Are You Exposed?. Financial institutions are being asked to investigate and manage threats like the CIA does, but are not equipped to do so. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Financial institutions are being asked to investigate and manage threats like the CIA does, but are not equipped to do so.
Learn how ‘Composite’ investigative capabilities developed for national security can help you connect-the-dots across compliance silos to increase effectiveness and reduce risk
Today‘s Discussion: Applications of Semantic Web TechnologyEnterprise Investigation & Case Management
Part I: AML & Fraud Market Trends, Observations, & Conclusions- AML and Fraud are on the rise, with stricter scrutiny and increased cost of failure- A unified view across compliance functions (e.g. AML, Fraud, EDD) reduces cost & risk- Enterprise Case Management is essential in BSA, Patriot Act, & Basel II compliance
Part II: Example of a New “Compositing” Approach- National security techniques help FSIs fight money laundering, fraud, & security incidents- Technology: Ontology as the middleware to achieve semantic fusion- Lessons Learned: Integration and investigation must supplement workflow
• Increased spending on personnel and systems to manage growing problem
• Increased risk of fines from regulation
830
926
900
890
855850
2000 2001 2002 2003 2004 2005
Source: Celent Research
28% North America
According to Tower Group, up to 30% of IT compliance spending is "waste.“ Its recommendation: “Integrated compliance systems that attack AML comprehensively”
Money Laundering is on the Rise:Arms race as FSIs increase spending to keep pace with activity
Call Center (typical case management)Objective: efficient and high quality process through:
- Automation to ensure proper procedures and time frames- Standardization of steps to ensure desired outcome- Integration of processes with context appropriate data
Assumptions: to achieve the objective, you must have:- Predictable process: definitively map the steps needed to ensure
desired outcome. Can be complex with decision points, but is primarily known.
- Known inputs: data needed to support decisions and outcome are known and defined before the process begins.
Investigations (compliance need):Objective: effectively mitigate risk to the enterprise by:
- Process: Skillfully and accurately executing established programs as required by the regulating entities (OFAC, 314, CIP, KYC, transaction monitoring, etc)
- Discovery: Uncovering and eliminating real risks in the enterprise (investigating unusual activity and suspicious entities)
Assumptions: to achieve this objective you must have:- Flexible process within controlled environment, objective rather
than step by step plan- Dynamic data discovery of all relevant data inside and outside
the enterprise, i.e. the ability to follow the trail using human cognitive skills, reasoning, and logic
The compliance need is really about supporting complex human decisions, in addition to automation of the predictable aspects of the process.
Within compliance investigations, there is a common requirement for case management. That is, there are multiple sources of unusual activity and there needs to be a consolidated process and capability to follow up on this information while enforcing regulatory requirements.
However, the Alerts and other sources of unusual activity are only the starting point. The biggest challenge is conducting a high quality and consistent investigative process to facilitate intelligent human decisions.
Risk & Compliance Dashboard Workload Monitoring X X X X X X X Process Control X X X X X X X Reporting X X X X X X X
Case Management & Collaboration X X X X X X X
Business Rules & Workflows X X X X X X X
Information Integration & Correlation X X X X X X X
Query and Train-of-Thought Analysis X X
Government Reporting X X X X X X
Patriot Act SEC
Common Capabilities Needed Across Risk & Compliance Functions
“Companies that select individual solutions for each regulatory challenge they face will spend 10 times more on IT portion of compliance projects than companies that take on a proactive and more integrated approach.” -Gartner
With the right Enterprise Case Management solution you can extend the capabilities of transaction monitoring solutions for multiple risk areas including AML, Fraud, EDD, and corporate security
Third-order organization Supporting complex human decisions requires full use of explicitly related data (inside and outside the enterprise), but more importantly the
ability to discover new relationships. In the past our way of thinking has been shaped by the physical world, (i.e. no object can be in two places at the same time) leading to traditional
“tree” type organizational schemas forcing objects to be classified in a single bucket. Third order organization of data is not confined by the same limits since the objects being organized are data, which can exist in many places at once.
First Order Organization: Organization of physical items themselves. Example: books arranged on a shelf by author. Flat and hierarchal databases are also examples of first order organization. Relationships are not explicit but are implied by the order.
Second Order Organization: Organization of data about physical items. Example: a card catalog at the library. Still pointing to the physical order of items. Relational databases are the most advanced form of second order organization, relationships are explicit.
Investigator
Third Order Organization: Data exists in many places at once and relationships need not be explicit. Users are able to sort and organize data in any way that suites their needs. Example Google uses explicit data relationships and the point in time needs of the user to dynamically relate information.
“The rise of third-order organization changes the jobs of…knowledge managers. Their role is no longer to build trees that define the relationship of every bit of data in the company but to build enriched pools of data objects whose relationships to one another change constantly, depending on who is looking at them.” Harvard Business Review
Knowledge: information that is cognitively useful because it is semantically assimilated into a body of prior knowledge grounded in experience.
Intelligence: knowledge that has been assessed and evaluated for its logical consistency and relationships to what is already known. When transformed into hypotheses, becomes the basis for action.
Action
The world produces raw data constantly
Data is stored as information for specific contexts and reasons
The compliance organization needs a system that can assimilate information into knowledge, so that the investigator can focus on producing intelligence, forming hypotheses, and taking action…true human value adds.
The growth of intelligence is the desired core competency. Additionally, the system must provide workflow and audit capabilities to ensure regulatory processes are followed, provide process traceability, and provide feedback for improvement.