Investigation Methodology in Today’s Banking...
Transcript of Investigation Methodology in Today’s Banking...
INVESTIGATION METHODOLOGY
IN TODAY’S BANKING ENVIRONMENT
John Bree
Former Managing Director
Deutsche Bank
United States of America
May 12, 2017
FBI investigation continues into 'odd' computer
link between Russian bank and Trump
Organization
DEUTSCHE BANK’S $10-BILLION SCANDAL
How a scheme to help Russians secretly funnel money offshore unravelled.
New Investigation Names Wall Street Banks
Behind $3.8 Billion Dakota Access Pipeline
Wells Fargo shareholders call for a new, broader
probe into the bank's accounts scandal
A.T.F. Filled Secret Bank Account With Millions From Shadowy Cigarette Sales
Banks were colluding on forex deals while
South Africans fretted about a volatile
rand
Up to a dozen banks are reportedly investigating potential SWIFT breaches
The incidents are part of a larger trend of cybercriminals targeting financial institutions
directly instead of customers
Internal
Government
HackerClient
Organized Crime
BANK
Press
Compliance
Human
Resources
Law
Enforcement
Regulator……and all our new best
friends!
WE WILL DISCUSS
➢ The rapid increase in transaction velocity and structure
➢ Platforms
➢ Portals
➢ Devices
➢ Storage
➢ Outcomes of the previous tried and true methods
➢ The “Ws”
➢ The “Hs”
➢ The “Ps”
➢ Importance of the use of predictive analytics
➢ Trending
➢ Peer Comparison
➢ Cross Function Interaction…………………..better known as Collusion
➢ Avoid Surprises
BUT FIRST……………………………………….THE BASICS
Know the players
Establish internal and external relationships
Run Crisis Management like incident exercises
Have a Media and Public Relations process in place and tested
Keep your SME list current
Establish Strategic Partnerships with external experts
Keep NDAs and MSAs up to date
Understand the eDiscovery process
Device analysis and interrogation
FBI investigation continues into 'odd' computer
link between Russian bank and Trump
OrganizationDEUTSCHE BANK’S $10-BILLION SCANDAL
How a scheme to help Russians secretly funnel money offshore unravelled.
New Investigation Names Wall Street Banks
Behind $3.8 Billion Dakota Access Pipeline
Wells Fargo shareholders call for a new, broader
probe into the bank's accounts scandal
A.T.F. Filled Secret Bank Account With Millions From Shadowy Cigarette Sales
Banks were colluding on forex deals while
South Africans fretted about a volatile
rand
Up to a dozen banks are reportedly investigating potential SWIFT breaches
The incidents are part of a larger trend of cybercriminals targeting financial institutions
directly instead of customers
Remember these?
40 plus years has
taught me a
critical first step
VELOCITY ▫ DIVERSITY ▫ STRUCTURE ▫ AVAILABILITY ▫ LINKAGE➢ Cloud; Block Chain; PaaS; IoT; RPA; etc
➢ Know how and where data is processed and who are the senior managers
➢ Traditional Party-Counterparty settlement is changing
➢ A receiving party out of proof status has always been a critical element of the control environment and early warning signal
➢ We must have the capability to rapidly locate, assess and analyze both structured and unstructured data….Hadoop changed the world
➢ eDiscovery
➢ Written
➢ Spoken
➢ Transaction
➢ Physical
➢ Platforms and Systems are often shared and managed externally
➢ Portals
➢ Devices
➢ Storage
THE TRIED AND TRUE METHODS….STILL WORK➢ The “Ws”
➢ What? The incident without the emotion or excuses
➢ Where? Business/Unit/System/Application/Location
➢ When? Entire timeline
➢ Who? Direct and Indirect. Primary, Secondary, Tertiary. Collusion.
➢ Why? Motivation. Blackmail. Retribution. Political. Terrorism.
➢ The “Hs”
➢ How? Control Absence or Gap
➢ History? Has this occurred previously?
➢ Hear say? Separate the Facts from the Fantasy.
➢ The “Ps”
➢ Plan the Investigation and Research
➢ Peers?
➢ Previous mistake that was “cleared”. Testing the waters.
➢ Process. Document every step and result.
BEHAVIORAL ANALYTICS
Nothing new, we use it all the time………..
Web Searches………people have also viewed ____
Marketing………people have asked for _______
Sales………people who buy this also buy _______
Fraud detection
Credit Card misuse
Rouge trader activity
System logs
AVAILABLE INDICATORS
Clients
Locations
Incidents
Financial health
Media
Announcements
Regulatory Websites
Internal External Invoices
Volumes
Entitlements
Access requests
Errors & Omissions
Email & Text
Voice communication
LET’S EXPAND Invoices
Frequency
Change in cycle
Change in day of month
Format
Different information
Instructions
Change in receiver
Amount
Why did it change?
Why did it not change?
Tax
Expenses
Subcontractors?
INDICATORS……..
Volumes
Transaction change…..is the delta reasonable?
Entitlements
Is the monthly request within accepted tolerance?
Turnover?
Building Access and ID requests
Spike?
Emails
Change in Provider address
Increase or Decrease in traffic
EXTERNAL, PUBLIC INFORMATION
Clients
Does the provider have new clients? Counterparty?
Locations
Has the provider moved? Concentration?
Incidents
What, where, when, who, how?????????
Financial health
Stability; Change; Sustainability
Media
What’s the buzz?
Announcements
Growth; Merger; Acquisition; ……Indictment?
ANALYTICS
Indicator 1
Indicator 2
Indicator 3
Indicator 4
Indicator 5
Indicator 6
Indicator 7
Indicator 8
Indicator 9
F
I
L
T
E
R
ENGINE
V
A
L
I
D
A
T
I
O
N
Action
Escalation
Report
Action
Escalation
Report
Action
Escalation
Report
Action
Escalation
Report
Action
Escalation
Report
Indicator 10
Indicator N
PARAMETERS, TRIGGERS AND PATTERNS
Create parameters based on an assessment of past
ACCEPTABLE activity
Triggers can be static or relational
Remember, a delta can be either up or down
Patterns can be developed using historical indicator values
and creating a Pattern over a prior period..........6, 12,18 or 24
months
Be considerate of SEASONAL impact
Approved breach…..unique or parameter/trigger change?
PATTERNS CONTINUED
Patterns can also be created based on a validated
incident………loss/breach/failure
Do a look back and create a pattern based on previous
indicator values
Predictive Analytics uses a breach of ANY one or two indicator
triggers and generates an automatic assessment of all the
indicator values…………and then a match to a previously
verified pattern.
**********************************************
And don’t forget the importance of
R&CSA
CONTINUOUS ASSESSMENT AND ENHANCEMENT IS THE
KEY TO SUSTAINABILITY
Providers and
Consumers
Risks
End to End
Governance
Lifecycle
Management
Risk
parameters
Internal and
External data
Triggers
Pattern Matching
Risk & Control Assessment
PRODUCTS & PLATFORMS
Streamlined Third Party Assessments
Enhanced KYV and Due Diligence
Integrated Risk Analytics
Relationship Lifecycle Management
Activity Monitoring
Enhanced Surveillance with AI and ML
End to End TPM
Third Party IS Threat Detection
You have confirmed one of my theories:
I always end a presentation with more knowledge and ideas
than when I started.
Thank you for your time and participation!
John Bree
SVP & Partner
Neo Group Inc.