Financial Crimes Enforcement Network (FinCEN)
Checkmate: Delivering Next-Gen Financial Intelligence at FinCENDOWNLOAD
Criminals and law enforcement are engaged in an unending race for new ways to commit and thwart crime, respectively. Financial crime schemes in particular are constantly evolving and adapting in response to crime-fighters' increasing use of advanced analytics to detect criminal activity. To keep pace and maintain pressure, the nation's law enforcement, regulatory, and intelligence communities need timely access to reliable financial crime data, as well as powerful, user-friendly tools for data search and advanced analytics.
The Financial Crimes Enforcement Network (FinCEN) is the financial intelligence unit of the United States. A Bureau of the U.S. Department of Treasury, FinCEN has the mission of safeguarding the U.S. financial system from the abuses of financial crimes. In 2008, FinCEN launched a major effort to upgrade its analytics capabilities, IT infrastructure, and databases to better collect and analyze data from multiple sources and provide it to Federal, state, and local law enforcement and regulatory authorities.
Deloitte professionals helped FinCEN design, build, and implement a comprehensive set of crime-fighting tools and technologies, and we helped its organization take advantage of the powerful capabilities these resources provide. We supported FinCEN from project inception through deployment with strategic, technological, operational, and financial intelligence services.
As a result of FinCEN's modernization, law enforcement organizations, regulators, and intelligence agencies are better equipped to detect, prevent and prosecute crimes such as money laundering, tax evasion, securities fraud, and the financing of terrorists and drug traffickers.
FinCEN provides support to more than 400 Federal, state, and local law enforcement and regulatory government entities. Stakeholders it serves include the U.S. Department of Homeland Security, U.S. Internal Revenue Service, the U.S. Securities and Exchange Commission, the Federal Deposit Insurance Corporation, the Federal Bureau of Investigation, and U.S. Immigration and Customs Enforcement.
FinCEN functions primarily under the Bank Secrecy Act (BSA), a legislative framework founded under the Currency and Foreign Transactions Reporting Act of 1970, as amended by the USA PATRIOT Act of 2001 and other measures. FinCEN collects and analyzes data provided by financial institutions as mandated by the BSA, as well as other third party datasets.
Prior to FinCEN's modernization initiative, numerous issues impeded its ability to effectively gather data, analyze it, and put it in the hands of various users, including law enforcement organizations, regulators, and national security agencies.
Data that financial institutions were required to report to FinCEN suffered from problems including inconsistent quality, incomplete validation, and lack of standardization. In conducting its analysis, FinCEN was limited to small datasets and simple routines such as link-node and basic correlation. It could not conduct analysis across massive datasets and lacked capabilities for proactive analysis and trend prediction.
Distributing data to agencies required multiple offline systems and numerous cleansing and manipulation steps to overcome data problems, delaying user access. Other problems included the inability to provide secure online access, inability to capture complete data audit log information, and inconsistent communication with stakeholders.
Together, all these deficiencies made it difficult for FinCEN to quickly detect new and emerging threats and aid in disrupting criminal enterprises.
Implementing the analytical capabilities, technology infrastructure, and organizational changes FinCEN needed to combat today's array of financial crimes was an inherently difficult and complex undertaking. However, the rapidly growing sophistication and diversity of criminals and schemes compounded the challenge, requiring adjustments in plans and approaches throughout the modernization project.
In addition, because the project was not simply an analytics implementation but a broader technology transformation, a variety of skill sets were needed to execute the program. Deloitte professionals would provide support across a range of priorities, including business requirements, program management, analytics, data conversion, security, infrastructure performance, and user adoption. And, while custom information technology development was not involved, expertise was required across a broad array of software products and technologies.
Among the early challenges facing the modernization program was the program schedule. As FinCEN worked to meet project deadlines, the Office of Management and Budget directed that the program be completed 18 months sooner than planned and that increments of functionality be delivered at 90-day intervals. Multiple elements and interdependencies would need to be captured in the schedule to track progress and provide alerts when delays and errors occurred.
Resource management was an increasing focus as FinCEN and Deloitte worked to fulfill program staffing requirements. A shortage of needed technical skillsets in the Washington, D.C., metropolitan area would ultimately be filled remotely from Mississippi by developers and systems integrators in Deloitte's Hattiesburg Onshore Delivery Center.
Requirements management proved demanding from the outset of establishing initial program scope. And, as they routinely do in IT projects, new requirements and requirement changes caused disruption in the development and deployment schedules. System testing issues also arose early in the program. Over time, increasingly thorough test plans and test scripts strengthened testing rigor.
Finally, meeting the needs of distinct user groups would complicate change management and user adoption initiatives. A core group of FinCEN analysts would need to learn how to use tools that were orders of magnitude more powerful and complex than those they were accustomed to. Meanwhile, representatives of some 350 federal, state, and local law enforcement agencies, regulators, and intelligence agencies, would need to adopt and use the new FinCEN Query tool.
FinCEN aimed to achieve three objectives through modernization: quicker detection of new and emerging threats; proactive deterrence and disruption of criminal enterprises; and continuous improvement of FinCEN's capabilities to efficiently and effectively execute mission-critical tasks. Deloitte provided assistance in each of these areas.
Effective application of analytics accelerates detection of patterns and relationships that reveal potential illicit activity. It helps thwart launderers and financiers by increasing transparency in the financial regulatory system and reduce financial institution errors that delay the detection of suspicious activity.
Deloitte deployed three releases of SAS Fraud Framework, an advanced business analytics platform that provides FinCEN analysts, law enforcement agency coordinators, and detailers with more reliable, flexible tools and improved analytic capabilities. To assist with FinCEN's transition to these new tools, Deloitte professionals provided, and continue to provide, analytic support to FinCEN's financial intelligence analysts. These analysts in turn support federal, state and local law enforcement, regulator, and national security agency investigations in detecting financial crime schemes.
Deloitte also helped FinCEN develop visualization of entity links and money flow through the use of geo-mapping and link charts. Leveraging our experience assisting financial institutions with transaction monitoring, we helped FinCEN analyze voluminous data for suspicious activity, including wire and ACH transactions, checks, letters of credit, and guarantees.
To improve users' ability to search, access, and analyze BSA data, Deloitte built the FinCEN Query web-based application, which is now the authoritative search tool for authorized users to access BSA and FinCEN data. FinCEN Query provides users with three search options to search 11 years of BSA data.
Real-time access to the most current BSA data accelerates the detection and apprehension of criminals. Alerts to financial institutions, regulators, and law enforcement helps seal financial system vulnerabilities, preventing further losses. Regulatory enforcement actions are accelerated by decreasing referral processing time.
Having readily available, reliable data and the ability to share it quickly are keys to deterring and disrupting criminal activity. Deloitte helped FinCEN with the massive, critical tasks of deploying systems and populating data, providing user access, and ensuring system security.
Working with FinCEN Technology Division leaders, we completed the system architecture including enterprise-and system-level requirements and system definitions that reflects the needs of law enforcement and regulatory stakeholders. And, we designed and implemented a system of record (SOR) that enables electronic receipt and processing of Bank Secrecy Act data from internal and external users.
Deloitte data specialists strategically outlined FinCEN's data management priorities and defined the logical and physical data model for integrated data repositories. We then successfully loaded more than 170 million BSA records covering 11 years into the FinCEN system as part of the data migration that established FinCEN as the authoritative BSA data source.
IT enhancements also included development and deployment of the FinCEN Portal, the gateway for authorized Federal, state, and local law enforcement and regulatory users to access BSA and other financial data. The FinCEN Portal provides full identity and access management controls for internal and external users. More than 10-thousand geographically dispersed BSA data users were moved to the new system without interruption in enterprise operations.
We implemented network-monitoring tools that improve proactive response to potential security issues. This has reduced the number of critical network outages and incidents from a weekly occurrence to a system availability of 99.999%. Our team successfully tested and implemented disaster recovery capabilities, providing for uninterrupted access to e-mail, remote network access, and smartphone services in the event of server or network failures.
The effective use of the advanced analytical tools and expanded access provided through the FinCEN modernization hinge on user understanding, acceptance, and adoption. Deloitte worked closely with the FinCEN CIO to develop and deliver an organizational change management and communications strategy and plan to maximize internal and external user adoption of FinCEN's new systems.
To support user adoption and promote understanding of these tools and their complex query and statistical modeling capabilities, we developed advanced financial analysis training and delivered it to all FinCEN intelligence analysts and law enforcement detailers. Comprehensive FinCEN Query web-based training was provided to Federal, state and local law enforcement users.
Courses developed included a train-the-trainer course, a query audit log course, and specialized training for the FinCEN help desk and Office of Liaison Services. We also created a wide range of communications products and materials, promoted information sharing with internal and external stakeholder groups, and supported stakeholders throughout their change journey.
We provided functional user support to the analyst community, coordinating with the FinCEN help desk to address requests from the analysts. We applied our knowledge of advanced analytics and tools as we worked closely with the analysts to handle issues around the advanced analytics tool suite, from answering technical questions to facilitating the development of analytical projects in support of agency initiatives.
FinCEN's modernization initiative is a transformative step in combatting financial crime. And, it is paying dividends in greatly enhanced access to financial crime data. In a six-month period from late 2012 to early 2013, thousands of users made more than a million queries of BSA data2. Improved data quality and availability are allowing faster, more useful analysis, leading to better issue identification and resolution. FinCEN can more quickly incorporate new mission and regulatory requirements as they arise. And stronger system security is reducing the risk of unauthorized access to BSA data.
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.