Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.
Blind to the black swan theory?
How a centralized approach to financial crime prevention can protect against the unexpected
By Laura Hutton, Director of Banking Solutions, Fraud and Financial Crime, EMEA/AP, SAS
Financial institutions worldwide are confronted by an explosion in the volume of financial crime affecting their businesses, encompassing everything from cyberthreats to market abuse, e-comms surveillance, money laundering, procurement fraud and unauthorized trading. Many have suffered significant financial losses as a result. It’s an ongoing threat, with Kaspersky Lab recently revealing details of fraud by a multinational gang of cybercriminals involving the theft of between $300 million and $1 billion from financial institutions worldwide.
Along with this upsurge in criminality, regulatory activity to maintain the integrity of the financial services sector has escalated. This is reflected in the amount of regulatory change (tracked by business intelligence organization Thomson Reuters), which has more than doubled over the past two years. This regulatory attention, and threat of financial loss, is forcing the group of large Tier 1 global banks to sit up and listen, while their smaller Tier 2 counterparts have been slower to react.
To achieve this, they need to link relevant data and apply a risk detection model that uses analytics to proactively identify activities that pose the greatest risk.
Tier 2 banks: Moving from tactical to strategic in the fight against financial crime
Many senior decision makers from the Tier 2 banks believe they are small enough to manage risk using simple control-based spreadsheets. Typically, they don’t see risk management as their number one priority, and are effectively operating in a work-around mode, sharing information among surveillance, fraud and financial crime teams without feeling any pressure to harmonize their approach.
This complacency could be due to the fact that, to date, relatively few of these smaller banks have incurred financial penalties. With little deterrent, they remain focussed on short-term, tactical fixes to the strategic problem of risk management and financial crime prevention. However, while these may work in the short term, they’re unlikely to be effective against the unforeseen “black swan” event that can severely damage an organization. Often, it’s inappropriately rationalized as inevitable after the fact.
Unlike the Tier 2s, the larger Tier 1 banks recognize the threats they face, and are taking steps to counter them. Today, the more forward-thinking ones are combining units into coordinated organizational divisions. Many also have rules-based detection systems that enable them to adhere to regulatory compliance requirements. Typically, these are effective in identifying policy infringements, but struggle to identify the more sophisticated activities and are prone to generating high volumes of false positives.
Analytics can proactively identify activities that pose the greatest risk
Even the largest banks, however, have more work to do. Ultimately, the goal for both groups should be to implement a more rounded intelligence-based capability, giving decision makers an overarching view of employees and clients. However, to achieve this, they need to link relevant data and apply a risk detection model that uses analytics to proactively identify activities that pose the greatest risk.
The end goal is a single view of risk across all operational areas. To achieve this, you first need to link together the different structured and unstructured data sources that currently sit in silos within organizations and then harness, ingest and utilize external sources.
You should first use this approach to address high-priority areas of activity – such as money laundering, market abuse or cybercrime. You can then extend it to provide an all-encompassing view of the trader, counterpart or high-risk business activity being investigated, as well as ultimately providing an end-to-end view of risk across the organization.
With the data ingestion and linking process fully underway, your bank may opt to start implementing more sophisticated analytics to establish what constitutes normal behavior and highlight where behavior has deviated from that norm. This may mean investigating employees who have taken a high-volume position on trades against a deteriorating portfolio, or it could entail examining an unusually high spike in cancellations in light of a high volume of email communications between the front and back office. Whatever the scenario, it’s important to look across the breadth of the data available and combine business knowledge and understanding to most effectively find both known and unknown risks.
The next stage is empowering the business user with visualizing the available data and associated links to ensure that investigators see emerging patterns. Thanks to the latest in-memory processing, millions of lines of data can be analyzed in seconds. The results can be presented in a highly visual way so that a chief risk officer can instantly understand which products are exposing the bank to the most risk, or investigators can decide which patterns to look at in greater detail.
Data quality is key through all of this, but to avoid delays, the best practice is to run data remediation efforts in parallel with investigative processes.
Benefits aren’t restricted to Tier 1 banks
The larger banks have been first to adopt this approach, but Tier 2 banks can also benefit from it. Just as with their Tier 1 counterparts, connecting the dots remains key, but the Tier 2s may want to do this over fewer data points. Equally in the first project phase, instead of running analytics, they might opt to simply move from the data linkage to reporting, so they can begin to understand where the links are.
For both groups though, with the range of financial crime proliferating and regulatory pressure growing, adopting or retaining a siloed approach to tackling crime is no longer an option. The risk of financial and reputational loss is too severe to ignore. Today, Tier 1 banks largely understand this message, and the most forward-thinking have started on a path that will ultimately enable them to proactively tackle the threat of financial crime. For the moment, the Tier 2s are focused on expansion, rather than control, and largely continue to postpone proactive action.
Both groups must act now to achieve a holistic view of their organization, drive visibility of operational and compliance risks, and apply analytics to shape future investigations. In today’s tightly controlled process-driven banking environment, adopting a fully integrated end-to-end approach to risk management and protection against crime has become an imperative.
Laura Hutton is a Director in the banking solutions team at SAS, working across the Europe, Middle East, Africa and Asia Pacific region and responsible for the design, build and go-to-market of SAS’ fraud and financial crimes solutions within the advanced analytics business unit. Working with companies globally, she consults across the full client engagement process from both a technical and business perspective, ensuring that SAS® solutions continuously drive value for customers. Hutton has a First Class degree in mathematics from the University of Durham.