Criminals are constantly adapting and devising new ways to evade safety and security measures meant to prevent illicit activities. To combat these bad actors, financial institutions are investing more and more in sophisticated methods to prevent fraud and money laundering. In fact, one LexisNexis report revealed the cost of financial crime compliance among financial institutions in the U.S. and Canada increased rapidly within the past two years. In 2021, the projected cost totaled $49.9 billion, an increase of 19% from 2020, and a jump of 58% from 2019.
This expense trend speaks to the growing challenges in combatting unlawful activity. Banks need to update the processes and tools they use to prevent crime to more effectively obstruct evolving criminal behavior. In response to this growing need, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed a pilot program that would allow U.S. banks to share suspicious activity reports (SARs) with branches, subsidiaries, and affiliates located in foreign countries, excluding those considered a state sponsor of terrorism. Previously, the Bank Secrecy Act (BSA) restricted this cross-border exchange of information as international units of U.S. banks were branded as foreign banks.
Preventing financial crime occurring within multiple jurisdictions is not an easy task, but FinCEN’s international SARs exchange proposal serves as a step in the right direction. There’s a widespread understanding that most financial criminals operate in global networks. If banks do not have the ability to understand what activity occurs within their own units on a global scale, it can be difficult to piece together the full picture of criminal activity.
However, some of the commitments banks must agree to under the new program may create barriers of entry, which could hamper participation. Requirements that may cause hesitation among firms to participate include self-reporting methods for unauthorized disclosures, quarterly reporting obligations, the potential for increased regulatory scrutiny, and the fact that program may not last long. Some of these aspects can be mitigated with technology to possibly alleviate these concerns and make them less onerous overall.
Powering SARs Exchanges with Technology
Even if the program does not become permanent after Jan. 1, 2024, firms will need to mitigate the risk of unauthorized disclosure if they are participating. Financial institutions should also look for ways to share information without creating additional procedural burdens or introducing inefficiencies into their decision-making process. Fortunately, many of these technological solutions already exist.
- Encryption Technology: Keep in mind that financial institutions participating in FinCEN’s program are expected to maintain the privacy and confidentiality of personally identifiable information. To adhere to these guidelines, as well as other internal data privacy laws, banks can utilize modern information sharing technology that encrypts and anonymizes sensitive data without ever decrypting it.
This type of encryption strategy ensures data remains secure, whether it is in transit, in computation, in use, or even at rest. If different financial branches wish to analyze the same set of information simultaneously, data remains encrypted, permitting collaboration across numerous channels. What’s more, encryption technology works at a rapid pace, enabling investigators to conduct collaborative investigations, deploy queries, and receive results almost immediately — rather than having to wait for days, weeks, or months.
Encryption can be a fully automated and private process so that there is no tipping off bad actors, and only pre-agreed locations can share pre-approved data attributes. This greatly reduces the risk of an unauthorized disclosure and ensures the information sharing process is lean.
- Federated Learning: Even prior to this pilot program, firms struggled to gain intelligence from their foreign syndicates. Federated learning can be a key to unlocking global knowledge within an institution today and amongst institutions tomorrow.
Federated learning is a simple concept that is largely used on mobile devices. In this construct, each individual phone runs the data learning model locally, the model learns from individual phone data and interactions, and then a basic summary of the learnings are sent back to the host. This ensures privacy, but also allows a better user experience for features like keyboard typing predictions or auto-correct.
The principles within anti-financial crime are the same, but the banking industry is even more disadvantaged as it often does not have sufficient labels to train models to be effective. While getting input through FinCEN’s pilot program could help, it’s manual and reactionary. With federated learning, each syndicate can run the data model in their location and generate meaningful labels or insights that can be transferred back to a host model. This greatly increases the number and quality of labels that can be used to train machine learning models. These federated models can be deployed in a way that obeys all privacy laws and restrictions, but unlocks a whole new frontier of global risk detection.
Scaling Security Solutions
Ultimately, FinCEN’s international SARs exchange is unlikely to be a silver bullet for fighting financial crime, but the spirit of private and secure global data use holds incredible promise for the compliance industry to detect crimes with much higher accuracy. By sharing data across multiple jurisdictions and using technology solutions like encryption and federated learning models, firms have options to easily facilitate information sharing- be it through pilot programs or full-scale production. While SARs data shared through this pilot is useful, it is already clear there is a new frontier of methods available to fight financial crime with these technologies.
Author: Jason Somrak, Chief of Product & Strategy, AML Next Gen Analytics, Oracle Financial Services
Tagged under Compliance, Risk Management, Feature3, Feature, Security, Compliance Management, Operational Risk, Compliance/Regulatory, Cyberfraud/ID Theft, Consumer Compliance, Cybersecurity, BSA/AML, AML & Fraud,