Should Bank CIOs Be Sharing Data To Improve Security?

How much sharing is too much sharing for bank CIOs?
How much sharing is too much sharing for bank CIOs?
Image Credit: Mike Mozart

When the bad guys go after a bank, because of the importance of information technology it is the responsibility of the Bank’s CIO to keep the bank’s networks and electronic assets safe. However, this is not something that they can do by themselves. Banks need to know what is happening at other banks so that they can learn from them and better prepare to defend themselves. In order to accomplish this, bank CIOs need to share data with other banks and this starts to raise some interesting privacy concerns.

The Big Bank Data Experiment

When a bad guy attacks a bank, how he does it, if he is successful, and what he is able to steal are all critical pieces of information that other banks would like to have. However, the only way that they are going to get the information that they need will be if another bank is willing to share it with them. In order to facilitate this sharing of bank security data, seven of the world’s largest banks have agreed to work together. This group of banks includes J.P. Morgan Chase, Citigroup, Bank of America, Wells Fargo, U.S. Bancorp, HSBC, and Standard Chartered.

The agreement among these banks is to facilitate the sharing of data between them. This data includes the identities of account holders along with the dates and other details regarding select financial transactions. The reason that this data has been shared among the banks is because it allows them to experiment with ways to take a look at large amounts of data associated with transactions using tools such as artificial intelligence. The goal of this analysis is to attempt to uncover illegal activities such as financing terrorism or money laundering.

The banks are working together in order to share their banking data in what they believe is a more open way. They are also looking for ways to share banking data with law enforcement agencies. The banks believe that their efforts have already had good results. There have been dozens of arrests and millions of dollars of criminal funds have been seized. All of this information sharing between people with the CIO job does raise some legal questions. It turns out that in the U.S., banks have been given the legal authority to share limited amounts of information with other banks, law-enforcement, and regulators by the 2001 Patriot Act. The level of coordination has increased a great deal over the past few years.

Issues And Concerns About Sharing Bank Data

The good news for the people with the CIO job is that over the past few years the people who regulate the banking industry have been encouraging banks to take the initiative to form information sharing groups. The message has been that the Patriot Act’s provisions that cover cooperation between banks extend to attempting to identify when several different types of crimes are being committed such as foot-stamp fraud or even human or weapon trafficking.

All of this sharing of data between banks is starting to raise some privacy issues. Privacy advocates believe that banks could be stretching their authority to share private customer data. The result of this is that they could end up unnecessarily exposing personal information. The result of this exposure could be that either people or companies could find themselves being penalized over a suspicion of doing something wrong. The advocates believe that it’s good news that the banks are being efficient; however, it’s critical that constitutional protections are being upheld.

In the past, banks have used what are called “markers” to attempt to identify suspicious activity. Markers have many different forms including the size of a transaction or the names of people involved who are on a government watch list. The problem with this approach is that it can result in many “false positives” that generate warnings about transactions that turn out to be legitimate. However, now that banks are starting to share data, banks can start to use sophisticated new technologies such as artificial intelligence to analyze the information that is provided to them by other banks along with their own data. These new tools then allow them to detect patterns in the data that they would not have been able to detect by themselves. The sharing of data between banks is what is providing the banks with the quantity of data that they need in order to allow their new tools to work correctly. The use of these new tools is providing banks with smarter positivies.

What All Of This Means For You

CIOs at banks have a tough job. They are responsible for keeping the bank’s networks and digital assets safe from the bad guys. At the same time they need to be able to detect if any bad guys are using the bank’s services to do bad things. The challenge that they have with doing this is that they simply don’t have enough data to detect when bad things are being done. This is why more and more banks are starting to work together to exchange customer and transaction data. However, this is starting to raise privacy issues.

In order to create a system where illegal transactions could be better detected, seven of the world’s largest banks have gotten together and agreed to exchange information. This information includes customer details and transaction information. The goal is to be able to detect illegal transactions such as money laundering and weapons trafficking. They claim that many people have already been arrested and a great deal of money has been seized. Banks believe that their exchanging of information is permitted under the U.S. Patriot Act. Privacy advocates are concerned that the exchanging of information may result in people and firms being penalized over a suspicion of doing something wrong. Banks believe that the information that they are exchanging will help them to develop better markets and will reduce the number of false positives that they get when they go looking for wrongdoing.

Clearly the CIOs at banks have an obligation to stop the bad guys from using the banks to do bad things. However, at the same time they also have a duty to their customers to ensure that their personal data is not being misused. What all of this means is that CIOs are going to have to spend some time determining how best to share data while at the same time ensuring that their customers’ data is being kept safe. This is not going to be an easy problem to solve and CIOs will need to make sure that they get it right.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: What limits do you think that CIOs should put on the data that their bank is willing to share with other banks?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

Let’s face it, one of the most important jobs that a CIO does is to negotiate deals. No matter if we are dealing with outside vendors or internal departments, it sure seems as though because of the importance of information technology a great deal of our time is taken up with trying to get the best deal for our IT department. This is a skill that most of us have learned along the way. That’s why it may come as a bit of a surprise to learn that if we do too much negotiating, it can backfire on us.