SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Interview: Cloudera on why analytics is key in the fight against financial crime

Mon, 2nd Dec 2019
FYI, this story is more than a year old

Financial crime is big business – and it's not something that organisations can turn a blind eye to. You only have to look at the recent Westpac saga in Australia to see how financial crime and its implications can be severely damaging for not just financial organisations, but also their customers.

Cloudera's co-managing director of financial services, Dr Richard Harmon, shares his thoughts about financial crime and how analytics can shape the next generation of financial crime prevention.

In general, what is the current state of anti-financial crime programs in financial institutions in Australia and worldwide? 

Financial crime has become increasingly pervasive and permeates all levels of the financial services industry. Criminal networks are creative, connected, collaborative, and ready to exploit any opportunity inside or around the edges of business operations. We now even have state-sponsored actors involved. All of this is deeply concerning not only to the financial services industry and our regulators but to society at large.

Combating financial crime is a huge challenge throughout the world, not just within Australia.  Globally, financial institutions have spent $1.28 trillion in a 12 month period to combat financial crime. Impact on business is significant, with combined revenue lost due to financial crime estimated to be $1.45 trillion in the same time period.

Despite tighter industry regulation, increased awareness and major investment more work is needed to combat financial crime.  Research on the EU market estimates that only 1% of criminal proceeds are confiscated by authorities.

These statistics illustrate the challenges the entire industry faces! One key trend that I believe is not properly emphasised is the agility and sophistication of organised crime.  As an example, synthetic identity fraud is a relatively new fraud typology and one of the fastest growing types of fraud.

This fraud typology is difficult to detect since the limited KYC (Know Your Customer) data most firms have collected are insufficient to detect fake individuals early in the process. The most effective approach to combating this is to leverage advanced machine learning (ML) techniques coupled with a more holistic (ie, enterprise) view of KYC through integrating other data sources from internal and external sources. This is typically referred to as Alternative Data.

Are institutions keeping up with technology, are they compliant with new laws, and most importantly – are they preventing fraud?

The short and blunt answer is no. Traditional financial crime prevention platforms have a limiting effect on an organisation's capability to combat financial crime.  Much of that comes from the siloed organisational structure of the financial crime function.  This limits not only the automation of processes and monitoring capabilities but it also enables criminals to leverage the gaps that exist across the financial crime unit.

However, regulatory and enforcement agencies understand the limitations of current anti-crime regimes. In response, public-private partnerships have been established to fill intelligence gaps and to encourage innovation. 

For example, Malaysia approved the National Anti-Financial Crime Centre (NAFCC) Bill in October. In Europe, the European Union is considering tighter rules  and even considering establishing a separate AML regulator – much like Australia's AUSTRAC - to counter the flow of dirty money into the region's banks and other economic sectors.

In Singapore, the Anti-Money Laundering and Countering the Financing of Terrorism Industry Partnership launched a paper to encourage greater adoption of data analytics solutions by financial institutions in Singapore.

What does Cloudera do to help customers prevent financial crime?

Cloudera is an enterprise data cloud company that enables customers to build out platforms that support an agile, hybrid, multi-cloud environment.

These customers leverage Cloudera capabilities to both generate revenue and mitigate risks, specifically the risks relating to financial crime.

Cloudera encourages customers to take a more unified view of financial crime through the use of a data lake. Such a data lake can remove some constraints and costs associated with siloed operational, analytic and data environments.

There are five key capabilities we provide from a platform perspective which help our customers develop a successful strategy for combating financial crime.  These include real time data ingestion and analytics; advanced machine learning and artificial intelligence; data and analytics anywhere; unified security, governance, and compliance; and continuous innovation via the global open source and academic communities.

Cloudera recently released a video outlining how data and analytics can be used to fight financial crime. In it, you explain that organisations have siloed divisions for security, but they should at least integrate the analytics from those visions.

Could you expand on this point, perhaps explaining why data and analytics integration is so important?

The core of the next generation financial crime prevention platform is the ability to not only automate detection and monitoring systems but to make this much smarter than they are today.   It can only be achieved by using the latest ML and AI algorithms.

But for these algorithms to be effective one needs a supporting cast – so to speak. This supporting cast includes a rich, high quality data environment that is not only the gold source of truth for financial crime prevention but this needs to be supplemented by alternative data that enables the organisation to have a much more holistic understanding of their customers. 

An enhanced KYC capability is not just critical to combating financial crime but it also enhances an organisation's ability to understand their customer's behaviour from which they can develop more personalised products and services.  From this perspective, an investment in an enhanced KYC capability is both a defensive and offensive strategy and as such should be funded from an enterprise perspective not just within the financial crime unit.

What else is new in the area of financial crime prevention?

I will split this into two categories:  What is new on the regulatory side and what is new from an industry perspective.

On the regulatory side, we are seeing more collective and collaborative ownership through public-private partnerships to tackle financial crime. For eg the Joint Money Laundering Intelligence TaskForce (JMLIT) in the UK, which is an innovative partnership between law enforcement and the financial sector to exchange and analyse information related to money laundering and wider economic threats. The taskforce consists of more than 40 financial institutions, the Financial Conduct Authority, Cifas and five law enforcement agencies.

Another example is a program recently announced by the US regulators. This announcement was listed as the “Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing” (December 2018).  In very basic terms, this new approach is designed to encourage regulated institutions to consider, evaluate, and, where appropriate, responsibly implement innovative approaches to meet AML and other illicit financial crime obligations. Pilot programs that expose gaps in a compliance program will not necessarily result in supervisory action.

The Agencies will establish projects or offices that will work to support the implementation of responsible innovation and new technology in the financial system.

From my perspective, this means that organisations are encouraged to utilise the most advanced “blackbox” ML and AI algorithms to combat financial crime – something not permitted in the consumer lending sector.  Furthermore, if they find previously hidden criminal activity that this will not necessarily result in an enforcement action and that the regulator wants to accelerate the approval and implementation process to operational these new approaches or technologies. 

I think other regulatory bodies will soon follow suit with this type of an approach.

On the industry side, much of the innovation coming into the financial crime prevention space is coming from the fintech and regtech communities.  They are accelerating the option of new “alternative” data sources and of new ML and AI enabled capabilities that address specific shortcomings in core legacy financial crime prevention platforms. Cloudera supports this community from both a platform - enablement perspective.

How could private-public-industry-academia collaboration broaden the wider understanding of financial crime, and how technology can help to prevent it?

This is a great question and something that really needs more attention and investment.

As I mentioned earlier, there are several of these collaborative efforts underway but suspect that the regulators will need to be more active to drive deeper collaboration across all parties.

Since criminals seek the weakest link across the financial services networks, they work across many institutions and regions not just against a single institution. If collaboration can be done across multi-country or regional basis supported by a technology environment that enables data sharing then I would expect further advancement in crime awareness and prevention.

One example of financial crime that is playing out in real life lately is Westpac Australia's breach of anti-money laundering and anti-terrorism laws by failing to report 23 million instances of fraud, accounting for $11 billion. The bank failed to conduct due diligence, appropriate reporting procedures, record keeping, and child exploitation detection.

Could something like this happen to any financial institution, and if so, what do you believe could cause oversights and failures like this?

What's been happening in Australia recently is undoubtedly a major wake up call for financial institutions everywhere, but Australia is not unique. This is a global concern.   I think we are all aware of last year's situation with Danske Bank and others EU institutions that have suffered similar shortcomings over the past year.   

What could the consequences be for any financial institution that ends up in such a situation?

The consequences for any financial organisation that could find itself in a situation like we're seeing in Australia and in Europe are significant. The cornerstone foundations of any successful bank are based on trust and reputation. It can take years to build a trustworthy reputation and it can be eroded so quickly if adequate strategies and due diligence behaviours have not been enforced.

At the very least, banks will lose customers and shareholder value.  At the very worst, consequences could be much more severe with management and boards being forcibly changed.

What should other financial organisations such as banks take away from this lesson?

Existing siloed financial crime prevention functions need to be modernised with the greatest value coming from developing a holistic KYC capability coupled with a coordinated ML and AI approach across the various financial crime prevention functions.

Investment in financial crime prevention should be viewed from an enterprise perspective since these investments will yield new insights into customer behaviour and allow for a more personalised approach in delivering innovative products and services to customers.

The next generation financial crime prevention platform is not a software solution, but an institutional wide data and analytics journey as outlined by the four recommendations for gains in efficiency and effectiveness.

Any last thoughts?

I would like to end by noting a paper from McKinsey (Transforming Risk Efficiency and Effectiveness – April, 2019) that while focused on transforming risk equivalently applies to the current challenges in financial crime prevention. They cite four mutually reinforcing areas for improved efficiency and effectiveness:

  • Optimising the organisation yields effectiveness gains by clarifying responsibilities, increasing accountability, and matching talent to jobs.
  • Rationalising governance eliminates unneeded activities, frees up a scarce and precious resource – including management bandwidth - while yielding some direct efficiency benefits.
  • Streamlining and strengthening processes enable critical gains in efficiency through automation of many manual processes.
  • Digitising and deploying advanced analytics analytics permits institutions to embed automated real-time (or near-real-time) financial crime prevention controls within core processes. This reduces control failures and makes far more efficient use of valuable resources.

I think these four recommendations are great guidelines towards developing the next generation financial crime prevention platform.

Follow us on: