RC & FRAUD, COMPLIANCE AND TECHNOLOGY ADVICE FOR COMPANIES. risk compliance RISK & COMPLIANCE MAGAZINE. risk & compliance REPRINTED FROM:

REPRINT risk & & compliance RC FRAUD, COMPLIANCE AND DATA P R IVACY TECHNOLOGY – ADVICE FOR COMPANIES IN EU R O P E REPRINTED FROM: RISK & COMPLIA...
Author: Juniper Farmer
2 downloads 0 Views 738KB Size
REPRINT

risk & & compliance

RC

FRAUD, COMPLIANCE AND DATA P R IVACY TECHNOLOGY – ADVICE FOR COMPANIES IN EU R O P E REPRINTED FROM:

RISK & COMPLIANCE MAGAZINE JAN-MAR 2014 ISSUE JUL-SEP 2015

& & risk compliance RC

������������ JAN-MAR 2014

��������������������������������� www.riskandcompliancemagazine.com

Inside this issue:

������������������

FEATURE

The evolving role of ������� the chief risk officer ���������������������������������

������������������������������������� EXPERT FORUM Managing���������������� your company’s regulatory exposure ������������

�������������������� HOT TOPIC ��������������������� Data privacy in Europe ���������

���������������������������� �������������

www.riskandcompliancemagazine.com Visit the website to request a free copy of the full e-magazine

Published by Financier Worldwide Ltd [email protected] riskandcompliance@financierworldwide.com 2014 Financier Worldwide Ltd. All rights reserved. © 2015

MINI-ROUNDTABLE

M INI-ROUNDTABLE

FRAUD, COMPLIANCE AND TECHNOLOGY – ADVICE FOR COMPANIES

2

RISK & COMPLIANCE Jul-Sep 2015

www.riskandcompliancemagazine.com

FRAUD, COMPLIANCE AND TECHNOLOGY – ADVICE FOR COMPANIES MINI-ROUNDTABLE

PANEL EXPERTS Stu Bradley Senior Business Director SAS Security Intelligence Practice T: +1 (773) 490 1442 E: [email protected] Stu Bradley has established SAS as a market leader within fraud and improper payments, regulatory compliance and security solutions. He drives SAS’ end-toend strategy for marketing, product development and delivery of these solutions, from data integration to analytic detection to investigation management. His practice also provides advisory services to clients across the banking, capital markets, insurance, health care and government sectors. Mr Bradley has 20 years of experience delivering technology solutions across industries to address clients’ most difficult business problems. Prior to SAS, he was an executive manager for a leading global consultancy in the risk and regulatory space.

David Stewart Business Director SAS Security Intelligence Practice T: +1 (919) 677 8000 E: [email protected] David Stewart leads strategy development, drives product management and provides key marketing counsel for financial crimes solutions worldwide. In addition to working closely with financial services institutions and regulatory agencies, Mr Stewart collaborates with SAS research and development and implementation teams to deliver industry best practices for financial crimes solutions. Previously, he served as a SAS Business Manager for one of the world’s largest financial institutions, managing a team responsible for implementing enterprise-scale projects devoted to customer relationship management and AML initiatives. In addition, Mr Stewart has held various relationship management responsibilities for financial services customers over the past 20 years.

www.riskandcompliancemagazine.com

RISK & COMPLIANCE Jul-Sep 2015

3

FRAUD, COMPLIANCE AND TECHNOLOGY – ADVICE FOR COMPANIES MINI-ROUNDTABLE

RC: In terms of recent trends, could you interfaces, thus enhancing the investigative power provide an overview of how technological and supporting identification of emerging threats. The analytics themselves are also advancing. developments are helping to combat fraud and guide corporate compliance with cyber security procedures? Specifically, how “One of the areas that banks don’t get does this relate to detecting enough credit for is the significant role malware and other online attacks they play in working with law enforcement more quickly? Bradley: The concept of enterprise

to assist in the prevention, investigation and prosecution of criminal activity.”

fraud management is changing. It still requires a focus on aggregating data across channels, and building holistic customer profiles, however with the

David Stewart, SAS Security Intelligence Practice

application of behavioural analytics in real time, organisations can realise more accurate and

Machine learning techniques are being utilised to

faster decision making. In addition to this continuous

continuously improve detection models based upon

monitoring, enterprise solutions are now optimising

recent trends and indicators.

simulation and providing proactive forensic environments across a broader set of information. Through in-memory analytics, simulation that once took hours now takes seconds, allowing fraud analysts to test multiple methods. They can then deploy these new models much more quickly to better respond to flash fraud, and zero day threats that can manifest themselves in the online channel.

RC: When it comes to financial crime, how should companies address the role of big data and technology in today’s globalised world? Are new ways of applying analytics, such as Transaction Monitoring Optimisation (TMO), the way ahead?

Using storage technologies like Hadoop, more data can be stored and quickly surfaced within analytically driven discovery and visualisation

Stewart: When we think of the biggest financial crimes risks companies face, the reputational risk of doing business with criminal rings, sanctioned

4

RISK & COMPLIANCE Jul-Sep 2015

www.riskandcompliancemagazine.com

FRAUD, COMPLIANCE AND TECHNOLOGY – ADVICE FOR COMPANIES MINI-ROUNDTABLE

entities or regimes, or allowing your customers’

accounts, and those accounts to parties, and if

financial credentials to be compromised must rank

applicable to households or corporate parents.

highly. Given the speed and sophistication of these

Rather than have an analyst review individual work

attacks, big data analytics can help firms assess

items, we aggregate the work items to the subject.

their exposure, or collaborate with law enforcement

This reduces the number of widgets worked, and

to stem their exposure in near time versus learning

provides the analyst with a more complete view

about it after the fact. Leading firms are using

of behaviour for the subject. Next, we focus on

analytics to validate and optimise their automated

presenting the appropriate level of information to

monitoring and detection systems to reduce false

understand “Why are there events on this subject?”,

positives, improve the quality of detection and

“Who are they?”, “What’s normal for this subject”,

reallocate some of their investigative staff to focus

and whether the ‘triggering transactions’ and risk

on complex cases and rings. Transaction monitoring

rating for the company merit further investigation.

systems are very good at generating work items

The role of technology throughout this process

on subjects of interest, but visualisation tools can

is to reduce queries to source systems, increase

more quickly illustrate trends in flow of funds,

efficiency and provide governance through

correspondent bank activity, cross-border activity,

automated workflow to provide dual controls for

and so on, at a global portfolio level that may

investigation and filing of regulatory reports.

represent emerging risks to the firm.

RC: Once suspicious activity is discovered, what advice would you give companies as far as the initial steps to be taken? What role does technology play at this point in terms of understanding and reporting?

RC: To what extent are Financial Crimes Investigation Units (FCIU) in banks and other financial institutions assisting in the detection and prevention of global financial crime? Stewart: One of the areas that banks don’t get enough credit for is the significant role they

Stewart: Firms need to be more efficient in

play in working with law enforcement to assist in

detecting, triaging and building investigations on

the prevention, investigation and prosecution of

potentially suspicious activity. The first thing we

criminal activity. Leading institutions are building out

do during an implementation is stage the data so

proactive intelligence units that scour negative news

that transactions can be bridged to associated

events, referrals, case data, social media, consortium

www.riskandcompliancemagazine.com

RISK & COMPLIANCE Jul-Sep 2015

5

FRAUD, COMPLIANCE AND TECHNOLOGY – ADVICE FOR COMPANIES MINI-ROUNDTABLE

data and cyber events to detect previously

still miss the mark. They collect but do not enrich

unknown risks to their customers and reputation.

the information or provide the depth of analytics

Institutions are deploying distributed in-memory

required to make an impact. Cyber security is one of

data architectures, global search, text mining,

the most critical areas where the variety, volume and

visualisation and network analytics to piece together bits of information across silos of data to identify gaps in coverage or trends within specific markets. When attacks occur, or when assisting law enforcement on critical events, institutions now have the tools to provide immediate answers. These technologies

“There has been mass investment in cyber security technology. Yet despite this investment, the average time to detect an intrusion is still measured in months, not minutes.”

are absolutely necessary if the industry is committed to prevention.

RC: How would you characterise the role that cyber security analytics plays in enabling detection, triage and response to breaches?

Stu Bradley, SAS Security Intelligence Practice

velocity of data can be a barrier to understanding an organisation’s true threat landscape. Existing technologies look at a narrow area of security

Bradley: There has been mass investment

without effectively scaling to leverage enterprise

in cyber security technology. Yet despite this

information to detect and mitigate risks.

investment, the average time to detect an

Organisations must take advantage of their data

intrusion is still measured in months, not minutes.

assets and evaluate this information in much greater

This highlights the fundamental issue with the

granularity that ever before. Understanding the

current approach to addressing cyber risk.

normal and abnormal behaviour of an organisation’s

With the constantly changing variants of cyber

network requires the correlation and enrichment of

attacks, organisations can no longer simply rely

billions of daily network transactions with business

on the known attack vectors profiled in existing

context and threat information across the enterprise.

perimeter or endpoint solutions. Storage and

This creates ‘smarter’ data that can be analysed in

event management solutions have advanced, but

multiple different combinations and peer groups to

6

RISK & COMPLIANCE Jul-Sep 2015

www.riskandcompliancemagazine.com

FRAUD, COMPLIANCE AND TECHNOLOGY – ADVICE FOR COMPANIES MINI-ROUNDTABLE

drive better identification of anomalous behaviour.

state. Banks want to shut down anomalous sessions

The ability to apply these behavioural analytic

before their customers are compromised.

techniques in real-time captures a continuous picture of active security risks and helps security organisations better prioritise threats for further triage and mitigation.

RC: In your opinion, how useful is behavioural analytics to detect suspicious customer activity and ultimately prevent fraud?

RC: What do you see as the next major innovation in fraud detection and prevention? How do you expect the landscape to evolve over the coming years? Stewart: Given the millennial generation’s demand for convenience and frictionless commerce, the biggest challenge will be authenticating that the

Stewart: Behavioural analytics are absolutely

user is who they say they are, while not impeding

essential if we want to detect unknown risks

the customer journey. We will continue to see

or behaviours. Fraudsters are clever enough to

convergence of cyber data with behavioural profiles

outmanoeuvre rules-based systems, so adaptive

used for fraud detection. Real-time prevention

analytics that compare activity to the norm are

will be faster and scale to higher transaction

required. In a fraud context, the ability to profile

throughput, models and signatures will incorporate

the historical norm for an account, a card holder, a

more data, such as biometrics, consortium, device,

customer, a merchant, a POS terminal, a device, a

voice, and so on. Some of the information sharing

web session, and so on, is phenomenal. The more

among merchants and institutions is an interesting

profiles available for a customer across multiple

approach, but has much room for efficiency. It will

accounts, the richer our understanding of whether

be interesting to see how much privacy consumers

a payment transaction or new product application is

will forego in exchange for convenience. We’re

legitimate. It’s exciting where in-memory and event

already seeing that innovative fraud operations

streaming architectures will take us in the ability to

are more focused on improving the customer

present more behavioural data to our models during

experience and being an enabler in revenue growth.

the authorisation process. From a mobile and online

Ultimately, some combination of biometrics, near

perspective, being able to analyse session behaviour

field communications and analytics will drive

prior to any payment activity is the desired end

further reduction in fraud and improved customer & experience. RC

www.riskandcompliancemagazine.com

RISK & COMPLIANCE Jul-Sep 2015

7

EDITORIAL PARTNERS

E D I T O R I A L PA RT N E R

w w w. s a s. c o m

SAS As the leader in business analytics software and services, SAS transforms your data into insights that give you a fresh perspective on your business. You can identify what’s working. Fix help organisations turn large amounts of data into knowledge they can use, and we do it better than anyone. It’s no wonder an overwhelming majority of customers continue to use SAS year after year. We believe it’s because we hire great people to create great software and services.

KEY CONTACTS

what isn’t. And discover new opportunities. We Stu Bradley Senior Business Director Chicago, IL, US T: +1 (773) 490 1442 [email protected]

David Stewart Business Director Raleigh-Durham, NC, US T: +1 (919) 677 8000 [email protected]

8

RISK & COMPLIANCE Jul-Sep 2015

www.riskandcompliancemagazine.com

& & risk compliance

RC

www.riskandcompliancemagazine.com

www.riskandcompliancemagazine.com

RISK & COMPLIANCE Jul-Sep 2015

9

risk & & compliance

RC

JUL-SEP 2015 www.riskandcompliancemagazine.com

Suggest Documents