Presenting a United Front on Financial Crimes

Converge cybersecurity, anti-fraud and AML systems for better protection

Financial institutions are concerned about cyber crimes, but don’t know how best to tackle the problem. In PwC’s 2018 Global State of Information Security Survey (GSISS) and the 21st Global CEO Survey, CEOs and boards named cyber attacks as the business threat they were most concerned about, yet in the GSISS survey, 44% of respondents said they did not have an overall information security strategy. And PwC’s 2018 Global Economic Crime Survey showed that about half of global firms have fallen victim to fraud in the past two years – a 13% increase since 2016. We believe that for financial institutions to get a clearer view of the threat landscape, better detect suspicious transactions, and streamline investigations, they’ll need to better coordinate their cybersecurity, anti-fraud and AML controls.


What activities can or should be converged?

Cybersecurity, anti-fraud and AML programs often have common elements and controls, as well as synergies across people, processes and technology. Most firms are going to find that certain processes should converge and others should remain separate but share information more closely.

One example of how converging will help financial institutions is in managing crime prevention at the same time that they explore new technologies, such as faster payments and open banking. Firms will need to be able to push back on suspicious transactions very quickly, since customers expect their payments and other requests to go through instantaneously. To do this, organisations will need to be able to quickly reference user behavior patterns, such as the type of mobile device being used, IP address and previous payment history, to assess the validity of payment requests — which will only be possible with the more complete data that results from better information sharing.


How can these activities be converged?

The convergence of financial crime processes can only be accomplished by creating a clear operating model to serve as the backbone for the overall program. An effective operating model consists of a few building blocks: structure, oversight and capabilities. 

Financial institutions should define an enterprise-wide governance model that consists of financial crimes risk committees and charters, escalation protocols, organisational structures, human capital, and staffing and interaction models. This includes formalizing — and clearly documenting — roles, responsibilities and communication channels across an organisation’s three lines of defense: business units, which are responsible for owning and managing fraud risks; independent risk management functions, which are also responsible for overseeing and managing fraud risks; and internal audit, which is responsible for providing independent assurance for fraud management activities.

When doing this, financial institutions should consolidate processes, determining which teams can be combined. By organising this way, the institution can detect and eliminate duplicative tasks. For example, instead of having a dedicated team for reviewing escalated money laundering alerts and another for reviewing escalated fraud alerts, a joint group can review both. Better data visibility will make the joint team more effective than having two teams doing essentially the same thing.

Organisations should also adopt an enterprise-wide governance framework to effectively manage the different financial crime disciplines and should establish formalised financial crimes risk committees that support the management, execution and oversight of the cybersecurity, anti-fraud and AML. This will enable execution of the overall financial crimes strategy and enforcement of policies and will ensure that business units understand and consider the financial crimes risk appetite when setting strategy. As an initial step, firms should consider their existing reporting structure and identify points to streamline so senior management and the board have a centralized view of financial crime risk. This may mean bringing related activities under the CSO umbrella, including cybersecurity, threat intelligence, physical security and anti-fraud.

The use of standardised processes and central technology solutions, such as a singular case management system and consistent root-cause analysis, will allow for a coordinated, efficient, easy-to-replicate investigations process. And information sharing among groups will lead to holistic investigations and will force organisations to develop consistent processes within a single framework, rather than having different teams going about the same tasks in different ways. This will reduce overall risk. The convergence of AML, cybersecurity and anti-fraud controls provides an opportunity to re-examine how institutions fulfill their regulatory obligations, too, and consolidate those processes.

One size does not fit all

The path to convergence is not simple or quick, particularly depending on the size and complexities of the institution. There are immediate opportunities that are ripe for convergence now, areas to integrate in the future and, in some instances, areas that should remain separate.

The right solution for each organisation is dependent on several factors, including but not limited to: products and services offered, geographic footprint, local laws and regulatory expectations, and customer demographics.

So what actions should firms be taking now?

Start meeting counterparts in the other financial crimes pillars and initiate discussions around the idea of convergence; uncover short-term benefits, solicit feedback and maintain the dialogue. Identify the various technologies and tools being leveraged; start discussing what steps would be required to successfully move toward more effective solutions.


Contact us

Sean Joyce

Global Cybersecurity & Privacy Leader, PwC US; Cyber, Risk & Regulatory Leader, PwC United States

Jeff Lavine

Global Financial Crimes Leader, PwC United States

Alex Petsopoulos

Cyber Security Partner, PwC United Kingdom

Tel: +44 (0)7941 454210

Follow us