activities that may involve terrorist financing or money laundering

42 34 Determining whether to establish or maintain an account, or to engage in a transaction Assisting in compliance with anti money laundering requirements Checklist for 314(b) information sharing You must be an FI or an association of FIs. An individual at your FI or association must send a notice to FinCEN. Prior to sharing information, consult the 314(b) participant list and ensure your point of contact is listed. When you share information, you must safeguard that information and use it only for anti money laundering and counter terrorism financing purposes. You may not disclose the existence of a SAR or the intent to file a SAR.

43 Chapter 5 FRAMLx Detection Examples In This Chapter Cash deposits across multiple institutions Common wire receivers Presenting the same counterfeit check at multiple institutions Shared watch lists High cash turnover spanning multiple institutions Repeating crimes at multiple institutions Common point of purchase FRAMLx alerts This chapter shows you some examples of how criminals hide money laundering and fraudulent activities using multiple institutions. These examples show how institutions that are part of a bigger network receive additional information related to their customers. The chapter wraps up with some information about how FRAMLx alerts actually work.

44 36 Cash Deposits across Multiple Institutions Robert is a customer at Bank B and his bank profile indicates that he is an accountant at a popular, highend New York restaurant. This past week, Robert deposited $7,000 on Tuesday and another $8,000 on Friday at Bank B. Elizabeth, the compliance officer at Bank B, is alerted by her AML software that $15,000 is a fairly high volume of cash deposits for an average week. She begins investigating the money laundering alert and reaches out to Robert, but with all the publicity and traffic the restaurant is getting, Robert can easily explain why the cash deposits are $15,000. If Bank B had Verafin s FRAMLx software, the money laundering alert could have included a notice that two other banks have seen similar activity on Robert (based on his SSN). Under 314(b), Elizabeth can reach out to the contacts at those other two banks. See Figure 5-1 for a visual of Robert s transactions. He made the following cash deposits early in the week: On Monday, $5,600 is deposited at Bank A. On Tuesday morning, $7,000 is deposited at Bank B. On Tuesday afternoon, he also made another $7,000 deposit at Bank C.

45 37 Figure 5-1: Robert has deposited a large amount of cash in different banks over a short period of time.

46 38 A few days later, Robert made a few more cash deposits: On Thursday, he deposited $1,900 at Bank A. On Friday, $8,000 is deposited at Bank B. Also on Friday, $3,000 is deposited at Bank C. Together, the FIs realize that Robert s activity spanned three institutions and totaled $32,500 in cash over six separate deposits in a single week. He split transactions ($11,000) on Friday across two banks to avoid the CTR reporting limit. It turns out that Robert is the accountant for an illegal gambling group hidden in the restaurant. Robert is using multiple institutions to hide the money coming from his illegal gambling. Common Wire Receiver Bank A has a case open on its customer, Jessica. The Compliance team is actively monitoring her activity because of the high number of wires being sent from her account. Jessica s occupation is listed as waitress; however, it seems unlikely that a waitress would have income in line with the funds leaving her account. The recipient of the wires, Joey, is a customer at Bank B. Jenny (a customer of Bank C) deposits $4,000 and later, a $4,000 wire is sent from her account to Joey. See Figure 5-2. After the wire is sent, Henry (the compliance officer at Bank C) gets a FRAMLx alert on Jenny. Henry wonders why he s receiving an alert for the low volume of $4,000. The FRAMLx alert includes contact information

47 39 Figure 5-2: Common wire receiver.

48 40 for Banks A and B. Henry calls both Bank A and Bank B to find out more information. Bank A shares that Jessica seems very suspicious to them and that she has also sent a number of wires to Joey. When Henry chats with his colleagues, they discover that Joey is the common wire receiver and that he s also receiving wires from a few other people. After chatting with his colleagues, Henry reviews the video logs for the date of Jenny s $4,000 deposit and finds out it was actually a man who deposited the cash, not Jenny. Without cross institutional analysis, these institutions would be unaware of this information. These institutions can now ask: Who is sending money to Joey (in addition to Jenny and Jessica)? How and where are the individuals getting the money that they re wiring to Joey? Who is the man in the video? How big is this network of wire senders? Where is the money going? Presentation of the Same Check at Multiple Institutions Tom has five copies of a counterfeit check for $400. On the same day, he goes to five different FIs in his area with the counterfeit checks. He plans to open an account and to deposit and cash the check at each FI. Typically, criminals pulling this scheme will attempt to withdraw some or all of the check amount before the checks

49 41 bounce. For example, if each FI accepts the check as valid, Tom can get $200 dollars from each check (as allowed under Regulation CC) so he figures he can make a quick $1,000. If the institutions Tom is scamming were part of Verafin s FRAMLx network, the system could detect that someone is trying to cash a counterfeit check (based on the check MICR number). The system would alert the FI that a check with the same MICR number has been cashed at another FI in the FRAMLx network, and the check presented is a duplicate (and counterfeit). This early detection would interrupt Tom s attempt to cash more counterfeit checks. See Figure 5-3. Shared Watch List Bank A offers online banking services. The bank regularly monitors activity using online banking system log files. The log files contain information about the users who are logging into the banking platform, the date and time when the logins occur, and the IP addresses used to log in. The log files also record failed login attempts, the services accessed, and any demographic changes in a user s profile information. During the regular monitoring of the system log files, Bank A noticed odd activity from a certain IP address and some fraud associated with the activity (a large wire transaction) originating from this IP address. It isn t an IP address from the typical Internet service providers (ISP) in the city where the bank is located and the activity has been occurring around 4 a.m. each morning.

50 42 Figure 5-3: Same MICR number.

51 43 After investigating the activity and determining that it s suspicious, Bank A blocks the IP address and the IP address is added to an internal watch list to detect if any further activity originates from this IP. Bank A is a member institution of the Verafin Cloud, which shares watch lists using FRAMLx. By adding the IP address to the shared watch list, other institutions are alerted when this IP address is used to access online banking services at their institutions. High Cash Turnover Spanning Multiple Institutions Sandra is a customer of Credit Union A, where she deposits $3,000 in cash on Thursday. Within a few days, she transfers the full amount out of her account. Two weeks later, she repeats this activity. Sandra also uses Credit Union B on the other side of town. She is depositing $3,000 there as well but uses the money to purchase electronics. She repeats the same $3,000 deposit and transfer out of another account at Credit Union C every two weeks. However, the volume of money entering and leaving her account at each credit union hasn t been enough to generate an alert. She s flying under the radar. Even though there s a high turnover of funds in her accounts, the credit unions are unaware of the activity because they re working in isolation. Using FRAMLx, Sandra s activity would be aggregated. See Figure 5-4. When added together, the volume of cash being deposited ($18,000) and then leaving her account ($18,000) every month would be enough to

52 44 Figure 5-4: High cash turnover.

53 45 generate a money laundering alert. Under 314(b), these CUs could share information about Sandra s activity and decide to investigate her. Transactions that previously might have looked like regular payroll deposits now seem a whole lot more suspicious when the total amount of money in question is combined. Activity like this cash in and transfer out often corresponds to the placement stage of money laundering. With placement, cash is deposited and then transferred out of an account shortly after or is used to make large purchases. Placement is the process of placing, through deposits or other means, unlawful cash proceeds into traditional financial institutions (FIs). Placement is the attempt to hide the origins of dirty money. Criminals Who Repeat Crimes at Different FIs William opens a checking account at Bank A on Friday morning. Later on Friday afternoon, he opens a new account at Bank B. William also has an older account at Bank C. A few days later, he goes back to Bank A with a check for $7,200 (written from Bank C). He wants to deposit the check and get the cash. However, the teller informs him that a hold will be placed on the check. William seems rather nervous. The teller asks him about the check and William says that he sold his car. The teller calls Bank C (where the check was drawn) and they confirm it as fraudulent.

54 46 The next month, William attempts to cash a check at Bank B. However, a FRAMLx alert generates and includes the information from Bank A. Bank B calls Bank A and they discuss William s previous check cashing attempts. They place a hold on the check and add flags to his account to monitor his activity more closely. Common Point of Transactions (CPT) Mark is a customer at Bank A. It is the weekend before Mother s Day, so Mark goes shopping at Gemstones Jewelry store to buy a gift for his wife. He uses his Bank A debit card to pay for the gift. Greg banks with Bank B. He also shops at Gemstones Jewelry that same weekend to buy a gift for his girlfriend. He pays for his purchase with his debit card. Chad (a customer of Bank C) also buys a combined gift for his mom s birthday and Mother s Day at Gemstones Jewelry store with his debit card. A month later, Mark calls Bank A to report a $300 ATM withdrawal that appears to be fraudulent. The fraud investigator at Bank A opens a case to track Mark s complaint. Greg calls Bank B to report a $260 ATM withdrawal that he didn t make. The investigator at Bank B opens a case for Greg. The FRAMLx system detects two similar debit fraud cases at Bank A and Bank B. See Figure 5-5. The system looks through the card history for Greg and Mark and notices they both shopped at Gemstones Jewelry store during the same weekend and that their cards may have been skimmed.

55 47 Figure 5-5: Common point of purchase.

56 48 Bank C is immediately alerted that Chad used his card at a potential skimming location, and they increase the monitoring on Chad s card. Understanding Verafin Alerts To help you understand how Verafin detects suspicious activity that you learned about in the detection examples, this section provides a brief summary of alert generation in the Verafin application. Verafin obtains data from your banking system on a nightly basis and analyzes all transactions and information. If suspicious activity or suspicious transactions, evidence of fraud, or a possible watch list match is detected, Verafin generates an alert to notify you that the transaction or evidence must be investigated. These risk rated, evidence supported alerts include the date/time, risk score, and alert type for quick triage. An alert is a notification of potential suspicious activity. How FRAMLx Alerts Catch Cross Institutional Suspicious Activity When Verafin detects cross institutional suspicious activity, an alert is generated with a FRAMLx indicator. The FRAMLx alert lets you know that the customer s activity may be linked to suspicious activity elsewhere and provides information for the institution in one easy to access location.

57 49 In the alert, the 314(b) contact information (name, address, and phone number) is included for each FI, saving you time. There is no need to navigate to FinCEN s website to find the 314(b) participant list. After your alert triage, you can quickly reach out and collaborate with colleagues to share information about the suspicious activity. Under the 314(b) safe harbor, you can share information that helps you learn more about your customers and their activity. Verafin s integrated case management component helps you document and track your investigation and findings in one centralized location. Cases can be quickly created directly from an alert. Verafin also includes suspicious activity reporting and direct e filing to FinCEN.

58 50

59 Chapter 6 Eight Benefits of FRAMLx In This Chapter Benefits of FRAMLx This chapter walks you through some of the best things about FRAMLx. FRAMLx Expands the Benefits of FRAML FRAMLx extends the three components of FRAML (people, processes, and technology) across multiple financial institutions (FIs): People: Work and collaborate with colleagues to gain a holistic view using 314(b) information sharing. Processes: Strengthen and streamline your investigations, processes, and reporting. Technology: Use the advanced analytics of the Verafin Cloud to detect cross institutional activity.

60 52 The More Data You Have, the Better the Picture To help detect true patterns and connections, a large amount of data is needed for link analysis. The larger the data set, the more patterns can be found. Because Verafin analyzes a large set of data, FRAMLx can present new information. When you know to seek more information, you can gain a holistic view of your customers behavior and activity that extends to the entire network that FRAMLx and 314(b) information sharing provide. Verafin lets you know about similar or related activity on your customer at another FI by generating a FRAMLx alert. This shifts the focus onto investigation and collaboration through information sharing. When you work with your new information sharing network, you can see a bigger picture of customer activity and behavior. FRAMLx Alerts Verafin analyzes data and presents alerts based on suspicious activity that spans multiple FIs. A FRAMLx alert shows you transactional information at your FI (if applicable) and 314(b) contact information (including the name, phone number, and address) for the other FI. FRAMLx alerts enable you to be proactive and collaborate. When you use 314(b) and become armed with more information about your customers, you can make decisions more confidently, such as how much monitoring you want and how to handle customer activity.

61 53 Collaborative Investigation Process By working together with other FIs, you gain the capability to see a bigger picture. More data points mean a better overall understanding. This helps enhance your reporting capabilities, lets you reevaluate information you already have, and enables you to streamline your processes and decision making. A Holistic View of Customers FRAMLx gives you a holistic view of customers that can help you understand what s going on with them. Similar to how you use an online map, FRAMLx can help you zoom out to see a bigger picture that encompasses more FIs. By gaining additional information about your customer, such as activity outside of your FI, you gain a better understanding about what you need to do to protect your assets and help protect those connected to you. More information increases the strength of your customer due diligence, such as the Know Your Customer (KYC) policy. A holistic view helps you make decisions about a customer s true activity, not just based on the information at your FI. When you know more about your customers, you know how to proceed with setting their risk parameters and monitoring. By seeing more information, or information in a different light, you might reconsider how to proceed. What previously appeared normal may now look suspicious, and vice versa.

62 54 This translates to greater overall efficiency and less guesswork. Enhanced Reporting More information can result in more robust reporting, both internally and to law enforcement. When you previously might have felt uncertain about filing a report, additional information through collaboration can help clarify and give you confidence. FinCEN s Section 314(b) Fact Sheet lists the following as benefits of information sharing: Building a more comprehensive and accurate picture of a customer s activities where potential money laundering or terrorist financing is suspected, allowing for more precise decision making in due diligence and transaction monitoring. Facilitating the filing of more comprehensive and complete SARs than would otherwise be filed in the absence of 314(b) information sharing. Facilitating efficient SAR reporting decisions for example, when a FI obtains a more complete picture of activity through the voluntary informationsharing process and determines that no SAR is required for transactions that may have initially appeared suspicious. If you decide to file a SAR after sharing information using 314(b), FinCEN wants to know. The 314(b) Fact Sheet states, In cases where a financial institution files a SAR that has benefited from 314(b) information sharing, FinCEN encourages financial institutions to note this

63 55 in the narrative in order for FinCEN to identify and communicate additional examples of the benefits of the 314(b) program. Loss Prevention By gaining additional information about your customers and taking a proactive approach to detection, you can mitigate your losses. The information you gain helps you set up appropriate monitoring and risk controls that are more accurate than previously thought possible, such as adjusting customer risk, using internal watch lists, and adjusting customer behaviors. When you know your customers and see a bigger picture of their activity, you can help prevent future losses. 314(b) information sharing helps you collaborate so you can know your customers better, and FRAMLx helps you find the connections you need most. Strengthened Monitoring, Investigation, and Reporting FRAMLx helps you strengthen your monitoring, investigations, and reporting. Whether your everyday process is manual or automated, the data your FI analyzes is often limited to your institution. This means the picture you form consists only of a customer s behavior and activity within your walls. With such a small data set, it s hard to know if a customer s activity is truly suspicious and should raise red flags, or if it s routine daily banking.

64 56 With FRAMLx, you have technology and advanced analytics working with you to create links among customers and transactions that span multiple institutions. You can start a conversation and share information through 314(b) to build a better customer profile. When you start using FRAMLx, you automatically become part of a greater collaboration network. In the fight against money laundering, terrorism, and the fraud tied to these criminal offenses, FRAMLx can help you stay a step ahead.

65 Notes

66 Notes

67

68