Compliance

1
Continuous Auditing Reporting

• Compliance Fraud Monitoring
• The power to know now
• Data2knowledge Inc.
• Case study, Banking Sector
• 12th Continuous Auditing and Reporting Symposium
• Rutgers University, NJ November 2006
• Andrew Gonczi,
• CEO Data2knowledge, Inc. www.d2k.com

2
Presentation Outline

• About Data2Knowledge
• Continuous Monitoring Needs
• Case study, Banking Sector
• D2K Secure, Continuous Monitoring System

3
1. About Data2Knowledge

• Corporate Overview
• Established in 1999, offices in NJ, UK and
  Hungary
• Specialized in ETL, data structuring and
  continuous monitoring
• Blue chip corporate clients in US and Europe
• D2K Distil
• Key financial data found and extracted more
  accurately, faster and for a fraction of the cost
   
• D2K Secure
• Continuous Fraud and Compliance Monitoring  
• D2K Development
• Offshore (Hungary) development and service team
  Cost effective, innovative
• D2K's core extraction engine is also available to
  be embedded in custom applications and as a SDK
  to partners.

4
2. Continuous Monitoring Needs

• Why is continuous monitoring becoming a must now?
• Advances in technology and increased business
  dynamics enable businesses to change ever more
  rapidly,
• Traditional audits and controls are no longer
  adequate
• Key drivers
• Past few years events (9/11, malfeasance crisis,
  complex and creative business models)
• Subsequent regulations (HIPAA, SOX, Patriot Act,
  Basel II, MiFID, etc.)
• Business needs, competitive development of
  controls to be matched
• Benefits
• Immediate notification to management of problems,
  timely correction
• Fraud reduction and improved risk management
• Extensibility across multiple IT systems
• Independence from operative management

5
2. Fraud prevention Compliance needs

• Key Drivers
• Laws and Regulations
• Direct PL impact to prevent losses from fraud
• Indirect PL impact business reputation, client
  retention and acquisition
• Continuous Monitoring Requirements
• To detect fraudulent, unauthorized or money
  laundering activities, operational systems need
  to be monitored on an ongoing basis
• All systems produce activity/transaction logs,
  but differing formats
• Centralized Monitoring Dashboard gives clear view
  across all business transaction and IT systems
• The Audit Trail Imperative
• Details of finest granularity needed at all times
  in near real time
• Drill-down analysis required
• Data Source Quality, Data Level Assurance
• Proof for Internal and Public proceedings
• Transaction level intervention

6
3. Case Study Banking Sector

• Customer
• Large subsidiary of a major European bank
• Market cap. 20Bn
• Employees 50k
• Business objectives
• Meet regulatory compliance requirements
• Reduce fraud losses, especially internal attacks
• Continuous and pre-emptive controls
• Expand scope across all business and IT systems
• Reduce costs compared to highly manual prior
  processes

7
3. Case Study Banking Sector

• Technical challenges and requirements
• Growth through acquisitions ? wide variety of
  disparate IT systems
• Data consolidation became a major challenge
  multi-terabytes of historical and real time data
  such as transaction logs, document files,
  spreadsheets and financial reports stored on
  Oracle databases.
• security administrators were finding it
  impossible to monitor these vast reservoirs of
  data in order to detect suspect usage patterns
  and identify possible fraud before it was too
  late.
• Non intrusive solution needed to coexist with
  other IT systems
• Independence from other processes to ensure
  impartial oversight
• Events of interest are hidden across several
  system logs and multiple log entries
• Identification of suspicious behavior requires
  establishing profiles and patterns (ex. multiple
  account of the same person)

8
3. Case Study Banking Sector

• Proactively combating fraud reducing compliance
  costs
• D2K Secure reviews 12 -15 Gb per day of data in
  order to spot suspicious activity before it
  becomes a problem.
• With automatic querying and real time alerts, the
  bank can now be truly proactive in the fight
  against fraud.
• D2K Secure saves costs every day what previously
  would take 10 - 15 man days to piece together now
  takes 3 - 4 hours to run automatically.

9
4. D2K Secure Continuous Monitoring

• System Summary
• D2K Secure is a flexible and scalable system
  designed to transform the contents of an
  unlimited number of audit log files into a single
  structured database.
• Security analysts are provided with relevant
  information with links back to the original audit
  trail sources.
• With appropriate reporting modules, the system is
  capable of generating automatic real time alerts
  if certain usage patterns are recognized in the
  logs.

10
4. D2K Secure Continuous Monitoring
11
4. D2K Secure Continuous Monitoring
12
4. D2K Secure, key features

• Modular architecture allows integration with
  other analytical applications
• Combines several complementary methods to provide
  near 100 matches
• Data may be retrieved from any kind of structured
  or semi structured source, including but not
  limited to web pages, entire web sites, document
  files, text based log files, any type of
  relational databases and EDI systems.
• The system can monitor multiple data sources and
  generate digests or reports from collated
  real-time or buffered information, based on the
  requirements of the application.
• The massively parallel architecture allows
  simultaneous processing of individual information
  units, enabling real time processing of virtually
  unlimited amounts of data with suitable hardware
  support.

13
4. Transactional Log Sample
Banking System Equation 1130 line types, 172
transaction
14
4. Transactional Log processed in xml
Sample (part of the xml file)
15
4. Structured Output from Transactional Log
16
4. Event Linking from Transactional Logs
17
4. Reporting UI Example (local language)
18
Monitored events summary table
4. D2K Secure

19
4. Monitored Events AML

• 2 years expired between the current and last
  transaction and the minimum amount is 8k EUR
• High amount transactions in a week
• E-bank transactions above 8k EUR
• Card transactions above 8k EUR in 2 hours
• Data browsing with no transaction
• Data browsing within 3 days without transaction
• Transaction cancellation above 8k EUR
• Transactions of the same customer at the same
  administrator
• Incoming amount over 400 EUR from other bank to
  worker account
• Incoming gt8k EUR to an account opened with lt400
  EUR
• Inquiry last 6 months without transaction
• FATF country transactions

20
4. Monitored Events Dormant Accounts

• Data browsing of dormant account w/ debit
  transaction last month
• No host branch
• Multiple debits in 2 hours, 1 months
• Same supervisor access of multiple dormant
  accounts
• Card initiated requests
• Outgoing transfers
• Trading in own account with government securities

21
4. Monitored Events Detail Samples
Some of the 600 parameters that can be used to
define query details
22
4. Ad-hoc vs. Continuous Monitoring
23
Thank you for your attention
Andrew Gonczi Andrew.Gonczi_at_d2k.com
646-479-4496 Data2knowledge, Inc.
www.d2k.com