The purpose of this webinar is to help Financial Institutions understand the implications of financial crime and fraud prevention, and get ready to review and upgrade their systems accordingly where required.
Topics covered:
-Overview of GDPR and PSD2 regulations with respect to Financial Crime
-Implications of each the regulations on Fraud and Financial Crime (FFC)
-The challenges and opportunities offered by those regulations
-Which steps should Financial Institutions take to mitigate the cost of FFC
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Open Banking / PSD2 & GDPR Regulations and How They Are Changing Fraud & Financial Crime
1. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
PSD2 & GDPR Regulations
And How They are Changing Fraud & Financial Crime
Advise.
Plan.
Deliver!
marketing@matrix-ifs.com
2. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
3. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
Matrix-IFS – What We Do
Fraud
Prevention
DataCapital
Markets
Anti-money
Laundering
1
4. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
How PSD2 and Open Banking are driving
Innovation in Financial Crime Prevention?
2
5. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
The Challenge
Situation
As banks in UK and across the EU are mandated under PSD2 to expose account
and payment information, multiple financial services will be available to consumers
Implication
This creates increased fraud risks which push banks toward accelerated innovation
in fraud detection and data management
Recommendation
Stay tuned and find out!
3
6. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
What is Open Banking & PSD2
Open Banking intends to:
• Foster competition in the Banking Industry
• Improve customer experience by offering more services & innovation
The Second Payment Services Directive (PSD2) aims to:
▪ Encourage development and use of innovative payments
▪ Enhance consumer protection against fraud
▪ Strengthen liability & accountability
▪ Make cross-border European payment services safer
4
7. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
PSD2 & GDPR Rollout Timeline
18 month time window
6 month time window
PSD2
becomes part
of national law
across
the EU
13 Jan
2018
EU ratifies
final
Regulatory
Technical
Standards
(RTS) on SCA
and SCS
13 March
2018
GDPR
provisions
become
directly
applicable in
all EU member
states
25 May
2018
Banks must
open RTS-
compliant API
to TPPs for
testing and
integration
14 March
2019
RTS legally
apply to all EU
member
states
(including UK)
14 Sep
2019
5
8. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
The New Model – Access to Accounts (XS2A)
Transaction Risk Assessment
Strong Customer Authentication (SCA)
Secure Communications
Customer Credentials
6
9. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
Opportunity for Innovation in Financial Services
1. Encouraging competition between banking providers
2. New products and services by start-ups & challenger banks
3. Products / services can also be offered by established banks
Example:
Account
Takeover
Identity
Theft
Device
Spoofing
Expected Attack Vectors:
7
New products & services
increase the bank’s
‘attack surface’!
10. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
In order to combine the necessary risk analysis with the exemptions and
remain compliant with PSD2, banks need:
A Fraud-detection engine that:
1. Ingests different sources of information (internal / external)
2. Combines behavioural analytics
3. Covers long periods for unique accounts
Moving Toward ‘White Box’ Fraud Prevention
Rules
Based
Probabilistic
(ML, AI)
‘White
Box’
Enterprise
(‘Black Box’)
8
11. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
The ‘White Box’ Approach
Feature Current Risk Engines ‘White Box’ Approach
Model Build
Process
• Black Box model built by vendor • Built by experts, in collaboration with the
bank
Data Used • Pre-defined data requirements • Model built incorporating available data
• Agile testing procedures
Fraud History • Model built on vendor data
• Model tuned on bank’s fraud cases
• Developed from bank-specific data and
fraud cases
Deployment • Deployed by vendor based on long
model tuning
• Agile build, test & deployment within the
engine via API / User Interface
9
12. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
Operational
Recommendations
10
13. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
#1 - Review RTS Compliance
Complete a study of the impact of PSD2 & the Regulatory
Technical Standards (RTS) on Fraud Prevention
Should aim at 2 objectives:
1. Ensuring that the bank is compliant with the regulation and RTS
2. Ensuring that fraud prevention is not impacted due to opening bank
systems to TPPs
11
14. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
#1 - Review RTS Compliance
Key points of RTS Compliance review:
• Quality criteria for the API
• Strong Customer Authentication (SCA) & transaction risk analysis
• Specific fraud reporting requirement
• Expert security measures audit
12
15. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
#2 - Multi-channel Fraud Architecture
Under PSD2, banks must open API for Third Party Providers (TPPs), thus creating
new opportunities for fraud
"61% of Financial Institutions are planning to invest in a multi-channel
authentication solution”.
Study by top advisory consulting firm (Nov 2017)
A Multi-channel architecture can help you mitigate risk
13
16. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
#2 - Multi-channel Fraud Architecture
Transaction
Merchant
Customers’ Accounts
Card Fraud Check TPP (PSD2) Fraud Check
Card Interface Open API
Online Banking Fraud Check
Banking Portal/App
Strong Customer Authentication (SCA)
Card Scheme
Merchant
Acquirer
Customer
Card
Customer
Uses TPP App
Merchant
TPP
Customer Uses
Bank Services
Payment
Instruction
Account based requests
Account based requests
14
17. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
Create Store
Destroy Use
ShareArchive
#3 - Data Lifecycle Management
Data
Lifecycle
Management
Capabilities Desired
• Data storefront – data provisioning services
• Data lineage – convergence, control & quality
• Archive and deletion services
15
18. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
What’s Next?
Review RTS
Compliance
Multi-channel
Fraud Architecture
Data Lifecycle
Management
Develop a “White
Box” Solution
16
19. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
17
The Great Data Revolution
Data: disrupting how we do business
Chris Butlin, Director | Professional Services CIM
20. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
Change
Data is transforming the way we do business
Data Growth is changing
our understanding of the
world
Data companies are
changing business –
The Gig Economy
Digital
Transformation
Journey
Politics
Customer behaviour
Flexible working
based on an app
Disintermediation
Internet of Things
UBER, airbnb, deliveroo
Data rich but
information poor
Security
Regulatory change
(GDPR)
18
21. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
single view
Cut through the data lake to create a
Data Lake
Data Collection
Data Quality
Data Entities Resolved
Data System of Record
SINGLE VIEW
19
22. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
GDPRPart of the Digital Transformation Journey
“Don’t tell me what GDPR is - tell me how to get started on the path to GDPR data compliance”
DISCOVER
Identify what data you hold and
where and on what grounds
Data Collection & Storage
Privacy by Design
Article 5 & 25
---------------------------------
Scan Non-Digitised Data
Data Discovery
Understand Your Data Landscape
PREPARE
Keep personal data up to date
and limit data to what is relevant
Data quality and data
minimisation
Article 5
------------------------------
Data Quality
Data Minimisation
Improve Your Data Quality
ACT
Manage right of access
and data portability
Consent & Transparency
Articles 7-9, 12-18
------------------------------
Data Hub
Data Federation
Data Governance
20
23. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
ENGAGEMENT
Where are you?
What are you doing?
What mode are you in?
What’s your intent?
What’s happening
around you?
Who is with you?
INSIGHTS
Lifetime value
Profitability
Credit risk
Share of wallet
Opportunity
Loyalty
Satisfaction
Retention
Needs
Attitude
Persuadability
R-F-M
ACTIVITIES
Marketing history
Offers, Responses, Coupons
Preferences
Method, Content, Frequency
Social Media activity
Posts, Check-ins, Likes, Awards
Engagement history
Calls, Emails, SMS, Web
journey, in-store visits
Service history
Requests, Tickets,
Complaints
Transaction history
Purchases, Payments, Bills,
Invoices, Statements
Benefits of GDPR – Leading to a Single View
Initial GDPR
Compliance
Business
Benefits
RELATIONSHIPS
Household
Places
Organisational
Social
Memberships
CORE PROFILE
Identity | Name | Age | Gender
Employment | Portfolio
…
INDIVIDUAL
21
24. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
Data Transformation Journey
Resulting in:
Control of Data
Governance
Understand Your Data
Consistent Data Across the Enterprise
Improved Business Processes
Meet Compliance Requirements
Single View
Understand Interactions
Channel Shift
Self Service Solution
Consistent Communication
Omni-channel Communications
22
25. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
GDPR and the Fight against Financial Crime
FI collect
customer
data
Under GDPR,
firms are
obliged to
respect
privacy
rights
granted to
individuals
Legal
processing
and right to
be forgotten
FIs have a
higher
degree of
obligation to
innovate and
invest in
their data
management
GDPR
permits
processing
of data
necessary
to meet a
legal
obligation
REC #1
FIs should start
investing in
building Data
Management
capabilities to
improve Fraud
and FinCrime
Prevention
REC #2
Leverage
technology
to create a
single view
of the
customer
23
Example:
PSD2
26. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
ForquestionsonPSD2contact
yair.samban@matrix-ifs.com
Questions?
ForquestionsonGDPRcontact
christopher.butlin@pb.com
ReachouttoourexpertsforadviceonFraud
PreventionandGDPRFinCrimedatamanagement
27. All content is the property and proprietary interest of matrix IFS; The removal of any proprietary notices, including attribution information, is strictly prohibited.
Thank you!
…andwewillsendoveradocumentthatwillhelpyoutoensureyour
oraganisationisontracktobePSD2/GDPRcompliant
Areyou
PSD2/GDPR
compliant?
Wouldyou
likeadoc
outliningwhat
you needtobe
compliant?
Emailus
marketing@
matrix-ifs.com
Tellus
howfaralong
areyouin
theprocess...