Celent Model Bank Awards: Fraud, Risk Management, Process Automation and Flub-Free

Celent Model Bank Awards: Fraud, Risk Management, Process Automation and Flub-Free

It is my privilege to be part of the judging panel for Celent Model Bank Awards for 2017 for the following three categories:

  • Fraud Management and Cybersecurity – for the most creative and effective approach to fraud management or cybersecurity.
  • Risk Management – for the most impressive initiative to improve enterprise risk management.
  • Process Automation – for the most effective deployment of technology to automate business processes or decision-making.

A common theme across this year’s submissions for the above categories is the importance of agile technology, digital process automation, and consistent and focused practices across the organizations. A large number of the entries show that a streamlined and automated operational risk framework is critical to run a successful risk management program. Everything connects and has a consequence and unless banks can join the risk dots across their ecosystems, they will continue to spend at a very high rate with unsatisfactory and, at times, devastating results.

Improved data analysis and machine learning capabilities also featured prominently in the winning case studies. A central data platform, automated processes and improved insights have produced notable increases in efficiency, better control of costs, reduced resourcing requirements, reduced errors and false positives and have made it easier for the banks to adapt to their digital footprint, an expanding cyber threat landscape, and intense and complex regulatory obligations.

Hopefully, no flubs on the big day

Without exception, every submission is of a high-quality and we found it a daunting task to pick the most worthy award recipients. In the end, we are excited and confident about our selection of winners in the above categories, yet we are sorry that we could not recognize so many others that clearly also deserve recognition.

At the moment we are staying tight-lipped about who won the awards. We will be announcing all winners publicly on April 4 at our 2017 Innovation & Insight Day in Boston. In addition to presenting the award trophies to the winners, Celent analysts will be discussing broader trends we’ve seen across all nominations and will share our perspectives why we chose those particular initiatives as winners. Make sure you reserve your slot here while there are still spaces available!

 

Large FIs spent $25M rolling out failed risk management frameworks during the 2000’s. So why try again?

Large FIs spent $25M rolling out failed risk management frameworks during the 2000’s. So why try again?
Large financial institutions spent in excess of $25 million on rolling out failed enterprise risk management frameworks during the 2000’s. So why try again? Well for many obvious reasons, the most notable of which has been the large scale failure of institutions to manage their risks and the well-editorialized consequences of those failures. The scale of fines for misconduct across financial services is staggering and damage to the banking industry’s reputation will be long-lasting. Major Control Failures in Financial Services blog Source: publicly available data Regulators and supervisors are determined to stop and reverse these risk failures, specifically, the poor behavior of many bankers. Regulators are demanding that the Board and executive management take full accountability for securing their institutions. And there is no room for failure. This is the only way that risks can be understood and, hence, managed across the enterprise. There is no denying that risk management frameworks are hard to implement but Celent believes the timing is right for the industry to not only secure their institutions and businesses but to innovate more safely and, slowly, win back the trust of their customers. My recently published report Governing Risk: A Top-Down Approach to Achieving Integrated Risk Management, offers a risk management taxonomy and governance framework that enables financial institution to address the myriad of risks it faces in a prioritized, structured and holistic way. It shows how strong governance by the Board is the foundation for a framework that delivers cohesive guidance, policies, procedures, and controls functions that align your firm’s risk appetite to returns and capital allocation decisions.

Proposed new cyber security regulations will be a huge undertaking for financial institutions

Proposed new cyber security regulations will be a huge undertaking for financial institutions
New York State Department of Financial Services (NYDSF) is one step closer to releasing cyber security regulations aided by the largest security hacking breach in history, against JP Morgan Chase. The attack on JPMorgan Chase is revealed to have generated hundreds of millions of dollars of illegal profit and compromised 83 million customer accounts. Yesterday (Tuesday, November 10), the authorities charged three men with what they call “pump and dump” manipulation of publicly traded stock, mining of nonpublic corporate information, money laundering, wire fraud, identity theft and securities fraud. The attack began in 2007 and crossed 17 different countries. On the same day as the arrests, the NYDSF sent a letter to other states and federal regulators proposing requirements around the prevention of cyber-attacks. The timing will undoubtedly put pressure on regulators to push through strong regulation. Under the proposed rules, banks will have to hire a Chief Information Security Officer with accountability for cyber security policies and controls. Mandated training of security will be required. Tuesday’s letter also proposed a requirement for annual audits of cyber defenses. Financial institutions will be required to show material improvement in the following areas:
  1. Information security
  2. Data governance and classification
  3. Access controls and identity management
  4. Business continuity and disaster recovery planning and resources
  5. Capacity and performance planning
  6. Systems operations and availability concerns
  7. Systems and network security
  8. Systems and application development and quality assurance
  9. Physical security and environmental controls
  10. Customer data privacy
  11. Vendor and third-party service provider management
  12. Incident response, including by setting clearly defined roles and decision making authority
This will be a huge undertaking for financial institutions. Costs have yet to be evaluated but will be in the millions of dollars. It will be very difficult to police third party security because, under the proposal, vendors will be required to provide warranties to the institution that security is in pace. The requirements are in the review stage and financial institutions should join in the debate by responding to the NYDFS letter.

Celent’s anti-money laundering vendor report: 2009 update

Celent’s anti-money laundering vendor report: 2009 update
Celent’s AML vendor evaluation reports have become something of a de facto standard, referenced by banks and regulators around the world. We began covering the sector in 2003, and are about to start work on our 3rd edition of the report. AML has not gone away as a concern for banks; indeed it has expanded, across both banking tiers (reaching down into community banks and credit unions in the US, for example) and across geographies (I recently spoke at an AML conference in Malaysia that drew over 500 delegates). The behavior detection technology that underpins AML software has also expanded its boundaries within the financial institution. Celent has been behind the “enterprise risk” approach, that is, consolidating AML and anti-fraud efforts, since our first AML report back in 2002. But until the last few years there were few real-life examples to point to. Recently, however, financial institutions have become increasingly concerned with fighting fraud, including fraud committed by customers as well as employee fraud. And a growing number of firms are beginning to take a wholistic approach to these issues. So this time around our report will take an enterprise risk approach as well, by including in our evaluation the anti-fraud products of the AML vendors. We’re calling it “Evaluating the Vendors of Enterprise Risk Management Solutions 2009.” We’ll be starting research on the report this month, beginning with qualifying vendors for inclusion in the report. The last edition evaluated 19 vendors and was 100 pages long. As the market has shifted, with new products emerging and others fading from sight, there may be some shuffling in order to keep the field of vendors representative of the marketplace. And although we are constantly looking at this space, we’d welcome any comments on vendors we should consider that we may have missed. As a reminder, the AML software providers evaluated in the 2006 edition of the report were: Accuity, Ace Software Solutions, ACI Worldwide, Actimize, ChoicePoint/Bridger Insight, Experian/Americas Software, Fortent/Searchspace, FircoSoft, LogicaCMG, Mantas, Metavante/Prime Associates, Fiserv/NetEconomy, Norkom Technologies, Northland Solutions, SAS Institute, Side International, STB Systems, Top Systems, Wolters Kluwer Financial Services/PCi