Transcript Continuous Auditing & Reporting

Continuous Auditing & Reporting
Compliance & Fraud Monitoring
The power to know now
Data2knowledge Inc.
Case study, Banking Sector
12th Continuous Auditing and Reporting Symposium
Rutgers University, NJ; November 2006
Andrew Gonczi,
CEO Data2knowledge, Inc. www.d2k.com
1
Presentation Outline
1. About Data2Knowledge
2. Continuous Monitoring Needs
3. Case study, Banking Sector
4. D2K Secure, Continuous Monitoring System
2
1. About Data2Knowledge
Corporate Overview
• Established in 1999, offices in NJ, UK and Hungary
• Specialized in ETL, data structuring and continuous monitoring
• Blue chip corporate clients in US and Europe
D2K Distil
• Key financial data found and extracted more accurately, faster and
for a fraction of the cost
D2K Secure
• Continuous Fraud and Compliance Monitoring
D2K Development
• Offshore (Hungary) development and service team; Cost effective,
innovative
• D2K's core extraction engine is also available to be embedded in
custom applications and as a SDK to partners.
3
2. Continuous Monitoring Needs
Why is continuous monitoring becoming a must now?
• Advances in technology and increased business dynamics enable
businesses to change ever more rapidly,
• Traditional audits and controls are no longer adequate
Key drivers
• Past few years’ events (9/11, malfeasance crisis, complex and
creative business models)
• Subsequent regulations (HIPAA, SOX, Patriot Act, Basel II, MiFID,
etc.)
• Business needs, competitive development of controls to be matched
Benefits
• Immediate notification to management of problems, timely
correction
• Fraud reduction and improved risk management
• Extensibility across multiple IT systems
• Independence from operative management
4
2. Fraud prevention & Compliance needs
Key Drivers
• Laws and Regulations
• Direct P&L impact to prevent losses from fraud
• Indirect P&L impact – business reputation, client retention and
acquisition
Continuous Monitoring Requirements
• To detect fraudulent, unauthorized or money laundering
activities, operational systems need to be monitored on an
ongoing basis
• All systems produce activity/transaction logs, but differing formats
• Centralized Monitoring Dashboard gives clear view across all
business transaction and IT systems
The Audit Trail Imperative
• Details of finest granularity needed at all times in near real time
• Drill-down analysis required
• Data Source Quality, Data Level Assurance
• Proof for Internal and Public proceedings
• Transaction level intervention
5
3. Case Study: Banking Sector
Customer
• Large subsidiary of a major European bank
• Market cap.: ~20Bn
• Employees: 50+k
Business objectives
• Meet regulatory compliance requirements
• Reduce fraud losses, especially internal attacks
• Continuous and pre-emptive controls
• Expand scope across all business and IT systems
• Reduce costs compared to highly manual prior
processes
6
3. Case Study: Banking Sector
Technical challenges and requirements
• Growth through acquisitions  wide variety of disparate IT
systems
• Data consolidation became a major challenge; multi-terabytes of
historical and real time data such as transaction logs, document
files, spreadsheets and financial reports stored on Oracle
databases.
• security administrators were finding it impossible to monitor these
vast reservoirs of data in order to detect suspect usage patterns
and identify possible fraud before it was too late.
• Non intrusive solution needed to coexist with other IT systems
• Independence from other processes to ensure impartial oversight
• ‘Events of interest’ are hidden across several system logs and
multiple log entries
• Identification of suspicious behavior requires establishing profiles
and patterns (ex. multiple account of the same person)
7
3. Case Study: Banking Sector
Proactively combating fraud & reducing compliance costs
• D2K Secure reviews 12 -15 Gb per day of data in order to spot
suspicious activity before it becomes a problem.
• With automatic querying and real time alerts, the bank can now
be truly proactive in the fight against fraud.
• D2K Secure saves costs every day what previously would take 10
- 15 man days to piece together now takes 3 - 4 hours to run
automatically.
8
4. D2K Secure: Continuous Monitoring
System Summary
• D2K Secure is a flexible and scalable system designed to
transform the contents of an unlimited number of audit log
files into a single structured database.
• Security analysts are provided with relevant information
with links back to the original audit trail sources.
• With appropriate reporting modules, the system is capable
of generating automatic real time alerts if certain usage
patterns are recognized in the logs.
9
4. D2K Secure: Continuous Monitoring
10
4. D2K Secure: Continuous Monitoring
11
4. D2K Secure, key features
• Modular architecture allows integration with other analytical
applications
• Combines several complementary methods to provide near 100%
matches
• Data may be retrieved from any kind of structured or semi
structured source, including but not limited to; web pages, entire
web sites, document files, text based log files, any type of relational
databases and EDI systems.
• The system can monitor multiple data sources and generate
digests or reports from collated real-time or buffered information,
based on the requirements of the application.
• The massively parallel architecture allows simultaneous processing
of individual information units, enabling real time processing of
virtually unlimited amounts of data with suitable hardware
support.
12
4. Transactional Log Sample
Banking System:
Equation
1130 line types, 172
transaction
13
4. Transactional Log processed in xml
Sample (part of
the xml file)
14
4. Structured Output from Transactional Log
15
4. Event Linking from Transactional Logs
16
4. Reporting UI Example (local language)
17
4. D2K Secure
Monitored events – summary table
Event type
Money Laundering
Dormant Account
Hold mail
e- channels
Internet, e mail
CUA
Others
Monitored Events
13
10
4
2
11
4
12
18
4. Monitored Events – AML
• 2 years expired between the current and last transaction
and the minimum amount is 8k EUR
• High amount transactions in a week
• E-bank transactions above 8k EUR
• Card transactions above 8k EUR in 2 hours
• Data browsing with no transaction
• Data browsing within 3 days without transaction
• Transaction cancellation above 8k EUR
• Transactions of the same customer at the same
administrator
• Incoming amount over 400 EUR from other bank to
worker account
• Incoming >8k EUR to an account opened with <400 EUR
• Inquiry last 6 months without transaction
• FATF country transactions
19
4. Monitored Events – Dormant Accounts
• Data browsing of dormant account w/ debit transaction
last month
• No host branch
• Multiple debits in 2 hours, 1 months
• Same supervisor access of multiple dormant accounts
• Card initiated requests
• Outgoing transfers
• Trading in own account with government securities
20
4. Monitored Events – Detail Samples
2
Accounting System Error Review
3
Add Balance Order
4
Add Corporate Data
5
Add CS Account Transfer
6
Add CS Balance Cash
7
Add CS Buy Travellers Cheques
8
Add CS Cash Deposit
9
Add CS Cross-Currency Deposit
10
Add CS Cross-Currency Withdrawal
11
Add CS Exchange Cash
12
Add CS Sundry Withdrawal
13
Add Inter Account Transfer
14
Add Inward Clean Payments
15
Add Loan Pay-off
16
Add Loan Repayments
17
Add MM Deal with Settlement Details
18
Add New Customer
19
Add Outward Clean Payments
20
Add Principal Increase
21
Add Principal Increase/Decrease
22
Add Quick Inward Payment
Some of the 600+
parameters that can
be used to define
query details
21
4. Ad-hoc vs. Continuous Monitoring
Monitoring:
Ad-hoc
Continuous
Setup time / $$
less
more
Detection
After the fact
Preventive
Learning/
profiling
Limited technology support
Captured by CMS config.
Latency
Was 30+ days
<1 day
Scaling
Procedures collapsed w/
growth
8Gb / day works fine
Operation costs
Proportional to data growth
Minimal after initial setup
& query frequency – Not able
to scale cost effectively
Data structure
changes
Breaked time series analysis
consistency
Allows consistent time
series analysis across
multiple point of changes
22
Thank you for your attention
Andrew Gonczi
[email protected] 646-479-4496
Data2knowledge, Inc.
www.d2k.com
23