Small Banks Find Strength in Numbers with Anti-Fraud Network
As the song goes, "I get by with a little help from my friends."
That sentiment is truer than ever for banks, particularly when it comes to detecting fraud.
For instance, The Fauquier Bank in Warrenton, Va., was able to identify a customer tied to a check-kiting scheme thanks to a bank in Oregon. Turns out, the customer had opened accounts and intentionally written bad checks at various small banks across the country.
Comments by JPMorgan Chase's Jamie Dimon have added fuel to the long-discussed idea of a national database that would make it easier for banks to vet customers for anti-money-laundering and other risks.June 3
The drumbeat of news about hackers stealing millions of dollars by gaming the Swift interbank messaging system should have been a wake-up call for banking executives, but it's unclear how many of them answered it. Is it too late for them to shore up their defenses?June 1
A recent spate of breaches on Asian banks that allowed hackers access to the Swift network have resulted in finger pointing, and some calls for creating a new, more secure network. But the issues faced by Swift would likely be the same with any replacement network.May 29
The Fauquier Bank and the bank in Oregon are both part of the FRAMLxchange, an information-sharing network created last year by Verafin, a compliance vendor.
"We were then able to shut down that customer's account, and we would not have known if we didn't have these collaborations," said Josh Brown, director of security at Fauquier.
That kind of interaction is exactly what Verafin had in mind when it established the network.
"We have been seeing over the past several years a trend in financial crime of not attacking a single financial institution, but hiding fraudulent activity across multiple institutions," said Brendan Brothers, co-founder of Verafin. "When it comes to community banks, they often have difficulty identifying that activity, [and] they only see a small slice."
The exchange, which is a free service, was initially open to Verafin customers that participate in the 314(b) program, a voluntary provision of the USA Patriot Act. It permits financial institutions, upon providing notice to the Treasury Department, to share information with one another strictly for the purpose of identifying and reporting to federal authorities any activities that may involve money laundering or terrorist financing.
Verafin recently opened up the network broadly to any 314 (b) participating financial institution, regardless of whether it is a Verafin customer. Currently more than 600 Verafin customers and nearly 150 noncustomers use the network.
The topic of information sharing among banks to prevent financial crime has become more prevalent in recent months. Multiple attacks against banks since late last year that have been tied to North Korea have been blamed, in part, to a lack of information sharing among banks on the Swift network. And this month JPMorgan Chase Chief Executive Jamie Dimon floated the idea of a national know-your-customer registry for banks.
Verafin is not the only company operating a bank information-sharing network. The Financial Services Information Sharing and Analysis Center reports information about cybersecurity breaches to its member companies. Swift and Clarient Global — a consortium of the Depository Trust & Clearing Corp. and six global banks — are among several consortiums that operate know-your-customer registries for banks.
Verafin not only focuses on helping community banks share information, but also on automating much of the technical processes for them, Brothers said.
"With many 314 (b) programs there's a lot of hurdles; you have to verify the other institution you're talking to, encrypt emails," he said. "We do all of that [on the back end] so it just serves as a messaging service to our members."
Fauquier's Brown, a former law enforcement agent, believes information sharing is critical for banks in helping prevent fraud and money laundering.
"It might be disconcerting to civil libertarians, but we're not sharing information on our customers — we're sharing information about activity," he said.
Rebecca Robertson, director of anti-laundering compliance at South Carolina-based South State Bank, which is also on the Verafin network, echoed that argument.
"When we see an alert, we know right away this is a person we need to look into," she said. "We don't have to waste time digging around, trying to figure out whom to contact for more information. And the information we share gives both our institutions a view of our mutual customer we could never achieve without working together."
Banks will likely need to share even more information to deal with the cybersecurity threats of today, where banks and financial networks are targeted by sophisticated attacks coming from criminal gangs and nation states, said Shirley Inscoe, a senior analyst with Aite Group.
"Banks can't expect to fight these kinds of attacks in a solitary manner," she said.
But, Inscoe added, the industry has to avoid crossing the fine line between sharing information for the greater good and invading people's privacy. For example, regarding a national know-your-customer registry, Inscoe said "many people would resist" such a database that housed information on all Americans.
Brown said that information-sharing helps the bank be more compliant.
"I spend more time investigating activity that is not suspicious than activity that turns out to be fraudulent," he said. "So if the regulators come in and ask why I didn't further investigate a particular activity, I can show them why."