search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Fraud prevention & security


Key to Swedbank’s problems were lax internal controls in its Baltic units, principally Estonia and Latvia. The fundamental issue was that both units continued to pursue risky non-resident customers as a business strategy. Swedbank’s Estonia unit even accepted customers off-boarded from another Estonian bank – after it had decided they were a likely money laundering risk. Compounding the problem, Swedbank employees kept certain information about who owned these new accounts outside the bank’s regular customer databases, instead hiding it in a safe. Obviously, that made it difficult to figure out if these people were criminals or under sanctions.


In the wake of the scandal, Swedbank tightened up its customer due-diligence controls, and now also insists that any new relationship with a so-called ‘politically exposed person’ (essentially individuals, like terrorists or war criminals, who are under international sanctions) is first approved by an authorised decision-maker. Another way forward is Invidem. A joint initiative by Danske Bank, DNB, Handelsbanken, Nordea, SEB and Swedbank, Invidem is a simplified way of information sharing – with the ultimate aim of making the KYC process far smoother.


Though the founding banks are also Invidem’s first customers, the expectation is that its services will eventually be expanded to include other banks, as well as non-banks, impacted by money laundering regulations. That includes insurance companies, auditing and accounting companies as well as real estate agents.


Diligence where it’s due


Rooting out dodgy clients via KYC procedures is one thing, but banks face major threats from elsewhere – not least from potential breaches to their systems. Data is commercially sensitive, and unscrupulous actors will happily extract any information if they can. Obviously, prevention is better than cure and the Threat Intelligence-Based Ethical Red Teaming for the EU (TIBER-EU) framework tries to address the issue. Promulgated in May 2018, and developed by the ECB and EU Central Banks, TIBER-EU is designed to be the new standard for threat intelligence gathering and cyber resilience fortification in the financial services industry. TIBER-EU tests mimic the tactics, techniques and procedures of real-life attackers, based on bespoke threat intelligence.


These tests are specifically designed to simulate an attack on the critical functions of an entity and its underlying systems – in other words its people, processes and technologies. However, the tests don’t just pump out passes or fails. Instead, the whole process is simply intended to reveal the strengths and weaknesses of the organisation being tested, in turn helping it reach a higher level of cybermaturity. As good at this sounds in theory, implementation of TIBER testing varies. As Mikkelsen explains, the


Future Banking / www.nsbanking.com


approach is well established in relation to certain types of financial crime, including cybersecurity, but is less developed in others – notably anti-money laundering. A related problem, says Katie Jackson, a partner at Deloitte Forensic, involves the limitations of what regulation can achieve in isolation. For example, governments need to do more to ensure their unique understanding of threats is shared effectively with partners in business to inform and prevent risk.


“Financial intelligence units [FIUs] should be staffed and empowered so they can scale up their analysis of suspicious activity and transaction reporting to identify emerging threats and risks that can be shared,” explains Jackson. “The absence of feedback from FIUs has long been a complaint made in the AML field in particular.”


Increased collaboration Happily, there’s increasing evidence of enhanced collaboration across financial institutions and public- sector agencies. One example, of course, is Invidem. Another is the


transaction monitoring utility in the Netherlands, made up of a coalition comprising ABN Amro, ING, Rabobank, Triodos Bank and de Volksbank. Mikkelsen says this trend will continue across countries, and indeed expand to include more participants, including financial institutions, regulators, industry groups, and intelligence agencies. “Such initiatives are premised on the ability to share information and data for the purpose of detecting and preventing financial crime, which is key,” he explains. “In addition to this, technology and analytics, including real-time connectivity, could revolutionise financial crime risk management and allow for a more effective and efficient operating model.”


In the meantime, vendors are building innovative approaches to detection using machine learning, network analytics and contextual approaches to increase the effectiveness and efficiency of detection. “We have identified the key criterion as a separate part of the application process allowing us to segment clients more diligently,” explains Galdikas of a new system at ConnectPay. “This now allows us to build automation that considers requirements from different jurisdictions and industries, saving time for both us and our customers, and pre-empting any unnecessary communication ‘ping-pong’ that may appear down the road.” All good news. More generally, though, you get the sense that addressing financial crime is like the painting of the proverbial bridge – a job that can never quite be completed. Cybercriminals, if no one else, will see to that. ●


1.2% Tookitaki $321bn


The estimated total of what banks have paid in fines globally, since 2008, for failing to comply with regulatory standards, facilitating money laundering, terrorist financing, and


market manipulation. Tookitaki


49


The total of the EU’s GDP taken up by money laundering.


xpixel/Shutterstock.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57