Sri Lanka’s lack in a proper framework in anti-money laundering and counter-terrorist funding was highlighted by The European Commission in February 2019, listing Sri Lanka among 23 countries with strategic deficiencies in their anti-money laundering and counter-terrorist financing frameworks.
Jwahar Bammi, Principal Solution Architect at FIS, a global leader in financial services technology, shares his professional insights on how companies could flight back against Financial Crime and Cyber attacks.
C-level bank executives, surveyed in 2016 and 2017 by Bank Director Magazine in its Risk Practices Survey, named cyber security as their top risk concern by a long shot. More than three-quarters (77%) of respondents named this as their greatest worry, ahead of compliance (54 percent), credit (39%), operational issues (29%) and other common issues. It is no wonder, since cybercriminals steal more than $450 billion in money, data and IP each year.
Their tactics are diverse and insidious. Botnet attacks compromise your servers, providing criminals with access to your assets, denying service to legitimate traffic and further wreaking havoc. Account takeovers enable fraudsters to gain control of bank, credit card or email accounts so they can steal funds.
Cyber attacks continue to evolve, becoming increasingly stealthy and persistent. Once, they used to be broad, untargeted attempts by individual hackers, more easily detected and quickly patchable.
These random, single-event incidents came and went, and the experts became skilled at squelching them.
Today, however, the stealthy organized crime networks are well-funded and equipped to launch highly targeted, prolonged attacks that can go undetected for months before great damage is inflicted.
Beyond Cyber attacks
Indeed, cyber attacks dominate the news, but vulnerability goes far beyond internet attacks. Board directors, chief information and risk officers, and others responsible for safeguarding their companies’ data and customers can’t disregard the abundant threats in other channels – at the ATM, at the point of sale, in branches and call centers, and via mobile devices.
Further, whatever the payment type, breaches are common, whether it be mobile payments, online banking, checks, bill pay, wire, deposits, funds transfers or cash. And not all bad actors are those murky lone wolves or even the sophisticated crime rings, because many attacks are the result of the intentional or unintentional behavior of a company’s own employees.
Compounding the challenge is the fact that suspicious behavior from channel to channel is not the same, making it difficult to find a one-size-fits-all solution.
Impact of Financial Crime on Institutions
The definition of financial crime is broad, with the perpetrators disguising their activities through a confusing, complex network of multinational criminals who are laundering money and financing terrorists. While financial services providers tend to focus on check, payment card and mortgage fraud, international law enforcement authorities are equally committed to tracking down those who commit securities fraud (e.g., insider trading and market manipulation), insurance and medical fraud, tax evasion, bribery, embezzlement, identity theft, forgery, counterfeiting and more.
Drug and human trafficking are often part of the equation. The result is that financial services providers, along with providers of many other types of services, are subjected to a crushing burden of reporting requirements, even to the extent of having impossible responsibilities for tracking and mapping increasingly complex criminal relationships.
In addition, institutions are faced with the challenge of rapidly executing innovation so they can stay current with the relentless changes in the payments landscape.
Advanced Protection
When choosing a comprehensive solution to protect your company, its data, your customers and your reputation, many considerations come into play. The key to prevention is early detection of intrusions, which is why advanced technologies continually analyze millions of records in real or near real time across data feeds from all channels.
The algorithms and business rules built into these systems enable data analytics techniques, including pattern matching, link analysis, logistic regression, cluster analysis, Bayesian probability distribution, supervised and unsupervised learning models, behavior profiling, and the identification of peer groups and collusive networking.
With this arsenal of tools, abnormal behavior patterns are detected, triggering alerts when anomalies become evident, scoring each suspicious event into red, yellow and green categories.
Sophisticated systems leverage and localize threat intelligence from recognized entities, such as the Department of Homeland Security (DHS) and the Financial Services – Information Sharing and Analysis Center (FS-ISAC).
An invaluable feature of forward-looking financial crime solutions is the ability to visualize the intrusion, literally, as it is occurring.
For example, IT personnel can see the progression of an account takeover attempt, starting with a graphical depiction of the account owner’s rights being breached and confidential information being accessed. This visibility provides details and linkages to hidden relationships.
Alert Management
Once an anomaly is detected in any channel, by an outsider or an insider, a comprehensive financial crime prevention system will generate an instant alert.
The alert goes into a centralized repository where users can gain a holistic, cross-channel view of each affected customer’s risk, and manage each alert. Priorities can be determined and, where justified, alerts can be escalated into cases. Most importantly, the crime can often be stopped before it occurs.
When alerts become cases, each active investigation must be closely tracked, so it’s essential that investigators have access to data from a variety of sources. This allows them to monitor case progress, manage workflows and adhere to strict internal and external regulatory timelines. Silos between departments, business units and geographical locations cannot stand in the way, or informed decision-making will suffer.
Forensic research tools, as part of the technology built into modern financial crime prevention systems, are a critical piece of the effort to recover losses and bring the criminals to justice.
The technology you choose should drive efficiency by pre-populating fields, forms and letters. Further, it should automate the electronic filing of critical documents, such as suspicious activity reports (SARs), as well as the generation of legal affidavits and customer communications.
The cybercriminals won’t slow down, because they have too much to gain by targeting institutions that haven’t taken adequate steps to protect their data, treasury, customer base and reputation. But while the fraudsters continue to hone their tactics, technology is just as determinedly developing ways to block their dark efforts, helping you protect the interests of all stakeholders.
FIS is a strategic principal of Just In Time Group (JIT), a veteran in the ICT Systems and Integrated Solutions sector in Sri Lanka. JIT has been recognized in the APAC CIO Outlook magazine’s Annual Top 25 Government and Public Sector Technology Providers in 2017.
0 comments: