The terrorist attacks in Paris, San Bernardino, and most recently, Brussels are reminders that no country or city is immune to the risk of a terrorist attack. The attacks in all of the locations revealed the plots were well thought out and not devised overnight.
In each attack, the terrorists were homegrown and lived in the community – they appeared to live an ordinary life while they prepared to launch the attacks. Government agencies and banks must determine in each case if clues were left behind in bits and pieces that existing detection mechanisms couldn’t put together into actionable alerts.
It is well known that terrorist groups communicate via social media and encrypted messages. The social movements of these groups offer subtle leads for government agencies to collect, monitor and analyze their social behavior. Working in tandem, the terrorists conduct cash and credit transactions to finance their every increasing innovative plans and methods to launch an attack.
The major commonality between information security and money laundering is that both are perpetrated by bad actors and/or state-sponsored groups. Security functions within the financial industry are still siloed in nature and are not fully integrated to analyze data from different sources.
In this regard, banks and regulatory agencies should manage various functions to get leading indicators and consider integrating money laundering, cyber security and other related security measures for incident analysis and response planning. This will help banks to integrate data points from multiple sources, perform analysis and generate actionable alerts to government agencies.
The main areas where money laundering and cyber security can be integrated are incident reporting, analysis of behavior, management of encryption and payment methods.
Banks should have an integrated enterprise solution to report information security incidents from Security Information and Event Management (SIEM) and currency transaction and suspicious activity report (CTRs/SARs) information from money laundering. This information should be fed into a central database managed by a government agency that collects data from all banks.
Banks must implement integrated data analytics tools to identify warning signs and red flags. The tools must also analyze non-numeric data, such as texts and social media communications. Data from money laundering and information security incidents must be proactively fed into integrated software to identify patterns and behaviors. Furthermore, banks need to investigate these incidents as they would for a fraud incident to identify root causes and underlying behaviors.
Initial investigations into the Brussels attack reveal that terrorists used pre-paid cards for their transactions, as that provided anonymity to load money into cards and use them at will. Card issuers and banks must come up with an innovative solution, as they did with the roll out of chip-and-pin cards, which is expected to help with information security and “card-present” fraud prevention.
Money deposited through foreign correspondent banks or “hawala” (which is a form of exchanging cash through brokers in multiple jurisdictions in local currencies) can be converted into a virtual currency or Bitcoin and then re-converted into dollars or Euros. Banks need clear guidelines for the use of Bitcoin, an emerging payment method.
Encryption was used as a mechanism to prevent messages from being read. Regulators should look into addressing the encryption issue in areas impacting the consumer in light of FBI vs. Apple Corporation’s dispute over hacking of the iPhone used by the San Bernardino killer.
Banks are subject to plethora of privacy rules on information sharing even with a government agency. Criminals can use those privacy rules to their advantage if there is not a fine balance between protecting customer’s privacy and identifying risks from terrorists.
In conclusion, as Albert Einstein said, “If only I had known, I would have become a watch-maker” on the effects of nuclear bomb. The same could be said about today’s attacks as terrorists and cyber criminals are using both traditional and newer forms of payment, encryption and laundering.
US Internal Revenue Service (IRS) and Federal Bureau of Investigation (FBI) analyzed how 9/11 terrorists operated through reconstruction of available financial information. I am certain that will look very different when European investigators complete their analysis of the Paris and Brussels attacks. Hence, there is a need for bans and government agencies to have an integrated approach to be ahead of criminal minds.
About the Author: Senthil K. Selvaraj is a Risk and Compliance executive who managed businesses in US and international regions across Technology & Operations, Consumer, Mortgage and Supply Chain. He is a CISSP, CRCM and CAMS.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock