Share Data to Thwart Hackers and Address Other Big Challenges

cybersec.jpg

In his recent book "The Social Life of Money," Nigel Dodd, a professor at the London School of Economics, describes the work of Georg Simmel, the 19th-century German philosopher who sought to explain what makes money possible.

Simmel observed that value results from a synthesis that takes place through exchange. "We enter into exchanges because we want things," Dodd explains. "This desire is demand." In Simmelian terms, banks in 2015 will swap information and develop processes with one another on a scale that may be without precedent. They'll remain fierce competitors, but by better sharing data with one another they also hope to fine-tune their analysis of credit risk, track and thwart money laundering threats and strengthen defenses against cyberattacks. Call it the year of co-opetition.

This trend toward better information sharing is being facilitated by third parties like Credit Benchmark, a U.K. startup that pools banks' assessments of the creditworthiness of institutional borrowers. Lenders hand over to Credit Benchmark their internal estimates of probabilities of default and potential losses. Credit Benchmark averages the opinions to calculate a consensus view that the company sends back to lenders.

Credit Benchmark aims to complement, if not disrupt, the cartel in credit ratings presided over by Moody's, Standard & Poor's and Fitch. "The fundamental difference is that when you're taking in a Credit Benchmark consensus you're taking in data from other players with skin in the game," says Elly Hardwick, its CEO.

With banks throughout North America, Europe and Asia all supplying information — at least a dozen have signed up so far — Credit Benchmark calculates the riskiness of debt issued by governments, hedge funds, businesses and other borrowers, including those that lack a credit rating from one of the big agencies. "There are huge areas of the market that banks care very deeply about where they have nothing to compare their rating to," adds Hardwick. "That's frightening for banks."

The inclination to share also is accelerating in compliance. In November, Markit and Genpact Limited announced that more than 600 hedge funds, pension firms and other institutions have registered for the companies' know-your-customer service, which assembles information about the identities of customers that banks must verify before opening accounts.

KYC Services, as the venture is known, relies on a standard developed in tandem with Citigroup, Morgan Stanley, HSBC and Deutsche Bank that defines what goes into a customer profile for public companies, hedge funds and other entities. The process promises to speed the opening of accounts and save banks money, while easing burdens on counterparties by homogenizing demands for information they must provide.

"We build a profile once and reuse it again across banks, says Rampi Kandadai, who manages the service for Genpact."

Though compliance officers have shared information about trends since anti-money laundering laws emerged 30 years ago, the ability to sift through and share the avalanche of data now available has become increasingly important, says John Byrne, executive vice president of the Association of Certified Anti-Money Laundering Specialists.

"The data is an important component of making account opening decisions, but [it] also becomes important on an ongoing basis for monitoring transactions," Byrne says. "Some of it is slicing and dicing at the institution, but it's that plus outside data that gives banks a more holistic view of who you are."

KYC Services mirrors efforts across the industry, where firms such as Thomson Reuters, KYC Exchange and others are racing to sign up banks for compliance-related registries. In September, Swift, which offers a KYC registry backed by JPMorgan Chase, Citigroup and others, said it would provide access to the service without charge in 2015 to banks that contribute data.

Nowhere is the need for sharing greater than in the area of cybersecurity. JPMorgan CEO Jamie Dimon, whose bank in August disclosed that hackers had accessed data on 83 million customers, wrote last spring to shareholders of "intelligence fusion" that the bank uses to share information about threats.

In the year ahead such synthesis promises to occur across the industry as banks become better at tapping data at their collective disposal to harden defenses against digital intrusions. Part of the push includes the development of Soltra Edge, a program created by the Financial Services Information Sharing and Analysis Center and the Depository Trust & Clearing Corp., that converts information about suspect websites, email addresses and malware into a format that allows threats to be routed automatically to banks' security systems.

Soltra Edge, which launched in December, is being tested by about 45 financial institutions and promises to make it easier for banks to sift through all the information about digital threats that floods their firewalls.

"The standardization is the most powerful benefit," says Al Pascual, a security analyst with Javelin. "It's almost a way to speed intelligence sharing and improve security postures."

Soltra Edge also has the potential to become a standard for retailers and other businesses outside banking that scan for cyber threats yet lack banks' prowess in cybersecurity. That matters because sharing of threats within the financial industry may not suffice, notes Steven Chabinsky, the chief risk officer at CrowdStrike, a digital security firm. "The main point is that information exists across all industries," says Chabinsky, a former deputy assistant director at the FBI's cyber division.

As Chabinsky sees it, banks and others benefit when they collect information from as large a network as possible. "The power of the crowd are the computers that have all the information and that are really good at processing and sharing it quickly," he adds.

This article originally appeared in American Banker.
For reprint and licensing requests for this article, click here.
Law and regulation Compliance
MORE FROM FINANCIAL PLANNING