How Fraud Prevention Enhances FFIEC and BSA/AML Compliance
What is the business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the strategic business opportunities plus the value of achieving the full potential of new and existing banking services.
There are four categories of value created by mitigating fraud risk: enhanced compliance, improved competitiveness and growth, reduced fraud risk and losses, and increased operational efficiency. In this 4-part series, we’ll explore each of these topics.
Part 1 of 4: Enhanced Compliance
There are two aspects of compliance that are supported by improved fraud prevention: conforming to the FFIEC’s expectation that FIs use anomaly detection, and complying with BSA/AML requirements.
The FFIEC’s 2011 Supplement explicitly sets the expectation that institutions have a layered security strategy that, at a minimum, contains the ability to “detect anomalies and effectively respond to suspicious or anomalous activity” and “improve control of administrative functions.”
It further defines the first expectation as processes designed to detect and effectively respond to suspicious or anomalous activity related to initial log-in and the initiation of electronic transactions involving the transfer of funds to other parties.
So support coming out so strongly in favor of anomaly detection, the Guidance goes on to state that, “Based upon the incidents the Agencies have reviewed, manual or automated transaction monitoring or anomaly detection and response could have prevented many of the frauds since the ACH/wire transfers being originated by the fraudsters were anomalous when compared with the customer’s established patterns of behavior.”
Guardian Analytics was founded on the idea that the best way to prevent banking fraud is to look for anomalous activity when compared to normal patterns of individual behavior. Rather than looking for specific malware, fraud indicators or fraud patterns, all of which are changing rapidly, behavioral analytics determines if exhibited behavior is expected and legitimate, or suspicious. Somewhere between login and logout a criminal will do something unexpected or abnormal, at which point ACH ODFI & RDFI Fraud Detection will issue an alert and the institution can intervene before the money is gone.
Our solution also addresses the second FFIEC expectation, detecting when administrative roles are being tampered with, such as creating new users, changing passwords, or revising payment authorization roles or limits.
Our customers report that the fraud prevention portion of their audits go very smoothly when the examiner learns that they have ACH ODFI & RDFI Fraud Detection in place. One of our customers offered, “Guardian Analytics’ ACH ODFI & RDFI Fraud Detection is paramount in providing required security measures and fulfilling compliance requirements.”
BSA/AML legislation includes requirements to monitor for and report suspicious payments. This includes outgoing payments, but also in-bound payments, such as ACH receiving files. A specific example that likely is just around the corner is fraudulent tax refunds that show up as in-bound credits. Financial institutions are required to be on the lookout for and report these and any other suspicious payments.
ACH ODFI & RDFI Fraud Detection models payment activity to detect unusual or unexpected credits and debits in both origination and receiving files. We model the behavior of both the originator and the receiver, plus the historical relationship between the two, such as if an account holder has only received ACH payments from local originators, and then one shows up from across the country or overseas.
Enhancing compliance is only one contributor to high-level strategic value delivered by ACH ODFI & RDFI Fraud Detection.