Red teaming financial crime risks in the banking sector
Published date | 04 September 2020 |
Pages | 98-111 |
Date | 04 September 2020 |
DOI | https://doi.org/10.1108/JFC-06-2020-0118 |
Subject Matter | Accounting & finance,Financial risk/company failure,Financial crime |
Author | Benjamin Fraser Scott |
Red teaming financial crime risks
in the banking sector
Benjamin Fraser Scott
Independent Scholar, Sydney, Australia
Abstract
Purpose –In recent years, Australian regulators have focussed on the financial crime compliance
obligations of banksand other reporting entities, and there is a clear expectationthat banks develop effective
approaches to the management of non-financial risk. Red teaming is a methodology used in theintelligence
and military domains to understandexternal threats. The purpose of this paper is to provide an overview of
red teaming methods,set out a framework for usingthem in financial crime compliance and provide practical
examplesof red teaming exercises, which banks can use to manage financialcrime risks.
Design/methodology/approach –This paper provides an overview of the financialcrime compliance
landscape in Australia.It outlines some of the key concepts and techniques usedin red teaming, drawing in
particular on the frameworkdeveloped by strategic policy expert Micah Zenko. It explores the benefits of red
teaming for financial crime compliancepractice, concluding with three example exercises for financial crime
teams.
Findings –Based on this research,red teaming methods can assist banks in takinga proactive approach to
identifyand mitigatingfinancial crime risks. Rather than confining red teamingto cybersecurity applications,
banks shouldconsider they can use red teaming methodsin their financial crime compliance functions.
Originality/value –This paper represents the first assessment of how to apply red teamingmethods to
risk management in financial crime compliance. It combines a historical and theoretical overview of red
teaming methods with example red teamingexercises for money laundering, sanctions and strategic policy
scenarios.
Keywords Sanctions, Compliance, Risk, Money laundering, Financial crime, Financial intelligence,
Red teaming
Paper type Research paper
Introduction
A red team is a group of experts deployed within an organisationto identify vulnerabilities
and threats by adopting the perspective of an adversary. Red teaming can be used in a
variety of ways, from desktop exercises used to produce strategic assessments and reports,
to full-scale simulationsthat pit teams against each other in role-plays of threatscenarios.
Red teaming developed out of wargaming exercises used in the military and was first
used extensively in the military and intelligence sectors (Zenko, 2015). In the private sector,
as large corporationsbecame aware that they were static targets for hackerswhose methods
and motives were poorly understood, red teaming methods found a natural home in
cybersecurity. Redteams of cybersecurity professionals, either engaged as consultantsor an
internal team of specialists, conduct penetration testing to probe for weaknesses in an
organisation’s protectivesystems. Similar probes are done to test physical securitysystems;
to identify, for example, all the ways in which a determined person could gain entry to a
secure building.
Outside these areas, red teaming methods are not widelyused in the private sector. This
does not mean that they are of limited value. This paper explores opportunities for the
application of red teaming methods by financial institutions seeking to detect and defend
JFC
28,1
98
Journalof Financial Crime
Vol.28 No. 1, 2021
pp. 98-111
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-06-2020-0118
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1359-0790.htm
To continue reading
Request your trial