How Implementing Five Security Controls Can Reduce Your AML/CFT Attack Surface and Help Defend Your Bank’s Anti-Money Laundering Software Against Threats Related to the Posting of “Red Flag Warnings”

Kent Stern

The financial sector continues to be a prime target for highly sophisticated threats against automated and semi-automated systems. Recently, North Korea was linked to a SWIFT system attack where over $100 million was stolen from the Bangladesh Bank. In another infiltration, an estimated $1 billion was gained from over 100 banks worldwide by the Carbanak Group. In the U.S., a Trojan named Odinaff was used against the financial industry by individuals whose work resembled that of nation-state actors. As methods used by global terrorists and money launderers are continually being defined and redefined, efforts concerning software development that help facilitate the prevention and detection of the topologies used by such organization have come to the forefront of the industry. In the infamous Bangladesh Bank heist, there is no doubt that additional funds would have been funneled through the system if not for a typo, a benign sanctions hit and an exorbitant amount of luck. In its current state, how secure is your AML/CFT software and how are your vendors dealing with advanced persistent threats against their applications? What can you as an AML manager do to ensure your solution is safe? This paper will walk you through what is at risk when an AML/CFT solution is gamed and covers five security controls that can reduce your solution’s attack surface and help defend against threats related to the posting of “red flag warnings.”

Download PDF