TRENDING:

Case Study: AML, Fraud Integration

CapOne Says Regulatory and Risk Benefits Are 'Priceless' Tracy Kitten (FraudBlogger) • October 17, 2011    
Case Study: AML, Fraud Integration
Streamlining technology and integrating infrastructures are significant challenges for growing organizations. And for $71 billion Capital One Bank, rapid growth - brought on by mergers and acquisitions - created concerns about the best ways to approach risk management.

In particular, the bank's security leaders worried about suspicious activity reporting and ongoing compliance with regulatory mandates outlined by the Bank Secrecy Act and the U.S. Patriot Act.

George Kunkel, head of anti-money laundering operations for Capital One, says the bank found itself in need of an improved way to apply consistent investigation processes and controls to its fraud and AML surveillance programs.

"We definitely understand the benefits of the intelligence concept unit and the sharing of investigation work," Kunkel says. "There is a very blurred line between AML and fraud," so the notion of leveraging past work, which may have been completed by AML or fraud departments, only makes sense.

In 2008, Capital One spearheaded an effort to adopt a more intelligent concept, one that would allow it to integrate fraud and AML investigation activity into a single platform.

The results? Capital One was able to:

  • Cut its AML and fraud staff by 20 percent;
  • Develop a system that allows all SARs to be filed through a single source;
  • Maintain an infrastructure that allows Capital One's various fraud departments to retain certain levels of autonomy.

But the bank faced some challenges first.

The Hurdles

Capital One has numerous fraud-detection departments, and the bank did not want to merge them all. And while the bank wanted to streamline processes and controls for AML and fraud, it also wanted to allow each investigative unit to make decisions about its own technology.

"We have a federated financial approach," Kunkel says. "Our fraud units are deeply embedded in their units, where our AML unit is a horizontal unit that spans our whole enterprise. And we've decided not to change that. Rather than trying to convince the businesses what they need to do, we let them decide."

Regardless of how a business unit detects fraud, once a fraudulent event has been confirmed, Capital One's infrastructure allows that information to be integrated into the view the AML unit develops.

"One of the key differentiators for the fraud and AML solution was to make sure we could leverage the infrastructure we had already deployed for AML over four years," Kunkel says. "By doing that, the cost savings were big," allowing Capital One to significantly reduce IT staffing expenses.

The Results

Capital One chose to work with NICE Actimize, because the solutions package included options that the various fraud units could pick up and invest in over time.

"Given our federated approach, we did not have technology challenges, but as we brought each fraud unit into using our case management solution, we just had to get them used to working with it," Kunkel says.

Capital One now has a single quality assurance team that looks at all SARs before they go out the door, and the bank only maintains a single central filing point with the Financial Crimes Enforcement Network.

"We are very keen on the quality of our SARS," Kunkel says. "So, regardless of how the suspicious activity or the fraudulent activity is detected across the enterprise, all SARS are now filed through a central AML unit."

The bank also reduced its staff dedicated to fraud and AML by 20 percent. "The notion of having all of the data in one place to do testing and reporting has made the difference," Kunkel says. "And having a good, quality program that puts out a good quality SAR product, I would put in the category of priceless."

Integration, however does take time. For Capital One, the process took about three years. But a great deal of such an initiative depends on the complexity of the solution and the end goal.

Consistency in processes is the overall objective. "Consolidating into a single system helps coverage," says NICE Actimize AML expert Tony Wicks. "I think we're just seeing a general approach of integration, like Capital One is doing. What is key or critical is that you have so many different information silos, they may relate to crime or risk or AML in isolation. To integrate all of that allows for more information sharing. And that can lead to significant business efficiencies."

Lessons Learned

Asked what advice he would offer to other institutions looking to integrate fraud and AML, Kunkel says "Rely on a good partner."

"You need a vendor there, supporting the platform on an ongoing basis," he says. "It's challenging enough to make upgrades with one vendor, and if you had to do that with more than one vendor, it would be exponentially tougher."

Wicks adds that it is important to focus on some victories along the way - not just the end goal. "Rather than going to some big bang rollout across the entire institution, you are getting more benefits from quick key wins," Wicks says. "Once you have those quick wins, then you can start rollouts to further areas."

For Capital One, the implementation of common processes and controls has been the most significant advantage - and that should become an objective for which other institutions can strive. "You still have to spend the money on the technologies, regardless," Kunkel says. "I think our hybrid approach makes sense."

Previous
Arrest Made in BofA Skimming
Next
Breaches Serve as Wake-Up Call for Risk Mgt.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.