A recent article by Information Security Media Group (ISMG) noted that organizations are “drowning in information, drowning in alerts”. While the topic at hand was network security, financial institutions face the same challenges and risks across many of their monitoring and risk management technologies: they are often managing disparate, unconnected end-point systems that lack the ability to correlate information and gain context for informed decision making. Worsening the scenario, they may also lack the right staff to conduct these investigations, whether due to lack of experience, a shortage of available personnel, or both.
The paradox here is that, while many end-point technologies are very good at their specific tasks, they potentially can do more harm to the institution overall. With targeted, but uncoordinated technologies, financial institutions can detect and combat compliance risks, internal threats, or external attacks that are well known or have a scope limited to the channel covered by that individual system. But their effectiveness is limited to that individual channel or coverage area, as most of these systems are either not as skilled at or not focused on sharing that information with other solutions. This creates two major issues: exposure and efficiency.
Sophisticated criminals understand and exploit the gaps between these advanced, but narrowly focused solutions. In addition, because the end-point technology is so effective at its individual application, the institution might grow complacent and expose itself to further risk. With regard to efficiency, expecting analysts and investigators to quickly and effectively spot suspicious activity across a handful of different systems creates an unwieldy and critically-flawed process. This means an either lengthy, and potentially costly, investigation process or one constrained not by the amount of legitimate risk to the institution, but the operational workload a given compliance, incident response, or fraud prevention team can handle.
However, as technology has created this deluge of data from disconnected systems, so too has it created the means for a solution. To meet the challenges of comprehensive new regulations, like Dodd-Frank’s trade and communication reconstruction, and more advanced digital and threats institutions must look to collaborative technology to conduct accurate, timely, and coordinated investigations of thousands of suspicious transactions, accounts, locations, acquaintances, etc.
To perform all of these actions, institutions must centralize multiple streams of data from across their organization and then take the important step of deciphering what is important, what is interesting, and what is low risk. The key to making this process scalable, and not creating a larger “pile of data”, is automation; utilizing solutions that actively bring disparate data and the quality results of various end-point systems together, combining separate activities that may not be viewed in concert to see the underlying patterns, and present investigators with greater context for intelligent decision making, or even execute actions without human intervention.
Sending an investigator an alert is fine, but showing them how that alert is one of a few dozen that fit a pattern of suspicious activity is far better. It’s this big picture that should lead investigators to realize that what they’re looking is not an isolated event, but a calculated, well-executed, and recurring scheme.
As an institution contemplates Big Data technologies, albeit slowly and conservatively, this holistic approach is really the next phase in building toward a centralized, searchable data repository across the entire organization to achieve the long sought-after comprehensive customer view. This will enable institutions to recognize patterns that are consistent with that legitimate customer from those of fraudsters, money launderers, market manipulators, insider traders, or other criminal actors, as well as upsell, cross-sell, and improve customer service by anticipating customer needs.
While that ideal may be a few years off, connecting existing systems to protect the institution and using intelligent and automated methods to improve decision making is very possible to do today. With the ability to better manage data, reduce risk, and gain additional insight, a collaborative and coordinated solution strategy has the ability to increase value of technology investment and immediately impact the institution. Now that’s an intelligent decision.
*Content originally published by Ciaran Doyle.