Challenges and benefits of information sharing on cyber threats and financial crime examined in latest SWIFT Institute research
Cyber security and financial crime compliance are increasingly intertwining. As such, the sharing of information amongst financial institutions has never been more crucial in combatting the combined threat.
Two new SWIFT Institute research papers look at both the challenges of information sharing between individual banks, and the benefits and lessons learned from public and private organisations sharing information collectively.
The barriers to information sharing
The first paper builds on previous SWIFT Institute research (Sharing Insider Threat Indicators: Examining the Potential Use of SWIFT’s Messaging Platform to Combat Cyber Fraud), which proposed a protocol for sharing insider threat activities between banks.
This new study, by Casey Evans (Kogod School of Business at the American University) and Elizabeth Petrie (Citibank), attempted to pilot the exchange of insider threat reports between several SWIFT customers in the US. The pilot concluded with a number of findings on challenges to information sharing that until resolved, will prevent firms from formalising engagement in this area.
While there were some legal hurdles around sharing information, the most significant findings related to:
– data access and technical issues
– cultural constraints for sharing data internally
– inconsistencies between financial institutions around data collection
– and a lack of a universal call to action for sharing insider threat activity.
A partnership approach
The second paper examines whether a partnership comprising public and private sector organisations (PPP) can improve information sharing between those sectors and be effective in combating money laundering and terrorism financing-related crimes.
This research, by Paula Chadderton (Centre for Counter-Terrorism Coordination) and Simon Norton (Australian Strategic Policy Institute’s Strategic Policing and Law Enforcement Program) was a case study using Australia’s Fintel Alliance, which brings together 22 public and private sector organisations with the goal of combatting financial crime. It is regarded as the first true public-private partnership of its kind, in its co-location of participants and sharing of information.
The research identifies the challenges of implementing a PPP as being legislative, technical and data-driven, and depends on the involved parties’ relationships, trust and risk appetite.?It concludes that PPPs can play a critical role in overcoming reticence to sharing information, building trust and expanding knowledge of (and thereby combatting) financial crime.
The study makes eight recommendations for other countries considering establishing or enhancing a PPP targeting financial crime:
1) Start small and grow over time.
2) Consider involving members from other organisations or sectors.
3) Start within existing legislative and technological parameters.
4) Provide clarity on PPP roles and responsibilities.
5) Consider projects that maximise PPP members’ participation and incorporate a preventative focus.
6) Engage, and if possible co-locate, the most appropriate staff to work on projects.
7) Communicate timely and meaningful information about PPP projects and activities to industry, government and the community.
8) Review laws to support information sharing to fight financial crime.
Both papers are public and can be freely shared externally via the following links: