SAS: An Executive Perspective On Risk And Fraud
Posted: 1 June 2016 | Source: SAS
HSBC’s global risk chief operating officer discusses where the banking industry is heading
Fraud — and financial crime in general — is one of the biggest risks that banks and financial institutions face. For many years, the idea of bringing together risk and fraud practices to gain a clearer picture of both has been considered. Now, with the popularity of know-your-customer initiatives, that picture includes more customer data to help minimize risks and better identify threats.
Tackling financial crimes and calculating the likelihood of unanticipated risks can be incredibly complicated. The more data and analytics that you can bring to bear on the problem, the better. But incorporating customer data into risk and fraud models introduces regulatory and security requirements that cannot be ignored.
At HSBC, the world’s second-largest bank, sophisticated data management and analytics techniques are working in conjunction with deep industry experience to help overcome many of these challenges. Ray O’Brien, Global Risk COO at HSBC, oversees multiple advanced analytics endeavors, including model risk management, credit risk reporting and financial crime prevention.
"We caught up with O’Brien recently to get his thoughts on the evolving nature of risk and fraud — and the benefits of applying analytics to these problems in a transformational environment where banking regulations and customer expectations continue to evolve. This means that, performed well, active risk management will actually help to manage regulatory risk."
Global Risk COO, HSBC
What are the most pressing challenges that you are seeing in your industry, especially with regard to financial intelligence?
Ray O’Brien: The main challenge for the industry — in terms of fighting financial crime — is that the threats we face are becoming ever more global and sophisticated. The criminals are very resilient and often have complicated networks spanning the globe. This requires a sophisticated response from the financial industry as a whole in terms of people, procedures and systems so that we can play our part as active participants in the fight against crime. Investing in financial intelligence, to understand risk in more detail and build a clearer picture of how criminals operate, will be a crucial part in enabling us to combat this threat.
How does analytics help address these challenges?
O’Brien: Analytics enables banks to develop a comprehensive view of how criminals seek to abuse the financial system. For example, instead of treating a suspicious customer or transaction in isolation, new tools make it easier to identify the connections between suspicious accounts within a network and see how money flows between them and other networks. This provides valuable insight to inform current and future risk management decisions.
Analytics also enables banks to test their own assumptions about what is considered high risk to provide an evidence-based view of where their true risks are. New modeling can also identify behavior patterns and possible incidents sooner, allowing banks to be more proactive in managing risk.
In what ways do you see fraud and financial crime as a technical problem — that has a technical solution?
O’Brien: Robust systems and technology are a vital part of any bank’s defenses against fraud and financial crime. As this technology gets more sophisticated, it becomes a much more powerful and effective tool in helping us to identify unusual or suspicious activity. However, the human element is also essential. Put simply, you can have the best technology platform in the world, but it may actually be worse than nothing without the involvement of professionals who can optimize its operation for your company’s risk, interpret the data and use their judgment to analyze risk.
Know your customer
Know-your-customer (KYC) policies are used by banks to verify and protect the identity of customers. The policies are regulated in many regions and designed to benefit both the customer and the bank by protecting them from identity theft, financial fraud, money laundering, terrorist financing and other financial crimes.
KYC activities can include name matching, analyzing basic identity information, determining customer risk levels, and matching customer activities with expected behaviors. These efforts are used globally to help banks manage risk and to help customers ensure their accounts have not been compromised.
How can customer analytics programs be tapped to help prevent fraud and financial crime?
O’Brien: Smarter analytics upon multiple data sources are absolutely vital, particularly as digital banking continues to evolve. This will help banks to better distinguish genuine transactions or relationships from suspect ones, and mitigate risks with a much more precise understanding of losses and customer impacts. As well as human analytics expertise, the key is the quality and range of customer data that can be fed into the analytics teams and engines.
How can banks combat fraud and financial crimes on a global level within a regulatory environment where customer data must be stored locally?
O’Brien: Information sharing between banks and governments — and across national borders — does pose some challenges for the industry. The requirements vary across jurisdictions, so a global organization has to work very closely with the legal department to understand local requirements. In certain jurisdictions, there is more appetite to share information where it is to protect society through the prevention and detection of crime.
For example, HSBC recently joined industry peers and the UK government on the Joint Money Laundering Intelligence Taskforce — a 12-month pilot bringing together banks, law enforcement agencies and regulators. At the heart of the task force is an operations group — under the command of the UK’s National Crime Agency — that will pool and analyze data from members to build a picture of how criminals operate and the threat they present. This will enable a more targeted response to potential suspects and risks.
Describe the difference between proactively managing risk versus merely managing regulations.
O’Brien: There should not be a trade-off between proactively managing risk and managing the impact of regulations. Active risk management is about all parts of an organization working together to take a forward-looking view of the risks they face so they can put in place the right controls. This is exactly what the regulators want to see from our industry. This means that, performed well, active risk management will actually help to manage regulatory risk.
Taking that a step further, how can managing risk or fraud help create opportunities, not just prevent negative consequences?
O’Brien: A nuanced understanding of risk can open up commercial opportunities that might not have been considered previously. What we want to avoid is risk that is not managed properly. Ultimately, having a strong culture of risk management — based on robust systems and good people with sound judgment — means you can be more confident in taking on risk where the answer isn’t black and white.
What do you see as the future of banking or financial services over the next three to five years? And how will financial intelligence contribute to this vision?
O’Brien: The financial industry faces a challenging operating environment with strong and sometimes competing demands from customers, employees, shareholders, regulators and society. There are a number of other industries, such as retail and e-commerce, which make use of data and analytics particularly well. There is a lot that the financial services industry could learn from these sectors in terms of the tools and techniques they use to mine customer data. Another key trend that we expect to see continue is the emergence of know-your-customer utilities to centralize and standardize data for the industry as a whole.