john e. clark executive consultant ibm corporation

© Copyright Digital Harbor Inc 2005© Copyright IBM Corporation 2005

John E. Clark Executive ConsultantIBM Corporation

Financial institutions are being asked to investigate and manage threats like the CIA does, but are not equipped to do so.

Learn how ‘Composite’ investigative capabilities developed for national security can help you connect-the-dots across compliance silos to increase effectiveness and reduce risk

Austin WellsVice PresidentDigital Harbor Inc.

Are You Exposed?Are You Exposed?

2

Business Consulting Services

© Copyright Digital Harbor Inc 2005

© Copyright IBM Corporation 2005

Today‘s Discussion: Applications of Semantic Web TechnologyEnterprise Investigation & Case Management

Part I: AML & Fraud Market Trends, Observations, & Conclusions- AML and Fraud are on the rise, with stricter scrutiny and increased cost of failure- A unified view across compliance functions (e.g. AML, Fraud, EDD) reduces cost & risk- Enterprise Case Management is essential in BSA, Patriot Act, & Basel II compliance

Part II: Example of a New “Compositing” Approach- National security techniques help FSIs fight money laundering, fraud, & security incidents- Technology: Ontology as the middleware to achieve semantic fusion- Lessons Learned: Integration and investigation must supplement workflow

3




Total Funds Laundered WorldwideUS $ Billions

Spending Implications for FSIs

• Increased spending on personnel and systems to manage growing problem

• Increased risk of fines from regulation

830

926

900

890

855850

2000 2001 2002 2003 2004 2005

Source: Celent Research

28% North America

According to Tower Group, up to 30% of IT compliance spending is "waste.“ Its recommendation: “Integrated compliance systems that attack AML comprehensively”

Money Laundering is on the Rise:Arms race as FSIs increase spending to keep pace with activity

4




Case management solutions for FS compliance

Call Center (typical case management)Objective: efficient and high quality process through:

- Automation to ensure proper procedures and time frames- Standardization of steps to ensure desired outcome- Integration of processes with context appropriate data

Assumptions: to achieve the objective, you must have:- Predictable process: definitively map the steps needed to ensure

desired outcome. Can be complex with decision points, but is primarily known.

- Known inputs: data needed to support decisions and outcome are known and defined before the process begins.

Investigations (compliance need):Objective: effectively mitigate risk to the enterprise by:

- Process: Skillfully and accurately executing established programs as required by the regulating entities (OFAC, 314, CIP, KYC, transaction monitoring, etc)

- Discovery: Uncovering and eliminating real risks in the enterprise (investigating unusual activity and suspicious entities)

Assumptions: to achieve this objective you must have:- Flexible process within controlled environment, objective rather

than step by step plan- Dynamic data discovery of all relevant data inside and outside

the enterprise, i.e. the ability to follow the trail using human cognitive skills, reasoning, and logic

The compliance need is really about supporting complex human decisions, in addition to automation of the predictable aspects of the process.

Within compliance investigations, there is a common requirement for case management. That is, there are multiple sources of unusual activity and there needs to be a consolidated process and capability to follow up on this information while enforcing regulatory requirements.

However, the Alerts and other sources of unusual activity are only the starting point. The biggest challenge is conducting a high quality and consistent investigative process to facilitate intelligent human decisions.

5




Fraud is on the Rise:Quantity and variety of frauds schemes are growing exponentially

POS

Fraud

DepositFraud

CheckFraud

OnlineBanking

InternetFraud

NewAccount

Phishing

MassTakeover

IdentityTheft

Insider

Smurfing

Credit

Abuse

Kiting

Forgery

AccountTakeover

Altera

tions

Counter-Feiting

Tele-Marketing

Credit Card

FraudLoanApplications

…and even when we deploy solutions, we don’t connect them in ways that allow one

silo to know what is happening in another silo

6




Recap for Mary Smith

034893-3544 transfer $7,703.00

099349-3554 new loan $5,000.00

074493-5456 withdraw $8,723.00

049793-5834 withdraw $8,374.00

034893-3544 withdraw $995.00

049793-5834 withdraw $5,897.00

Key Management Challenges:Cross Account Visibility

Mary’s accounts are being drained. + New borrowing

+ She’s usually a saver! = Trouble, visible only across accounts

Consumer Loan Log034207-9485 new loan $847.00

053284-4335 new loan $3,230.00

049793-5834 balance inquiry

099349-3554 new loan $5,000.00

Equity Line Log

073837-4634 payment $50.00


049793-5834 withdraw $8,484.00

074493-5456 withdraw $8,723.00

Credit Card Log

034207-9485 transfer $847.00

053284-4335 deposit $3,230.00


049792-4334 withdraw $8,374.00

023428-0044 withdraw $880.00

034893-3544 withdraw $995.00

034893-3544 transfer $7,703.00

Debit Card Log

034207-9485 deposit $847.00


024393-5543 transfer $8,923.00

023428-0044 withdraw $880.00

049793-5834 withdraw $5,897.00

049793-5834 withdraw $8,374.00

7




Example: AML & Fraud Investigation

For any suspicious event, analyst needs to know…

• what (Transaction Alert)• where (Branches)• which (Transactions)• when (Frequency) • why (Associate Links)• who responds (Managers)

Need to relate—not just copy—information from

many sources

CRM GISBI Tools ALERTSACCOUNTS

8




AML KYCSEC 17a-4,

NASD

Settlement Research

Compliance

Sarbanes Oxley

Basel IIFraud

Surveillance

Risk & Compliance Dashboard Workload Monitoring X X X X X X X Process Control X X X X X X X Reporting X X X X X X X

Case Management & Collaboration X X X X X X X

Business Rules & Workflows X X X X X X X

Information Integration & Correlation X X X X X X X

Query and Train-of-Thought Analysis X X

Government Reporting X X X X X X

Patriot Act SEC

Common Capabilities Needed Across Risk & Compliance Functions

“Companies that select individual solutions for each regulatory challenge they face will spend 10 times more on IT portion of compliance projects than companies that take on a proactive and more integrated approach.” -Gartner

9




AlertCapture

Investigation

22

11

33

44

55

!

Case Management

Contextual Collaboration

Event Resolution

- A “compositing” problem

- Integrate many detection systemsin AML, Fraud, Op Risk, EDD, SOX

- Logically map to multiple sources

- Flexible: not just alerts, but other data, docs, web, images, email

- Real-Time Correlated View

- Customizable to fit situation

Holistic View of Risk & Compliance

Detection Software Alone is Not Enough: Must Investigate & Respond

RiskResponse

Cycle

Lessons Learned in National Security:Not just work items to be processed…Risks to be investigated.

10




Within silos, you need information from many sourcesResponding to any individual AML or Fraud alert, conducting enhanced due diligence, or assessing

operational risk requires information from many sources to get the “complete picture”.

Investigation = Composing a Picture

To respond to any event, you look at many sources to compose a picture of the situation:

• Detection tools• Internal databases• Lists• Case systems• Web• Documents• Images• Email

Today, we often go to each source separately and draw links in our heads to make decisions.

AlertsData

WarehouseDocuments &

WebCase

Management

Digital Harbor logically links live data from many sources as if they were one

11




Across silos, you need to see how events are relatedDifferent systems monitor different kinds of events;

Case management connects the dots so you can respond intelligently

Convergence = Composite

ApplicationsEvents in different dimensions may be related (e.g. by customer or household). It’s the links between things that make them meaningful.

•Anti-Money Laundering•Fraud•Enhanced Due Diligence•Operational Risk•Sarbanes-Oxley

Today, we often don’t tie these dimensions together, so we have a fragmented view

Composite applications connect the dots so you get a complete picture

12




Xaction EmailAML HRCustomer

Unique Technology: The PiiE™ Platform

Composite UI (Smart Client)Present information to users in a real-time,

interactive XML interface

Composite Schema

(Business Ontology)A Business Ontology describes the semantics of

data relationships, workflow, and events

Composite Queries (EII)Logically map multiple databases or web

services as if they came from a single source

13




Integration, not just

Workflow- Directly accesses data in detection engines

- Links alerts with auxiliary information in other systems

-Datasources, processes, and UI can be completely customized

- Applies across risk and compliance functions

Composite = Integrated, Holistic Solution

Multiple External Systems

Images(e.g. Checks Statements)

Documents(e.g. Reports, Excel, All file

types)

XMLMessages(e.g. MQ,

Tibco)

Multiple Internal Systems

Intranet(e.g. Portal)

-Investigation-Case Management-MIS Dashboard-Integration-Drill Down/Drill Across-Trend Analysis-Audit Process

Public Web(e.g. Google)

Web Services(e.g. FinCEN,Govt)

Private Web(e.g. LexisNexis)

Databases(e.g. Treasury,

Payment, AML, Fraud,

Sales Practice)

-AML-Fraud-Sales Practice-EDD-Operational Risk-Sarbanes-Oxley

68©Searchspace 2004. All rights reserved.

In Commercial Confidence-for Internal Use Only

Black and gray lists

EmailArchive

Rich Visualization

Ad-HocDrilling

Enterprise Investigation & Case Management Software provides glue to tie together Risk and Compliance systems in a Composite Solution

Multiple Detection Engines

Invisible WebHistorical Web

Dri

ll D

ow

n

Drill Across

14




With the right Enterprise Case Management solution you can extend the capabilities of transaction monitoring solutions for multiple risk areas including AML, Fraud, EDD, and corporate security

Holistic View (Fuse Services from Multiple Apps)- Transaction Monitoring & Anti-Money Laundering - Enterprise Linking- Visualization

EDD

Email Retention & Discovery

Fraud

Link Analysis

EnterpriseData

AML

15




TACTICAL VIEW:Benefits of a Composite Approach to Case Management

1. Link multiple systems in a single composite view

2. Avoid manual work to “connect the dots”

3. Avoid missed cases

4. Have more control over data via ad-hoc drill down/drill across

5. Better auditing and traceability across systems

6. Aggregation of information, both structured and unstructured

7. Digital information on each case, including “as was” snapshots

8. Process management, with automatic escalation

9. Visualize information in best form (maps, timelines, link analysis)

10. Single approach with process controls for web, documents, and data

16




Key Dimensions to Evaluating the Overall Value

•Reduce aggregate cycle time to process alert queue by 50%

•Reduce risk of fines/reputational damage by investigating to eliminate false + & -

•“SAR process fragmentation allows opportunities for control deficiencies.”

•Understanding risk and compliance performance requires a composite picture

•Allow same people to do more with less to manage manage workload, handle attrition

•Eliminate Redundant Effort and Redundant Data by logically mapping to data.

•Leverage same data & functionality across silos to improve overall efficiency and effectiveness

STRATEGIC VIEW:Seven Pillars of Value for Evaluating Enterprise Case Management

17




Third-order organization Supporting complex human decisions requires full use of explicitly related data (inside and outside the enterprise), but more importantly the

ability to discover new relationships. In the past our way of thinking has been shaped by the physical world, (i.e. no object can be in two places at the same time) leading to traditional

“tree” type organizational schemas forcing objects to be classified in a single bucket. Third order organization of data is not confined by the same limits since the objects being organized are data, which can exist in many places at once.

First Order Organization: Organization of physical items themselves. Example: books arranged on a shelf by author. Flat and hierarchal databases are also examples of first order organization. Relationships are not explicit but are implied by the order.

Second Order Organization: Organization of data about physical items. Example: a card catalog at the library. Still pointing to the physical order of items. Relational databases are the most advanced form of second order organization, relationships are explicit.

Investigator

Third Order Organization: Data exists in many places at once and relationships need not be explicit. Users are able to sort and organize data in any way that suites their needs. Example Google uses explicit data relationships and the point in time needs of the user to dynamically relate information.

“The rise of third-order organization changes the jobs of…knowledge managers. Their role is no longer to build trees that define the relationship of every bit of data in the company but to build enriched pools of data objects whose relationships to one another change constantly, depending on who is looking at them.” Harvard Business Review

18




Third order organization grows data into actionable intelligence

Investigator applies logic andmakes cognitive connections

to produce intelligence that canbe acted on

Unusual Activity

Searchspace

Atchley

CIP

Composite ApplicationAdd context and syntax to

information to form knowledge

Data: unprocessed sensory observations.

Information: data placed into syntax or context.

Knowledge: information that is cognitively useful because it is semantically assimilated into a body of prior knowledge grounded in experience.

Intelligence: knowledge that has been assessed and evaluated for its logical consistency and relationships to what is already known. When transformed into hypotheses, becomes the basis for action.

Action

The world produces raw data constantly

Data is stored as information for specific contexts and reasons

The compliance organization needs a system that can assimilate information into knowledge, so that the investigator can focus on producing intelligence, forming hypotheses, and taking action…true human value adds.

The growth of intelligence is the desired core competency. Additionally, the system must provide workflow and audit capabilities to ensure regulatory processes are followed, provide process traceability, and provide feedback for improvement.

19




Related Applications in the Government:

1. Improper Payments

2. Financial Compliance (A-133)

3. Compliance & Audit Enforcement

4. Security Investigations (facility, personnel)

5. Operational Risk Management

6. Grant Management

7. Fraud Management (housing, employment, medicare,..)

8. Intelligence & Counterintelligence

9. Criminal Investigation, Legal Case Management

10. Performance Management

© Copyright Digital Harbor Inc 2005© Copyright IBM Corporation 2005

For More Information, Please Contact Us At:

Web: www.dharbor.com

Email: [email protected]

Phone: 703-476-7347

Austin WellsVice PresidentDigital Harbor Inc.<[email protected]>703-476-7347

QuestionsQuestions