-
Regulators and institutions appear far apart when it comes to so-called "de-risking," in which banks drop businesses for fear of enhanced regulatory scrutiny, even while policymakers are stepping up their scrutiny of terrorist financing prevention in the wake of recent attacks.
December 30 -
News that two suspected terrorists took out a loan with a prominent marketplace lender has fueled fears online lending is more susceptible to terrorist financing. Yet experts said that the criticism directed at the industry appears unfounded. Here's why.
December 11 -
The Dec. 2 mass shooting has shone a light on the sector's vulnerability to borrowers who, exploiting the absence of face-to-face contact on the Internet, lie on their loan applications.
December 10
Despite strong legislative reforms passed after Sept. 11 requiring banks to track suspicious movements of money, recent news events reveal continued deficiencies in banks' monitoring efforts.
The Paris, Brussels and San Bernardino attacks all call into question the adequacy of banking and other controls to stop the supply of money to terrorists. Meanwhile, the leak of 11.5 million documents from the Panama Papers reveals gaps of a different nature: how can banks feel good about their answer for cyber, fraud and money-laundering risks when so many actors — good or bad — can hide their money in offshore accounts.
The obvious remaining cracks in the system suggest that efforts by banks to report on suspicious activity, as well as share information with each other, aren't strong enough.
Even though data related to multiple cyber, fraud and money-laundering incidents flows through global financial systems, the links between the illegal movement of funds and the sponsorship of terrorism and cyber-crimes is not so obvious. Banks need to focus on integrating systems and strengthening information-sharing so they can convert data into actionable information to prevent future attacks.
Currently, global banks and international bodies have to deal with the confluence of data that emanates from the financial, social and economic aspects of life. With recent technological advancements, tax evaders, terrorists and cyber criminals hide behind and leave their trail in encrypted messages, social media, the cloud, big data and the Internet of Things.
However, this data does exist, albeit in disparate systems, across banks nationally and internationally. But institutions are failing to sufficiently unlock it.
Recent
If banks cannot strengthen their monitoring and information-sharing efforts on their own, regulatory reforms may be needed. For example, the information-sharing provision of the Patriot Act, passed after Sept. 11, which provides financial institutions with the ability to share anti-money-laundering information, could be strengthened and expanded to include cyber, fraud and other related risks.
Regulations are still evolving related to information-sharing of cyber and fraud risks. For instance, the Financial Services Information Sharing and Analysis Center was set up to collect information from banks on cyber-incidents. However, banks do not share all such relevant information. Similarly, the Cybersecurity Information Sharing Act, enacted late last year, provides liability protections for institutions sharing cyber information, but such sharing is still voluntary.
Fraud incidents are also underreported. According to a
Information-sharing has to be operational within individual banks, especially for big and global banks. Functions within banks are still siloed in nature and are not fully integrated to analyze data from different sources. In this regard, banks should consider integrating AML, fraud, and cybersecurity functions within an integrated software platform. This information along with pertinent data from wealthy global clients should be fed into their Security Information and Event Management systems to help banks analyze trends and behavioral red flags, and generate proactive alerts to other banks and government agencies.
Of course, any further steps must be balanced with privacy concerns. But balance does not mean giving automatic deference to privacy to the detriment of security. Banks are already subject to a plethora of privacy rules for information-sharing — even just sharing with a government agency — and criminals can use those privacy rules to their advantage. A fine balance between protecting consumers' privacy and identifying risks from terrorists is needed.
In addition to national authorities, international regulatory bodies also need to intensify efforts to facilitate automatic information exchanges between cross-border financial institutions. The Financial Action Task Force, Organization of Economic Cooperation and Development, Basel Committee on Banking Supervision, the Group of 8 and Group of 20 have worked for years to establish policies which have influenced banking regulations.
Just as the U.S. passed the Foreign Accounts Tax Compliance Act regulations a few years back to clamp down on the movement of legitimate funds for tax evasion, the FATF must provide strict guidelines to its 36 member nations, many of them named in the Panama Papers, and demand transparency in reporting within their banking systems. Similarly, the upcoming anti-corruption summit in
Investigations of both the Paris and Brussels attacks point to a lack of information exchange between their government agencies and financial systems. The existing information systems and exchange framework did not provide alerts of trails criminals left behind as they conducted their daily transactions for living, purchasing and traveling within the community. Until the global financial systems work together, the effects of illegal movement of money and its devastating link to terrorism and cyber-attacks cannot be stopped.
Senthil Selvaraj is a certified anti-money-laundering and regulatory compliance specialist. He is a former operational risk executive with Bank of America.
