Data analysis: Reduce the risk of financial crime
TIMELY and effective analysis of data is key to reducing the risk of financial crime, according to executives from Fiserv Inc., a global provider of payment and financial services technology solutions.
The security of financial information is an important worldwide issue with increasing local impact. According to data from the Philippine National Police-Anti Cybercrime Group, cybercrime cases in the country increased by 80 percent in 2018. And efforts continue towards the implementation of the National Cybersecurity Plan 2022, which is meant to protect the country’s infrastructures, as well as its citizens, from various internetrelated threats.
Ensuring data accuracy, integrity and lineage requires collaboration between multiple parties within a business, including the CFO, chief risk officer, technology and compliance teams. Fiserv outlined how these three data requirements could be supported in these five steps:
This critical first step determines what data is needed to assess the risk of financial crime. Objectives have to be documented and the risks defined, so one could hone in on the data that is relevant to the task. Then, it is important to choose the right technique to obtain data, whether in real time, in batches of updates, or from third parties. Once these evaluations are complete, the data plan has to be documented, allowing for contingencies in case products and services or attack vectors change over time.
Next, determine what data is already available, and if it needs to be enhanced. For instance, a bank account holder may need to be validated as being the same owner of a phone number used to initiate a mobile transaction, ensuring both are the same person before a transaction is processed. This is particularly important because with today’s global supply chains, initial suppliers could be obscured, and no business wants to find their money has been flowing back to a sanctioned company.
This step ensures that data is accurate and in a form that could be readily analyzed. It includes the necessary process of data de-duping, or eliminating possible overlapping copies of the same file, so they do not skew results. Data controls should be put in place to make sure all needed data is included, and all excluded data is documented.
Once processes are established, they need to be documented so they are well understood and so checks and balances could be implemented as needed. This includes establishing default values for missing data and determining when escalations could be triggered.
Testing ensures that the data that is expected compares to that which is observed. Activation includes the implementation of a change control process that allows for new sources, new data, and new or updated regulatory requirements to be incorporated. Maintenance includes ongoing fine tuning, to identify and address at the source any alerts stemming from bad data, and to continue enhancing the program through ongoing reviews and validation.