Big Data for Finance – Security and Regulatory Compliance Considerations

This article is the fifth and last in an editorial series that has the goal to provide direction for enterprise thought leaders on ways of leveraging big data technologies in support of analytics proficiencies designed to work more independently and effectively in today’s climate of working to increase the value of corporate data assets.

Last week’s article discussed the driving factors that have motivated the need for financial sector companies to collect, store and analyze massive volumes of data and thus adopt big data technologies.

Security Considerations

An important application area where big data is taking a firm foothold in many financial industry firms is information security. In conjunction with the traditional 3 Vs of big data, financial industry firms must consider a fourth V: vulnerability. To manage big data effectively, you must keep it secure and compliant with regulatory requirements at all times (vulnerability). Protecting a vast and growing volume of critical information—and being able to search and analyze it to detect potential threats—is more essential than ever. As the software platforms (e.g. Hadoop) supporting this quantity of data move to mainstream use, managing their security and availability becomes a big data challenge in
and of itself, requiring continuous diagnostics and monitoring.

Banking and financial institutions need to secure the storage, transit and use of corporate and personal data across business applications, including online banking and electronic communications of sensitive information and documents. The typical IT environment consists of a mix of new and legacy systems and applications across highly distributed networks of branch offices, call centers and web portals. Many of the traditional point security solutions that are deployed add complexity and management costs, and leave gaps between systems and applications that are highly vulnerable to attack. The increasingly global nature of the financial services industry makes it necessary to comprehensively address international data security and privacy regulations.

Financial institutions are top targets of cybercrime. While all types of businesses are vulnerable to attacks by criminals, it’s the security breaches at financial firms that elicit the most media attention, public scrutiny and legislator consternation. When threats occur, it’s more than financial loss at stake.

Customers question their trust in their bank’s ability to provide security and protect their privacy. Hardearned customer loyalty diminishes. How can you detect fraud and stop attackers before they threaten your financial institution and its customers? Big data technologies can help by enabling financial firms to not only capture in near real time every event that occurs across the entire organization but also provide context to understand these events so information can be shared to better issue alerts of potential and actual threats.

Many finance industry firms are using big data to detect and/or prevent fraud. Big data supports what’s known as continuous or behavioral
authentication, a process that can help prevent fraud. Further, detecting security breaches using huge volumes of security data along with
unstructured social media data, combined with new big data tools such as Hadoop, enables financial industry firms to be more proactive about
security. Big data can enhance data security for the finance industry through:

• Understanding activity patterns among customers and the broader industry.
• Sharing of data – critical especially about emerging attack vectors and threats.
• Increasing reliance on data to predict attacks, based on trends that are targeting the industry.

One particularly good solution for finance industry data security requirements is Dell’s SharePlex Connector for Hadoop. Proactive security requires data analytics for a business intelligence advantage and essential decision-making insight. The Hadoop framework gives you that, but integrating data can be time consuming, providing only snapshots that quickly become out of date. SharePlex Connector for Hadoop loads and continuously replicates changes from an Oracle database to a Hadoop cluster—in near real time to Hive and HDFS, and in real time to Hbase. This gives you all the benefits of maintaining a real-time or near real-time copy of source tables, so your organization can efficiently and cost-effectively perform big data analytics in support of enterprise security.

Regulatory Compliance Considerations

The regulatory environment under which banks operate adds substantial operational concern for the business. Stringent regulatory compliance laws have been put in place to improve operational transparency. With government regulation driving many business processes, banks have apprehension leading up to a national election because they don’t know what direction the regulatory wind might blow. Currently, financial services organizations are held much more accountable for their actions, and are required to be able to access years of historical data in response to regulators’ requests for information at any given time, specifically:

• The Dodd-Frank Act requires firms to maintain records for at least five years.
• Basel guidelines mandate retention of risk and transaction data for three to five years.
• Sarbanes-Oxley requires firms to maintain audit work papers and required information for at least seven years.
• FINRA/Tradeworx Project – SEC requires the creation of a real-time transaction monitoring system to detect potentially disruptive market activity stemming from high-frequency trading. A consolidated audit trail or CAT (for day after monitoring) by FINRA is to include orders, quotes, updates and cancellations, plus a real-time system by Tradeworx are two initiatives for market surveillance.

Further, these records must be available on demand, or in some cases must be normalized and sent to regulators proactively. Financial industry companies have recognized that the key to optimizing their business operations in today’s regulatory environment is a matter of maintaining
an efficient and large-scale data management infrastructure. This level of compliance can be addressed via big data technologies.

The wide reaching effects of the economic meltdown in 2008 were largely due to the lack of visibility into consumer actions and groups with
related risk profiles, combined with the increased flow of consumer funds into financial firms. Financial industry firms, as well as the underlying economy, were more susceptible than statistical models had predicted. As a result, the finance world set out to find new classes of technologies that would allow them to manage and take advantage of ever-growing data sets. In the process, they evaluated the technologies deployed by large web concerns like Facebook and Google. In short, they found Hadoop: an open source software architecture that enables distributed parallel processing of huge amounts of data across inexpensive, commodity servers. With Hadoop, no data set is too big or complex.

Hadoop is a stable and dependable platform that financial organizations can trust for their big data requirements. Using big data solutions driven by Hadoop allows financial services firms to optimize capital leverage while maintaining the reserves required by regulators. Many of today’s top financial services firms have already deployed Hadoop to create centralized data-hubs combining large volumes of diverse and detailed data, crafting competitive advantage in several key business application areas.

The Hadoop software stack is a good choice to unlock the power of the financial firm’s data assets including but not limited to compliance requirements:

• Modeling market risk – using detailed data to give banks better insight into the material behavior of complex financial instruments and creating more predictable results from these investment vehicles. Using Hadoop, banks can build and evaluate models in an expedient manner, leading to a high degree of competitive advantage.
• Modeling consumer risk – giving greater insight into capital availability and liquidity. Using Hadoop-based solution, financial services organizations are able to optimize capital leverage while maintaining the reserves required by regulators.
• Fraud detection and AML capabilities – allowing banks to detect critical breaches faster, saving money that directly affects the bottom line. As financial firms roll out new products and services to customers, the committers of fraud and money laundering activities constantly are adapting to fraud prevention techniques.
• Recommendation/personalization – providing sophisticated tools for cross-sell and up-sell purposes so banks can offer new financial products and services to their existing high-value customers. With the ability to track user interactions across applications and marketing channels in real time, banks can dynamically categorize customers and experiment with selectively targeted offers, including investment strategies and savings advice to help customers improve their financial discipline. The result is an improved and more personalized client experience.
• Mortgage portfolio valuation – identifying which mortgages are candidates for default. The Hadoop platform engages the use of unstructured data sources that offer greater visibility into mortgage models, such as property valuation sites, local consumer offers such as crime report data and public sentiment data.

One solution to the rigors of regulatory compliance is to employ the Dell SecureWorks Security & Risk Consulting team designed to provide the expertise and analysis to help you enhance your IT security posture, reduce your information security risk, facilitate compliance and improve your operational efficiency. The Dell team has helped thousands of customers design their strategic security programs, assess and test their defenses, resolve critical information security breaches, and meet their compliance mandates.

Dell SecureWorks’ Compliance and Certification services offer assessments specifically tailored to address regulatory issues for financial services
firms. Security consultants work with you to gauge the current risks to your mission critical IT assets, and to assess the current state of your
security posture as compared to best practices and regulatory guidance.

The complete insideBIGDATA Guide to Big Data and Finance is available for download in PDF from the insideBIGDATA White Paper Library, courtesy of Dell and Intel.