Treasury accuses banks of 'insufficient data sharing' on fraud

Img

In a report last week on AI and cybersecurity, the U.S. Department of the Treasury said that, while banks tend to share plenty of information with each other for the purposes of cybersecurity and anti-money laundering, they have practiced "insufficient data sharing" in the area of fraud prevention.

The dearth of banks sharing their fraud data undercuts smaller banks' efforts to train anti-fraud AI models models that many banks hope will replace rule-based engines, deny lists and device fingerprinting in the fight to detect and prevent transaction-related crimes such as money laundering and fraud.

Treasury acknowledged a general gap in the data available to financial institutions for training AI models of all kinds, but the report said the gap is "significant in the area of fraud prevention," which the report contrasted with robust cybersecurity data sharing efforts led by organizations including the Financial Services Information Sharing and Analysis Center.

"The accuracy of machine learning-based systems in identifying and modeling fraudulent behavioral patterns correlates directly with the scale, scope (variety of datasets) and quality of data available to firms," the report reads.

The report said "most financial institutions" interviewed for the report, which was based on 42 interviews, expressed the need for better collaboration in the domain of fraud prevention, particularly as fraudsters themselves have been using AI and machine learning technologies.

"Sharing of fraud data would support the development of sophisticated fraud detection tools and better identification of emerging trends or risks," the report said.

However, while such information sharing could improve fraud detection, it "also raises privacy concerns," the report said, as it would involve collecting and storing sensitive financial information including transaction histories and personal behaviors. Data anonymization and algorithmic transparency — i.e., helping customers understand how their data is used — could mitigate these issues, the report said.

Treasury said in the report that the Financial Crimes Enforcement Network, which is a bureau of Treasury, might be well positioned to support fraud information-sharing efforts between banks, to ensure that smaller financial institutions "are benefitting from the advancements in AI technology development for countering fraud," the report said. Core providers could also play this role, according to the report.

While many vendors offer smaller banks access to AI-based transaction monitoring systems, Treasury's report said internal development at banks "offers advantages in oversight and control of the development, testing, transparency, and governance of models and access to sufficient data monitoring for model risk management evaluation purposes."

The report seeks to help banks "disrupt rapidly evolving AI-driven fraud," according to Treasury's Nellie Liang. The report found banks have difficulties accounting for AI risks.

March 27

For the moment, the report cited efforts by two institutions that are already working to close the fraud information-sharing gap: The Bank Policy Institute and the American Bankers Association.

The Bank Policy Institute, a public policy research and advocacy organization, told Congress in February that, as part of the effort to promote and enable data and intelligence sharing between institutions, the institute has established BITS, an "executive-level forum" for bankers to collaborate on policy advocacy, promote critical infrastructure resilience, strengthen cybersecurity and reduce fraud.

The American Bankers Association, a trade organization and bank industry lobbying group, is set to launch an information-sharing exchange in the first half of this year, which the association says will help member banks fight fraud.

As an example of how the exchange will work, in fraud cases known as business-email compromise, the platform will enable banks to alert their peers with key information about the account of the alleged fraudster, said Paul Benda, executive vice president of risk, cybersecurity and fraud at the American Bankers Association.

"The idea here is to allow banks to share this information amongst other banks in a near-real-time manner so they can integrate this data into their payment flows, into their risk-scoring systems, to stop that money from going out," Benda said.

The association said its long-term goal is to make the exchange available to all financial institutions that are covered by Section 314(b) of the Patriot Act, which gives financial institutions the right to share information that could be used to identify transactions that might involve money laundering or terrorist funding.

As for the consequences of failing to promote adequate fraud information sharing, several institutions Treasury interviewed said "there may be a risk of future consolidation towards larger institutions" if "smaller financial institutions are not supported in closing this critical gap," according to the report.


More From Life Style