Banks Fail to Stop Large Scale Attacks
Over the past ten years — we could even stretch back to the last two decades — financial crime management has undergone profound and costly structural change. But this may be seen as a mere upgrade compared to the level of disruption that’s coming.
Globalisation, digitisation, open banking, faster payments, cryptocurrencies, new competitors, rapid innovation, high customer expectations, far-reaching regulations, and greater data transparency promise healthy and open competition across the industry. But these drivers are also enablers of fraud. With an open and innovative marketplace, comes an increased and more profitable threat landscape, and by taking a hands-off approach to authentication, fraudsters can more easily move around systems with impunity.
While the criminal economy is taking full advantage of this disruption, banks are struggling to transform their detection systems, techniques, and procedures to mitigate the threat of large-scale attacks.
The crux of the problem is the industry’s dogged approach to managing risk in silos. Banks have created serious operational challenges for themselves. They operate too many detection systems that have become so complex as to be detrimental. Separate systems, heavy customisation, multiple versions, models upon models, layered fixes, manually controlled processes, out of control numbers of false positives, and rotating staff greatly hinders a bank's ability to mitigate crime and remain compliant.
In my latest report, Combatting Financial Crime At Scale, I answer three key questions:
1. Why are we seeing an increase in industrialised financial crime?
2. Why have banks failed to mitigate financial crime?
3. What steps must a bank take to protect itself from an attack?
Part of the answer to question 3 is artificial intelligence. There is inevitability about the use of AI in financial crime management. Big data, behavioural analysis, outlier detection methods, mechanisms to obtain feedback from analysts, supervised learning models, and surgical automation of processes will significantly improve detection rates and financial crime technology performance.
But unless a bank monitors activities in real-time across the ecosystem it cannot identify or prevent a large-scale attack. And when all else fails, the bank must do everything it can to limit the impact of an attack. An early warning system can provide executives with real-time intelligence to be able to take a proportional response in order to contain the attack, such as switching the online environment to read-only mode, for example.
By closing down specific parts of the banking ecosystem, banks can prevent an attack wave from becoming a tidal wave.