More and more companies are starting to realize that an organizational barrier between cybersecurity, anti-fraud, and anti-money laundering teams is diminishing the effectiveness of a firm-wide ability to combat financial crimes. All too often news of an “attack” involve some form of cyber breaches, followed by some form of fraud and money-laundering. Traditionally these crimes have been handled individually within its own silo. Communication between these silos has generally been minimal. For companies to effectively combat these threats, it is clear that the silos need to be torn down.
Banks are leading the way and experimenting with a financial crimes unit (FCU), a combined entity responsible for monitoring and responding to financial crimes. Overcoming corporate politics is the biggest challenge, but in an area such as data analytics, success stories have been consistently reported. Financial crime data analytics allow data scientists to string a chain of events from a cyber-attack, to an account takeover (fraud), and to a wire transfer to a safe haven country (money laundering). It naturally serves as the backbone for the convergence, more importantly it enables companies to be more proactive in detecting fraud which subsequently preventing money laundering. As stated by Jim Freis, Former FinCEN Director, “By fighting fraud, you are fighting money laundering.”
Additionally, sharing of IT assets and resources enable more streamlined information exchanges between cyber, fraud, and AML teams. All groups are investing in similar big-data technologies—advanced analytical tools that are used by the cyber team to investigate data breaches and by the AML team to scrutinize suspicious transactions. Integrating these into a single fraud information exchange would go a long way toward making sure one hand always knows what the other is doing. A comprehensive IT strategy will minimise loop holes by layering controls at each step in a process. Many organizations have a patch work of IT solutions that are not integrated and unfortunately turn into points of compromise.
The mindset of financial crimes professionals also has to evolve and converge to keep up
Many organizations view cybersecurity as a proactive response team while AML is a reactive function to file regulatory reports and maintain compliance. Nothing can be further from the truth than this mindset. Financial crimes prevention is becoming more proactive with advancement of predictive modelling and machine learning capabilities which detect and identify “anomalies” that could be cyber-related, fraud, or money-laundering. If an operations team is organized in silo, where would these anomalies be routed to? First line of defence is a likely candidate for integration. Alerts are vetted by a pool for financial crimes specialists who either close or escalate them to the second level support team who are more specialized in relevant areas.
A big bang approach doesn’t work in any transformational programs so it is best to focus on an area where convergence makes sense. Cybersecurity, anti-fraud, and AML must discover what they have in common, identify mutual strengths and weaknesses, and move toward an effective fusion of functions, processes, and mindsets. By working together, each group can dramatically enhance the effectiveness of the other, and there is simply too much at stake for them to continue working in isolation.
© 2018 - Sun May 26 00:53:31 UTC 2019 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.