Financial Crime Analysts vs. IT: Finding investigation solutions to make both parties happy

As financial crime investigations are increasingly conducted online, the gap between financial crime analysts and the IT teams that support them is widening. The mismatch between research priorities and cyber security has led to a performance problem for analysts. A recent study by Authentic8 and the Association of Certified Financial Crime Professionals (ACFCS) found that 57 percent of analysts had experienced productivity loss or stagnation in the previous year, putting their organisations at risk of losing money, breaking regulations and putting their opponents at risk.

To avoid these problems, organizations need to understand what is at the heart of a performance problem and seek solutions that alleviate rather than exacerbate tensions between analyst and IT.

Why financial crime and information technology analysts face

Financial criminal analysts need to do their job: effectively carry out quality investigations and follow leads wherever they go to close the case. But IT has its own mission: to protect the organization against security risks and to maintain visibility and control when users access the network. The need for IT professionals to monitor web processes and implement policy configuration is critical to the well-being of the organization, both to reduce cyber threats and to ensure compliance.

However, the problem for financial crime analysts is that their work can penetrate the open, deep and even dark web, an area normally confined to computers. Each type of access to the web involves its own risk, and this risk increases as you go deeper into the web. In the course of their work, analysts may be required to observe criminal activity in rather dark places. They may use their organization for malicious content, potential retaliation from opponents (cyber or otherwise), organizational characteristics, or worse, analysts may abuse the tools by violating employee policies or endangering compliance.

What Financial Crime Analysts Need

A secure and dark web-compliant access

According to the above-mentioned study, most financial crime analysts do not use the black web in their research, although 46% of them believe it would be useful if they were conducted safely and with an audit trail. This demonstrates not only a desire for freedom of investigation, but also a recognition of the need to protect your organization in an environment that can be assessed by IT departments. But the ability to access the Black Web will bring about a significant improvement in productivity, probably in some of the most difficult cases.


84% of respondents believe that their organisation should invest more in reducing the administrative IT costs associated with surveys. While all respondents (98%) agree that they should protect their IT infrastructure when surfing dangerous sites, they often stay on their own devices or rely on cumbersome approval procedures. Both approaches take time from the surveys themselves, which further reduces productivity.


91% of analysts agree that anonymity in surveys is desirable or even essential. But the resources used to ensure anonymity often place a heavy burden on IT departments that need to build and maintain parallel infrastructures and networks. The use of dirty machines and connections generally requires physical access to the internal environment, which proved especially difficult when switching to remote working during COVID-19. Organisations can encourage national analysts to use their own equipment, but this puts the end user at risk and makes testing and monitoring even more complicated.

Administered Attribute Authority

In order to truly manage the assignment and misallocation of identities of financial criminal analysts during an investigation, it is necessary to manipulate the broader user chains of officers and browser fingerprint attributes. A user agent line, essentially a device on which you appear online, contains various elements assigned to the user’s computer (e.g. browser, operating system). Fingerprint elements in browsers tell you more about the requesting computer, such as language and keyboard, screen size, etc. A truly managed attribution solution can control and manipulate these elements. Online sources can also inform analysts about changes to these items, such as the most common browser and operating system settings and the correct time for evacuation when visiting the target site. A reasonable distortion of the facts helps the analysts to go unnoticed by the webmaster of the subject of the research and thus maintain the integrity of the research.

Making both parties happy

One of the most important elements that allows you to manage the mission is the ability to isolate the web access associated with the survey from the remote computer. An isolated web environment can support advanced functionality useful to analysts and IT professionals.

Linking network isolation to controlled allocation gives analysts the necessary anonymity, and the degree of separation between organizations should help control the risks of the network. Using a SaaS solution for these two tasks relieves IT departments of the do-it-yourself approach used in internal systems and provides analysts with the resources they need. Specially developed solutions should also make it possible to configure policy and audit. The need for adequate monitoring and supervision of analysts cannot be overemphasised; they are essential to maintaining good governance and provide analysts with a means of accessing resources that normally limit IT.

Once the issues of secure access, managed allocation and control are resolved, IT can add value by providing analytical tools to support their research.  One of the important tools is secure storage in the cloud. The ability to effectively capture and annotate potentially toxic content without integrating it into the organization is an important means of meeting analyst requirements without further increasing IT risk.

With approaches such as web-based isolation, managed provisioning and secure cloud storage, analysts can do their job well and give IT the visibility and control it needs to secure the business.

*** It is a syndicated blog from a network of security bloggers from the Authentic8 blog written by Scott Petrie. The original message can be found at the following address:

Related Tags:

goto/fincrime-ib,i2 investigate,i2 trial,i2 analyst notebook free download,ibm i2,ibm i2 eia use cases,qradar offense investigation,financial crime investigation pdf,mckinsey aml jobs,financial crimes investigator salary,financial crimes investigator wells fargo,financial crimes investigator certificate,making sense of ai,sas analytics 101,sas online webinar,sas ask the expert,sas com webinar,sas visual analytics video library