Bank Secrecy Act 2.0 - A new Chris Swecker White Paper

Chris Swecker

I just finished reading Chris Swecker’s white paper Bank Secrecy Act 2.0.  Chris is a financial crimes consultant and was the former Assistant Director of the FBI’s Criminal Investigative Division and former Corporate Security Director for Bank of America. 

In his paper, Chris asserts that as FinCEN devotes more time to become the nations Financial Intelligence Unit (FIU) they will continue to turn more and more to big data and analytics in their duties.   He believes that FinCEN will uncover more linkages between crimes, money laundering and terrorist financing.   Chris says “there are very few scenarios where terror financing will take place without engaging in some type of supporting criminal action". As more of these linkages are discovered there will be increasing pressure for banks and other financial institutions to tear down the traditional barriers between risk and fraud based groups and processes that are often siloed within organizations.

He warns that basic compliance will no longer suffice and financial institutions need to prepare for the eventuality that the financial regulators will constantly raise the bar for requirements of integrated and more holistic views of activities in their organizations.  

Click this link to get the Verafin sponsored white paper http://bit.ly/VqCeIQ

Some organizations are well on the way to having an integrated Financial Intelligence Unit.  Earlier I blogged about the opportunity for a middle ground (see early blogpost - http://bit.ly/ShOEXH.)  Whether you reorganize, integrate or just plan for increased cooperation and a common platforms for data sharing,  it’s time for financial institutions to prepare to tear down some walls – many of which have been built up over many years. 

Verafin sponsored this paper, and I am doing a lot of work with them these days, and I just wanted to be open about that. 

Brian Krebs - Big Banks Mules target Small Banks Customers

Brian Krebs - KrebsonSecurity

Brian Krebs, a long time industry veteran writes a great blog called KrebsonSecurity.  It covers online crime investigation, latest threats and 'cyber justice'.   

Today, his blogpost entitled 'Big Bank Mules Target Small Bank Businesses' discusses some of the latest fraudulent activity that involve large financial institutions being leveraged to commit fraud at community banks and credit unions.  He provides his readers with things to consider whether you work for a small or large bank or a business.

What I found most interesting was his discussion of whether it's safer to bank at a large institution that has lots of resources and big risk or at a smaller community or regional bank where - arguably the risk is lower but so also the anti-money laundering and fraud detection capabilities. He argues that if he were a cyberthief today he would target the smaller banks.

I strongly encourage you to read his blogpost http://bit.ly/112hLwb

FRAML - is there a middle ground?

FRAML – the concept of financial institutions merging anti-money laundering and fraud detection efforts into one set of processes, organization structures and actions has been debated for some time.

Certainly, there are advocates of merging Fraud Detection and Anti-Money Laundering (AML) departments, people, processes and technology into one cohesive business unit.  Financial Institutions are rapidly forming new Financial Intelligence Units (FIU).  Based on the fact that many of the criminals are participating in both fraud and money-laundering, and the fact that there are overlaps in the requirements of both AML and Fraud groups it would appear that the creation of an FIU is an obvious and efficient move on the part of financial institutions.

There are other organizations however who do not see the reasons to merge these different and distinct functions.  Their view is that the purpose of the Fraud department is to protect the bank and the bank’s customers.  This naturally rolls up to the security, risk and audit functions within the bank.  The role of the AML group’s role is driven more by Compliance and therefore they have different priorities, processes and drivers, which drive different behaviors and inhibit the thoughts of merging their functions.

Is there a middle ground?

For organizations that want to keep their AML and Fraud groups separate for a number of valid reasons, there is an answer.  That is, to consider a common technology platform to serve both groups.  Let the Fraud and AML groups share customer information, transaction history, analytics, customer behavior, detection, reporting and alerting technologies.  Not only will both groups benefit from the efficiency of putting in one technology to support both business processes, there is the opportunity to have a more holistic view of customer behavior that may benefit both groups.

They will also benefit from a common technology that manages the compliance aspect of their duties – i.e. filing Suspicious Activity Reporting (SARS).  This single-threaded approach to reporting and analytics will provide both improved effectiveness based on shared information and processes, and also improved efficiency by having a single solution for both groups.   Adding to this, if an organization decides to create an over-arching FIU later, the process becomes much easier if both departments are already on a shared platform.

Introduction to Money Laundering

It's evident that there is an increasing amount of fraud and money-laundering happening in the US banking industry. In my anti-money laundering research I came across this 4 minute video that explains to the casual observer what money laundering really is.  It explains the three steps in the process and why US banks are a big target for money launderers.  

The video can be found at MONEY LAUNDERING VIDEO

Steps to Improve AML Compliance - a Case Study

I have been reading a lot trying to learn what I can about fraud detection and anti-money laundering.   What's driving the need?  What are the latest trends?  Why combine them?   I happened along a story  at www.bankinfosecurity.com on Thomaston Savings bank and their reasons for consolidating the departments and combining their fraud detection and anti-money laundering departments.    In the article they argue that while Thomaston is a smaller bank the article argues that small and large banks alike face heightened scrutiny and 'relying too heavily on rules-based software can hinder an institution's attempts at identifying high-risk customers in a real-time fashion."

To read the full story here - 

Bankinfosecurity.com - Thomaston Bank Story

I find that Tracy Kitten for Bankinfosecurity.com  provides good content for those looking for more information on this topic.

First Bank of Delaware to Pay $15M for Violating Anti-Money Laundering Laws"

In its first enforcement action of the year, the Financial Crimes Enforcement Network ("FinCEN"), in conjunction with the Federal Deposit Insurance Corporation ("FDIC"), assessed concurrent civil monetary penalties of $15 million against First Bank of Delaware ("First Bank") for violation of the Bank Secrecy Act ("BSA") and anti-money laundering ("AML") laws and regulations.

To read the full article click this link:  First Bank of Delaware to pay $15m for violating Anti-Money Laundering Laws

Introduction to FRAML

Chris Sercy and Larry Iwanski are part of Ernst & Youngs's Fraud Investigation and Dispute Services practice.  They co-authored  a paper entitled Anti-Money laundering compliance - The need for 'outside-the-box' investigations.

In the paper they discuss the challenge of maintaining compliance in a world where an ever-increasing sophistication of crime, new regulations, and internal policy and procedure changes provide a daunting task for banks and credit unions.

This paper provides some good reading and a nice introduction into the world of FRAML.   The paper can be downloaded by clicking here - Anti-money Laundering Compliance

New Blog on FRAML - Fraud and Anti-Money Laundering

I am spending some time delving into the the world of FRAML - the combination of fraud and anti-money laundering initiatives.   This is intended to introduce and educate readers as I seek to understand more about the challenges facing financial institutions today.   My particular focus will be on information technology and its role in helping banks and credit unions in their efforts to mitigate risk, comply with regulations and reduce financial crime when and where possible.

Under my full disclosure policy I am an independent consultant in the enterprise software space, but I am doing some work with Verafin - a company who provides FRAML (fraud and anti-money laundering) solutions for North American Banks and Credit Unions.   

I am brand new to the world of anti-money laundering and fraud detection.  I intend to share my findings, research and experience as I learn. 

This blog is not Verafin sponsored, and all views, opinions and contributions are my own.