State of Information Security in the changing BFS Environment

Information Security Management is a key component of IT Management and is getting embedded into each and every IT initiative and operations from security risk perspective.  The role of Information Security has assumed key importance particularly in Banking and Financial Services industry considering that the core business component is Customer – his personal data, his financial data, his money and the role of Banker / Broker as generators and distributors of money. Add to this, increasing role of governments in terms of legal and regulatory framework to ensure that public trust and confidence is retained in the financial institutions.  Hence, it has been recognized in the financial world, that establishing a globally accepted practice of Information Security Management System would provide better security environment and security assurance to various stakeholders.

The threats to Banking and Financial Service Industry have not only to face as in the physical world (theft, fraud, forgery, robberies, extortions etc.), but it also has extended to data privacy disclosures, loss of critical data,  breach of data, unavailability of critical systems leading to losses to the enterprises. Further more, there are three important developments that have made information security measures vital to the organization:

• Automation has made attacks more profitable
• Action at a distance is now possible
• Attack technique propagation is now more rapid and easier

In addition to the 3 important developments, there are 3 more trends that make a financial enterprise more transparent and vulnerable.

• On Demand Connectivity through internet, wireless and mobile
• Cloud Computing and Virtualization
• Customer Awareness & Acceptance

Establishing information systems security management from the scratch to a matured process need unstinted support from the top management down to strong commitment from the executives to manage the system and to operate and imbibe security from the lower rung of operational staff.  It is not enough if once a system is in place; the key is to ensure that the measures are to constantly change for the improvement based on the changes in the business and technical environment.   The PDCA Cycle (Plan, Do, Check, Act) of the ISO 27001 Standard of ISMS would appropriately encompass the life-cycle of the establishment of the ISMS program.   The important part of Check implies measuring the current state at frequent intervals and aiming for a target state apply Capability Maturity Model. Benchmarking current practices with industry peers in respect of security tools used and practices would be another ideal way of following best practices.  Some of the important operational areas of Banking where information security is vital are:

• Identity & Access Management  - Physical / Logical Access to facilities /systems /data
• Data Privacy
• Integration of Security Features  in Delivery Channels
• Online Internet Banking – SSL / Dual Factor Authorization
• ATM – Dual Authentication including Bio Metric
• SMS Banking - Encryption
• Cards Management – Issue / Change of Password / Re-confirmations
• Use of Digital Signatures for Important communications – internal and external

Anti-Money Laundering

The International Monetary Fund has estimated the aggregate size of money laundering in the world to be between 2% - 5% of the world’s gross domestic product.

Given this global impact, Anti-Money Laundering (AML) has become a key compliance-related challenge faced by Financial Institutions worldwide. An increasing number of countries are realizing the inevitable need to combat money laundering and are enacting AML laws.

The securities industry is viewed as a potential target area for money launders because of the ease with which funds can be efficiently transferred or wired across accounts and financial institutions, both domestic and international.

Global trends indicate an ever- rising and enhanced sophistication in Money Laundering. Some of the advanced approaches include-

• The use of international trade and finance to camouflage funds and their transfers
• The creation of legal entities like enterprises, corporations and companies to serve Money Laundering; and 
• The exchange of cash at casinos and other places of Gambling is also known to be an alternate strong channel of Money Laundering

To mitigate the risks linked with these emerging trends, there are Next-Gen Anti Money Laundering Technologies & Approaches that can be deployed. The fulcrum of the solution lies in a Regulatory Approach and as such, organizations today, are investing in a robust Governance, Risk and Compliance Model as part of their financial setup and infrastructure.

A third-generation Governance, Risk & Compliance Solution Model is capable of fighting dynamic money laundering scenarios. These latest solutions are structured and architected around a Risk-based approach and are pivotal to any strategic AML plan. An AML Plan is fraught with challenges – an example being - customer identification and effective management of high-risk customers. This gets grueling when dealing with customers (and sometimes even corporations) who present basic and minimal financial and social information. Hence the strategizing and management of an AML Plan, also considering the existing implemented procedures would be key in mitigating risks in the financial industry.