You are here


Fighting financial crime

Recent cyber attacks highlight the need to combine cyber security, anti-fraud and anti-money laundering disciplines that were previously siloed

Driving Distruption_pg18-1.jpg

CYBER attackers are elevating their sophistication and technological firepower at increasing speed with nimbleness and innovation. Fraudsters and money launderers are evolving their approach and finding new ways to circumvent controls and processes, making it tougher than ever to detect and to slow them down.

In Singapore’s largest cyber attack to date, as many as 1.5 million SingHealth patients who had their personal data stolen including their names, birth dates, identification details and addresses now face uncertainty. Beyond the uncertainty to the individuals, there could be larger systemic risks that may arise, including those relating to money laundering and fraud.

Look at the cyber heist against the Bangladesh Central Bank back in 2016. The attackers exploited cyber weaknesses to bypass controls and network logging systems. They then abused gaps in fraud controls to gain unauthorised access to networks and set up fraudulent bank accounts to facilitate the transfer of stolen funds of more than US$100 million. These funds moved into accounts in Sri Lanka and the Philippines. Most of the US$81 million that was sent to the Philippines was laundered through the casinos and could not be recovered.

This heist illustrates the convergence of financial crime and indicates the need to combine cyber security, anti-fraud, and anti-money laundering (AML) disciplines that were previously siloed.

Market voices on:

The idea of consolidating these disciplines is not new. However, the execution of a successful integration for these functions continues to be a challenge. Doing so would provide a clearer picture of the risks and threats and may increase the chances of early detection which could in turn increase the speed and reaction to these incidents. Costs can be reduced and efficiencies increased by reducing any duplication of efforts of investigating the same transactions by different teams.

Common elements and synergies

  • Data management – Across the organisation, data sources are in different systems which was one of the reasons why cyber security, anti-fraud and AML have traditionally operated in silos. For example, cyber security collects user and network data, anti-fraud programmes monitor user access and account settings and AML programmes have customer personal data and transaction history. Understanding and collecting data from various systems into a “data lake”, coupled with threat intelligence from third parties can allow the organisation to analyse data in a cohesive manner.
  • Risk assessments – Approaching risks holistically in an enterprise-wide risk management approach for monitoring and reporting criminal activity allows senior management to discuss potential impacts of these risks and take appropriate protective action. Regulators around the world are encouraging institutions to promote greater communication and collaboration among their internal AML, business, fraud prevention and cyber security units. Opening communication channels and sharing of information will allow all to gain a better understanding of the different criminal threats and connect dots that would otherwise have been overlooked.
  • Case management – Monitoring systems and case management tools that can combine AML and fraud alerts will allow analysts and investigators to review case notes, generate reports to identify emerging trends and identify potential relationships between customers and transactions.
  • Customer experience – Customers are expecting improved services such as faster payments and new products such as cryptocurrencies. As financial institutions respond to customer needs and explore new technologies, managing financial crime risks in a better and faster way is essential. Organisations need to be able to quickly reference user behaviour patterns in order to assess the validity of requests which emphasises the need for more complete data and information sharing.

One model to rule them all

An effective operating model requires structure, appropriate capabilities and oversight. Financial institutions should take time to develop their financial crime strategy and enterprise-wide governance model, exploring a holistic view across all lines of businesses and across all lines of defence. When developing the overall governance, it is important to determine which functions are not in sync and where consolidation of processes and teams will benefit from the cooperation. Improved data visibility and centralised technology and tools can create more efficiency and effectiveness across the organisation.

Financial institutions should also ensure that senior management has a centralised view of the financial crime risk whereby related activities, particularly with cyber security, anti-fraud and AML, have overlap in oversight and reporting structures.

An effective operating model includes oversight of the various financial crime disciplines and establishment of appropriate financial crime risk committees to enable execution of the financial crime strategy. Cyber security, fraud and AML cannot be viewed in isolation – they feed each other and are increasingly interrelated. In the age of digitisation, it is important to be mindful of new and emerging risks associated with new products and new platforms. Many of the software systems that banks have invested in for monitoring money laundering or combating financial crime are built on outdated technology.

These systems need to be readjusted and processes streamlined to address emerging risks so that all suspicious activities, alerts and reports can be shared and communicated across the cyber security, anti-fraud and AML teams for real-time monitoring. The way to combat future threats in cyber, fraud and AML is to have the right people in the right places with real time collaboration. W