2. Speed. Cyber-financial crimes occur rapidly, and the delay or absence of
information sharing allows cybercrime to continue unfettered. Faster information
sharing positions financial institutions better to prevent cyber-enabled fraud,
money laundering, and terrorist financing, as well as increase fraud recovery rates.
3. Voluntary participation. ( www.fincen.gov/sites/default/files/
shared/314bfactsheet.pdf). If financial institutions have not notified FinCEN of their intent to share information under 314(b), any external financial
institutions that have valuable information about cyber cases involving the
non-participating, end up with data that is not actionable. Participating in
314(b) information sharing serves to strengthen the industry immune system
by shutting down avenues to launder proceeds of crime and providing more
robust and accurate SAR reporting to FinCEN.
Benefits and Use Cases for
314(b) Cyber Information Sharing
Financial institutions’ fraud prevention programs work vigilantly to keep
threat actors from even accessing bank systems and customer accounts.
Despite this, the combination of social engineering, malware, and systems
vulnerabilities provide a way for accounts to be compromised. Financial
institutions battle prolific cyber-enabled frauds such as synthetic identity
fraud, business email compromise, romance fraud, and hacking incidents
relating to payment systems.
Recent statistics from the FBI show a single cyber-enabled financial crime
typology called “business email compromise” or “BEC” increased astronomically from 2016 to 2017, totaling adjusted losses of $675 million USD (www.
fbi-bec-losses-in-2017-shot-up-to-over-us-675-million). This represents
an 87% increase in just one year. Publicized cyberattacks directly against
financial institutions from 2015 to 2018 illustrate attempts by cybercriminals or nation-state actors to steal approximate-ly $3 billion USD (www.csis.
other-projects-cybersecurity. And, in 2015, a single group of cybercriminals and stock traders made approximately $100 million in illegal profits
through insider trading from stolen press releases ( www.reuters.com/article/
International cybersecurity expert Dr. Shane Shook notes critical cyber
threats and vulnerabilities which uniquely affect the financial sector:
■ ■ ■ In the absence of national cybersecurity regulations, third-party payment
processors and Real Time Gross Settlement (RTGS) providers reveal vulnerabilities in U.S. financial institutions and payment systems infrastructure.
■ ■ ■ Cybercriminals and nation states seeking to gain funds to effect geopolitical outcomes will continue to target the U.S. banks, the securities market,
and trading or technical platforms, which could also damage the U.S.
economy and stability.
■ ■ ■ Nation states will continue to target identified vital persons in financial
institutions to uncover non-public information and trade secrets to gain
or increase competitive edge, global standing, and leverage. 8
Faced with cybercriminal underground markets that are flooded with
consumer PII (as a result of a series of massive data breaches and hacking
incidents), fraud filters leveraged by financial institutions work overtime to
stem losses. A challenge in the synthetic identity fraud environment is that
there is no actual “victim” which self-reports or notifies law enforcement,
which places the burden of identification squarely on the shoulders of the
collective corporations in the financial services industry. 9
Synthetic identity is achieved when fraudsters combine pieces of legitimate
data (such as a Social Security Number) with fabricated data (such as a false
name), and merge it with an address belonging to yet another individual.
Synthetic identity fraud is a daunting issue for consumers, corporations,
and financial crime fighters; according to the Federal Trade Commission,
synthetic identity fraud accounts for nearly 74 percent of all fraud losses by
United States businesses, and over 88 percent of all identity theft incidents. 10
In the Journal of Financial Crime, P. Gottschalk states in the chapter “
Theo-ries of Financial Crime,” that key drivers are represented in what is termed
“the fraud triangle,” or the notion that the risk of fraud arises when three
factors are present: opportunities, incentives or pressures, and rationalization.
Interaction among these elements differ by financial crime type, and in some
cases from country to country. Insights as to why, are dependent upon the:
■ ■ ■ Classification of the threat actor’s role (organized crime, insider);
■ ■ ■ Environment;
■ ■ ■ Degree of criminality in the countries where the fraud occurs;
■ ■ ■ Geopolitical climate; and
■ ■ ■ Likelihood of getting caught and prosecuted.
Synthetic identity fraud is problematic for credit monitoring services to
detect, in part due to credit history entries appearing at credit bureaus only
when there is an exact match of a consumer’s name and other PII.
A white paper published by ID Analytics notes a drastic increase in new
social security numbers (SSNs) following the 2011 Social Security Administration implementation of randomized SSNs. While this move by the
SSA was meant to protect consumers, unfortunately it created challenges
for the financial services industry and its third-party providers to detect
which SSNs are fraudulent. Thus, financial institutions leveraging 314(b)
for sharing information connected to cyber-enabled financial crimes such
as synthetic identity fraud, are highly likely to improve fraud prevention and
the institutional bottom line significantly.
FININT Value and the
The underlying framework in which threat actors’ financial activities operate, is the U. S. financial system. In this framework, there is a delicate balance
between U.S. financial institutions’ obligations to their regulators and the
financial intelligence (FININT) value delivered to the intelligence community
and law enforcement. Regulators want to ensure programs are run adequately,
and that reporting occurs on time.
While it is important to note that the safe harbor does not include sharing
information across international borders, there are many technical indicators which can be shared and subsequently serve as dynamic investigational
pivot points. Many of these are in the October 25, 2016 FinCEN Advisory:
■ ■ ■ IP addresses with timestamps;
■ ■ ■ User agent strings;
■ ■ ■ Device IDs;
■ ■ ■ Virtual wallet information;
■ ■ ■ Indicators of compromise;
One of the most effective ways to mitigate cyber threats
is for financial institutions to share information.