FORUM: Using technology and Big Data to tackle fraud and money laundering
August 2016 | SPECIAL REPORT: TECHNOLOGY RISK MANAGEMENT
Financier Worldwide Magazine
FW moderates a discussion on using technology and Big Data to tackle fraud and money laundering between Raghunath Nambiar at Cisco, Karim Rajwani at Deutsche Bank, Kate Robu at McKinsey & Company, and Matthias Oberlinner at Siemens AG.
FW: Can you provide insight into the ways that financial institutions are using technology and Big Data as part of their financial crime management policies and procedures?
Nambiar: Today, financial institutions (FIs) depend on data as the foundation of their businesses. Precisely because of that, the financial services sector is particularly vulnerable to financial crime. No surprise – it’s where the money is. A significantly larger percentage of FIs, at 45 percent, suffer from financial crime compared to all other industries at 34 percent on average. Big Data and analytics are the financial industry’s greatest weapon against such key threats as asset misappropriation, cyber crime, money laundering, accounting fraud, and bribery and corruption, which add up to billions of dollars in losses every year. Roughly 5 percent of a financial institution’s revenue is lost annually to crime. And the value of what criminals actually take is only part of the cost – there are also regulatory penalties, civil judgments, the cost of litigation, and the expense of investigations. Financial firms know that there is a lot at stake. More than half of them have increased spending on financial crime prevention by more than 20 percent in recent years, at a time when every other aspect of their business is under pressure to cut costs.
Rajwani: FIs have been using technology extensively to manage and mitigate their money laundering or terrorist financing risks, including the use of monitoring systems to identify suspicious activity, screen systems to identify politically exposed persons, individuals that are listed on various controls lists, issued by government authorities and payment filtering systems to identify payments associated with a sanctioned person, entity, vessel or country.
Oberlinner: Today, technology plays a considerable role in preventing and identifying financial crime. From available lists that identify individuals connected to money laundering and other crimes, to complex monitoring software that recognises transactional patterns on groups of accounts, the combination of internal and external data points enables FIs and industry corporations to manage their customer and transactional risks. An important means of achieving this is the centralisation of a company’s master data. In today’s environment, any international corporation must ensure they take a global view on their data – in line with the relevant data privacy laws – to be able to identify fraudulent behaviour that crosses national borders. These methods go hand in hand with other more standardised measures of preventing internal fraud, methods such as access controls, segregation of duties and continuous control monitoring. Additionally, only central transparency, via a central clearing of funds of all bank accounts, enables a central control.
Robu: Over the last few years, most large FIs have made significant investments in financial crime management, including in talent, technology, analytics, reporting and policy. However, most of these programmes were built through a series of reactive initiatives designed to address specific regulatory concerns, leading to fragmented systems, bad reference data and layers of complex manual processes. The regulatory bar remains high, putting the sustainability and scalability of the FIs’ current resource-intensive financial crimes programmes at risk. So while Big Data does offer a number of opportunities to innovate in this space, the real and immediate problem for FIs is how they can leverage ‘small data’ within their institutions and optimise or tech-enable their internal processes in a way that drives greater effectiveness and efficiency.
FW: In what ways can technology and Big Data help organisations better understand their customers, employees and business partners, and thus reduce instances of fraud?
Rajwani: The improvement in Big Data technology allows FIs to consolidate their data from different systems across different lines of business in a more efficient and cost effective way, providing the FIs a consolidated 360 degree view of their customer information. Data visualisation on Big Data also plays a big role in giving organisations different insights to their clients’ behaviours.
Oberlinner: In Germany, the industrial sector has significant responsibilities regarding the safeguarding of its business transactions against money laundering – not to the same degree as the financial sector, but it is often equally as challenging. The identification and screening of the high risk groups of contract partners is one such responsibility. While the volume of available data is important, there are two critical aspects. Firstly, from a preventative point of view, you want the most comprehensive data possible, but this is often in contrast to relevant data privacy laws. Therefore, the linking of multiple data sets from multiple sources for specific purposes gets you a complete picture. This is currently not easily achievable, but even linking a small number of data sets can already produce significant insights. Secondly, correct data interpretation means that the best data is worthless if one cannot draw the right conclusions. Not every pattern that is established via Big Data and data linkage is relevant to the underlying issue. Correlation does not imply causation.
Robu: There are three specific opportunities for FIs to drive step-change transformations of their financial crimes management programmes. First, use analytical tools that thrive on unstructured data to solve the bad reference data problem, versus investing hundreds of millions of dollars to build ‘clean’ structured data warehouses. Second, use behavioural variables and advanced modelling techniques to pick up ‘hidden’ patterns in data and have much more predictive power than current linear rules. One example is reduction in false positives and false negatives in transaction monitoring. Finally, support experts with prescriptive case management tools, alert investigators, for example.
Nambiar: At a time when many financial services – especially in banking – have become increasingly commoditised, Big Data offers an opportunity to distinguish one financial institution from another. After all, every financial transaction, no matter how small, produces data, so the industry is sitting on vast treasures of potentially very valuable information. As an evidence of the rate at which profits have shrunk due to competition at the same time that data processing has grown in importance, over the past two decades, the margins on deposits and cash equities have declined by 33 to 50 percent, while the need for computing power in the financial services industry has grown 200 to 500 percent faster than revenue. By using advanced analytics to explore this Big Data, FIs have the opportunity to learn in depth about their customers, employees and partners to transform almost every aspect of their businesses. Big Data enables hyper targeted marketing, optimised transaction processing and personalised wealth management advice, among many, many other possibilities.
FW: In your opinion, where in the corporate management structure should responsibility for tackling fraud and money laundering using technology and Big Data reside?
Oberlinner: While this always depends very much on the individual situation in a specific company, traditionally, the CFO is responsible for the control of the funds. At Siemens, anti-money laundering governance is a core topic of the compliance system that acts as a focal point for the various departments implementing the relevant safeguards. Employing technology and Big Data for AML requires the expertise of multiple functions throughout the company – for example, finance & accounting, supply chain, legal and compliance, and so on. The knowledge contained within these departments allows the design of appropriate controls that are then integrated into the systems by the IT department.
Robu: Solving this complex problem requires a cross-functional partnership and a truly new way of working between business, operations, compliance, analytics and technology teams, such as in the context of an agile ‘digital lab’. In terms of ultimate ownership and accountability for the resulting solution, that depends on which part of the value chain we are talking about. For instance, financial crimes management processes and controls associated with the new customer on-boarding process would be owned by the business. Meanwhile, a solution for the alert investigation process would be owned by operations where it often resides.
Nambiar: Typically, regulators are looking for a chief compliance officer, chief legal officer or even chief data officer to have overarching responsibility for tackling fraud and money laundering. However, the trend is toward a broader risk-based approach, with shared responsibility by management, staff, the board of directors and internal audit. Accomplishing this transition to broader responsibilities requires a cultural change in the organisation, however.
Rajwani: Responsibility should be a joint effort between the anti-financial crime (AFC) department and technology department. Technology departments provide the technology infrastructure and tools support, enabling the anti-financial crime department to have the capability and flexibility to improve fraud and anti-money laundering detection through faster and better data analytics and insights.
FW: What advice can you offer to organisations about the logistics involved in modifying their databases and data sets to capture suspicious activity?
Rajwani: In recent years, there has been a significant focus on data management. Many organisations have struggled to have clear insight to the data used for monitoring. There is growing regulatory data requirement, with an emphasis on data lineage, data mapping, data quality in model validation and documentation. Organisations need to focus on data management frameworks and strategy, which are the backbone of many anti-financial crime monitoring systems.
Nambiar: Data analysts in FIs today are being held back by the accelerating volume, variety and velocity of data that they are creating, collecting, processing and storing. Data analysts waste their time attempting to reconcile siloed data that is fragmented, duplicated, inconsistent, inaccurate and incomplete. All this can hamper their financial crime-fighting efforts. Traditional solutions have been expensive and time consuming, because they depend on integrating fragmented point solutions. Therefore, the most important challenge is to enable analysis of complete data sets spanning multiple silos: the goal is to combine many data formats and structures in a single data repository, or data lake to accelerate insight. In addition, you need a high-performing infrastructure that can scale as applications demand.
Robu: Large FIs have complex and fragmented legacy databases. While undoubtedly a big enterprise asset, creation of a consolidated and structured ‘data lake’ requires significant investment of resources and time. It is unlikely that institutions will be able to fully avoid the need to make these investments to improve their data quality at source, make it consistently and rapidly available and have the governance disciplines to demonstrate robustness of data. However, FIs need to start thinking creatively about how to overcome these legacy issues sooner by using advanced analytical tools that do not require clean structured data – such as machine learning and fuzzy logic – either through in-house capability building or in partnership with FinTech organisations.
Oberlinner: The centralisation of data pools where possible and the combination of the various data sources available in a large corporation are key when screening for suspicious activity. It is not a good solution to simply duplicate the local data in a larger database. Instead, it appears prudent to keep the independent data sources and establish interfaces to interconnect them – in real time – in order for the alarm to be raised before the transaction is executed. Additionally, it is not just about detection the fraud itself, but also about detecting any preparatory actions – therefore predicting the fraud. To achieve this, an analysis of past cases by experts in data mining and pattern recognition is a big help.
FW: To what extent have regulatory requirements, such as those presented by Solvency II, affected the way that financial institutions use their technology and Big Data policies?
Nambiar: In addition to stopping financial criminals, financial services firms feel challenged by growing expectations for legal compliance and reporting. Data accuracy is clearly critical to meet regulatory requirements. For example, Solvency II requires FIs to have “internal processes and procedures in place to ensure the appropriateness, completeness, and accuracy of the data”. These processes and procedures usually involve big data technology, but should also include data policies, standards, roles and responsibilities to help ensure that data integrity is intact. And Solvency II is not alone. Under the Data Protection Act 1998, FIs must help to ensure that customer data is “accurate and, where necessary, kept up-to-date”. They must also demonstrate to regulators that they have active programmes in place to prevent financial crime, with controls that are stringently enforced and standard across business units around the world.
Oberlinner: Regulatory requirements about equity ratios, the underlying risk calculations and the overall requirements of authorities for data and information are expected to become ever stricter. Whoever is best at ‘manage and know your own data’ will have a competitive advantage in preparing and keeping up with the changing rules for risk calculations and the reporting and archiving requirements. A high quality IT infrastructure and high quality data are prerequisites for an excellent risk control system. They require continuous monitoring, improvement and investment.
Robu: The regulation that has pushed FIs forward the most on data has been BCBS 239, covering Risk Data Aggregation and Reporting principles. These principles target global significantly important banks (GSIBs), which were expected to be aligned with the principles by January 2016. Domestic significantly important banks (DSIBs) are expected to follow soon after. These principles call for improved governance of data, better data quality, more automation, timely reporting and various other data practices. The Office of the Comptroller of the Currency’s heightened standards reinforce these principles and various other regulations are insuring banks introduce these disciplines into other activities, such as CCAR, FATCA, AML, recovery resolution and SREP, as well as to other industries such as Solvency II for insurance. In general, FIs are making slow but positive progress on improving data capabilities, but have a long way to go, especially as they make strides to bring together the capabilities they have built for regulatory purposes together with how they run the business.
Rajwani: Regulatory requirements, such as those presented by Solvency II, require FIs to gather data across all sources within the organisation for calculation and reporting. This process of gathering of all data is an expensive exercise, and many times, different areas of the FI will recreate a separate data channel from the same source systems for other purposes, such as marketing, risk management, AML or fraud monitoring. With the advancement of Big Data technology, some FIs are leveraging enterprise data warehouses as means of meeting all of their data needs. By populating all of a FI’s source systems data into a data lake, other areas of the FI can benefit from consuming the same data without having to incur any additional costs.
FW: Overall, what key advice would you give to financial services firms about building a model that can help analyse employee behaviour, identify trends and function as an effective red-flag system?
Robu: FIs should adopt the ‘new co’/’old co’ approach to drive a step-change transformation in this area. Start by developing a clean-sheet vision of what the tech-enabled financial crimes management operating model should look like. Explore partnerships and innovative third-party solutions as part of this vision. Launch initiatives that drive the greatest value in the near term – for example, to remediate critical ‘hot spots’, to reduce the false positives, to reduce cycle time for closing investigation cases – and follow with the remaining roadmap. To develop a solution that is fit for purpose and get stakeholders invested in the success of its adoption, set up a cross-functional agile digital lab which designs the end state vision and builds the solution in an iterative and value-driven way.
Rajwani: FI’s should consolidate data into a single platform. Unify and simplify the different transactional systems and databases into a single model. Apply proper data management frameworks on acquiring, transforming and consuming the data. Once the data is centralised, conformed to a single model and made reliable, analysing the data will be significantly easier.
Oberlinner: Unfortunately, recent leaks and media reports have suggested that in cases of, for example, money laundering, employees of financial services often actively facilitate the behaviour. Accordingly, the internal controls and red flag system were filled with the ‘right’ answers to circumvent sounding the alarm. Only systems that analyse ‘difficult to fake’ data – such as combined transactional amounts in a specific timeframe – are able to raise a red flag. A fundamental advice would therefore be to base your model on such factors. Additionally, data that is certified by multiple persons on different organisational levels has proven slightly more resilient to manipulation. Overall, the model must be flexible and its indicators require constant updates. Indicators should be based on information from past cases and what can be seen in an in-depth post-mortem analysis. If a certain indicator was present in a case, add it to your model and screen for it in the future.
Nambiar: Most FIs use less than 5 percent of their data to fight financial crime. Institutions limit themselves in this way because the rest of the data is simply considered too expensive to use. Big Data provides a new opportunity because it lets firms look at the remaining 95 percent without breaking the bank. Creating a centralised data lake and making it the centrepiece of your information architecture promotes the centralisation of all data, in all formats. This data can then be made available to all business users, with full fidelity and security, and deployed on standard based platforms with much lower capital expenditure per terabyte than with traditional database technologies. This centralised data lake is the place where you store all your unknown-value data – whether for compliance, or to perform customer segmentation and investment modelling, or for more sophisticated applications such as real-time anomaly detection. It speeds up business intelligence reporting and analytics to deliver better throughput for key service-level agreements. It also increases the accessibility of data to support business growth while combating fraud. Above all, it extends the value of, rather than replaces, past investments in database technology.
FW: How do you envisage the use of technology and Big Data in the fight against financial crime developing over the coming months and years? Do you believe that this trend will lead to earlier detection and prevention of financial crimes?
Oberlinner: Addressing the issue from the point of view of industry, technology and Big Data will play a bigger role in fighting financial crime. The available data will allow a better differentiation of low and high risk business transactions and enable an appropriate focus of resources. The challenge, however, is the explosion of available data that makes identifying the right information more difficult. More open source data will not solve the underlying problem. Openly available corporate ownership information and increased financial transparency are key aspects for the future fight against financial crime. Knowing who ultimately benefits from a business transaction and where their money comes from will allow industry corporations and FIs to take a big step in the fight against financial crime. While the discussion after the recent terrorist attacks and information leaks suggest that the public and legislative bodies want this transparency increased, we have not yet seen concrete laws established in many jurisdictions.
Nambiar: Big Data technologies continue to evolve, and these changes will of course affect the financial services industry in its fight against financial crime. First, a selection of optimal software and hardware technologies is critical. On the infrastructure side, standards-based architectures can scale from small to very large as data sets grow. Second, technologies such as machine learning will be increasingly applied to financial crime, especially for real-time analysis and reporting. Third, Big Data leaders will accelerate their advancement over laggards. We will see an increased evidence of strong, quantitative business returns on Big Data in the financial sector both from increased capabilities to fight fraud and from competitive differentiation. Fourth, data governance, integrity and other compliance activities will become more intimately integrated with Big Data platforms. Fifth, the IoT will arrive in force for FIs. For the telecommunications, retail and manufacturing industries, the IoT is already here. For financial services firms, the impact remains to be seen. Finally, although customer-centric and growth initiatives will drive most FIs’ Big Data initiatives, risk and regulatory data management will increasingly become priorities for Big Data and analytics investments.
Rajwani: The use of Big Data and machine learning is starting to emerge. Machine learning on Big Data will help organisations to identify hidden relationships or attributes by looking at the result of past events. This will lead to earlier detection and prevention of financial crimes in the distant future as the industry matures on using Big Data technology and machine learning on financial crimes.
Robu: Intelligent adoption of technology and both ‘small’ and ‘big’ data in compliance is becoming a key source of competitive advantage in financial services. It is particularly true in the financial crimes management space where the current resource-intensive model deployed by FIs is neither sustainable nor effective. First, as business processes get digitised, FIs get access to more and better quality customer and transaction data across products and channels. Second, access to the increasingly broad set of traditional and non-traditional data sources allows for much more powerful analytical models and a much more granular view of what constitutes suspicious activity. Finally, at-scale data processing platforms will be integrated with business processes through a virtuous cycle of insights, meaning that analytics will feed into frontline decisions, and frontline decisions and data will feed into analytical engines that continuously improve the quality of insights. This will undoubtedly lead to earlier detection and prevention of financial crimes and overall increased transparency across the industry over time.
Raghunath Nambiar is a distinguished engineer and chief architect of Big Data and analytics solution engineering. His current focus areas include emerging technologies, data centre solutions, and Big Data and analytics strategy and he is also Cisco’s representative for standards bodies for system performance. He is a member of the IEEE Big Data Steering Committee, the board of directors of the Transaction Processing Performance Council (TPC), and founding chair of its International Conference Series on Performance Evaluation and Benchmarking. He can be contacted on +1 (408) 527 3052 or by email: firstname.lastname@example.org.
Karim Rajwani is currently the global head of anti-financial crime IT strategy for Deutsche Bank. Prior to this role he was chief of anti-money laundering for the RBC Financial Group (RBC), responsible for leading the group’s global anti-money laundering, anti-terrorism and client risk management and anti-bribery initiatives. Mr Rajwani has more than 30 years of risk management, compliance and financial accounting experience. He can be contacted on +44 (0)20 7545 8000 or by email: email@example.com.
Kate Robu is a partner in the Chicago office of McKinsey & Company, serving clients in the financial services industry on topics of regulatory compliance and operational risk management. Ms Robu leads McKinsey’s work on compliance risk management and anti-money laundering, including the development of proprietary knowledge and tools. Her expertise also includes topics such as controls automation, design of the lines of defence, vendor risk management and risk advanced analytics. She can be contacted on +1 (312) 795 7084 or by email: firstname.lastname@example.org.
Matthias Oberlinner is the head of the compliance anti-money laundering department at Siemens AG. He is responsible for the management and implementation of the global anti-money laundering system. Prior to this role, he served as the head of the compliance investigation office for Asia and Australia for Siemens Ltd., China. Mr Oberlinner also has significant knowledge of IT security, data analytics and process management. He can be contacted on +49 89 636 00 or by email: email@example.com.
© Financier Worldwide