Imagine a miniature financial crime fighter in every router

It is well known that financial criminals are adept at finding the weakest link in a bank’s, or the banking systems, defence to attack. They can often do this by avoiding the immediate defensive measures in applications and getting transactions into the banks payments systems, even on a trusted network such as Swift. Once on the network, criminals have a window of opportunity. There may be a few additional checks beyond applications, but other than the entry points, a large part of the crime intelligence is located centrally in institutions. These central checks will typically happen as a batch at the end of the day, or later … potentially too late. So, one of the main challenges that banks face in tackling fraud and crime beyond tightening application security is being able to deploy pragmatic defence measures to address this gap.

To date, real time finCrime checks across a network have been difficult to implement other than on a restricted application basis. However, with the advent of web technology advances and some innovative thinking there is a new possible approach. If we consider a major bank or other financial institution as a large network of devices, we can see there are parallels with the internet of things (IoT). However, the challenge is that from a fraud or financial crime fighting perspective most of those things are relatively dumb. So what if a router (or indeed an ATM or other device on the banks network) knew just enough about finCrime that it was able to identify a suspect transaction before it sent it to a system. In this way they would act as a miniature crime fighter.

Building this type of behaviour into the network independent of major applications is now possible using new IoT software that allows the distribution of intelligence across a major network. This could be programmed to detect suspicious behaviour from the data, or patterns of data, passing across it and then block, delay or flag suspicious behaviour in a flexible way. The exact mechanisms would vary from financial institution to institution but would likely have the following advantages:

-          Earlier/real-time detection of suspect activity – no waiting for end of day/batch cycles

-          Increased efficiency – flagging suspect activity prior to further checks should lead to optimisation, i.e. prioritising the activities such as transactions fitting patterns of potential AML or Sanctions breaches which are more likely to require investigation

-          More ability to check in context/place – the earlier in the cycle and closer to the transaction that suspicion is raised, the more likely additional information can be sought and criminals identified/detained

-          Reduced application vulnerability – a fraudster can plan to hack a single generating application and exploit one loophole to achieve their aims. The overall task then becomes significantly more difficult if they also have to compromise a number of network devices

-          Distributed processing – reducing the burden on the central processing checks where processing optimisation has particular challenges

There are obviously limitations to what an intelligent network could, or indeed should, do. For example, the full finCrime rule set should not be embedded in the network – criminals would then attempt to get their hands on the exact checks by stealing a physical network component. They could then decode the rules and modify their behaviour to better avoid detection – e.g. sending through transactions just below test thresholds. Also, there are limitations on how much can be done efficiently at the network component level. However, we are now seeing innovative institutions adding this finTech weapon to their arsenal and making the criminal’s task significantly harder.