LOGOS IT Services: Enterprise fraud and user behaviour analytics - François Gourdon
Today's financial institutions are faced with a growing army of threats, taking in cybercrime, data leaks, reputational damage and fraud. Keeping in line with the latest compliance frameworks is also an increasingly demanding prospect. François Gourdon, CEO of LOGOS IT Services, introduces its iDETECT software, and explains how an integrated and intuitive system - which counters threats in real time and adapts to the latest regulatory developments as they arise - can provide a joined-up, cost-effective approach.
Could you start by giving us the background to the iDETECT software, and LOGOS IT Services' work in the finance sector?
François Gourdon: iDETECT® software is the result of years of cumulated experience of experts from the law enforcement and financial sector compliance area. Right from the start, when the product development was initiated, iDETECT was designed to confront the foremost challenges of the financial sector in terms of risk mitigation. What we propose is a symbiotic approach, either to replace or complement first-generation systems.
What are your clients' key demands, and how have you seen these change over recent years?
Clients' demands are constantly pushing us forward. A lot of the time, these can be conflicting. For example, clients want to eradicate the threat of unwillingly facilitating wrongdoing, and avoid penalties and reputational risk, but at the same time they look for a solution that maximises savings and operational efficiency. Happily, we have the right technology for such challenges.
Today, with the importance of counterterrorism financing and the amount of fines (billions of pounds) that can be imposed on financial institutions, we see an unprecedented level of stress in compliance departments. On the fraud and cybercrime side, the stress is virtually equivalent; the recent high-profile stories of data losses, hacking or identity theft have made organisations aware of the risks that they are exposed to.
Of these cybercrimes, what is the biggest threat clients face?
Issue number one still concerns data leaks. Another important issue is identity theft; for instance, people stealing passwords.
These are very simple concerns but they are vital to an organisation's security. So using our technology, we can make sure that someone who tries to access confidential information from another PC or from another location is detected and stopped immediately. With confidential information leaving an organisation, we can screen the emails and make sure that we stop the information going out in real time.
What impact is the latest legislation having on your work?
Our solution is built in such a way to ensure that you do not need to start a project every time new legislation arises. It is completely neutral.
While competitor products are often 'black-box', the iDETECT detection engine is non-proprietary as it uses pseudo-natural language (PNL). This means that the detection models are transparent and interpretable by regular users. So, users can adapt to the latest legislation intuitively. Creating or changing detection strategies has never been easier. Gone are the days of highly technical and repetitive tasks; now it all happens within a few clicks.
In the past, you've emphasised the importance of a 'horizontal' rather than 'vertical' approach to tackling financial crime; could you explain this horizontal approach, and how you apply it?
Institutions have come to realise that the total cost of buying and maintaining different tools for different matters is prohibitive. The vertical approach, namely the traditional case-management, filtering or profiling silo-based software, faces serious challenges in order to be adopted as an enterprise investigative platform (the horizontal approach), because these types of software were not typically designed with the combination of canned analytics needed to get up and running quickly and comprehensively. If you go vertical, you miss the links between the various threats going on inside and outside your enterprise. A money launderer could be associated with an internal fraudster who is themselves connected with cybercriminals that have hacked into a financial institution's IT system. Those who pretend that crimes have borders simply do not know crime.
iDETECT provides an unprecedented level of configurability and scalability for modern enterprise applications. We break the silos and provide a single framework to capture and manage the whole spectrum of risk and, most importantly, to adapt to it.
How much do you need to tailor your services to specific clients' needs, vs a more 'one-size-fits-all' approach?
It is up to the clients to decide. They can go for a standard approach using integrated modules and reference configuration or we can build a completely tailored solution. So we can adapt to the needs of a small private bank or wealth management office, but also to a tier-one exchange house with international branches. Our model is based on flexibility.
To give an idea of the different needs, tier-one organisations will have already bought a solution around ten years ago, at a time when there was no such thing as an enterprise-risk-management framework, so these would be detection tools focused on specific targets like stopping financing terrorism: a pure Silo approach. These big-name companies and banks tend to stick to what they have despite there being problems with it because it would cost them a fortune to move from one system to another. Whereas tier-two and tier-three organisations don't have that kind of problem, so they want to opt for an integrated solution that is more prone to survive the future, which can also save them implementation costs.
So it's a strange market at the moment, with some organisations still sticking to old technology, but my view is that this will change very soon. It's a question of months really, before even tier-one organisations will need to change their strategies.
iDETECT was designed for big volumes so it could certainly be a fit for tier-one organisation, once they are ready to progress to new, high-performance technology.
How is user behaviour analytics (UBA) used in your software?
Our technology is natively designed to mine the overall information landscape in real time, providing a live, comprehensive view of identities, access, transactions and activities across all enterprise applications, systems and resources. The end goal is to prevent and deter threats using any field, across any data, over any timeframe.
As providers, what do you see as the major challenges facing the finance and banking sectors specifically?
My top five in the financial crime risk area are as follows:
- ensuring that finance and banking can still do business despite the current regulatory pressure and increasing demands from governments, which means adopting a real risk-based approach to compliance
- ensuring that terrorist groups like ISIS do not use the finance and banking sectors to finance their activities
- ensuring that the level of fraud and cyberattacks is mitigated and addressed effectively
- reducing risk-management and operational costs
- keeping up with a growing volume of structured and unstructured data.
All five require expertise and technology.
How does iDETECT provide ROI and help clients improve cost-effectiveness?
First, by helping them to avoid fines, reputation loss and fraud/cyberattack losses, but also by reducing technical integration costs and achieving productivity gains. It is known that up to 70% of analysts' time is spent on investigative false-positive alerts or doing low-added-value tasks, and only 30% is spent on real analytic work. With the right technology, you can simply reverse the ratio. The savings are tremendous.
What upcoming developments do you foresee in the industry and do you have any upcoming developments you would like to share?
The industry is going to go through turbulent times. With the current climate, I know many institutions that simply prefer to reject business opportunities. As a customer of these institutions, for some nationalities it has become more difficult to open or use a bank account or to access the financial networks. It has reached a stage that could almost be viewed as discrimination. That shows a serious flaw in the way compliance and risk management is handled at large. It's obvious that a person visiting or living in a high-risk country is not automatically a wrongdoer. This is an area that we are taking very seriously in our ongoing development work.