Fiserv: AML and Fraud convergence - what’s really happening
Posted: 14 May 2013 | Author: Jeroen Dekker | Source: Fiserv
Analysts, regulators, vendors and financial institutions have been falling over each other touting the benefits of AML (Anti-Money Laundering) and anti-fraud joining forces. And rightfully so. However, many pundits seem to think that this has to be about AML and Fraud departments merging to become a single internal Financial Intelligence Unit (FIU). While that idea can certainly have merit, a lot of institutions do not go that far yet —and they never may. Their fraud teams remain in the Security, Risk, Audit or Operations side of the house, while AML typically continues to be part of Compliance along with sanctions, market abuse and (increasingly) corruption. Their organizational habitats, mandates, priorities and sensitivities are just too different. Fraud is about protecting customers and interacting with them in case of a problem; AML is about scrutinizing customers and being very careful about interacting with them in case of a problem.
So how can those separate departments still leverage the obvious similarities between their domains?
The first method is data. An AML transaction monitoring system, by its very nature, requires an institution to collect data about all transactions on all accounts for all customers. That is hard work that results in a holistic view of each customer's financial behavior across their accounts. Cash, card, check, wire and online are all targets for fraudsters, and fraudsters are moving across payments channels to get customer details and then their money. Why would you want to do the same thing twice by duplicating the same data off to some point solution for a specific fraud problem?
The second is tooling: building up an understanding of a customer's normal behavior (and that of others like him or her) is equally useful for Fraud as it is for AML to detect unusual behavior that might be suspicious. Screening customers (or proxies like their cards or devices) against watch lists is an important capability for both domains. And then there is the common need for investigation tools, case management workflows, regulatory reporting (filing a SAR, for example) and management information. While there are certainly important differences, much like a cow is still quite different from a horse despite having a head, a body and four legs, flexible platforms do exist to cater to both species of crime.
Such platforms must then be able to support different business models for AML and Fraud co-existence:
- Keep all Fraud and AML knowledge segregated
- Selectively share Fraud and AML intelligence
- Share all AML and Fraud knowledge
With anti-fraud efforts increasingly being mandated by government regulations (think of the FFIEC Guidance on online banking security in the U.S., and the recent draft equivalent in the EU), Fraud departments would be wise to use the expertise of Compliance Departments to turn those into auditable programs with processes and procedures. But if merging teams is not for you, there are still plenty of ways to single-source and cross-pollinate your way to more efficient and effective AML and Fraud functions. I, for one, am seeing this happen all over the world at institutions of different shapes and sizes.