A case for unification of financial crime, fraud, and cybersecurity operations

In general risks associated with financial crime involve three kinds of counter measures: identifying and authenticating the customer, monitoring and detecting suspicious transaction and behavioral anomalies, and responding to mitigate risks and associated issues. Each of these activities, whether taken in response to fraud, cybersecurity breaches or attacks, or other financial crimes, are supported by many similar data and processes. Indeed, bringing these data sources together with analytics materially improves visibility while providing much deeper insight to improve overall detection capability. In many instances it also enables prevention efforts.

In taking a more holistic view of the underlying processes, financial inst. can streamline business and technology architecture to support a better customer experience, improved risk decision making, and greater cost efficiencies. The organizational structure can then be reconfigured as needed. 

Converging crime pathways: Crime pathways are merging and converging, that leads to blurring traditional separation among cyber breaches, fraud and financial crimes.

Fraud and Insider threat: Internal / insider and external threats, market abuse and misbehavior, retail / nonmetal threats.

Cyber security breaches: includes system availability, confidentiality, integrity.

Financial crimes: Money laundering, Tax evasion and tax fraud, bribery and corruption. 

Now, in typical modern attack on financial institution scenario:  

• SWIFT credentials gets stolen with help of insider or phishing attack 
• Malware installed on computers prevent discovery of withdrawals
• Funds routed to another account out of country to third back
• Withdrawals made at third bank through multiple transactions not blocked until too late 

Holistic unification: Three models for addressing financial crime are important for our discussion. They are distinguished by the degree of integration they represent among processes and operations for the different types of crime 

Generally speaking organizational and governance design are the main considerations for the development of the optimal operating model. Institutions will need to take a more holistic approach to common processes and technologies and doubling down on analytics—potentially creating “specialized solution groups” to develop more sophisticated solutions. It is feasible that an institution will begin with the collaborative model and gradually move toward greater integration, depending on design decisions. To begin with financial inst. can identify partial integration as their target state, with a view that full integration is an aspiration state.

1. Initial collaborative model:  In this status quo model, each of the business domains financial crime, fraud, and cybersecurity maintain independent roles, responsibilities, and reporting. Each unit builds its own independent framework, cooperating on risk taxonomy and data and analytics for transaction monitoring, fraud, and breaches. The approach is familiar to regulators, but this model offers little of the transparency needed to develop a holistic view of financial-crime risk. In addition, this often leads to coverage gaps or overlaps among the separate groups and fails to achieve the benefits of scale that come with greater functional integration.
2. Partially model for cybersecurity and fraud: In which cybersecurity and fraud are partially integrated as the second line of defense. Each unit maintains independence in this model but works from a consistent framework and taxonomy, following mutually accepted rules and responsibilities. Thus a consistent architecture for prevention (such as for customer authentication) is adopted, risk-identification and assessment processes (including taxonomies) are shared, and similar interdiction processes are deployed. Deeper integral advantages prevail, including consistency in threat monitoring and detection and lower risk of gaps and overlap. The approach remains, however, consistent with the existing organizational structure and little disrupts current operations. Consequently, transparency is not increased, since separate reporting is maintained.
3. Unified model: In this fully integrated approach, the financial crimes, fraud, and cybersecurity operations are consolidated into a single framework, with common assets and systems used to manage risk across the enterprise. The model has a single view of the customer and shares analytics. Through risk convergence, enterprise-wide transparency on threats is enhanced, better revealing the most important underlying risks. The unified model also captures benefits of scale across key roles. The main disadvantages of this model are that it entails significant organizational change, making bank operations less familiar to regulators. And even with the organizational change and risk convergence, risks remain differentiated.