14 April 2012

Too Big to Fail: Basel III to ID Theft...

Now that the Basel III wheels are in motion and the "Top 29" vital Global banking institutions have been identified, Operational Risk Management is on everyones mind. The capital reserves will continue to assist them in becoming more resilient to the systemic volatility ahead. Are you feeling the uncertainty starting to disappear? Not for a minute.

As these banking institutions try to withstand the economic impact of a nation state failure like Greece, the consumers who are the customers of the "Top 29" too big to fail, are being simultaneously barraged and systemically targeted by international crime rings. Identity thieves have set up transnational operations, that will continue to plague millions of consumers at these same banking institutions. Their own governments continue to try and deal with the nexus of criminal elements, consumer privacy and law enforcement. How bad is it for the U.S. Treasury, as one example:
Identity theft involving tax fraud is increasing faster than law enforcement and government officials can deal with it, according to testimony today before a House oversight subcommittee. Identity theft to scam fraudulent tax refunds from the government has increased 100 percent in just three years.
”As of Aug. 31 of this past year, IRS incident tracking reports indicated that the numbers of taxpayers affected by identity theft has more than doubled since 2008 to over 580,000 taxpayers this year alone,” said J. Russell George, Treasury Department inspector general for tax administration.
The crime has become too easy. It’s like a party, according to Rep. Richard Nugent, R-Fla., whose district has a problem with tax-related identity theft.
“Tampa Police Department has busted what the lawbreakers call ‘make it rain’ parties, where criminals get together in a hotel room with Internet access and file fake return after fake return,” Nugent told the committee.
How does paying out billions of dollars to these fraud crime rings using your social security number and date of birth increase the operational risks on our banking institutions? Everyone who is a consumer at one of these banks who is a victim of fraud, will one day deal with the aftermath. If the fraudsters are filing a fraudulent tax return that impacts you, then the odds are that you may end up paying a higher interest rate and this will not be the only place they are using your ID Theft misfortune for financial gains.
For the victims of tax fraud identity theft, the people who had fraudulent tax returns filed in their names, getting the problem fixed and their lawful refund paid could take a year and a half.
“A typical path for an identity theft refund case that is not complex may take as long as 18 months to resolve,” said J. Russell George, Treasury Department Inspector General for tax administration.
The cost of dealing with Identity Theft has so many dimensions. The protection of Personal Identifiable Information (PII). The fact that the IRS and law enforcement have difficulty sharing information on the consumers themselves due to privacy laws. The technology and online Internet forums for buying and selling fraudulent identities is prevalent. The continuous salvo of attacks on financial institutions to compromise the cyber defenses that they have established is a 24 x 7 battle.

To exacerbate the problem, the "Death Master File" (DMF) is the genesis for much of the Identity Theft and tax fraud when this information gets into the wrong hands. The U.S. Social Security Administration has been publishing this list of 90 million dead Americans since 1980 to help the "Top 29" fight fraud. At the same time, the Identify Theft fraudsters are using the same data to perpetuate their schemes:

Identity thieves are cashing in on dead children across the nation, stealing their Social Security numbers to collect fraudulent tax refunds from the Internal Revenue Service.
Grieving families — including the Watters family of Lake Forest — say their anguish is amplified by the realization that the crooks get help from an unexpected source: the Social Security Administration’s “Death Master File,” which records and lists information about everyone who dies in the United States.
Armed with the deceased child’s Social Security number and other personal information, crooks falsely claim them as dependents and have the refunds routed to them.

One reason that the financial institutions, government agencies and law enforcement are going in circles is because "Operational Risk Management" processes and tools are still not as robust as they could be. As the Basel III regulatory mandates kick in along with other new laws, methods and tools, all of the impacted parties will get better at deterring, detecting, defending and documenting in this complex information age.

In the mean time, consumer beware. Look long and hard at the "Top 29" list and decide if you need to move your funds to somewhere else. And before you do, look at the online banking login page for that institution. Are they still using only a single factor user name and password? Multi-factor authentication is not fool proof, yet it does tell us whether the institution is serious about Operational Risks in the area of Information Security. This is a key indicator of their ability and capability to try and keep your data out of the hands of the transnational eCrime rings.

Finally, you have to take the monitoring of your own Identity, and all of your family members identities seriously. It will be far more proactive, than anything else that will be done by governments or financial institutions alone. Regardless how fast they implement the latest tools and technology the fraudsters are moving just as fast. By adding your own diligence on top of the banking institution, government agency or other entity (Doctors / Lawyers / Dentists/ Insurers) that may have your Personal Identifiable information, you are decreasing your odds of becoming an Identity Theft and fraud victim.

Financial risks for the banks and the consumers will continue to be the current state-of-play. Basel III alone will not eliminate the threat of failure or the possibility of a serious bank fraud. Monitoring services or checking your credit report on a quarterly basis, will not keep the ID Theft criminals from stealing your PII. Implementing both on a proactive and pervasive basis will make a positive difference over time. This is what Operational Risk Management is all about, in the global institution board room and at your own home office.

No comments:

Post a Comment