Red teaming financial crime risks in the banking sector

Published date04 September 2020
Pages98-111
Date04 September 2020
DOIhttps://doi.org/10.1108/JFC-06-2020-0118
Subject MatterAccounting & finance,Financial risk/company failure,Financial crime
AuthorBenjamin Fraser Scott
Red teaming f‌inancial crime risks
in the banking sector
Benjamin Fraser Scott
Independent Scholar, Sydney, Australia
Abstract
Purpose In recent years, Australian regulators have focussed on the f‌inancial crime compliance
obligations of banksand other reporting entities, and there is a clear expectationthat banks develop effective
approaches to the management of non-f‌inancial risk. Red teaming is a methodology used in theintelligence
and military domains to understandexternal threats. The purpose of this paper is to provide an overview of
red teaming methods,set out a framework for usingthem in f‌inancial crime compliance and provide practical
examplesof red teaming exercises, which banks can use to manage f‌inancialcrime risks.
Design/methodology/approach This paper provides an overview of the f‌inancialcrime compliance
landscape in Australia.It outlines some of the key concepts and techniques usedin red teaming, drawing in
particular on the frameworkdeveloped by strategic policy expert Micah Zenko. It explores the benef‌its of red
teaming for f‌inancial crime compliancepractice, concluding with three example exercises for f‌inancial crime
teams.
Findings Based on this research,red teaming methods can assist banks in takinga proactive approach to
identifyand mitigatingf‌inancial crime risks. Rather than conf‌ining red teamingto cybersecurity applications,
banks shouldconsider they can use red teaming methodsin their f‌inancial crime compliance functions.
Originality/value This paper represents the f‌irst assessment of how to apply red teamingmethods to
risk management in f‌inancial crime compliance. It combines a historical and theoretical overview of red
teaming methods with example red teamingexercises for money laundering, sanctions and strategic policy
scenarios.
Keywords Sanctions, Compliance, Risk, Money laundering, Financial crime, Financial intelligence,
Red teaming
Paper type Research paper
Introduction
A red team is a group of experts deployed within an organisationto identify vulnerabilities
and threats by adopting the perspective of an adversary. Red teaming can be used in a
variety of ways, from desktop exercises used to produce strategic assessments and reports,
to full-scale simulationsthat pit teams against each other in role-plays of threatscenarios.
Red teaming developed out of wargaming exercises used in the military and was f‌irst
used extensively in the military and intelligence sectors (Zenko, 2015). In the private sector,
as large corporationsbecame aware that they were static targets for hackerswhose methods
and motives were poorly understood, red teaming methods found a natural home in
cybersecurity. Redteams of cybersecurity professionals, either engaged as consultantsor an
internal team of specialists, conduct penetration testing to probe for weaknesses in an
organisations protectivesystems. Similar probes are done to test physical securitysystems;
to identify, for example, all the ways in which a determined person could gain entry to a
secure building.
Outside these areas, red teaming methods are not widelyused in the private sector. This
does not mean that they are of limited value. This paper explores opportunities for the
application of red teaming methods by f‌inancial institutions seeking to detect and defend
JFC
28,1
98
Journalof Financial Crime
Vol.28 No. 1, 2021
pp. 98-111
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-06-2020-0118
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1359-0790.htm

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT