CSO - In almost two decades of work in the financial services industry, Brad McFarland has spent most of that time heading up fraud investigations. McFarland, currently director of corporate security with The South Financial Group, a South Carolina-based financial services holding company, is also responsible for the organization's physical security and loss preventions in addition to fraud investigation.
Over the course of his career, McFarland has seen drastic changes to the emphasis and importance placed on fraud. In the past, said McFarland "Many institutions did not employ fraud investigators. Fraud was a cost of doing business."
But times have changed. Thanks not only regulatory requirements, the reputational pressures a financial firms faces in an age of rampant data leakage and identity theft have now made stopping fraud a main priority. And that means the way investigations are conducted have evolved, too. McFarland gave CSO a break down of how fraud investigators, corporate, physical and information security now come together in a combined mission to stay one step ahead of the bad guys.
See also: Fraudsters bank on business accounts: How to protect your funds online
CSO: As Director of Corporate Security you lead fraud investigations within the organization. How do you draw line between fraud and corporate security? Brad McFarland: Those processes are linked. Each security discipline must hold hands in order have an effective security program. The security program impacts fraud prevention, the safety of your employees, the security of institutional data, and customer information. A program needs to address the security of your facility and maintain or keep in-check reputational risk. As part of a global security program it is important to institute an effective training program for respective security disciplines.
I don't see any real barrier between those groups anymore. It's necessary that we maintain a strong, unified partnership to combat the issues we are seeing now across the financial services industry.
Of course professional certifications are important and they play a valuable role in expanding one's knowledge base. Certifications also have a special value in industry and they can represent advantages to employees that obtain a relevant designation.
However, from a broad perspective, there are a few basic steps that all security leaders should employ: First, and foremost, have a basic understanding of accounting principles. Assist in the implementation and utilization of sound accounting practices from a risk management perspective you should trust but verify accounting controls. Second, make sure that you are aware of the legal regulations that govern your field. Third, one simple guideline:communication. Effective communication plays a strong part in acquiring desired results. And fourth, implementation of an effective investigation processes; to include interviewing of witnesses, documentation, and analysis tools.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
