63rd RBAP Annual National Convention and General ......enterprise-wide anti-fraud initiatives as well as day-to-day fraud management Create future state model defining the 1st, 2nd,

63rd RBAP Annual National Conventionand General Membership Meeting

Cebu City24 May 2016

www.pwc.com

PwC 2

PwC

Stark realities of Fraud

3

J.P. Morgan Advisor Admits Stealing $22MFrom Clients

Seniors lose $36.48B each year to elderfinancial abuse

Card fraud costs the US billions each year

Payment card fraud cost the US $7.9 billion lastyear alone, an increase of almost 60% from fiveyears earlier…. In 2014, the US generatedalmost half of the world’s total card fraud despiteonly comprising one-quarter of transactions.That's because the US had the least securepayment card ecosystem.

U.S. charges three in huge cyberfraudtargeting JPMorgan, othersU.S. prosecutors on Tuesday unveiled criminal charges accusing threemen of running a sprawling array of hacking and fraud schemes,including a huge 2014 attack against JPMorgan Chase & Co, thatgenerated hundreds of millions of dollars of illegal profit.

Prosecutors said the enterprise dated to 2007 and included pumpingup stock prices, online casinos, payment processing for criminals, anillegal bitcoin exchange, and at least 75 shell companies and accountsaround the world.

FBI: $1.2B Lost to Business Email ScamsThe FBI today warned about a significant spike in victims anddollar losses stemming from an increasingly common scam in

which crooks spoof communications from executives at the victimfirm in a bid to initiate unauthorized international wire transfers.According to the FBI, thieves stole nearly $750 million in such

scams from more than 7,000 victim companies in the U.S.between October 2013 and August 2015.

City Odds Capital Director Charged in $78 MillionPump and Dump Scheme

Citi May Face$872M Charge

over AIB RougeTrader Suit FBI: Public & Private Sector Officials at Risk

for Social Engineering to Gain Access toVictims’ Data

Fraud threats and attacks are becomingly increasingly common and impact brand, competitive advantage, and shareholder value.

PwC 4

1,5

50

1,7

26

1,9

51

2,2

25

2,5

75

3,0

15

3,5

71

10.0%

11.4%

13.0%

14.0%

15.7%

17.1%

18.4%

0.0%

2.0%

4.0%

6.0%

8.0%

10.0%

12.0%

14.0%

16.0%

18.0%

20.0%

-

500

1,000

1,500

2,000

2,500

3,000

3,500

4,000

2013 2014 2015 2016 2017 2018 2019

Market Size Growth Rate

Expected to reach US$3.6B billionby 2019, growing at an averageCAGR of 15.6%, as compared to5.6% for AML

This includes fraudauthentication, analytics,reporting & visualization, andGRC

Source: Markets and Markets; CAGR is 2014 to 2019; excludes insurance

Global fraud detection and prevention market revenue in banking& capital markets sector

PwC

PwC’s Financial Crimes Unit (FCU)

5

PwC's Financial Services Financial Crimes Unit (FCU) provides a holistic and integratedapproach to navigating financial crimes. Four key areas collectively form the foundationfor our financial crimes approach:

1) Cybersecurity, 2) Anti-Money Laundering and Sanctions (AML),3) Fraud, and 4) Anti-Bribery and Corruption.

Financial crime is a major threat to the safety and soundness of financialinstitutions worldwide. As a result, it has become a top agenda item forThe White House, Regulators, and both the Boards and CEOs of majorfinancial institutions.

Deep subject matter expertise and industryexperience— Led by Former Deputy Director ofthe FBI, Sean Joyce, the FCU is comprised ofmore than 300 professionals with experience asformer forensic investigators, regulators,law-enforcement officials, national securityofficials and seasoned consultants.

Strategic alliances with key vendors—Our numerous relationships with key vendorsenhance engagement efficiency and technologyimplementation; these include Tanium, IronNet,FireEye and Securonix (to name a few).

Innovative and efficiency gaining tools—We have a repository of tools andaccelerators help our clients addresstheir various financial crime challenges;including Game of Threats, Computer-Assisted Subject Examination andInvestigations Tool (CASEit), ourSanctions investigations forensics toolkitand our fraud threat library and our fraudrisk assessment apps.

Unparalleled knowledge of industryleading practices—PwC has assisted manyof the largest global, US and regionalinstitutions across the banking & capitalmarkets, asset management and insuranceindustries to fully address the complexbusiness issue of financial crimes fromboard-level advice and strategy throughexecution.

Cybersecurity

Anti-bribery& corruption AML

Fraud

FCU

Our team and our approach combines:

PwC

Fraud prevention building blocks

6

Fraud ProgramAssessment

Fraud ControlsDesign

EffectivenessAssessment

FraudTechnology

Fraud Analytics

FraudInvestigationsand Readiness

Fraud ControlsDesign and

Effectiveness

Fraud Program andOperating Model

Fraud Risk

FraudTechnology

Fraud Analytics

Fraud Investigationsand Readiness

PwC

Fraud Program and Operating Model

7

Approach Deliverables Samples

Assess Key PerformanceIndicators (KPIs) for the anti-fraud program and operations

Leverage Fraud ProgramAssessment Framework andbenchmarks

Evaluate the governance ofenterprise-wide anti-fraudinitiatives as well as day-to-dayfraud management

Create future state modeldefining the 1st, 2nd, and 3rd

lines of defense

Assess and improve policyincluding whistleblowerhotlines, code of conduct, andanti-retaliation policies

Benchmarking & Peer Comparison

Maturing Model

Current State Observations (KeyThemes) & Recommendations

Magic Quadrant

Prioritized Recommendations

Target Operating Model

Future State Org Chart and StaffingModel

Implementation Roadmap

WM

ISG

Support Functions

Legal ComplianceWM/ISGBusiness

WM/ISG RiskWM

Field/BranchWM Ops

CorporateSecurity

TIR GBT WM Tech ICTOperational

RiskSSBO Call Centres

ISG ProductOps

AML - FIU

OperationsRisk

Branch Ops

Governance

Fraud Steering Committee Fraud Working Groups

Head of Enterprise Fraud*

Mission and Vision

1

Fraud OperationalStrategy

Fraud Budget Success Criteria

Capabilities

Fraud Alert Vetting++

Alert VettingCase

Management

Metrics (KPIs)

Maintain AlertPlaybook

Fraud Change The Bank++

Fraud Risk Assessment (Second line of Defence)

Fraud Analytics and Reporting

New ProductApproval (NPA)

Fraud Technology

QualityControl

Fraud InitiativesCoordination

Fraud ProgramManagement

Fraud Compliance (Second line of Defence)

Fraud solutionsDevelopment

Coordination with otherTechnology teams

Fraud SystemsMaintenance

6

2

4

3

8

5

Fraud TechnologyStrategy

Compliance testingRegulatory guidance

Fraud Policy (Second Line of Defence)

Periodic FRA OversightPeriodic Controls Review

7

Root CauseAnalysis

Threat & TrendAnalysis

MIS Reporting

Communication &Training

RulesOptimization

MaintainRulebook

PolicyDefinition

PolicyEnforcement

NPA Oversight

Target Operating ModelMagic Quadrant

Prioritized Recommendations

Maturity Model

Assess the fraud program and operating model top-down, including performance metrics, design, and policy. Provide a vision for a targetstate operating model, and a roadmap to achieve, taking into account the institutions priorities.

Peer Comparison

PwC

Fraud Risk

8

Approach Deliverables Samples

Evaluate and prioritize fraudthreats based on historic,known, and emerging fraudtrends

Estimate severity andlikelihood of fraud risk events,and inventory existingmitigating factors

Quantify the impact of existingcontrols in order to assessresidual risks and recommendnext steps

Leverage PwC’s FraudTaxonomy and Threat Libraryand other accelerators

Fraud Risk Assessment (FRA)Methodology

Fraud Threats Library

Risk Scoring Model

FRA Questionnaires

FRA Control Library

FRA Heat Maps of Risks

Residual Risk Prioritization

FRA Final Report &Recommendations

Informs our client of their inherent risks, provide a framework to quantify the impact of the control environment relative to those risks,and derive inherent risk, and possible areas for improvement and where to make future anti-fraud investments

Residual Risk PrioritizationRisk Scoring Model

PwC

Fraud Controls Design and Effectiveness

9

Approach Deliverables Samples

Evaluate the design of existingcontrols and procedures;including end-to-end processflows

Assess procedures relative toanti-fraud policies

Apply analytics to assess theeffectiveness of controls and toidentify opportunities forimprovement

Perform “penetration testing”to further assess the efficiencyand effectiveness of currentcontrols

Provide tactical (e.g., new rulesor processes) and strategicrecommendations

Business Process Flows (for fraudprocesses and controls)

Fraud Controls Testing Plan

Fraud Control EffectivenessAssessment

Fraud Control Evaluation

Assessment Dashboard

Tactical and StrategicRecommendations

Detailed assessment and evaluation of anti-fraud processes and controls relative to identified risks in order to identify weaknesses andareas for improvement; provides a forward looking strategy for improving controls.

Fraud Control EffectivenessAssessment Dashboard

Threats Library

Field (WM) / Front Office (ISG) Operations Tech & Data Legal & ComplianceCorpServ.

ORD

Fraud Alert / CaseType

Branch/ FrontOffice

CallCenter

GSPSClient

SolutionsBU Risk

FraudOps

FraudAnalytics

PBORisk

BankingOps

CashMgmt.

PaymentSupport

TIR -Online

Security

TIR –iRespond

WMTech

ICTComplia

nceSIU*

Enterprise Legal

BCL EDRCorp.

ServicesOp. Risk

1 Log-Ins: MSO R R A R C R I

2 Log-Ins: BA R R R A R C R I

3 Log-ins:BigDog R R R A R I C R I

4 Pump & Dump R R R A R R I C C C R I

5UnauthorizedTrading (ISG) R R A R I R R

6 EPS Fraud Rules R A R R R R I R I

7 CHAD R R A R I I C C C R I

8 Wires: Branch R R R A R R R I I C C C R I

9 Wires: BA R R R R A R R R I I C C C R I

10 ACH: Branch R R R A R R I I C C C R I

11 ACH: BA R R R R A R R I I C C C R I

12 ACH: MSO R R R A R R I I C C C R I

13 Checks: Branch R R R A R R I I C C C R I

14 Checks: BA R R R R A R R I I C C C R I

15

AAA Check &BillPay:

FraudGuardR R R A R R I I C C C R I

16 Bill Pay: FraudNet R R R A R I I C C C R I

17 Card I I A R I I C C C R I

18UnsolicitedNewAccounts R A R I C R I

19 ReturnedDeposits R R A R I C R I

20 Money Movement R R A R I C R I

21 iRespondFraud R R A R C C C R I

Controls Evaluation

Business Process flows, fraudrisk and controls

PwC

Fraud Technology

10

Approach Deliverables Samples

Perform Current StateAssessment

Gather Business Requirements

Perform Vendor Selection

Implement RelevantTechnology Solution

Post Implementation Testing

Collaborate with Vendors (forJBR firms)

Current State TechnologyInventory

Technology Roadmap

Vendor Selection Scorecard

Business Requirements Document(for any new implementations)

Functional RequirementsDocument

Test Plan and Test Scenarios

Enable clients to inventory existing tools and their effectiveness; inform clients of the specific tactical and infrastructure needs forimplementing new technologies; empower clients to effectively evaluate new solutions; help clients implement technologies and controls.

Technology RoadmapCurrent State Systems Inventory

Vendor Selection Scorecard

Business and FunctionalRequirements Documents

PwC

Fraud Analytics

11

Approach Deliverables Samples

Develop analytical models fordifferent Fraud trends,patterns, segmentation, andfeedback loops

Build reporting andmonitoring dashboards fordescriptive, diagnostic,predictive and prescriptiveanalytics

Test data lineage, evaluate dataquality, and perform modelvalidation

Reporting and Visualization

Root Cause Analysis Procedures

Customer Segmentation and RiskScoring Model

Model Validation andEnhancements

False Positive Analysis

New Rules and Models

Help clients implement improved Fraud Analytics functions to more effectively monitor and improve their programs on an ongoing basis,including reporting, root cause analysis, control testing and optimization, and innovation.

PwC

Fraud Investigations and Readiness

12

Approach Deliverables Samples

Conduct reactive fraudinvestigations and root causeanalyses

Create incident readiness andresponse plans, includingtactical remediation and crisismanagement

Help institutions assess andimprove their internalinvestigative capabilities,including desktop procedures,case management, technology,analytics, and datamanagement

Improve Fraud awareness,including training, tone-at-the-top and regulatorycompliance

Forensic Reporting & Findings ofhigh profile events

Fraud Response Playbook

On-Call Forensic Retainer

Operating model, and roadmap forimproved fraud investigativefunction.

Provide on-call forensic investigation response to high profile fraud and other risk events; help institutions assess and improve theirinternal fraud investigative function.

Expense Analysis Link Analysis

Entities Analysis Flow of Funds Analysis

PwC

Sample control points – customer deposit account fraud

13

• Spoofed websitemonitoring

• App StoreMonitoring

• Monitoring of “darkweb” sites forDiscover customercredentials

• Customer andemployee education

• Social mediamonitoring

• CIP and proof ofidentity

• Authentication e.g.,“out-of-wallet”questions

• Data sharing/consortium basedscreening

• Analytics andcustomer/ acct riskscoring

• Online sign-in tocounterparty bank

• Micro-deposit fromoriginating account

• Consortium basedscreening

• Enhanced deposithold policy

• Adaptiveauthentication

• Out of band

• Voice, fingerprint,and iris recognition

• User gesturerecognition

• Hard/ soft token

• Security questions

• Call center/ IVRanalysis

• Trusted deviceidentification

• Geo location basedpre-authentication

• Clickstream analysis

• Payee nameverification (PNV)

• Positive pay

• 4 eye review

• Rules-basedtransactionmonitoring

• Predictive modeling

• Alert/ casemanagement

• Identification andmaintenance ofFraud cases andrelated KRIs, KPIs

• Maintain list ofreviewed/ existedcustomers

• Controls to preventre-entry of exitedcustomers

• Statistical analysisof Fraud event KPIsto derive new orenhance existingcontrols

• Cyveillance• Kaspersky Lab• myNetWatchman• Phishlabs

• Andera• ChexSystems• Early Warning• Equifax• EFiserv• CashEdge• Idology• Experian• LexisNexis• Teletrack• TransUnion

• Andera• CashEdge,• Forte Payment

Systems

• RSA Adaptive• Agnitio Voice ID• BioCatch• Nuance• Pindrop Security• Equifax• Experian• LexisNexis• TransUnion

• CheckFree• Crealogix• Entrust• IBM Trusteer• Iovation• iDetect• Kaspersky Lab• ThreatMetrix• TrustDefender• Silver Bullet’s

Ranger

• Actimize• iDetect• Intellinx• FICO Falcon• BAE Systems• RSA Adaptive• SAS• Memento• Guardian Analytics

• ActimizeEnterprise CaseManager

• BAE Systems• IBM BPM• iDetect• Intellinx• SAS

• IBM (SPSS)• SAP• SAS• Teradata• Theta-ray

Account

OpeningAuthentication Payment

Case

ManagementDeposit Activity

Identity verificationBiometric, out ofband, knowledge

based

Non financialbehavioral, endpoint

malware detection

Funding sourceverification

Transactionmonitoring

Fraud event trackingand record keeping

External Threat

Management

App store / dark webmonitoring

Analytics

Controlenhancements

PwC

Qualifications and memberships:

• University of Minnesota, Minneapolis

• MBA in Management Information Systems and Finance

• BS in Management Information Systems

• Project Management Professional (PMP), ProjectManagement Institute

• Certified Management Consultant (CMC), CanadianAssociation of Management Consultants

Professional background:

• Sam, a secondee from PwC New York, brings eighteenyears of experience in data analytics, anti-moneylaundering, anti-fraud, regulatory compliance, customerrelationship management (CRM), consumer lending,collections, and risk management. His backgroundincludes broad range of financial information systems andapplications covering retail banking, wealth managementand capital markets in North America, Europe, and Asia.

Speaker’s profile

Sam SamodDirector

Tel: +66 6-1417-4424Email: [email protected]

Relevant experience:

• Developed a reference architecture to consolidate and aggregate enterprise data at one of the top banks in Canada.Leveraged Oracle Financial Services Analytical Applications (OFSAA) Framework for data aggregation and reporting toensure compliance with BCBS 239.

• Managed a Fraud Analytics workstream at a large global wealth management institution. Developed a fraud taxonomyand use cases for the proof-of-concept and the strategic roadmap. Demonstrated benefits of analytics to introduceadditional controls and optimize existing detection rules. Identified data requirements to support use cases specificproducts and channels.

• Conducted Customer Risk Rating model calibration at a leading commercial bank. Reviewed algorithms and riskdimensions of GlobalVision’s Patriot Officer. Developed an approach to calibration the model and adjusted one of the riskdimensions to reduce false positives. Realized 20% reduction in the total high risk population and 82% reduction in thenumber of alerts.

• Led an algorithm development team on an AML Look Back project at one of the Fortune 500 financial services firms.Assessed transaction monitoring requirements and mapped them back to key data elements. Identified key risks,performed statistical analysis, generated alerts, and recalibrated final algorithms based on investigations feedback.Aligned processes with IT solutions including Aster, SAS, and Actimize.

• Led Data Analytics workstream in a multi-phase engagement to enhance AML transaction monitoring for CapitalMarkets with initial focus on wires and trade finance transactions. Conducted data mapping and assess data qualityaccording to Oracle Mantas data ingestion requirements to drive alert generation, scenarios tuning, workflows, and userinterfaces. Developed SAS Analytics environment to generate alerts based on custom scenarios.

• Managed high priority multi-workstream projects to centralize AML technology and business processes of all a globalbank’s Private Banking, Wealth Management, and Capital Markets business units globally.

14

Thank you!

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication withoutobtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted bylaw, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, inreliance on the information contained in this publication or for any decision based on it.

© 2016 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers LLP which is a member firm of PricewaterhouseCoopers International Limited, each memberfirm of which is a separate legal entity.