Case Study: Joining Fraud Detection and AMLU.S. Institution Shares Tips to Improve Security, Compliance
At Honolulu-based First Hawaiian Bank, the need for integrating fraud detection and anti-money-laundering systems became a clear necessity a couple of years ago.
See Also: Data Security Risk: A CISO's Perspective
First, not all incidents of fraud were being detected, and a number of the bank's systems revealed redundancies and overlap. The bank also realized that not all cross-channel fraud patterns, such as those between the online and debit channels, were being detected. Incidents that were picked up were often caught in isolation.
The link between channels was not apparent, nor easy to find.
Struggles to find fraud links between channels are not unique to First Hawaiian, a $15.8 billion institution and wholly-owned subsidiary of BNP Paribas. Many financial institutions continue to struggle with cross-channel fraud detection. Different and disparate detection systems for online versus debit fraud, as an example, pose obvious challenges. But for First Hawaiian, the concerns were mounting.
Growth in online fraud was a worry. First Hawaiian's customer base stems from Hawaii, Guam and Saipan, and it has communications that cross channels and borders. Channel integration for fraud detection was instinctive, and tying AML controls in made logistical sense. Regulatory scrutiny also demanded it.
"We have pressure for AML compliance, and the demands have gotten more severe and stronger in recent years," says Iovo Stefanov, the operations risk officer.
"The online channel is the one thing that connects Hawaii to the rest of the world," adds Brent Igawa, vice president of operational risk for First Hawaiian. "That's especially concerning to us. The name of the game for us is integration and communication. We want to see the fraud groups work better together."
Since 2011, the bank has been automating fraud detection and AML. First Hawaiian says it's beginning to see more cross-channel fraud patterns. Ultimately, the bank expects to integrate all of its fraud-management systems so that fraud alerts are connected. "This is really the platform we need to get there," Stefanov says.
And given the Financial Crimes Enforcement Network's March 2013 deadline for automated suspicious activity reports, Stefanov and Igawa are glad their bank started making its moves early.
"Complying would have been a challenge before [integration began]," Igawa says. "Now we can be on the new form far before the 2013 deadline."
First Hawaiian is merging platforms, but not all at once. Full integration will take time, and the bank is committed to integrating in phases.
In 2012, the bank plans to launch the NICE Actimize Enterprise Risk Case Manager to centralize case management and identify cross-channel fraud patterns.
"The system is to integrate some of our money-laundering concerns," Igawa says. "We have the case management platform and want to put it under the fraud-monitoring platform, so that it can all work together within our fraud investigation groups."
For First Hawaiian, the goal is compliance, as well as the ability to launch what it calls a "true" case management system.
"Currently, we have multiple systems, and it's difficult for me and Brent at end of day to tell management exactly what our losses are," Stefanov says . "The vision is to have all of the groups on the same platform."
Among the bank's 50 or so employees who are divided between AML and fraud detection, Stefanov says there is a lot of overlap. "We have 20 to 25 AML and BSA staff, and probably about the same number in our fraud departments," he says. "It sounds good to merge fraud and AML, but we are still going through some growing pains."
The 360 Perspective
The need for more integration has been touted for years, but few institutions have made it a priority. The process is not easy, but there are clear advantages.
"Now FinCEN also is asking for less paper, so the more automation, the better," says Ori Bach, who serves as the director of corporate security and case management solutions for NICE Actimize.
The new FinCEN rules call for, among other things, improved cross-channel analysis and information sharing, enhanced transparency associated with the detection of financial crimes and better SARs. One way to do all of that is by integrating automated fraud-detection and AML systems.
While every institution is different, Stefanov and Igawa offer the following basics tips for integration:
- Identify departmental redundancies. Overlap inevitably exists, especially among fraud departments. Find and note the redundancies between the check-fraud and debit-fraud departments, for instance, and see where overlap can be minimized or eliminated;
- Change the culture. Fraud and AML departments have historically been divided. But departmental heads need to be educated about how and why emerging fraud threats require fraud-detection and AML teams to work together;
- Automate, and lose manual processes. It won't be possible to eliminate all manual processes, but the more reporting institutions can automate, the easier it will be to overlap systems and reports between fraud and AML departments; and
- Do it in phases. Integrating siloed channels and disparate systems won't happen overnight. Institutions should identify risks, set priorities and come up with integration plans that can be implemented in stages.
"Not only does a holistic view work to permanently reduce costs by leveraging existing technology investments," Bach says, "it also benefits the institutions by allowing them to discover unknown threats."
For more about how the latest FinCen developments are impacting institutions, see, FinCEN's Issues New E-Filing Mandate.