Balajee Sethuraman, Global Managing Partner & Head of Banking & Financial Services, Europe
In the financial services industry, disruptive technology is generally seen as an enabler of business growth, as well as an enhanced consumer experience. For example, blockchain ledgers have the potential to significantly speed up international payments and also revolutionise the way customer records are stored. However, the rapid advance in cybercrime techniques means that the merging of the financial services with technology is actually, at times, jeopardising assets.
Cyber criminals are constantly trying to target our wealth and our identities, and the threats are gathering pace. In fact, financial crime is expected to have cost businesses over $2 trillion globally by 2019. This figure is a combination of money laundering, cybercrime, fraud and tax evasion. As a result of factors such as globalisation, proliferation of banking channels, rising transaction volumes and advances in technology, financial firms of all sizes are increasingly vulnerable as they struggle to keep up with the sophisticated techniques associated with the hacker of today.
Simultaneously, financial institutions are faced with ever-evolving regulatory requirements including updated AML (Anti-Money Laundering) compliance. In fact, a number of high profile banks have faced sanctions and criticism over anti-money laundering controls, including Deutsche Bank and Swiss Bank BSI. With heavy penalties in place for those failing to adapt defences fast enough, a precedent is being set for greater transparency, responsibility and compliance. Despite banks making huge investments in security and compliance measures, a fragmented approach to financial crime may limit their success in preventing it. Undoubtedly, banks need to continuously adapt and enhance their policies and approach to fighting cybercrime to protect data assets and optimise revenues. Here we recommend six steps to tackling these problems:
- Tailor the risk management process
Crucial to developing adequate security controls is acquiring knowledge about potential risks and how they could affect the business. Conducting appropriate thorough risk assessment and mapping the results against internal policies, procedures and controls can allow banks to assess their ability to mitigate risks and adapt accordingly. Considering an organisation’s size, channels, geographies and customer types, and re-evaluating strategy regularly as these factors change will ensure that a business’s risk management plans remain relevant.
- Address internal silos
The wide spectrum of financial crime, from money laundering to cyber-attacks, means that banks are often tempted to merge the various functions tasked with crime prevention. However, too much of this can increase vulnerability; in fact, a better approach is to improve internal communication and co-ordination between functions. For example, cybercrime and AML disciplines face similar challenges and often overlap in terms of processes, systems and data requirements. Therefore, teams like these with similar functions are in a great position to exchange insights.
- Overcome data challenges
Key to managing risk is acquiring high quality and consistent data from across an organisation, something that is not always easy for large banks which have accumulated data from multiple systems as a result of mergers and acquisitions. Standardising large volumes of customer and transactional data can significantly improve overall data quality and provide the accuracy needed to support real-time monitoring and data-driven decision-making. Key to achieving this is ensuring that employees adhere to internal standards when entering data.
- Applying advanced analytics
Accruing the relevant data is important, but using it effectively is another factor altogether. Using analytics and visualising data is now essential to combat cyber-criminals, and understand threat patterns. While banks are already collecting customer data to meet Know Your Customer (KYC) regulations, additional analysis of data from point of sale, social media, customer databases and external sources such as data vendors allows financial services firms to enhance the speed of fraud detection and prediction. Only by digging deeper into this data are financial institutions able to better understand the risks posed by customers, transactions and other entities and discover complex threats with the potential to impact multiple lines of business.
- Lead by example
To crusade against financial crime, banks should ensure that senior employees set the tone by establishing accountability standards, controls and policies. Management must also promote transparency by working closely with regulators and give incentives for compliance. An important aspect of this is training employees on the latest regulatory developments and raising internal awareness of emerging threats, such as risks associated with virtual currencies and new technologies.
- Collaborate with industry-wide initiatives
Some businesses have developed their own proprietary tools to develop sustainable and scalable crime prevention solutions, un-guided by wider best practice. While considering industry standards is key, financial institutions should collaborate with the wider industry to re-evaluate their strategies regularly and keep up with changing policies. Remaining stagnant can result in duplicated efforts across the industry and additional compliance costs. Banks taking a unified approach can lower these costs, address skills shortages, create standards and foster innovation. Beyond the immediate financial industry, working with law enforcement agencies and government can help banks mitigate the evolving tactics of financial criminals.
The ever-expanding arsenal of criminals, combined with regulatory uncertainty, is making financial institutions of all sizes vulnerable to fraudulent activity. Despite the new methods developed by fraudsters, technologies such as real-time analytics and machine learning are now readily available to begin the fightback. Banks must adopt a proactive approach that prioritises building an appropriate internal culture, implementing adequate defences and collaborating with the wider industry and regulators, to avoid high technology procurement and maintenance costs and attract employees with the right skills. With a horde of cyber-criminals targeting their clients’ wealth and identity every single day, it has never been more important for banks to keep up with – and surpass – the techniques of cyber criminals. Only then will banks continue to be trusted safe havens for our money.