10:49 PM
Connect Directly

CSI: Financial Services

Survey reveals global banks taking responsibility for AML.

Okay, maybe it's not the stuff of television drama. But banks nonetheless face real-life struggles when examining their internal systems for evidence of crimes such as money laundering, embezzlement and the financing of terrorist activities.

Since financial forensics involves deep experience and skill in the fields of law, technology, investigations, accounting and data management, it's a task often left to specialists such as Ellen S. Zimiles, who heads KPMG's (New York) forensic practice for the U.S. financial services industry.

For the most part, banks simply cannot afford to build an internal forensic research squad with a similar level of depth. "They may have some forensic people, but oftentimes it's left to security, internal audit or legal," Zimiles says. "They may have some of the pieces, but really not all of the pieces."

But bankers can take a more proactive role in preventing problems from occurring in the first place and discovering suspicious activity as it happens. Based on a recent survey commissioned by KPMG, bankers are taking their role to heart. The survey elicited the feedback of 209 banks in 41 countries on their responses to the growing level of anti-money laundering (AML) regulations, legislation and enforcement efforts. The results indicate that AML has become a high-level issue, with increasing management awareness of the reputational risks involved with failure.

Although banks are facing up to their responsibilities, it's an expensive proposition. Over the past three years, the average increase in AML investment has been 61 percent, according to the survey, with the most expensive item being transaction monitoring. Required by law in the U.S., transaction monitoring has also been adopted by 82 percent of respondents in the Asia-Pacific region. But Zimiles doubts that firms are universally using the most advanced approaches. "Is it really looking at every transaction through an automated monitoring tool?" she asks. "They may say, 'I do transaction monitoring,' but we don't know how much they really do."

Indeed, transaction monitoring involves a complex implementation of new systems and processes. "The case management system is as important as the monitoring system itself," Zimiles notes. "What you do with it when you find a problem, from a regulatory view, is just as important or more important than finding it in the first place."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.