Security and Compliance in the Interconnected Age – Webinar

*Disclosure: Banking.com is powered by Digital Insight

 

The Internet of Everything (IoE) is here, and with it your users will be connecting within a new online ecosystem of devices, networks and services. But with the new interconnected age of IoE comes new risks for cyber attacks and other fraudulent activity. How are you protecting your customers?

On  Tuesday, June 24th, Digital Insight will host a free webinar,  “Security and Compliance in the Interconnected Age,” as part of their 2014 Momentum Webinar Series.

The webinar will include insights on optimizing the benefit of your mobile channel and help you:

  • Learn about best practices for maintaining security and privacy across the interconnected ecosystem.
  • Rethink about maintaining compliance with FFIEC layered-security requirements.
  • Understand the types of tools you need to avoid a cyber attack and mitigate fraudulent activity.

Do you know what you need to keep your end users protected? Join Digital Insight for the second segment in our 2014 Momentum Webinar Series as we take a dive into security and compliance in this new era of banking. We’ll be attending, following along and sharing insights via Twitter with the hashtag #DICompliance.

You can register for the webinar by clicking the image below. See you there!

DI Webinar Banner_June

 

 

Bribery, Corruption, Money Laundering: Banks in the Crosshairs, Part 2

This is Part 2 of a two-part series from FTI Consulting. Read the first part here.

Governments and regulatory bodies increasingly expect financial institutions to man the front lines in the war against international corruption and bribery, levying significant fines against banks that have been used by criminals or have conducted business with sanctioned regimes. To survive in this environment, firms must up their game by implementing risk-based controls to account for both front-end client acquisition and back-end transaction risks.

This effort must be led from the top. Senior management must set the tone and be fully engaged in building the internal controls that can make their organizations less vulnerable both to missteps and the depredations of criminals.

However, given the complexities of global finance, and the cunning of criminals, these defenses need to be risk-based, with the institution’s finite resources devoted appropriately to businesses and jurisdictions with inherently higher risk profiles or weaker control environments.

Mitigating client risk
Client-onboarding rules and processes more be made rigorous before accounts are activated. This requires assessments that can indentify:

  • Politically exposed persons.
  • People with criminal backgrounds or connections.
  • People conducting business in sketchy jurisdictions and geographies.
  • Individuals acting as proxies for hidden players.

Criminals are continually changing their strategies, using opaque structures to hide the true sources and destinations of funds. It is therefore critical to employ experienced investigators to establish the identities of high-risk individuals and entities, especially when they come from countries where this data is difficult to verify.

Mitigating transaction risk
Banks should deploy technologies to filter suspicious transactions. There is a vast array of commercially available tools that can flag unacceptable transactions (such as identifying sanctioned country codes on transfer receipts). They can trigger alerts and automate watch lists for suspicious persons and transactions, and can also produce reports that are critical when an institution finds itself in the regulator’s crosshairs. But all these tools are only as good as the people who use them. Firms must acquire skilled staff to fine-tune the systems as well as to assess and act upon the alerts and reports they produce.

Taking these actions is a statement of good faith. Using up-to-date processes and tools, and staffing the risk-management function as diligently as possible will make regulators less inclined to punish firms that make the occasional, unavoidable mistake.

It’s Never That Simple
Because it’s nearly impossible to define the scope of the problem – that is, how much money is being laundered or moved around the globe by criminals and terrorists – it is hard for institutions to measure the effectiveness of their programs or assign an ROI to their investments. Consequently, they should be measured by what doesn’t happen – fines, reputational damage, remediation costs, and lost business – not what does.

Ultimately, it is unrealistic to think that the financial industry can take on the bad guys by itself. One hopes that the future will bring greater levels of cooperation between governments and the financial sector. Ultimately, that’s the only way to de-fund criminal interests, terrorists, and others who would seek to sabotage the world’s financial system and use it to further their own anti-social ends.

 

Peter Brooke and Christine Moran are Managing Directors in the Governance, Risk and Regulation team at FTI Consulting, based in London.

Peter Brooke is an experienced Risk and Regulation Consultant at FTI Consulting, based in London. With a unique blend of in-house and consulting experience, Mr Brooke has worked in financial services for more than 24 years.

As a highly experienced Group Head of Compliance, Christine Moran is an energetic consultant at FTI Consulting. Based in London, Ms. Moran has a highly collaborative, grounded and commercial approach. She has a proven track record of building enhanced and effective compliance and regulatory risk arrangements in both retail and institutional businesses.

Social Media Regulation – Part II: Creating Your Social Media Policy

This is Part II of a two part post on American Banker’s “Banking Regulatory Update: New Social Media Rules” webinar. You can view Part I here.

Last week, the Banking.com team sat in on American Banker’s webinar, “Banking Regulatory Update: New Social Media Rules,” which detailed the current policies around social media use by financial institutions. Moderated by American Banker’s own Penny Crosman, the panel of presenters included:

Much of the content of the webinar dissected the implications of the FFIEC’s proposed guidance and how financial institutions can comply. As regulators are looking for feedback on the guidelines by March 23, we spoke to Carl Pry, Senior Director, Treliant Risk Advisors, to hear how FIs are currently reacting to the guidance.

 

Q: What have you seen as the number one risk management issue for financial institutions on social? Can you elaborate on a way to avoid this situation?

The most critical risk management issue for banks regarding social media is the lack of awareness and oversight. Many institutions are taking a wait-and-see approach when it comes to social media, to their detriment. Institutions that don’t address this issue in the present are missing an opportunity to connect with a demographic we all want to reach: the young and technologically capable. But the risk comes when taking a hands-off approach results in the illusion that the institution is simply not participating in social media. Chances are that you are – your employees are – using social media every day. Without a clear social media policy and procedures, without guidelines on what can and cannot be said, you may be violating certain laws and regulations without even knowing it.

Avoiding this situation means getting ahead of the curve by formulating and implementing clear company-wide policies and procedures addressing social media. They should be comprehensive and deal with both company and employee usage of social media. Also, set clear guidelines for consumers and your customers who utilized your bank’s social media sites, as well.

Q: Do you think banks and credit unions should use Twitter and Facebook as customer service channels at all? Why?

Absolutely, although within limits. These are channels your customers are already using in their everyday lives, so why ignore them? They have the advantage of providing more immediate responses than snail mail, that’s for sure. But be aware of the limitations of social media, such as the 140-character limit of Twitter. Can you say what you want to say within 140 characters? For customer service usage, also understand what different social media sites do. You might not want to broadcast specific responses to the masses. Know the way these channels operate and coordinate your responses accordingly.

Q: Do you have any tips for HR policies or training for employees using social media?

Most importantly, make clear to employees what the parameters of usage are. Not how much time they spend on social media, but content of postings. If an employee is posting anything on behalf of the bank, make sure it is subject to the same control and review mechanisms you’d employ for any other sort of communication (such as email). But also be clear as to the expectations of employees posting things on their own accounts regarding their employment or the institution’s products and services. They should know the limits of what not to say, and that if they discuss the bank’s business, all appropriate legal and compliance requirements likely apply.

 

To hear more, check out Part I and our interview with Penny Crosman, editor in chief of Bank Technology News and technology editor of American Banker who shared her thoughts on banks adapting to new guidelines and regulation.