Link Cyber And Anti-Money Laundering Units, But Do Not Combine Them
Cyberattack last month against the Central Bank of Bangladesh, where hackers stole $ 81 million bank account in the Federal Reserve Bank of New York, and then blanked the funds has raised the debate in financial institutions US as cyber security and the fight against money laundering units should be merged to better fight against financial crime.
Although cybernetics and compliance units laundering money from banks and brokers must remain separate entities, efforts to share information between units must be in ascending ramp, possibly through cross-training selected members teams, officials high-level compliance, consultants and sources say law enforcement.
"While there should be some coordination, do not know they have to be in the same place," said Ellen Zimiles, director of global research and compliance at Navigate Consulting.
To date, banks have found "more effective" to cyber separate front and LMA said Rob Rowe, a lawyer for the American Bankers Association.
"This does not mean that the two areas of banks, particularly the larger institutions are separate," he said
A second approach to the study involves training officers AML compliance be professional ALD cyber able to access "some tools and websites in the dark web that allow them to exploit cybernetics in a way that analysts AML are generally not trained to to, "said the source, who, like other compliance officers interviewed for this article asked not to be identified because he was not authorized to speak publicly about the issue.
"They might have data on the rest of the team AML, they could do the training for the rest of your organization AML and explain how to use things for potential links and develop the integration model of cybernetics in AML" said.
While the first approach is less expensive, it may be of limited value, according to the source.
"Even if the data are available, how their AML team knows when the check? How do you know what type of data to see? What we do not know where their vulnerabilities are are leukemia if just log in and verify a database? Is need people who understand the intersection of the activities against money laundering and cyber "he said.
"You just need to know what to look for."
"I do not think they should merge, I just think they need to be coordinated," said the source. "The chief privacy should talk to the security chief of daily information is the protector of the front wall and keep the wall".
However, in the end, only the team AML will have to prepare and file activities and suspicious (SAR), which requires the Bank Secrecy Act (BSA), primary legislation against money laundering in the United States, that source.
"If the AML team did a survey and needs of IP addresses to understand something - someone uses our front end to do something you are not allowed to do - we take advantage of privacy and cybersecurity of these details," he said the fountain.
If cybernetics and AML were merged and a bank is hacked and the loss of millions of dollars, the bank could not only be sued by those who have lost money, but could be prosecuted for not having established an effective AML program, the source said.
"Such accusations have already begun," said the source, who declined to give further details.
Although cybernetics and compliance units laundering money from banks and brokers must remain separate entities, efforts to share information between units must be in ascending ramp, possibly through cross-training selected members teams, officials high-level compliance, consultants and sources say law enforcement.
"While there should be some coordination, do not know they have to be in the same place," said Ellen Zimiles, director of global research and compliance at Navigate Consulting.
To date, banks have found "more effective" to cyber separate front and LMA said Rob Rowe, a lawyer for the American Bankers Association.
"This does not mean that the two areas of banks, particularly the larger institutions are separate," he said
What greater coordination could be similar
A method to link more closely the LMA and cyber discussed at major banks is the creation of databases containing computer, such as names, email addresses, phone numbers and addresses IP data believed to be related to the "bad actors "LMA and allows query data, said a bank's compliance officer with a background in military intelligence.A second approach to the study involves training officers AML compliance be professional ALD cyber able to access "some tools and websites in the dark web that allow them to exploit cybernetics in a way that analysts AML are generally not trained to to, "said the source, who, like other compliance officers interviewed for this article asked not to be identified because he was not authorized to speak publicly about the issue.
"They might have data on the rest of the team AML, they could do the training for the rest of your organization AML and explain how to use things for potential links and develop the integration model of cybernetics in AML" said.
While the first approach is less expensive, it may be of limited value, according to the source.
"Even if the data are available, how their AML team knows when the check? How do you know what type of data to see? What we do not know where their vulnerabilities are are leukemia if just log in and verify a database? Is need people who understand the intersection of the activities against money laundering and cyber "he said.
Most cyber attacks are money, the source said.
"This is financial crime and money must flow somewhere, and it may not circulate through the institution that has experienced the flight, but it will be through others, as he in fact (the hack of the Central Bank Bangladesh). As an analyst of traditional AML I know that should these types of flows are potentially related to financial fraud? What is the signing of cybercrime think? "he said."You just need to know what to look for."
Potential links
agents privacy detailed in the departments of the Securities Industry AML professionals responsible for the repression of crimes where "someone saw something that was not supposed to do", you can connect cybersecurity and the LMA, said a director compliance with the securities industry."I do not think they should merge, I just think they need to be coordinated," said the source. "The chief privacy should talk to the security chief of daily information is the protector of the front wall and keep the wall".
However, in the end, only the team AML will have to prepare and file activities and suspicious (SAR), which requires the Bank Secrecy Act (BSA), primary legislation against money laundering in the United States, that source.
"If the AML team did a survey and needs of IP addresses to understand something - someone uses our front end to do something you are not allowed to do - we take advantage of privacy and cybersecurity of these details," he said the fountain.
Keep separate AML and cyber - law enforcement officer
The combination of cybernetics and AML a financial institution "in a vulnerable position," an official from the application of federal law said.If cybernetics and AML were merged and a bank is hacked and the loss of millions of dollars, the bank could not only be sued by those who have lost money, but could be prosecuted for not having established an effective AML program, the source said.
"Such accusations have already begun," said the source, who declined to give further details.
Post a Comment