These materials are © 2015 John Wiley & Sons, Inc. … › 2017 › 01 › ...These materials are 1 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthoried use is

These materials are © 2015 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.

http://www.verafin.com


by Amanda Karttunen and Rae Lynn O’Keefe

FRAMLx

Verafin Special Edition


FRAMLx For Dummies®, Verafin Special Edition

Published by John Wiley & Sons, Inc. 111 River St. Hoboken, NJ 07030‐5774 www.wiley.com

Copyright © 2015 by John Wiley & Sons, Inc., Hoboken, New Jersey

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748‐6011, fax (201) 748‐6008, or online at http://www.wiley.com/go/permissions.

Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc., and/or its affiliates in the United States and other countries, and may not be used without written permission. Verafin, the Verafin logo, and FRAMLx are trademarks or registered trademarks of Verafin Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services, or how to create a custom For Dummies book for your business or organization, please contact our Business Development Department in the U.S. at 877‐409‐4177, contact [email protected], or visit www.wiley.com/go/custompub. For information about licensing the For Dummies brand for products or services, contact BrandedRights&[email protected].

ISBN 978‐1‐119‐11243‐3 (pbk); ISBN 978‐1‐119‐11227‐3 (ebk)

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

Publisher’s AcknowledgmentsSome of the people who helped bring this book to market include the following:

Development Editor: Jennifer Bingham

Project Editor: Jennifer Bingham

Editorial Manager: Rev Mengle

Business Development Representative: Christiane Cormier

http://www.wiley.com

http://www.wiley.com/go/permissions

mailto:[email protected]

http://www.wiley.com/go/custompub

mailto:BrandedRights&[email protected]


Contents at a GlanceIntroduction .................................................................. 1About This Book ............................................................1Icons Used in This Book ................................................2Beyond the Book ............................................................2

Chapter 1: Introduction to FRAMLx .......................... 3Introducing FRAMLx ......................................................3Suspicious Activity Detection Challenges ..................5

Chapter 2: Cross‐Institutional Analysis ................... 7How Transactions Are Analyzed at Your FI ................7Why You Need Cross‐Institutional Analysis ...............8Collective Data ...............................................................9Connecting the Dots ....................................................10What Are Verafin’s Advanced Analytics? .................13

Behavior‐based analytics ......................................14Fuzzy logic ...............................................................14Recognizing patterns .............................................16

FRAMLx: Analytics to Help You See More ................16Link analysis ............................................................16Genetic algorithms .................................................17

Chapter 3: FRAMLx: Powered by the Verafin Cloud .............................................................. 19Introducing the Verafin Cloud ....................................19Security .........................................................................20

iv


Privacy...........................................................................22Industry Best Practices and Regulations ..................22

FFIEC ........................................................................23SOC 2 ........................................................................23

Advantages of the Verafin Cloud ...............................24

Chapter 4: Information Sharing: 314(b) Safe Harbor ..................................................... 27Examining the USA PATRIOT Act and

Section 314(b) ............................................................28Participating in Information Sharing .........................29Who Can Participate in Voluntary 314(b)

Information Sharing?.................................................30What Are You Allowed to Share under

Safe Harbor? ...............................................................30

Chapter 5: FRAMLx Detection Examples ............... 35Cash Deposits across Multiple Institutions ..............36Common Wire Receiver ..............................................38Presentation of the Same Check at Multiple

Institutions .................................................................40Shared Watch List ........................................................41High Cash Turnover Spanning Multiple

Institutions .................................................................43Criminals Who Repeat Crimes at Different FIs .........45Common Point of Transactions (CPT) ......................46Understanding Verafin Alerts .....................................48How FRAMLx Alerts Catch Cross‐Institutional

Suspicious Activity....................................................48

v


Chapter 6: Eight Benefits of FRAMLx ..................... 51FRAMLx Expands the Benefits of FRAML ..................51The More Data You Have, the Better the Picture ....52FRAMLx Alerts ..............................................................52Collaborative Investigation Process ..........................53A Holistic View of Customers .....................................53Enhanced Reporting ....................................................54Loss Prevention ...........................................................55Strengthened Monitoring, Investigation,

and Reporting ............................................................55

vi



Introduction

I n today’s evolving financial landscape, criminals are getting smarter. They take advantage of smaller and

siloed community banks and credit unions to conceal their illegal activity. To get a better view of the custom-ers inside their own walls, institutions have taken the beneficial first step of consolidating their fraud detec-tion and anti‐money laundering efforts. However, crimi-nals have moved to using multiple institutions to hide their suspicious activity. And the individual financial institutions (FIs) often have a limited view of customer activity outside of their own institutions, so insight into cross‐institutional activity is incredibly helpful.

About This BookThis book introduces you to Verafin’s FRAMLx technol-ogy, which is a new way for smaller FIs to work together to detect criminal activity. FRAMLx strength-ens your monitoring, investigations, and reporting. By providing alerts that can help start a conversation, FRAMLx facilitates a collaborative approach to your investigation process and enhances your reporting capabilities. When you take advantage of 314(b) infor-mation sharing, you gain the capability to see a holistic view of your customers. When you know your custom-ers better and are aware of their activity outside of your financial institution, you can put together some of

2


the pieces of their activity that were previously missing and make more informed decisions.

This proactive monitoring and insight into customer behavior and activity can help mitigate losses. By using FRAMLx, you automatically become part of a greater collaboration network. In the fight against money laundering, terrorism, and the fraud tied to these criminal offenses, the cross‐institutional analysis and information sharing provided by FRAMLx can help you stay a step ahead.

Icons Used in This BookThis book uses the following icons to call your attention to information you may find helpful in particular ways.

The information marked by this icon is impor-tant. It helps you easily spot noteworthy information.

This icon points out extra‐helpful information.

Paragraphs marked with the Warning icon call attention to common pitfalls that you may encounter.

You might be able to get by without the tech-nical details next to this icon, but you still might find them quite interesting.

Beyond the BookYou can find additional information about FRAMLx by visiting http://verafin.com/framlx.

http://verafin.com/framlx


Introduction to FRAMLx

In This Chapter ▶ Defining FRAMLx ▶ Understanding detection challenges for suspicious activity

A single financial institution (FI) is often limited to the information that is presented at its organiza-

tion. It knows about customer activity at its location and can easily investigate the transactions that occur there. However, this view doesn’t show an institution the full picture, because customers often conduct activ-ity at more than one institution. Due to a limited set of data, single FIs may have a narrow investigative scope.

This chapter introduces you to FRAMLx, which is a way to expand analysis beyond the four walls of FIs into a broader network so that suspicious activity across multiple FIs can be detected and investigated.

Introducing FRAMLxFRAMLx is a new way to detect fraud and money laundering. It expands the limited view of a single

Chapter 1

4


institution and detects patterns of activity across two or more FIs.

Enabled by the Verafin Cloud, FRAMLx uses advanced cross‐institutional analysis on billions of transactions and identifies potential suspicious activity, which would otherwise be missed at a single institution.

FRAMLx enables collaboration among participating FIs through the safe harbor provided in Section 314(b) of the USA PATRIOT Act, which will strengthen your monitoring, investigations, and reporting. For more on collaboration and information sharing, see Chapter 4.

FRAMLx allows you to keep an eye on evolving financial crime — from a money launderer structuring cash deposits at two or more institutions to sophisticated fraud rings.

FRAMLx evolved from FRAML, which is a con-solidated approach to fraud detection and anti‐money laundering within your own FI. The two criminal activities often go hand‐in‐hand, so combining your internal investigations makes sense.

FRAML includes three key components:

✓ People: Cross‐training individuals at your FI to understand each other’s roles and to increase awareness around the different stages of the sus-picious activity life cycle (prevention, detection, investigation, reporting, and recovery).

✓ Processes: Merging crime fighting endeavors to address financial crime at every stage of the sus-picious activity life cycle — from initial detection and alert generation, to investigation, reporting, and monitoring.

5


✓ Technology: Facilitating workflow with a central repository for customer data, investigation, and compliance efforts.

To learn more about FRAML, visit www.verafin.com to receive your complimentary copy of FRAML For Dummies, Verafin Limited Edition.

By looking across multiple FIs, FRAMLx extends the three components of FRAML (people, processes, and technology). You can work with experts at other institutions to gain a holistic view of your customers and you can strengthen your investigations and reporting. FRAMLx can help you detect more suspicious activity by analyzing data from multiple institu-tions. The Verafin Cloud provides the technol-ogy for improved and advanced analytics that can highlight activity that spans multiple institutions.

Suspicious Activity Detection ChallengesYou know what your customers are doing at your insti-tution, but wouldn’t it be beneficial to know about their financial activity at other institutions?

For example, here are some questions you can ask:

✓ Do you know if your customer is structuring cash deposits across multiple institutions to avoid reporting?


6


✓ Do you know if your customer is presenting a counterfeit check more than once?

✓ Are your customers sending or receiving wires that are funded by illegal activity?

It’s hard to answer these questions when you can only see your own institution’s data.

Some of you are taking advantage of 314(b) informa-tion sharing to collaborate and investigate activity over the phone or via email. Others are already work-ing together to answer these questions by forming compliance groups, in which all members have notified FinCEN to use 314(b), to discuss local activity. This manual process takes time and effort, and sometimes a little bit of luck.

Verafin helps take what you’re doing today and applies technology and advanced analyt-ics to elevate it further with FRAMLx. Using cross‐institutional analysis and 314(b) infor-mation sharing, FRAMLx helps you collaborate by providing contact information for other FIs in alerts so you can quickly investigate customer activity.


Cross‐Institutional Analysis

In This Chapter ▶ Analyzing transactions at your FI ▶ Understanding the power of cross‐institutional analysis

▶ Understanding Verafin’s advanced analytics ▶ Using FRAMLx analytics to see more

T his chapter discusses the benefits and building blocks of cross‐institutional analysis, which is the

basis for FRAMLx. It also goes over some of the analyt-ics that Verafin uses in the FRAMLx technology.

Large amounts of data and transactions are needed to perform Verafin’s advanced analytics. By analyzing more transactions and more data, complex patterns of suspicious activity become evident.

How Transactions Are Analyzed at Your FITo uncover suspicious activity at your financial institu-tion (FI), whether money laundering or fraud, the Verafin

Chapter 2

8


application reviews all transactions. It analyzes the transactions in the context of a customer’s past activ-ity, and compares the transactions against the custom-er’s established behavior patterns to determine whether anything seems out of the ordinary. For every transaction, Verafin asks, “Is this transaction normal and legitimate for this particular customer?”

When looking for money laundering, the flow of funds across all transaction channels (cash, wires, ACH, and so on) is analyzed and monitored to collect evidence and to produce a view of a customer’s activity. The direction of transactions (inbound and outbound) is also taken into consideration. When looking for fraud, transactions are compared to a wide range of fraud scenarios — from simple to complex. When assessing fraudulent activity, the context of who performs the transactions matters just as much as the transactions themselves.

To help your institution detect money launder-ing and fraud, Verafin generates risk‐scored, evidence‐supported alerts based on the analy-sis of customer transactions and data. The alert evidence helps provide the reasons why something is potentially suspicious. By moni-toring both transactions and demographic data, Verafin helps you gain a holistic view of a customer at your institution.

Why You Need Cross‐Institutional AnalysisWhat if your customer is banking at another FI? Do you know whether your customers have accounts at multi-ple institutions? How can you see what they’re doing?

9


And how do you know if their activity at your institu-tion is legitimate if you don’t have the full picture?

Here are a few examples:

✓ Beth has a personal account at your bank, Bank ABC. She also has another account at Bank XYZ for her small business. She opened the account at Bank XYZ because it was close to her business location, and it made night deposits easy for her staff. Has Beth shared the information about the business account with you?

✓ Robert has four accounts at four different credit unions. He could be using the accounts for normal, legitimate activity; however, having all these accounts could be Robert’s attempt to conceal suspicious or illegal activity. He may be making multiple cash deposits (that are just below the regulatory reporting threshold) at different institutions. Any single FI may be hard‐pressed to detect this cash structuring because investigators can only see what Robert is doing at their institu-tion. However, when you see a holistic view, you see what Robert is really doing.

Institutions should ask, how well do I really know this customer? Am I seeing all my customer’s activity or just a small slice of what he or she is doing?

This begs the question: What do you need to see the full picture of a customer’s activity and his or her transactions?

Collective DataYour customers (people and businesses), accounts, and transactions make up your institution’s data.

10


Data (both transactional and nontransactional) from multiple institutions is aggregated and analyzed by Verafin as a larger data set or sample set for the pur-pose of detecting patterns and linkages in the data. This data from multiple institutions is known as collec-tive data. Collective data gives an institution a larger financial intelligence footprint compared to the often limited view of your institution’s data set.

When combined, data and transactions from multiple FIs can be analyzed to look for suspicious activity span-ning institutions, and as a result can help detect money laundering, the proceeds to support terrorist financing, and fraudulent activity. The Verafin Cloud enables the analysis of collective data. For more information about the Verafin Cloud, see Chapter 3.

Connecting the DotsCross‐institutional analysis (the x in FRAMLx) takes transaction analysis, monitoring, and detection to the next level by looking at transactions for all institutions in a network (instead of just transactions occurring at a single FI). Because cross‐institutional analysis spans multiple FIs, it can uncover suspicious activity and pat-terns that could go undetected at a single institution. Figure 2-1 shows a network of FIs.

Detecting money laundering and fraud isn’t easy. It can be particularly hard for commu-nity banks or credit unions. Larger financial corporations (such as Tier 1 banks) are already part of a network because they have multiple institutions with more customers and daily transactions. It’s easier for such institu-tions to detect new trends and patterns of

11


Figure 2-1: A network of institutions.

12


activity because of the sheer volume of trans-actions and data that occur within their own networks on a daily basis.

For example, with the recent big‐box store card breaches, the larger Tier 1 banks likely knew when a terminal had been compromised and which of their customers were affected. Smaller FIs, on the other hand, may not know that a customer’s card has been skimmed until the customer calls to report activity in his account that he didn’t conduct.

Smaller community institutions often have a harder time detecting the trends and patterns of criminal activity because the data just isn’t available or the data set is too limited to detect potential suspicious activity. Larger FIs have a detection advantage — because of the volume of customers and transactions they deal with on a daily basis and because they’re already connected in a network.

By participating in cross‐institutional detection, smaller institutions can become part of a much larger network of FIs. The data and transactions can be ana-lyzed and monitored together to see if suspicious activ-ity can be detected and whether it spans multiple institutions. This analysis can help you detect when:

✓ One person is breaking up his activity across institutions

✓ Groups of people are working together to commit crime

Cross‐institutional analysis can uncover illegal activity (for example, structuring across institu-tions), and it can also help explain legitimate activity that (on its own) may look suspicious.

13


This broader analysis and view of transac-tional data can paint a clearer and fuller pic-ture of customer activity, which in turn can lead to more informed, efficient, and thorough investigations.

By analyzing the transactions and data of customers in the Verafin Cloud, patterns can be detected that no single FI would be able to see on its own. By being a part of this connected network of institutions in the Verafin Cloud, your detection capabilities are greatly expanded.

What Are Verafin’s Advanced Analytics?Verafin’s analytics use the latest advances in artificial intelligence, Bayesian belief networks, behavior‐based analytics, and pattern recognition when analyzing data drawn from all of an FI’s sources (both transactional and nontransactional).

Verafin analyzes information such as a custom-er’s age, occupation/industry, customer history, and expected activity when it examines that customer’s transactions. Verafin also examines customer behavior to determine whether a transaction is truly suspicious or normal and legitimate for that particular customer. Using a combination of fuzzy logic, artificial intelligence, and pattern recognition, the software creates an alert when the activity isn’t normal for the customer. The software rates the level of risk (for example, an 85 percent chance exists that Customer X is committing money laundering), and supplies the evidence behind this suspicion.

14


Behavior‐based analyticsBehavior‐based systems clarify the connections between your customers’ behaviors and the indicators of risk for suspicious activity. These systems formulate a degree of suspiciousness for a customer’s activity. For example, suppose you’re trying to determine whether a customer is structuring cash deposits because they fall just below the currency transaction report (CTR) threshold. Before issuing an alert, the system analyzes the available data using a combination of advanced analytics, which involve the following:

✓ Searching for excessive cash deposits. The system does this by determining whether the total cash deposited by a customer is excessive compared with her peer group.

✓ Calculating the risk of deposits just below the CTR reporting limit.

✓ Determining the frequency at which the deposits are made.

✓ Reviewing the number of locations used for the cash deposits.

Verafin’s robust analysis detects suspicious activity because behavior‐based systems pro-vide a detailed breakdown of the evidence used to generate the alert. Those responsible for reviewing alerts and investigating cases can better understand why the customer’s activity may be suspicious.

Fuzzy logicFuzzy logic offers a way to express uncertainty about the answer to a question like, “Is this customer’s

15


behavior suspicious?” Unlike rules, where the only choices are yes or no, fuzzy logic provides an answer based on probability, giving an infinite number of pos-sible answers ranging between yes and no.

Consider the following example: When asked if you expect it to rain today, applying fuzzy logic lets you answer with the probability of precipitation, ranging from 0 (no) to 100 (yes), with values in between repre-senting the relative certainty of your answer.

Here’s another example to see how fuzzy logic can help you fight financial crime. Imagine you want to track large wire transactions. With a rules‐based system, you could ask, “Has Sally conducted any wire transfers over $3,000 in the past two weeks?” You receive a yes or no answer, with no way to indicate the risk of transfers under the $3,000 threshold.

Perhaps she has made a wire transfer of $2,999. The rule misses the transaction by $1. In this situation, yes is 100 percent and no is 0 percent; therefore, you’re unable to determine that the transaction is very risky (likely 98 percent or 99 percent) because it’s presented as no risk (0 percent). To catch this, more rules are required.

Fuzzy logic offers more flexibility and provides a range of possibilities rather than an absolute value.

You could ask, “Has Sally conducted any large wire transfers in the past two weeks, where a large transfer is $3,000?” If Sally only conducted wire transfers under $1,000, then the answer would be an extremely low per-centage of risk. The risk percentage increases as the wire value increases toward $3,000. If she conducted a wire transfer of $3,000 or more, the risk is 100 percent.

16


Recognizing patternsBehavior‐based software analyzes a set of data that combines static information (such as address, indus-try/employment details, and financial information) with the metrics of a customer’s activity. This includes aver-age daily cash deposits, maximum monthly cash depos-its, total weekly transfers out, average frequency between transactions, and so on. Using this combina-tion of static data and customer activity helps you understand each customer’s pattern of behaviors.

With this approach, you can also compare members of peer groups (for example, customers with similar occu-pations or businesses in the same industry), which helps to identify unusual behavior. The patterns and regularities in data can help you detect anomalies.

FRAMLx: Analytics to Help You See MoreYou need technology and advanced analytics to look beyond a single institution and to link customers and transactions that span multiple institutions.

In order to see patterns across institutions, you need advanced analytics — such as pattern recognition, link analysis, and genetic algorithms. And you also need a way to connect or link institutions so their customers and their transactions can be analyzed under a collec-tive microscope.

Link analysisLink analysis is a data analysis technique used to evalu-ate relationships or connections between nodes

17


(objects). Relationships may be identified between var-ious types of nodes, including organizations, people, and transactions.

Link analysis creates a web of connections between nodes and focuses on the analysis of relationships between the nodes. It is used for three primary purposes:

✓ To find matches in data for known patterns of interest

✓ To find where patterns are broken

✓ To discover new patterns of interest

To help detect true patterns and connections, a large amount of data is needed for link analysis. With a larger data set, more patterns can be found and a larger web of connections can be uncovered.

For example, when analyzing data across institutions, some simple patterns that might be detected are:

✓ Customers sharing the same home address

✓ Customers working at the same business

✓ The same customer SSN at multiple institutions

✓ Customers who send money to the same person

Genetic algorithmsGenetic algorithms, a machine learning technique, are used to extract information from data. This data‐driven approach involves performing millions of tests and tun-ings of system parameters to detect suspicious activ-ity. These tuning iterations are then used to optimize and tweak the existing algorithms (or analytics) or to create new ones.

18


Over time, the best system tunings and parameters are retained to help detect more suspicious activity.

Verafin by the numbersAt time of publication (2015), Verafin was analyzing data from over 1,200 customers (with a collective asset size of over $600 billion) and 60 million transactions every day. This large data set enables Verafin to develop and keep iterating on FRAMLx analytics that are effective cross‐institutionally for users of the Verafin Cloud. With over 30,000 users logging into the Verafin Cloud every year, you also have the option to share information and collaborate with a large network of colleagues.


FRAMLx: Powered by the Verafin Cloud

In This Chapter ▶ Examining security ▶ Looking at privacy ▶ Industry best practices ▶ Seeing the advantages

T his chapter discusses the security and privacy measures that Verafin has put in place to secure

the Verafin Cloud. The chapter also takes a look at some industry guidelines. Finally, it walks you through the advantages the Verafin Cloud offers.

Introducing the Verafin CloudVerafin leverages cloud computing technology to per-form analysis on collective data. The Verafin Cloud is a secure solution that enables cross‐institutional analysis of billions of transactions. Data is combined in the Verafin Cloud and advanced detection analytics are run against that data. This combined data analysis identifies

Chapter 3

20


suspicious activity and patterns that might otherwise be missed or undetectable by a single institution.

The Verafin Cloud is a secure infrastructure for data storage and analysis, which provides on‐demand access to the Verafin application by authorized users. This solution assures confidentiality, processing integ-rity, security, and privacy of your institution’s data.

SecurityA cloud environment must include a comprehensive, end‐to‐end security policy — and practices that address physical and logical security. It must also include systems to prevent and detect breaches.

The Verafin Cloud environment provides secure data flow from the financial institution (FI) to the Verafin application and also protects data while it’s stored. Both encryption at rest and encryption in transit pro-tect the FI’s data. Continuous monitoring and backups of the data ensure that an institution’s data is both protected and available at all times.

✓ Encryption at rest: This feature protects your data where it is physically stored (that is, data that isn’t moving). The Verafin Cloud infrastruc-ture is maintained in a secured Tier IV Gold facil-ity where your data is encrypted and securely stored.

✓ Encryption in transit: This feature uses estab-lished, trusted channels and encryption technol-ogy for the data transfer. All file transfers to the Verafin Cloud use NIST‐certified secure file trans-fer encryption, teamed with Transport Layer Security (TLS) and Advanced Encryption Standard

21


(AES) 256‐bit encryption on trusted channels, and are protected by firewalls that are locked‐down to only authorized customer networks or environ-ments. Access to the Verafin application is facili-tated through secure HTTP (HTTPS) connections based on unique customer usernames and pass-words for authorized personnel only.

✓ 24x7x365 monitoring: The Verafin Cloud and its data are monitored 24/7/365, which ensures threat management is in place. An intrusion detec-tion system (IDS) and a security information event management (SIEM) system continuously monitor for anomalous activities.

✓ Backups and disaster recovery: In the event of an emergency or system failure, a cloud vendor should have a business continuity plan (BCP) and a separate disaster recovery plan (DRP). The BCP ensures that resources and information are avail-able to manage emergencies and to minimize dis-ruptions to critical business processes, and the DRP prioritizes the IT system restoration details. All data in the Verafin Cloud is regularly backed up to a disaster recovery (DR) environment. Data is replicated on an hourly and nightly basis between the production environment of the Verafin Cloud and the DR center (separate from the physical storage location of the production data). Verafin’s DRP outlines both the recovery time objective (RTO) and recovery point objective (RPO), and Verafin performs regular testing of this DRP to verify recovery times and the integrity of customer data.

22


PrivacyThe Verafin Cloud ensures the integrity and confidenti-ality of an FI’s data. Every FI in the Verafin Cloud has its own logically separated database instance that securely houses its data. That is, each FI has its own private portion of the Verafin Cloud that is exclusive to that institution and its data. This ensures only autho-rized individuals can access their FI’s data (including personal and business customers, accounts, and trans-actions) in the Verafin application.

Each institution owns its own data — Verafin simply analyzes the data in order to alert the institution of suspicious activity.

For privacy and confidentiality purposes, cloud envi-ronments must ensure that customer information is handled properly. Nonpublic personal information (NPPI) and consumer information must be protected in accordance with applicable laws. The Verafin Cloud has established controls that include a privacy policy to protect NPPI and consumer information as outlined in the Gramm‐Leach‐Bliley Act, applicable regulations, and relevant state and federals laws related to the pro-tection of personal information. The privacy policies are reviewed annually to ensure continued compliance with applicable legislation.

Industry Best Practices and RegulationsVerafin follows industry best practices and regulations. This section discusses them and explains a little bit about their history and why they’re in place.

23


FFIECIn 2004, the Federal Financial Institutions Examination Council (FFIEC) released guidance and examination procedures for Outsourcing Technology Services, and in 2012, released a public statement regarding Outsourced Cloud Computing. According to the FFIEC Outsourcing Technology Services booklet, “the ability to contract for technology services typically enables an institution to offer its customers enhanced services without the various expenses involved in owning the required tech-nology or maintaining the human capital required to deploy and operating it.”

These benefits aside, it’s important that an FI performs due diligence and risk assessment of an outsourced technology or cloud provider. Any cloud provider must meet the institution’s security policies, must be able to provide evi-dence of ongoing auditing and controls, and must meet legal and regulatory requirements for safeguarding information.

As per FFIEC guidelines, Verafin performs vendor due diligence to determine and mitigate identified risks.

SOC 2Service organization controls (SOCs) are a set of accounting standards that measure the control of financial information for a service organization. A SOC 2 is a report on the controls at a service organiza-tion, which is intended to evaluate an organization’s information systems as they relate to the five trust services principles (TSP) of security, availability, processing integrity, confidentiality, and privacy.

24


Most service organizations will have a SOC 2 report to assure that they have security con-trols in place.

Verafin performs a yearly independent SOC 2 audit and makes this report available to its customers.

Advantages of the Verafin CloudInstitutions that are part of the Verafin Cloud benefit from the following:

✓ Immediate access to new Verafin software releases/features and regulatory changes:

Institutions that are part of the Verafin Cloud receive software and regulatory updates in a seamless manner. The Verafin application is continuously released to provide updates such as the rollout of new features and services, user interface changes, back‐end analytics, and any required software maintenance. Timely regulatory changes and updates are also incorporated into product releases.

To stay ahead of industry dilemmas and emerging fraud and money laundering patterns, Verafin pro-tects you with the latest advancements in analyt-ics. In addition, FinCEN advisories are quickly incorporated into the Verafin application and rolled out to all customers in the Verafin Cloud.

✓ Less in‐house hardware and software to maintain and upgrade:

The Verafin Cloud lightens the load on your insti-tution’s IT department and reduces the capital investment in infrastructure. Updates are quickly

25


released in the Verafin Cloud without involving your IT department. The Verafin Cloud alleviates typical IT department maintenance tasks that are necessary to support in‐house software appli-cations and hardware equipment (such as soft-ware and hardware updates).

These continuous and quick updates help ensure your institution is compliant and that you can detect financial crime sooner.

✓ Proactive customer success monitoring:

Each institution has a dedicated customer suc-cess manager (CSM) who actively monitors the institution’s use of Verafin. The CSM ensures the FI is getting the maximum value from the application.

✓ Infrastructure for FRAMLx innovation:

In the Verafin Cloud, data from multiple institu-tions is analyzed and this information is used to develop new analytics (and to improve existing analytics) that can more accurately detect money laundering and new and emerging fraud trends.

FRAMLx and the Verafin Cloud give FIs the capa-bility to use advanced money laundering and fraud detection based on cross‐institutional analysis on nonpersonal aggregated data. For more information on cross‐institutional analysis, see Chapter 2.

By aggregating large volumes of transactions and data (processed from multiple institutions), cus-tomer activity and suspicious activity that spans FIs is made visible. Just by being in the Verafin Cloud, your institution becomes part of a network.

26


According to the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce, the community cloud infrastructure “is provisioned for exclusive use by a specific community of consumers from organiza-tions that have shared concerns.” In this case, the shared concern is detecting financial crime that spans multiple FIs. The technology and processing power of the Verafin Cloud provide better tools for cross‐institutional detection and information sharing.


Information Sharing: 314(b) Safe Harbor

In This Chapter ▶ Reviewing Section 314(b) of the USA PATRIOT Act ▶ Participating in information sharing ▶ Learning what can be shared under safe harbor

V erafin’s FRAMLx facilitates collaboration between financial institutions (FIs). If Verafin detects

suspicious cross‐institutional activity, a FRAMLx alert is generated and includes contact information for insti-tutions that have sent their 314(b) notification to FinCEN. When you are alerted to suspicious activity that spans FIs, you can start your collaborative investigation.

Information sharing is a key component of FRAMLx. Because it deals with sensitive information, informa-tion sharing is regulated by the Financial Crimes Enforcement Network (FinCEN) under Section 314(b) of the USA PATRIOT Act.

This chapter discusses the regulations that you must comply with if you share information. Some of this stuff

Chapter 4

28


gets pretty technical, but because it’s of great impor-tance, it needs to be covered!

Examining the USA PATRIOT Act and Section 314(b)In a nutshell, Section 314(b) of the USA PATRIOT Act provides FIs with the capability to share information with one another. It does so by providing a safe harbor that offers protections from liability in order to better identify and report potential money laundering or ter-rorist financing activities.

An FI can help itself stay compliant with regu-lations and help prevent losses by taking advantage of 314(b) information sharing. By learning about activity that is usually outside of an FI’s scope, the FI can gain valuable insight that is reflected in more robust reports, which have a positive cascading effect for law enforcement as a whole.

From helping compliance programs build a more defined and accurate picture of a customer’s activity to aiding in identifying money laundering and terrorist financing methods, participation has benefits.

Within the USA PATRIOT Act, both Section 314(a) and Section 314(b) are about information sharing. Section 314(a) contains procedures for information sharing between law enforcement and FIs “to identify, disrupt, and prevent money laundering and terrorist activity.” Section 314(a) is complemented by Section 314(b), which allows for voluntary

29


information sharing between FIs and associa-tions of FIs.

FRAMLxchange is an “association of FIs” under Section 314(b) of the USA PATRIOT Act and forms the backbone of the FRAMLx network. This association is comprised exclusively of FIs using Verafin and allows Verafin and member institutions to collaborate within the 314(b) safe harbor.

FinCEN published the Section 314(b) Fact Sheet to help you understand how to share information between FIs. To explain how Verafin’s FRAMLx technology uses 314(b), this chapter references information from FinCEN’s Fact Sheet.

For detailed information, see FinCEN’s website at www.fincen.gov/statutes_regs/ patriot/pdf/314bfactsheet.pdf.

Participating in Information SharingTo participate in information sharing through 314(b) safe harbor, FIs and associations of FIs must provide a notice to FinCEN. This notice is called Notification for Purposes of Section 314(b) of the USA PATRIOT Act and 31 CFR 1010.540. It requires nine pieces of identifying information, including:

✓ Name of the FI or association of FIs

✓ The FI’s Taxpayer Identification Number

✓ Primary federal regulator

✓ Financial institution mailing address

✓ Contact name

http://www.fincen.gov/statutes_regs/patriot/pdf/314bfactsheet.pdf

http://www.fincen.gov/statutes_regs/patriot/pdf/314bfactsheet.pdf

30


✓ Contact title

✓ Email address of contact

✓ Telephone number of contact

✓ Fax number of contact

After the form is complete, it can be sent via email or mailed directly to FinCEN.

FinCEN will send an acknowledgement of the notice via email within two business days. This acknowledgement includes details of 314(b) participation as well as the link and information required to access the most recent participant list. Information sharing terms last for one year from the date the notice is sent.

You can add multiple contacts at your FI, but each of them needs to send his or her own notice to FinCEN.

Who Can Participate in Voluntary 314(b) Information Sharing?Financial institutions subject to an anti‐money launder-ing program requirement under FinCEN regulations, and any association of such FIs, are eligible to share information under Section 314(b).

What Are You Allowed to Share under Safe Harbor?Safe harbor means protection under the law. Sharing information through 314(b) protects FIs from civil

31


liability and allows them to share information in conjunction with current laws. Information sharing involves an information request from one FI to another FI, usually via email or telephone. FIs may voluntarily choose whether or not to participate.

Before you share information, be sure to check out the latest participant list from FinCEN. It’s up to participating FIs to ensure the contacted FIs are also participants in 314(b) information sharing.

If your FI or association of FIs chooses to participate in 314(b), you must follow the implementing regulations of the Department of the Treasury. The Federal Financial Institutions Examination Council (FFIEC) states:

“If a FI receives such information from another FI, it must also limit use of the information and main-tain its security and confidentiality (31 CFR 1010.540(b)(4)). Such information may be used only to identify and, where appropriate, report on money laundering and terrorist activities; to deter-mine whether to establish or maintain an account; to engage in a transaction; or to assist in BSA com-pliance. The safe harbor does not extend to shar-ing of information across international borders. In addition, section 314(b) does not authorize a FI to share a SAR, nor does it permit the FI to disclose the existence or nonexistence of a SAR. If a FI shares information under section 314(b) about the subject of a prepared or filed SAR, the information shared should be limited to underlying transaction and customer information. A FI may use informa-tion obtained under section 314(b) to determine whether to file a SAR, but the intention to prepare

32


or file a SAR cannot be shared with another FI. Financial institutions should establish a process for determining when and if a SAR should be filed.

Actions taken pursuant to information obtained through the voluntary information sharing process do not affect a FI’s obligations to respond to any legal process. Additionally, actions taken in response to information obtained through the vol-untary information sharing process do not relieve a FI of its obligation to file a SAR and to immedi-ately notify law enforcement, if necessary, in accor-dance with all applicable laws and regulations.”

Be sure to follow the rules to avoid fines and civil liability.

During participation in 314(b) information sharing, FIs may share information with each other regarding indi-viduals, entities, organizations, and countries for the purposes of identifying, and, where appropriate, reporting activities that may involve possible terrorist activity or money laundering.

You’re probably wondering if this covers fraudulent activities.

Yes, 314(b) information sharing can include activity related to money laundering and terrorist financing activities, which have been compiled into a list of spec-ified unlawful activities (SUAs). SUAs include an array of fraudulent and other criminal activities.

If 314(b) information sharing participants suspect that transactions may involve the proceeds of SUAs under money laundering statutes, information related to such transactions can be shared under protection of the 314(b) safe harbor. SUA information can be shared, and

33


a full list can be found starting on page 201 of the PDF at www.justice.gov/criminal/foia/docs/ afstats06.pdf.

Verafin facilitates this information sharing process by producing alerts that display similar or related activity, and this includes another FI’s contact information so you know whom to contact. For more information about FRAMLx alert generation, see Chapter 5.

If your FI decides to file a SAR (after collaborating), make sure to mention that you used 314(b) information sharing in your SAR narrative.

The existence of a SAR or the intention to file a SAR can’t be shared.

When your FI decides to avail of 314(b) information sharing, you may need to make some changes at your FI.

Some new policies and procedures may be needed to ensure compliance with the regulations.

For example, you may need to update your BSA policy to include a 314(b) section. You will need to designate at least one contact person for information sharing and you need to make sure all employees are aware of who is the contact at your FI. You will also need to educate your employees about using 314(b) and protect your FI by setting up guidelines.

FIs and associations must also establish and maintain procedures to safeguard the security and confidential-ity of shared information, and must only use shared information for the purposes of:

✓ Identifying and, where appropriate, reporting on activities that may involve terrorist financing or money laundering

http://www.justice.gov/criminal/foia/docs/afstats06.pdf

http://www.justice.gov/criminal/foia/docs/afstats06.pdf

34


✓ Determining whether to establish or maintain an account, or to engage in a transaction

✓ Assisting in compliance with anti‐money launder-ing requirements

Checklist for 314(b) information sharing ✓ You must be an FI or an association of FIs.

✓ An individual at your FI or association must send a notice to FinCEN.

✓ Prior to sharing information, consult the 314(b) partici-pant list and ensure your point of contact is listed.

✓ When you share information, you must safeguard that information and use it only for anti‐money laundering and counter‐terrorism financing purposes.

✓ You may not disclose the existence of a SAR or the intent to file a SAR.


FRAMLx Detection Examples

In This Chapter ▶ Cash deposits across multiple institutions ▶ Common wire receivers ▶ Presenting the same counterfeit check at multiple institutions

▶ Shared watch lists ▶ High cash turnover spanning multiple institutions ▶ Repeating crimes at multiple institutions ▶ Common point of purchase ▶ FRAMLx alerts

T his chapter shows you some examples of how crimi-nals hide money laundering and fraudulent activities

using multiple institutions. These examples show how institutions that are part of a bigger network receive additional information related to their customers. The chapter wraps up with some information about how FRAMLx alerts actually work.

Chapter 5

36


Cash Deposits across Multiple InstitutionsRobert is a customer at Bank B and his bank profile indicates that he is an accountant at a popular, high‐end New York restaurant. This past week, Robert deposited $7,000 on Tuesday and another $8,000 on Friday at Bank B.

Elizabeth, the compliance officer at Bank B, is alerted by her AML software that $15,000 is a fairly high volume of cash deposits for an average week. She begins investigating the money laundering alert and reaches out to Robert, but with all the publicity and traffic the restaurant is getting, Robert can easily explain why the cash deposits are $15,000.

If Bank B had Verafin’s FRAMLx software, the money laundering alert could have included a notice that two other banks have seen similar activity on Robert (based on his SSN). Under 314(b), Elizabeth can reach out to the contacts at those other two banks. See Figure 5-1 for a visual of Robert’s transactions.

He made the following cash deposits early in the week:

✓ On Monday, $5,600 is deposited at Bank A.

✓ On Tuesday morning, $7,000 is deposited at Bank B.

✓ On Tuesday afternoon, he also made another $7,000 deposit at Bank C.

37


Figure 5-1: Robert has deposited a large amount of cash in different banks over a short period of time.

38


A few days later, Robert made a few more cash deposits:

✓ On Thursday, he deposited $1,900 at Bank A.

✓ On Friday, $8,000 is deposited at Bank B.

✓ Also on Friday, $3,000 is deposited at Bank C.

Together, the FIs realize that Robert’s activity spanned three institutions and totaled $32,500 in cash over six separate deposits in a single week. He split transac-tions ($11,000) on Friday across two banks to avoid the CTR reporting limit.

It turns out that Robert is the accountant for an illegal gambling group hidden in the restaurant. Robert is using multiple institutions to hide the money coming from his illegal gambling.

Common Wire ReceiverBank A has a case open on its customer, Jessica. The Compliance team is actively monitoring her activity because of the high number of wires being sent from her account. Jessica’s occupation is listed as waitress; however, it seems unlikely that a waitress would have income in line with the funds leaving her account.

The recipient of the wires, Joey, is a customer at Bank B.

Jenny (a customer of Bank C) deposits $4,000 and later, a $4,000 wire is sent from her account to Joey. See Figure 5-2.

After the wire is sent, Henry (the compliance officer at Bank C) gets a FRAMLx alert on Jenny. Henry wonders why he’s receiving an alert for the low volume of $4,000. The FRAMLx alert includes contact information

39


Figure 5-2: Common wire receiver.

40


for Banks A and B. Henry calls both Bank A and Bank B to find out more information. Bank A shares that Jessica seems very suspicious to them and that she has also sent a number of wires to Joey. When Henry chats with his colleagues, they discover that Joey is the common wire receiver and that he’s also receiving wires from a few other people. After chatting with his colleagues, Henry reviews the video logs for the date of Jenny’s $4,000 deposit and finds out it was actually a man who deposited the cash, not Jenny.

Without cross‐institutional analysis, these institutions would be unaware of this information.

These institutions can now ask:

✓ Who is sending money to Joey (in addition to Jenny and Jessica)?

✓ How and where are the individuals getting the money that they’re wiring to Joey?

✓ Who is the man in the video?

✓ How big is this network of wire senders?

✓ Where is the money going?

Presentation of the Same Check at Multiple InstitutionsTom has five copies of a counterfeit check for $400. On the same day, he goes to five different FIs in his area with the counterfeit checks. He plans to open an account and to deposit and cash the check at each FI. Typically, criminals pulling this scheme will attempt to withdraw some or all of the check amount before the checks

41


bounce. For example, if each FI accepts the check as valid, Tom can get $200 dollars from each check (as allowed under Regulation CC) — so he figures he can make a quick $1,000.

If the institutions Tom is scamming were part of Verafin’s FRAMLx network, the system could detect that someone is trying to cash a counterfeit check (based on the check MICR number). The system would alert the FI that a check with the same MICR number has been cashed at another FI in the FRAMLx network, and the check presented is a duplicate (and counterfeit). This early detection would inter-rupt Tom’s attempt to cash more counterfeit checks. See Figure 5-3.

Shared Watch ListBank A offers online banking services. The bank regu-larly monitors activity using online banking system log files. The log files contain information about the users who are logging into the banking platform, the date and time when the logins occur, and the IP addresses used to log in. The log files also record failed login attempts, the services accessed, and any demographic changes in a user’s profile information.

During the regular monitoring of the system log files, Bank A noticed odd activity from a certain IP address and some fraud associated with the activity (a large wire transaction) originating from this IP address. It isn’t an IP address from the typical Internet service providers (ISP) in the city where the bank is located and the activity has been occurring around 4 a.m. each morning.

42


Figure 5-3: Same MICR number.

43


After investigating the activity and determining that it’s suspicious, Bank A blocks the IP address and the IP address is added to an internal watch list to detect if any further activity originates from this IP.

Bank A is a member institution of the Verafin Cloud, which shares watch lists using FRAMLx. By adding the IP address to the shared watch list, other institutions are alerted when this IP address is used to access online banking services at their institutions.

High Cash Turnover Spanning Multiple InstitutionsSandra is a customer of Credit Union A, where she deposits $3,000 in cash on Thursday. Within a few days, she transfers the full amount out of her account. Two weeks later, she repeats this activity.

Sandra also uses Credit Union B on the other side of town. She is depositing $3,000 there as well but uses the money to purchase electronics.

She repeats the same $3,000 deposit and transfer out of another account at Credit Union C every two weeks.

However, the volume of money entering and leaving her account at each credit union hasn’t been enough to generate an alert. She’s flying under the radar. Even though there’s a high turnover of funds in her accounts, the credit unions are unaware of the activity because they’re working in isolation.

Using FRAMLx, Sandra’s activity would be aggregated. See Figure 5-4. When added together, the volume of cash being deposited ($18,000) and then leaving her account ($18,000) every month would be enough to

44


Figure 5-4: High cash turnover.

45


generate a money laundering alert. Under 314(b), these CUs could share information about Sandra’s activity and decide to investigate her. Transactions that previ-ously might have looked like regular payroll deposits now seem a whole lot more suspicious when the total amount of money in question is combined.

Activity like this cash in and transfer out often corre-sponds to the placement stage of money laundering. With placement, cash is deposited and then transferred out of an account shortly after or is used to make large purchases.

Placement is the process of placing, through deposits or other means, unlawful cash pro-ceeds into traditional financial institutions (FIs). Placement is the attempt to hide the origins of dirty money.

Criminals Who Repeat Crimes at Different FIsWilliam opens a checking account at Bank A on Friday morning. Later on Friday afternoon, he opens a new account at Bank B. William also has an older account at Bank C.

A few days later, he goes back to Bank A with a check for $7,200 (written from Bank C). He wants to deposit the check and get the cash. However, the teller informs him that a hold will be placed on the check. William seems rather nervous. The teller asks him about the check and William says that he sold his car. The teller calls Bank C (where the check was drawn) and they confirm it as fraudulent.

46


The next month, William attempts to cash a check at Bank B. However, a FRAMLx alert generates and includes the information from Bank A. Bank B calls Bank A and they discuss William’s previous check‐cashing attempts. They place a hold on the check and add flags to his account to monitor his activity more closely.

Common Point of Transactions (CPT)Mark is a customer at Bank A. It is the weekend before Mother’s Day, so Mark goes shopping at Gemstones Jewelry store to buy a gift for his wife. He uses his Bank A debit card to pay for the gift.

Greg banks with Bank B. He also shops at Gemstones Jewelry that same weekend to buy a gift for his girl-friend. He pays for his purchase with his debit card.

Chad (a customer of Bank C) also buys a combined gift for his mom’s birthday and Mother’s Day at Gemstones Jewelry store with his debit card.

A month later, Mark calls Bank A to report a $300 ATM withdrawal that appears to be fraudulent. The fraud investigator at Bank A opens a case to track Mark’s complaint.

Greg calls Bank B to report a $260 ATM withdrawal that he didn’t make. The investigator at Bank B opens a case for Greg.

The FRAMLx system detects two similar debit fraud cases at Bank A and Bank B. See Figure 5-5. The system looks through the card history for Greg and Mark and notices they both shopped at Gemstones Jewelry store during the same weekend and that their cards may have been skimmed.

47


Figure 5-5: Common point of purchase.

48


Bank C is immediately alerted that Chad used his card at a potential skimming location, and they increase the monitoring on Chad’s card.

Understanding Verafin AlertsTo help you understand how Verafin detects suspi-cious activity that you learned about in the detection examples, this section provides a brief summary of alert generation in the Verafin application.

Verafin obtains data from your banking system on a nightly basis and analyzes all transactions and informa-tion. If suspicious activity or suspicious transactions, evidence of fraud, or a possible watch list match is detected, Verafin generates an alert to notify you that the transaction or evidence must be investigated. These risk‐rated, evidence‐supported alerts include the date/time, risk score, and alert type for quick triage.

An alert is a notification of potential suspicious activity.

How FRAMLx Alerts Catch Cross‐Institutional Suspicious ActivityWhen Verafin detects cross‐institutional suspicious activity, an alert is generated with a FRAMLx indicator. The FRAMLx alert lets you know that the customer’s activity may be linked to suspicious activity elsewhere and provides information for the institution in one easy‐to‐access location.

49


In the alert, the 314(b) contact information (name, email address, and phone number) is included for each FI, saving you time. There is no need to navigate to FinCEN’s website to find the 314(b) participant list.

After your alert triage, you can quickly reach out and collaborate with colleagues to share information about the suspicious activity. Under the 314(b) safe harbor, you can share information that helps you learn more about your customers and their activity.

Verafin’s integrated case management component helps you document and track your investigation and findings in one centralized location. Cases can be quickly created directly from an alert. Verafin also includes suspicious activity reporting and direct e‐filing to FinCEN.

50



Eight Benefits of FRAMLx

In This Chapter ▶ Benefits of FRAMLx

T his chapter walks you through some of the best things about FRAMLx.

FRAMLx Expands the Benefits of FRAMLFRAMLx extends the three components of FRAML (people, processes, and technology) across multiple financial institutions (FIs):

✓ People: Work and collaborate with colleagues to gain a holistic view using 314(b) information sharing.

✓ Processes: Strengthen and streamline your inves-tigations, processes, and reporting.

✓ Technology: Use the advanced analytics of the Verafin Cloud to detect cross‐institutional activity.

Chapter 6

52


The More Data You Have, the Better the PictureTo help detect true patterns and connections, a large amount of data is needed for link analysis. The larger the data set, the more patterns can be found. Because Verafin analyzes a large set of data, FRAMLx can pres-ent new information.

When you know to seek more information, you can gain a holistic view of your customers’ behavior and activity that extends to the entire network that FRAMLx and 314(b) information sharing provide.

Verafin lets you know about similar or related activity on your customer at another FI by generating a FRAMLx alert. This shifts the focus onto investigation and col-laboration through information sharing. When you work with your new information sharing network, you can see a bigger picture of customer activity and behavior.

FRAMLx AlertsVerafin analyzes data and presents alerts based on suspicious activity that spans multiple FIs. A FRAMLx alert shows you transactional information at your FI (if applicable) and 314(b) contact information (including the name, phone number, and email address) for the other FI.

FRAMLx alerts enable you to be proactive and collaborate. When you use 314(b) and become armed with more information about your cus-tomers, you can make decisions more confi-dently, such as how much monitoring you want and how to handle customer activity.

53


Collaborative Investigation ProcessBy working together with other FIs, you gain the capa-bility to see a bigger picture. More data points mean a better overall understanding. This helps enhance your reporting capabilities, lets you reevaluate information you already have, and enables you to streamline your processes and decision making.

A Holistic View of CustomersFRAMLx gives you a holistic view of customers that can help you understand what’s going on with them.

Similar to how you use an online map, FRAMLx can help you zoom out to see a bigger picture that encom-passes more FIs. By gaining additional information about your customer, such as activity outside of your FI, you gain a better understanding about what you need to do to protect your assets and help protect those connected to you.

More information increases the strength of your cus-tomer due diligence, such as the Know Your Customer (KYC) policy. A holistic view helps you make decisions about a customer’s true activity, not just based on the information at your FI.

When you know more about your customers, you know how to proceed with setting their risk parameters and monitoring. By seeing more information, or information in a differ-ent light, you might reconsider how to proceed. What previously appeared normal may now look suspicious, and vice versa.

54


This translates to greater overall efficiency and less guesswork.

Enhanced ReportingMore information can result in more robust reporting, both internally and to law enforcement. When you pre-viously might have felt uncertain about filing a report, additional information through collaboration can help clarify and give you confidence.

FinCEN’s Section 314(b) Fact Sheet lists the following as benefits of information sharing:

“Building a more comprehensive and accurate picture of a customer’s activities where potential money laundering or terrorist financing is sus-pected, allowing for more precise decision‐making in due diligence and transaction monitoring.

Facilitating the filing of more comprehensive and complete SARs than would otherwise be filed in the absence of 314(b) information sharing.

Facilitating efficient SAR reporting decisions — for example, when a FI obtains a more complete pic-ture of activity through the voluntary information‐sharing process and determines that no SAR is required for transactions that may have initially appeared suspicious.”

If you decide to file a SAR after sharing infor-mation using 314(b), FinCEN wants to know. The 314(b) Fact Sheet states, “In cases where a financial institution files a SAR that has bene-fited from 314(b) information sharing, FinCEN encourages financial institutions to note this

55


in the narrative in order for FinCEN to identify and communicate additional examples of the benefits of the 314(b) program.”

Loss PreventionBy gaining additional information about your custom-ers and taking a proactive approach to detection, you can mitigate your losses. The information you gain helps you set up appropriate monitoring and risk con-trols that are more accurate than previously thought possible, such as adjusting customer risk, using inter-nal watch lists, and adjusting customer behaviors.

When you know your customers and see a bigger picture of their activity, you can help prevent future losses. 314(b) information shar-ing helps you collaborate so you can know your customers better, and FRAMLx helps you find the connections you need most.

Strengthened Monitoring, Investigation, and ReportingFRAMLx helps you strengthen your monitoring, investi-gations, and reporting. Whether your everyday process is manual or automated, the data your FI analyzes is often limited to your institution. This means the pic-ture you form consists only of a customer’s behavior and activity within your walls. With such a small data set, it’s hard to know if a customer’s activity is truly suspicious and should raise red flags, or if it’s routine daily banking.

56


With FRAMLx, you have technology and advanced analytics working with you to create links among customers and transactions that span multiple institutions. You can start a con-versation and share information through 314(b) to build a better customer profile.

When you start using FRAMLx, you automatically become part of a greater collaboration network. In the fight against money laundering, terrorism, and the fraud tied to these criminal offenses, FRAMLx can help you stay a step ahead.

Notes


Notes




http://www.Dummies.com

Documents

These materials are © 2015 John Wiley & Sons, Inc. … › 2017 › 01 › ...These materials are 1 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthoried use is