Big data to tame the wolves of Wall Street

Stories like Jordan Belfort exist beyond the 80s. With the increasingly stringent regulatory requirements to tame the latest wolves of Wall Street, more financial institutes are turning towards proactive monitoring tools to avoid fraud. As big data is becoming a helpful tool to detect and alert potential fraud, the technology is also raising concern over its impact on personal data privacy.

"There is a concern of personal data privacy associated with the rising use of data analytics," said Henry Cheng, information technology advisor at the Office of the Privacy Commissioner for Personal Data (PCPD), Hong Kong. "There are on-going studies and debates over this issue, and we can't pretend to have a single answer for this issue."

Cheng said the gray area lies on the use of data. Hong Kong's Personal Data (Privacy) Ordinance (PDPO) prevents the use of data for a different purpose from the point of its collection. But this is almost against the benefit of big data, which is to analyze massive volume of data from different sources to provide insights that businesses are not aware of. Very often the data being analyzed in this process was collected from different sources and various purposes.

"If the purpose of data use has changed or different from the point it was collected, users of the data are required to seek consent from the related individuals," said Cheng. "But the definition on the change of purpose could be debatable."

"Big data is a great tool to identify a trend and correlate between different incidences," he added. "But it does not provide causation, meaning the identified trend is not an absolute cause."

He said conflict often happens when the definition on change of purpose is unclear and when actions --particularly accusations--are taken based purely on the analysis.

Big data for fraud detection

Financial fraud revealed in recent years --like the Libor scandal in 2012, when traders at major banks in London were manipulating interest rate in order to profit from trade--have brought attention towards traders' behaviors.

More financial institutes are looking to monitor their traders and some are turning towards big data for anti-fraud and anti-corruption. According to Chris Fordham, managing partner of Fraud Investigation & Dispute Services (FIDS) at EY, enterprises can now use forensic data analytics to proactively monitor business to help detect potential instances of fraud and mitigate risk.

One of the firm's suites of services is called "know your trader," using big data analytics technologies, including in-memory database and Hadoop, said Jack Jia, director of FIDS at EY. Jia said the software benchmarks a list of structured and unstructured data --including currency exchange rates, interest rate, transactional pricing, key words within email or the messaging system at the trading platforms--to identify high risk traders and potential risk.

"We first develop this set of analytic tools for investigating the Libor scandal," he said. "It is now become a service that allows securities houses to proactively monitor and detect any potential fraud."

Fraud detection VS privacy invasion

To comply with privacy requirements, Fordham said employees of their clients are notified with the installation of such monitoring tools. Although the notification may encourage the fraudster to perform their deeds via different channels, Cheng from PCPD said transparency and disclosure are the rules of thumb for privacy protection.

Fordham added the identification from this analysis serves only as the beginning of the investigation process, further questionings and other investigations often taken place before any conclusions are made.

Jia added that the analytical tool goes beyond monitoring. It also changes the culture and behavior among employees. "Traders are more aware of their processes to ensure they comply with regulatory requirements," he added.

In addition, the service may involve the analytics of their client's customers' data. To ensure these customers' privacy is protected, Jia said their identity and personal information are encrypted and only relevant transactional data will be used for analysis.

EY's FIDS team has also set up physical facilities, which is separate from EY's internal data center, to process and analyze clients' data. Jia said the company has 12 labs in Asia Pacific to process customer's data.

"These labs are physically restricted, only the relevant project members are allowed to access," said he said. "After entering the lab, they also need to log into the system to access the results and information."

Available worldwide for about three years, Jia said there is currently one Asia Pacific customer in Singapore adopting this service. He added similar service is being extended to some insurance companies to monitor and detect insurance agents for developing fake products or manipulating the commission system.

Privacy Management Program (PMP)

To help organizations in Hong Kong to navigate the privacy landmine, PCPD released a best practice guide for the Privacy Management Program (PMP) last month. The guide provides insights and guidelines of developing a PMP--a strategic framework to protect personal data privacy--within the company.

The concept of PMP was initiated by the Organization for Economic Co-operation and Development (OECD) back in the 1980s. According to Cheng PMP is a governance model and organizations that pledged to implement PMP should designate a team or a person to take responsibility of the organization's privacy policies by developing guidelines, training, risk assessment and process of handling incidence on breach of privacy.

All Hong Kong government departments and bureaus together with more than 39 organizations from the insurance, telecommunications and other industries last month pledged to implement PMP.

"IT security often plays a role in privacy policy, thus IT-related personnel could be assigned to implement PMP," said Cheng. "But this is not necessary or ideal, particularly when this role is conveniently thrown to IT."

He said it is a multi-disciplinary role, in which the person should understands the local privacy law, with knowledge over IT and how data is being analyzed and recognize business priorities and processes.

"With the knowledge of data processing and analytics, IT professionals do have the potential to take up the role implementing PMP. But only if they are able to widen their scope of knowhow to include both legal and business," he concluded.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityfinanceindustry verticalsdata protectionprivacy

More about OECDWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sheila Lam

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts