As discussed previously, the idea of a fusion centre is to help break down the silos in which risk teams such as fraud and cyber were previously working independently, allowing them to come together to deal with intersecting threats. In this post, we want to take a closer look at the technology behind fusion centers, specifically those elements that enable what’s known as an “integrated risk alert platform,” which underlies the “fusion” in “fusion centre.”
By virtue of our jobs as partners in the risk consulting practice at KPMG, we see different scenarios in which organizations of all kinds are navigating fusion centres almost every day. Again and again, it’s clear that one of their biggest challenges is data sharing. But it’s a critical challenge to address because data sharing is the very means by which teams are enabled to seamlessly collaborate on threat detection and response.
At many financial institutions, a sector in which we both specialize, different risk teams have been operating in silos. They have already established various processes and procedures but, in an attempt to create more harmony, common practice has included a combination of procedural hand-offs between teams and playbooks to help integrate processes. However, unless the data is integrated in near-real-time, the teams will continue to overlap, creating inefficiencies, which has the further tendency to allow them to fall back into their silos.
You gotta keep ‘em integrated
The main collaboration and orchestration platform to integrate security functions effectively is a common case/alert management system that can unify the relevant data (including customer and transaction data, alerts, logs, links between parties, etc.).
Integrating alerts across the various “risk stripes” can help realize the following benefits:
- Reductions in false positives and improvements in the accuracy of fraud and financial crime identification.
- Streamlined operations and reduced overlap between functions to drive efficiencies.
- Creation of a comprehensive view of all risks related to a customer or transaction, resulting in better inputs for leadership decision making.
- Expediting alert management and response time from hours or days to minutes.
The integration of data can be a challenge in and of itself, including but not limited to formatting, consistency and security around the data—and that’s on top of the associated privacy implications. And once you clear the hurdles of getting the data in one common place, there’s another challenge: sorting out what exactly you can do with that data.
Thankfully, developing standard use cases with “big data” is now commonplace. Applying machine learning and/or artificial intelligence on those use cases and alerts frequently yields greater insights than was previously thought possible. And having an integrated alert management platform that feeds the outcomes of each of the risk pillars back into the system allows for advanced analytics that cannot be derived from single risk alerts.
A sum greater than its parts
From the client discussions and industry analysis we’ve seen and undertaken, we’ve noticed that a lack of actionable intelligence and correlation across distinct functions in a typical organization is problem number one. It’s a problem we spend our professional lives working to solve.
Generally speaking, that solution is complex and depends on a combination of industry/domain expertise across law enforcement, cyber, fraud investigation, anti-money laundering (AML), threat intelligence and security architecture. The result is a harmonized view of alerts/incidents discovery, observables management and remediation efforts leveraging tailored architecture, playbooks, runbooks and advanced analytics. What’s even better is that, because it’s tailor-made, it can integrate with existing systems, minimizing the levels of change management required to implement it.
Ultimately, the ability to seamlessly operate alerts/incidents across fraud, AML, security and other risk teams through one integrated solution and their ability to bring out the risk context to each other is a game changer that provides much more effectiveness, seamless cohesion and overall cost savings to the organization.
That is the fusion centre’s promise—and, increasingly, its reality.
Learn more about what KPMG is doing to help financial institutions manage risk, enhance regulatory compliance, optimize strategy and improve operations here.