Case Management Vendor Evaluation: Key to Enterprise Success

Transcription

1 Case Management Vendor Evaluation: Key to Enterprise Success AUGUST 2015 Shirley Inscoe Photocopying or electronic distribution of this document or any of its contents without prior written consent of the publisher violates U.S. copyright law, and is punishable by statutory damages of up to US$150,000 per infringement, plus attorneys fees (17 USC 504 et seq.). Without advance permission, illegal copying includes regular photocopying, faxing, excerpting, forwarding electronically, and sharing of online access.

2 TABLE OF CONTENTS IMPACT POINTS... 5 INTRODUCTION... 6 METHODOLOGY... 6 MARKETPLACE BACKGROUND... 9 CASE MANAGEMENT KEY COMPONENTS ALERT MANAGEMENT CASE INVESTIGATIONS WORKFLOW REPORTING REGULATORY REPORTING LOSS ANALYSIS TECHNOLOGY EVOLUTION MARKET DEMAND PRICING AND MARKET SIZING VENDOR PROFILES ARGO BAE SYSTEMS BOTTOMLINE (FORMERLY INTELLINX) CUSTOMERXPS FICO FISERV JACK HENRY LEXISNEXIS RISK SOLUTIONS NICE ACTIMIZE PEGASYSTEMS TONBELLER PRODUCT FEATURES BY VENDOR ALERT MANAGEMENT INVESTIGATIONS WORKFLOW REPORTING REGULATORY COMPLIANCE LOSS ANALYSIS SYSTEMS VENDOR AWARDS LEADER IN THE NORTH AMERICAN SMALLER FI MARKET (LESS THAN US$10 BILLION IN ASSETS) LEADER IN LINK ANALYSIS AND VISUALIZATION

3 LEADER IN THE NORTH AMERICAN LARGE FI MARKET CONCLUSION RELATED AITE GROUP RESEARCH ABOUT AITE GROUP AUTHOR INFORMATION CONTACT LIST OF FIGURES FIGURE 1: INTERVIEWED FIS BY ASSET SIZE... 7 FIGURE 2: INTERVIEWED FIS BY GEOGRAPHIC LOCATION... 7 FIGURE 3: EXAMPLE OF CONSOLIDATED ALERTS FIGURE 4: EXAMPLE OF LAW ENFORCEMENT CONTACT ORGANIZATION FIGURE 5: SAMPLE OF LINK ANALYSIS VISUALIZATION FIGURE 6: SAMPLE OF SAR CONFIRMATION DOCUMENTATION FIGURE 7: GLOBAL ENTERPRISE CASE MANAGEMENT SOFTWARE MARKET SIZE LIST OF TABLES TABLE A: VENDOR PROFILES... 8 TABLE B: VENDORS CASE MANAGEMENT OFFERINGS TABLE C: BAE SYSTEMS NETREVEAL S KEY STRENGTHS AND AREAS OF IMPROVEMENT TABLE D: INTELLINX ENTERPRISE ALERT & CASE MANAGER'S STRENGTHS AND IMPROVEMENT AREAS TABLE E: CUSTOMERXPS CLARI5 S STRENGTHS AND AREAS OF IMPROVEMENT TABLE F: FICO FALCON FRAUD MANAGER S STRENGTHS AND AREAS OF IMPROVEMENT TABLE G: FISERV CASE INVESTIGATION MANAGER'S STRENGTHS AND AREAS OF IMPROVEMENT TABLE H: JACK HENRY BSA TASK MANAGEMENT S STRENGTHS AND AREAS OF IMPROVEMENT TABLE I: ACTIMIZE ENTERPRISE RISK CASE MANAGER S STRENGTHS AND AREAS OF IMPROVEMENT TABLE J: TONBELLER SIRON'S STRENGTHS AND AREAS OF IMPROVEMENT TABLE K: CASE MANAGEMENT PRODUCT CAPABILITIES ALERT MANAGEMENT TABLE L: CASE MANAGEMENT PRODUCT CAPABILITIES ALERT TYPES TABLE M: CASE MANAGEMENT PRODUCT CAPABILITIES INVESTIGATIONS TABLE N: CASE MANAGEMENT PRODUCT CAPABILITIES SYSTEM INTERFACES TABLE O: CASE MANAGEMENT PRODUCT CAPABILITIES CUSTOMER COMMUNICATIONS TABLE P: CASE MANAGEMENT PRODUCT CAPABILITIES WORKFLOW TABLE Q: CASE MANAGEMENT PRODUCT CAPABILITIES DEADLINE COMPLIANCE TABLE R: CASE MANAGEMENT PRODUCT CAPABILITIES REPORTING TABLE S: CASE MANAGEMENT PRODUCT CAPABILITIES REGULATORY COMPLIANCE

4 TABLE T: CASE MANAGEMENT PRODUCT CAPABILITIES LOSS ANALYSIS TABLE U: CASE MANAGEMENT PRODUCT CAPABILITIES SYSTEM TABLE V: CASE MANAGEMENT PRODUCT OPERATIONAL IMPACT

5 IMPACT POINTS Aite Group interviewed 25 anti-money laundering (AML) and fraud executives from 24 financial services companies between February and June 2015 to understand their satisfaction with their vendor solutions, current pain points, and needs. All of the vendors profiled herein also conducted demos for Aite Group and completed Aite Group s detailed request for information. Enterprise case management can provide many benefits to a financial institution. Opportunity still exists for many vendors to deepen their capability set to meet FIs complex and evolving needs. Financial institutions worldwide increasingly have the same needs, particularly as regulatory agencies in Asia, Africa, India, and the Middle East have strengthened AML requirements. Many solution providers initially focused on the AML area and added fraud capabilities at a later point. Alert management is often quite strong, meeting the needs of AML departments and fraud-prevention departments well. Solution providers that offer fraud-prevention capabilities often build case management as a capability to aggregate and work all prevention alerts. Some of these providers do not offer true case management to meet the needs of investigators who work on lengthy, complicated financial crimes. Solutions that meet the needs of the AML, fraud prevention, or financial crime investigations groups are plentiful; finding solutions that satisfy the needs of all three groups is more difficult. Opportunities abound as providers continue to refine their products to meet the needs of all enterprise constituents. Truly listening to unmet customer needs can help solution providers better meet enterprise needs: improving operational efficiency, demonstrating regulatory compliance, and retaining happy clients while attracting new ones. 5

6 INTRODUCTION A single, unambiguous aim is the keystone of successful military operations. Selection and maintenance of the aim is regarded as the master principle of war. 1 The war against financial crimes is being waged constantly, but the bad guys are often more innovative than the good ones; this is possible since no business case needs to be compiled or approved and no lengthy IT project is necessary to commit nefarious acts. The bad guys are using automation more and more to decrease the human element and reduce the investment required to commit crimes; the end result is that they are able to attack smaller financial institutions and focus their attention on corporate entities as well. At the rate that hackers are attacking government agencies, retailers, financial institutions (FIs) and others, this may be the number one threat against the U.S. economy in just a few years. It is appropriate to use a war analogy in fighting financial crimes, as many view this as a form financial warfare. All wars affect innocent bystanders, and in this war, consumers and businesses are often adversely affected as well as governments and other entities. This war is being engaged on many fronts simultaneously the Internet, mobile, contact centers, ATMs, points of sale and branches or stores, and back offices. Only with effective weapons can any financial institution hope to win key battles, let alone the war. Case management solutions, one key way to achieve a complete view of customer activity and detect cross-channel fraud, are one of the most important tools in the good guys arsenals. Many solution providers offer case management products, but not all are created equal. This Impact Report, which evaluates the vendors of enterprise case management technology, is the third in a three-part series. The first report evaluates the vendors of suspicious activity monitoring, 2 and the second evaluates the vendors of watch-list filtering technology. 3 METHODOLOGY Aite Group interviewed 25 financial institution executives between February and June 2015 to understand their satisfaction with their vendor solutions, current pain points, and market needs. Breakdowns of FI participants by size and geographic location are shown in Figure 1 and Figure Joint Doctrine Publication 0-01: British Defense Doctrine, Fourth Edition, U.K. Ministry of Defense, November, See Aite Group s report Global AML Vendor Evaluation: Managing Rapidly Escalating Risk, June See Aite Group s report Watch-List Filtering Vendor Evaluation: Separating the Wheat From the Chaff, August

7 Figure 1: Interviewed FIs by Asset Size Participating FIs by Asset Size (In US$; N=25) Greater than $100 billion 32% Source: Aite Group interviews with 25 financial executives, February to June 2015 Figure 2: Interviewed FIs by Geographic Location Europe, the Middle East, and Africa 24% $11 billion to $100 billion 36% Source: Aite Group interviews with 25 financial executives, February to June 2015 Less than $5 billion 20% Breakdown of Participants by Geographic Region (N=25) Asia-Pacific 16% South America 4% $5 billion to $10 billion 12% North America 56% The vendors profiled herein also conducted demos for Aite Group and completed Aite Group s detailed request for information. Eight of the companies provided bank customer references who were each interviewed concerning their experiences and levels of satisfaction with the case management products. Several companies were invited to participate in this research, but 7

8 declined for various reasons. These companies include ACI Worldwide, FIS, IBM, Oracle, SAS, and TCS. Information about the vendors that participated in this evaluation is shown in Table A. Table A: Vendor Profiles Company name Argo BAE Systems Bottomline (formerly Intellinx) CustomerXPs Headquarters Richardson, TX Guildford, U.K. Portsmouth, NH Bangalore, India Year founded Structure 1980 Privately held 1970 FTSE: BAE Systems 1989 Nasdaq: EPAY 2007 Privately held Fico San Jose, CA 1956 NYSE: FICO Fiserv Brookfield, WI 1984 Nasdaq: FISV Jack Henry Monett, MO 1976 Nasdaq: JKHY LexisNexis Risk Solutions Atlanta, GA 2000 Privately held Nice Actimize New York 1999 Nasdaq: NICE Pegasystems Tonbeller Cambridge, MA Bensheim, Germany 1983 Nasdaq: PEGA 1971 Acquired by Fico Number of employees Less than 500 Number of case management clients Top two markets 290 United States 90, Americas, Europe 1, United States 55 Not disclosed India, South America 2,850 1,200+ United States, Europe 21,000 1,100+ Americas, Europe 4, United States 3,626 Not disclosed United States 633 plus contractors 300+ United States, Europe 3,002 Not disclosed North America, Europe 120 1,000+ Europe, Middle East Source: Aite Group, vendor data 8

9 MARKETPLACE BACKGROUND Over the past few decades, fraud attacks against FIs and payment systems have become increasingly more complex. Initially, most attacks involved counterfeit, forged, or altered checks. Banks responded by implementing a variety of fraud-prevention systems to detect suspicious items that were being deposited and cleared against their customers accounts, and to monitor for kiting activity (drawing against uncollected funds). Next, credit cards became targets, later followed by debit cards. Different, real-time prevention systems were required to detect suspicious activity. Later, the ACH network introduced check conversion, and fraud quickly followed in a payment system that had always been considered very secure. Wire transfer fraud has existed for decades, but attempts have become increasingly sophisticated, often involving bank or account takeover to commit the fraud. On top of all the types of payment system fraud, channel fraud has become a huge issue. FIs often implement special systems to detect online or mobile account takeover, contact center fraud, and malware on customer computers. Behavioral analytics and various biometric comparisons are often used to ensure the person trying to conduct business or transactional activity is actually the customer and not an imposter with ill intent. Not only do FIs have to guard against identity theft with new account applications but synthetic identities continue to be a major method used by the bad guys to open new accounts and gain access to payment systems. Increasingly, financial institution executives have come to understand that they simply must corral all these point solutions and see everything taking place on a specific account to determine whether activity is suspicious. Aggregating all the fraud alerts in one case management system is the simplest method of accomplishing this objective. Demand for products that will enable the FI to achieve this full customer-activity view is growing as more and more financial institutions realize how important it is. A side benefit of doing this is that aggregating all fraud alerts on specific accounts enables fraud analysts to make more informed decisions and may even allow some alerts to be handled automatically; this is especially helpful since some prevention systems generate high false positives. Similarly, money laundering efforts have escalated over recent years as criminals become much more adept at hiding their ill-gotten gains and moving funds internationally to obscure their origins. Often it is difficult at first glance to tell if a customer is legitimate or if funds are dirty money. Regulatory bodies in Asia, India, and the Middle East are becoming more stringent in their examinations, leading to a need for better analytics and case management worldwide. Concurrently, increasingly sophisticated investigators needs have evolved, and so have their requirements for case management products. The number of active fraud cases each investigator must juggle has grown tremendously; organizational tools and reminders are essential to solving cases, meeting regulatory deadlines, and complying with internal charge-off time frames. In addition, workflows that enable specific steps to be taken for each type of case can ensure novice investigators don t skip key steps in attempting to recover funds or fail to comply with regulatory requirements. Desired management reviews and approvals can also be built into workflow to ensure steps aren t bypassed or forgotten. 9

10 Of course, management must also be able to monitor all staff members work and produce various reports to demonstrate the department s results. A case management system can be a great tool in streamlining these processes by providing job performance metrics for each individual and allowing specific ad hoc reports to be created from the case management system s data. Employees who have specific metrics related to their job requirements can easily track their own performances so there are no surprises at review time. Specialized ad hoc reports may be requested periodically by regulators, or internal or external auditors, in addition to regular monthly and quarterly management reports that demonstrate the department s performance. 10

11 CASE MANAGEMENT KEY COMPONENTS The aim of most enterprise risk management (ERM) shops is to attain a complete view and understanding of a particular customer or account to determine whether financial activity is legitimate, fraudulent, or money laundering. Case management is the basis for effective ERM because it represents one key way to achieve a complete view of customer activity and to detect cross-channel fraud. While point solutions can prove very effective in managing certain fraud types, no combination of point solutions can bring all the data together in one place to afford a view of activity across the entire range of customer activity. In addition to helping to more effectively combat financial crimes, case management can provide tremendous operational efficiency gains and help demonstrate full or partial compliance with various consumer regulations. In addition, a case management product that can also be used by the AML department, corporate security (to track robberies and other cases), and other corporate departments is desirable to support many areas of the enterprise. To meet the needs of an entire enterprise, case management products must have a wide variety of features. These key components typically relate to the following: Alert management for fraud, AML, physical security, and information security Case management for lengthier, more detailed investigations Workflow mechanisms to automate certain processes and enable operational efficiencies Management reporting Regulatory compliance features Fraud loss analysis ALERT MANAGEMENT Alert management refers to the capability of presenting various types of alerts to an analyst for review. The alerts may be of various types, such as fraud-prevention alerts, AML alerts, or information security alerts. Alerts are typically generated from some type of detection solution or in-house-developed code. Many of the alerts may be generated by different detection modules provided by the case management system s technology vendor, but the ability to import alerts from other providers is important for the FI to obtain a complete view of what is happening with a specific customer or to see all the activity across a customer s accounts. This is sometimes referred to as a 360-degree view of a customer or account. An institution that has a large number of analysts working alerts can benefit from an alert management capability to pull them together, particularly if it aggregates alerts on the same account or customer. For example, if one fraud-prevention system produces an alert on a 11

12 customer check because its check number is out of sequence, and an alert from another prevention system indicates the check maker s signature is suspicious, seeing both alerts together allows an analyst to view the check image and have all the information necessary to return the check. In addition, one analyst has quickly handled two alerts that would formerly have been worked separately by two analysts, one or both of whom might have called the customer to ask if the check was legitimate. These time savings add up when repeated throughout the workday, yielding a much more efficient operation; customer service also increases since one analyst has enough data to make the right decision without impacting the customer at all. Several vendors provide the ability to show multiple alerts; Figure 3 displays a screen shot of this capability. As the screen indicates, three different alerts on the same customer appear in the analyst s queue. Figure 3: Example of Consolidated Alerts Source: Nice Actimize CASE INVESTIGATIONS For a case management product to be truly useful at the enterprise level, it must also support case investigations, whether they be for fraud, AML, physical security, or other purposes. While many believe alert management is just a subset of case management, these truly are two different things with different requirements. Alerts are typically prevention or detection tools, 12

13 while cases are often created after funds have left the FI or a customer reports fraudulent activity on his or her account. Cases may need to be investigated over a long period of time, and many interactions with the customer, suspects, or law enforcement may need to be documented. Being able to attach many different types of documents and files to an electronic case helps keep the investigator organized and makes these items easy to retrieve when needed. Documents may range from images of fraudulent checks to customer communications; in addition, clips from ATM security video or branch cameras may need to be maintained if suspects were photographed. Case files may need to be shared with local, state, or federal law enforcement agencies. Case files that are organized and easy to review can determine whether a law enforcement agent accepts a case or not, so this is very important. Of course, some cases will also result in suspicious activity or other regulatory reports needing to be filed, and a solution that assists with that process makes an investigator s job much easier. Some case management solutions help investigators keep information about their law enforcement contacts organized so the data is always available and easy to locate (Figure 4). Figure 4: Example of Law Enforcement Contact Organization Source: Intellinx In addition, certain tools within case management can really help an investigator be more successful in conducting investigations. Two key capabilities are link analysis, which can help tie various people, accounts, or activities together, and visualization tools that allow the investigator to see and understand intricate relationships. An example is shown in Figure 5. Automated tools such as these save an investigator a lot of time, and quick responses often 13

14 make the difference in being able to retrieve funds that have already left the FI. Additional capabilities that can be really helpful include documenting and monitoring repayment agreements, results of small claims court, or lawsuit settlements, etc. If repayments are not being received as scheduled, reminders are helpful in initiating contact with the customer or perpetrator again. Figure 5: Sample of Link Analysis Visualization Source: BAE Systems WORKFLOW Workflow capabilities are very important to achieve consistent processes, improve operational efficiency, and demonstrate regulatory compliance. Particularly in large FIs, turnover of analyst and investigator roles requires the regular addition of new personnel. Using workflow enables supervisors to send work across to multiple team members, facilitates escalations, automates transfers to the next step in a process, and creates many other efficiencies. Workflow techniques also ensure relatively inexperienced personnel can learn on the job by relying on the system to prompt him or her to take specific steps in working an alert or investigating a case. Specific steps may be mandatory in the workflow, not allowing further work to be done until completed, to ensure that all appropriate steps are taken to protect customer accounts against fraud or to detect money laundering. In the same vein, because consistent processes are required and enforced by the case management system, regulators can easily see what exceptions were made and determine whether the FI is in compliance with certain specific requirements. Using 14

15 workflow, some steps in the process may be automated, or cases may flow from one group to another, eliminating unnecessary delays and ensuring deadlines are met. REPORTING Financial institutions need many types of reports and dashboards out of the enterprise case management solution. The types of reports needed include management reports documenting individual performance metrics for analysts and investigators, reports with details about specific situations (e.g., potential large-dollar losses or exceptions), and departmental performance reports that may need to compare current month reports to prior month reports or to reports from same month in the prior year. If charge-offs are performed via case management, financial reports can be created showing potential losses and actual losses, and comparing actual results to budgets. Reports are vital to show that the department is performing its primary function well or to demonstrate needed improvement. For example, if alert or case volume is severely backlogged, reporting can help demonstrate the escalation of fraud attempts and the need to add staff or contractors. In addition to standard out-of-the-box reports, many FIs desire the ability to create ad hoc reports or additional standard reports without IT or vendor intervention. This flexibility allows them to meet the requests of executive management, internal or external auditors, and regulators during examinations. REGULATORY REPORTING Case management systems can help FIs to demonstrate compliance with a number of regulations by generating reports, such as suspicious activity reports (SARs). This is a big benefit for the FI when a regulatory examination occurs, and details can be pulled out of the system to be shared with the lead examiner. By applying consistent processes and automating specific tasks, compliance is easier to achieve and demonstrate. In addition to documenting compliance with specific regulations, countries have requirements for various money laundering and Foreign Account Tax Compliance Act (FATCA)-related governmental reports. Case management systems can be very helpful in complying with these requirements by prompting personnel in alerts or cases where reporting is required, prefilling many of the fields on the appropriate form, automatically filing the reports, and retrieving confirmation that the report was received as well as any communication from the regulatory body that the report should be amended or corrected. Figure 6 shows a sample of a screenshot documenting that an SAR filing is confirmed as received by the Financial Crimes Enforcement Network (FinCEN). 15

16 Figure 6: Sample of SAR Confirmation Documentation Source: Fiserv LOSS ANALYSIS Loss analysis is a key component required to assist FIs in maximizing their fraud loss-prevention efforts. Determining the root cause of a loss enables the FI to determine if it has a prevention solution in place for that type of event, whether existing technology can be used to create a solution, and to help identify losses taken due to the gap and build a business case for new inhouse code or a new technology solution to fill it. If a prevention solution is in place, identifying the root cause of a loss can help ensure that the system is operating correctly and that an alert was created. If so, the analyst who handled the alert can be provided additional training or mentored to prevent the same mistake. Some case management systems can also facilitate an automated feedback loop into the detection engine to help better train the model, resulting in improved future results. 16

17 TECHNOLOGY EVOLUTION When case management products were initially developed, they focused exclusively on fraud, AML, or security cases and enabled investigators to look into a specific situation and record the results of their efforts, often in a comments section. The products were simplistic but met FIs basic needs. Bulky paper files were the norm, and investigators manually documented each step taken over the course of the investigation, filling up file cabinets. Over the years, needs have become much more complex, whether related to fraud or other financial crimes, with many areas of the enterprise needing to use such products; solution providers have responded in a variety of ways. Today, many case management products can meet a wide variety of needs. Some may allow an institution to pull all fraud-prevention or AML alerts together to gain a full understanding of all activity on an account or customer; another may enable full case investigations, replacing paper files and streamlining electronic SARs, or sharing case files with local, state, or federal law enforcement personnel. Unfortunately, few products fulfil both of these major needs well, but some do provide capabilities to streamline or automate some processes. Of course, many FIs also desire to use the same product in their fraud, AML, corporate security, information security, or other divisions in the bank, hence, the need for enterprise case management solutions that can handle both alerts and full investigations for a wide variety of needs. Each company that participated in this research can assist in the battle against fraudsters and money launderers, but each FI will need to define its needs to determine which product is the best fit for its unique environment. In most cases, solutions will require some level of customization, which is typically done during implementation. There may also be a need for a case management system that all investigators within the FI can use, regardless of the type of case being worked. A case that has been investigated and determined fraud free but looks suspiciously like money laundering can easily be forwarded to the AML department, maintaining a documented record of all the work performed to avoid duplication of effort. Or, repetitive claims by a customer constantly disputing legitimate transactions can be viewed in conjunction with a personal injury lawsuit regarding a fall in the branch when no branch personnel are aware of such an incident. In such circumstances, being aware of the customer s history may be significant. Finally, some FIs desire a case management solution that does all of the above and much more. As cross-channel fraud proliferates and more institutions understand the need to detect it, the desire to aggregate and decision fraud-prevention alerts and investigate all types of cases in one system grows. Regulators are encouraging banks to consider case management systems that allow them a full view of activity on a particular account or customer to provide superior fraud prevention and detection, and to detect money laundering more readily. An additional benefit of a case management solution that provides all of this functionality is that cases can be created in fraud prevention and moved to an investigative unit for further work when needed. Again, this provides enhanced operational efficiency and decreases duplication of effort since no rekeying of data (which also reduces manual errors) is necessary. As a side benefit, it strengthens 17

18 teamwork among the workforce and creates a potential job progression so talented personnel can be rewarded, promoted, and retained. Turnover is expensive, and experienced personnel typically can handle much heavier workloads than new employees who don t understand the intricacies of money laundering or fraud. MARKET DEMAND Regulators in many countries are encouraging FIs to use case management systems in AML and fraud departments to pull data together whether the AML and fraud organizations are combined organizationally in the same business unit or not. Regulators understand these products ability to provide a more complete understanding of customer activity and also appreciate ad hoc reports that can be produced with relative ease. Lastly, these products can often produce evidence of consistent compliance with certain regulations and reports showing any exceptions (e.g., any Regulation E disputes that did not receive provisional credit within 10 days of a customer s unauthorized activity claim). Proactive managers can look at such reports regularly and identify training, mentoring, or disciplinary needs among personnel so they can approach an audit or exam with confidence. Even more important than regulatory encouragement, FI executives are increasingly understanding that they need to detect cross-channel fraud, and case management is an effective way to do so. Fraud alerts are so prolific (and volume continues to grow rapidly), no human being can manually study myriad alerts and envision how they relate to a single incident quickly enough to be effective. Automated solutions that can help fraud personnel tie alerts together, understand the sequence of events, and understand relationships among parties are often crucial to seeing an organized fraud ring or a sophisticated money laundering scheme. Recognizing these situations swiftly enables the FI to take countermeasures to protect itself and its customers, thereby radically reducing potential losses. Similarly, detecting money laundering activity, and all the parties involved, can help protect the FI against large monetary penalties, fines, and negative publicity. In some parts of the world, such as Asia and India, regulators are emphasizing money laundering compliance much more strongly than they did in the past. FIs in these countries may be seeking systems to support their compliance efforts for the first time, providing greenfield opportunities to solution providers. The market is also experiencing some contraction in case management solution providers due to larger companies acquiring smaller technology firms. Conversely, new companies continue to arise and bring new products to market. In recent years, products from ICMS and Digital Harbor were acquired and sunset, leaving many user FIs in need of replacement products. Some FIs have delayed replacing the unsupported product, but this is yet another aspect of increasing market demand. 18

19 PRICING AND MARKET S IZING Average large-bank deal sizes for an enterprise case management product start in the low to mid seven-figure range. The cost for midsize banks typically starts in the mid to high six-figure range and can climb to the low seven figures. The average annual support and maintenance cost is between 15% and 20% of the license fee. For small banks, the average first-year cost is between US$7,500 and US$50,000, depending on the FI s size, with similar ongoing maintenance fees. A small number of vendors use subscription pricing based on the number of users instead of using license pricing. Based on the number of installations reported by the vendors as well as the average pricing, Aite Group estimates the market for enterprise case management software to be just over US$0.95 billion in 2015, growing to US$1.58 billion in 2019 (Figure 7). Figure 7: Global Enterprise Case Management Software Market Size $0.95 Source: Aite Group Global Enterprise Case Management Market, 2014 to e2019 (In US$ billions) $1.07 $1.19 $1.32 $1.45 $ e2015 e2016 e2017 e2018 e

20 VENDOR PROFILES The key components of enterprise case management are provided in varying degrees by each of the vendors participating in this evaluation. This section is based on information provided by vendors through request for information responses, phone interviews, product demos, feedback from client references, and Aite Group s own knowledge of the industry. Table B summarizes this report s profiled vendors and their enterprise case management capabilities. A check mark () indicates that a vendor fully meets the bulk of the component s needs, a check mark and an asterisk (*) indicate that some of the needs are met, and a blank field indicates that the product meets few to no enterprise needs. Table B: Vendors Case Management Offerings Company name Alert management Investigations Workflow Reporting Regulatory compliance Argo * * * BAE Systems Bottomline (formerly Intellinx) CustomerXPs * FICO * Fiserv * Jack Henry * * * LexisNexis Risk Solutions * * * Nice Actimize Pegasystems * Tonbeller * * Source: Aite Group, vendor data ARG O Argo is well-known in financial services in North America (with over 290 client banks) providing teller and lending systems through direct sales and partnerships (particularly core systems providers). Argo s go-to-market strategy combines direct sales and partnerships with FIS and Loss analysis 20

21 Fiserv. More recently, the company has expanded to offer similar products in the Asia-Pacific. Argo s case management and fraud capabilities are developed using this same platform, with the Oasis case management being fully integrated with Argo Teller and Payments. Along with being a reporting tool, Oasis also analyzes data and alerts the analyst to suspicious activity at both the account and customer level, which gives the institution a holistic approach to monitoring suspicious activity. The solution s strengths include reduction of costs (operational, maintenance, and staff), reduction of false positives, and improved workflow. R E L E V A N T A C Q U I S I T I O N S In the summer of 2013, Argo acquired Advanced Software Design Corporation (ASDC), based in Toronto. Argo plans to continue its strategic expansion of software solutions, adding core competencies in analytical methods for pattern recognition around neural networks, case management, and image analytics. Fully integrating ASDC s capabilities into Argo s fraudprevention and case management products continues to be a point of emphasis for the company. P L A N N E D E N H A N C E M E N T S While Oasis case management currently focuses primarily on producing real-time alerts and alert management, development of new capabilities is well underway. During the next 24 months, Argo plans continued integration with the teller platform along with additional fraud, compliance, and treasury management enhancements. V E N D O R A N A L Y S I S A competitive advantage for Argo Data is that its case management solution is fully integrated with the Argo Teller Payments application (enabling real-time fraud detection at the teller line); it is also fully integrated with Argo Fraud and AML products, and it provides a holistic, centrally managed case management solution capable of being deployed across both the fraud and compliance divisions within a financial institution utilizing a continuous workflow. The product is new, though, and no references were provided to Aite Group to speak with. The demo provided was impressive, although the enterprise solution itself is still in its infancy. BAE SYSTEMS BAE Systems is a global defense, aerospace, and security company with clients in over 90 countries. Its emphasis on working with global law enforcement and intelligence agencies lends itself well to providing solutions to combat all types of financial crimes. The business case for the BAE Systems case management product is typically to improve operational efficiency, primarily by reducing the number of manual steps and reducing data entry (thereby also preventing manual keying errors). The ability to bring multiple alert types into a single case management solution that meets constantly changing regulations is also important. When the BAE Systems case management product is deployed alongside BAE Systems 21

22 analytical detection solutions in compliance or fraud, alert and case dispositions are fed back into the analytical detection engines to help enhance future detection, increasing effectiveness. Historically, BAE Systems has used direct sales exclusively but plans to begin enlisting strategic partners in Case management is often sold on its own or as part of an enterprise fraud or compliance package. During the next two years, BAE s expansion strategy is to expand into new territories and upsell within its existing customer base. R E L E V A N T A C Q U I S I T I O N S The company has invested in several acquisitions to enhance its capabilities while continuing to develop and enhance products internally. In 2011, BAE acquired Norkom, a provider of innovative counterfraud and anti-money laundering solutions to the global financial services industry, and ETI, a Danish cybersecurity firm. In 2012, BAE Systems acquired Stratsec, the largest cybersecurity company in Australia, increasing its footprint in Southeast Asia and Australia, and in 2014 BAE acquired Perimeter Internetworking Corporation (trading as Silversky), a leading commercial cyberservices provider with principal operations in the United States and the Philippines. P L A N N E D E N H A N C E M E N T S BAE Systems plans to enhance the case management product in the following areas: V E N D O R A N A L Y S I S User experience enhancements with a focus on efficiency and lower training needs User personalization capabilities within the user interface (UI) Expansion of standard case investigation types Enhanced reporting packs Aite Group spoke with three BAE System customers using NetReveal Enterprise Investigation Management. Two of these references are midsize banks, while the last is a large securities and investment firm; all are located in the United States. On a combined basis, the three institutions use the product for many types of AML, fraud prevention, and investigations as well as physical security use cases. The BAE Systems enterprise case management solution can be deployed across all investigation verticals, drawing on the experience from those different verticals to enhance others. The ability to integrate external alerts from other detection engines as well as critical banking systems is a competitive advantage, and the inclusion of social network visualization based on case management data helps investigators rapidly understand relationships within a fraud network. When asked about the strengths of the solution, the executives highlight the following points: 22

23 Open architecture: Allows a lot of ingested data from many sources. Configurability: Users love it. It can be easily configured to meet the specific requirements of the business unit. System dependability: Uptime is very good, and it does what it is supposed to do. Sales organization: Very good personnel who understand the business needs. Executives would like to see BAE Systems improve in the following ways: Usability: Interface is not intuitive and needs a good Web designer to improve it so it requires less training for users (Table C). Configurability: A strength becomes a weakness. After customization, releases are very time-consuming and difficult to implement, delaying the advantages of new functionality. Table C: BAE Systems NetReveal s Key Strengths and Areas of Improvement Strengths Open architecture Configurability System dependability Sales organization Source: Aite Group BOT TOMLINE (FORMERLY INTELLINX) Areas of improvement Intuitiveness Intellinx Ltd., which developed an enterprise case management solution (among other anti-fraud solutions), was acquired by Bottomline Technologies in January As a result, Intellinx became Bottomline s Cyber Fraud & Risk Management (CFRM) Division. Intellinx has customers in over 40 countries. The case management solution, Enterprise Alert & Case Manager, is sold both directly and through channel partners around the world. Most often, these are local system integrators that sell, implement, and support the solution in their local territories. Going forward, Bottomline Technologies plans to integrate Intellinx s payments fraud solutions and services into Bottomline s payments products and services. All of Intellinx s former anti-fraud capabilities, case management, and AML solutions will be offered to existing Bottomline Technologies customers. 23

24 P L A N N E D E N H A N C E M E N T S The main new feature in the next release will be the ability to file an SAR based on several different cases. V E N D O R A N A L Y S IS Aite Group spoke with three U.S. clients using Intellinx s case management solution for a wide variety of fraud use cases (payments, loans, mortgages) as well as operational, noncredit losses and physical security investigations. The size of the three ranged from small to very large in terms of assets and volume handled. Some of the strengths of the solution noted by executives include the following: Flexible: Easy to work with and configure, and meets all needs Complete solution: Handles alerts, dashboards, and workflows out of the box Data ingestion: Ingests data easily from various sources, such as databases or bigdata vendors Reporting: Excellent out-of-the-box reports and dashboards Improved communications: Ability to have multiple people in a case Complete case file: Ability to attach documents, photos, etc. Executives also note a few improvements they would prefer: Setup is key: If setup isn t performed carefully, users may have to go through more clicks than needed. Workflow: This is robust but not graphical; visual workflow would be nice (Table D). Extremely structured database: This adds an unnecessary level of complexity but turns into a benefit for the users. Table D: Intellinx Enterprise Alert & Case Manager's Strengths and Improvement Areas Strengths Flexibility All inclusive Data ingestion Reporting Areas of improvement Graphical workflow Source: Aite Group 24

25 CUSTOMERXPS CustomerXPs has 90% of its client base currently located in India, with the remaining 10% in Mexico and South America. In 2015, the company plans to expand into North America with its product offerings. CustomerXPs Clari5 enterprise case management product provides a unified view across all channels and products for both fraud and AML. A concept unique to the company is that of the living case or alert ; all the open alerts and cases get updated with raised or lowered risk scores based on behavior observed for the customer or account after the alert or case is created. There is also a feature to suppress alerts for specific customers or accounts and specific scenarios based on the investigation outcome. Once a case is closed, the suppression feedback transaction-monitoring engine will create updates to suppress future cases for that customer/account for the time period desired. The solution also offers the ability to configure different workflows for different investigation queues without requiring any code changes. Each queue can have an assigned set of users, and the system automatically assigns cases to the users based on the assignment logic. The company sells its products through a variety of partners, including system integrators, consulting and technology partners, and geographically located partners that focus on local sales opportunities, such as those in the Asia-Pacific, Africa, and the Middle East. During the next 24 months, this young company plans to grow by achieving depth in current markets by riding on strong regulatory changes and an evolving fraud management and AML landscape in these markets; expanding into new markets (e.g., Western Europe and North America); diversifying and expanding sales to other players in the value chain (i.e., retailers, payment gateways, payment networks, and banks); increasing investment in sales and marketing with the possibility of setting up sales offices in key locations; and designing a new sales model to gauge banks readiness for a Software-as-a-Service (SaaS) model and subscription-based licensing. P L A N N E D E N H A N C E M E N T S The next case management release will have a comprehensive entity link analysis feature to help investigators uncover complex crime rings (with internal and external components) using visual link analysis capabilities. CustomerXPs has just launched a machine-learning capability, which is available for both the on-premises and cloud-based products. Also, the company will launch the federated anti-fraud network shortly, which will enable collaboration among its clients. V E N D O R A N A L Y S I S Aite Group spoke with three financial services customers that use CustomerXPs case management solution; all three are located in India. The customers are using the solution across a wide range of AML and fraud use cases. Customers note that the primary strength of CustomerXPs solution is the ability to aggregate alerts from various solutions that relate to a single customer. The only concern noted is that the 25

26 case management solution is designed on a Jira platform. Customization is dependent upon the third-party platform the solution is built upon, which limits the bank s options at times (Table E). Table E: CustomerXPs Clari5 s Strengths and Areas of Improvement Strengths Alert aggregation Source: Aite Group FICO Areas of improvement Designed on third-party platform Fico is a worldwide company with clients in over 90 countries around the globe and over 1,000 clients just in the United States. The company has made great strides in recent years in integrating various types of fraud prevention into its alert management system. Differentiators for Fico s Falcon Fraud Manager alert management system are configurability (all grids, tables, screens, and tabs are user-configurable), easy administration (configuration and setup can be done via operations administration, not requiring any IT intervention), and the onescreen view, which displays all relevant data. Fico sells its case management product through partners such as TSYS, FDR, FIS, Cognizant, and others. During the next 24 months, Fico plans to expand the addressable market for its suite of products and services by SaaS-enabling the product portfolio via the Fico analytic cloud, expanding sales and distribution channels through strategic partnerships, and acquiring companies that deliver solutions to financial services and adjacent industries. R E L E V A N T A C Q U I S I T I O N S Fico has expanded its capabilities dramatically in recent years, with several acquisitions at the heart of the expansion. A list of acquisitions during recent years includes the following companies: Entiera (2012) Adeptra (2012) CR Software (2012) Infoglide (2013) InfoCentricity (2014) Karmasphere (2014) Tonbeller (2015) 26

27 P L A N N E D E N H A N C E M E N T S The next release has a number of planned enhancements, including new optimizations to improve performance, audit enhancements, transaction grid improvements, push notification updates, and improvements for visually challenged users. V E N D O R A N A L Y S I S Aite Group spoke with two customer references for Fico s case management solution. One is a very large financial services company operating in the United States and Europe that uses the solution for debit, credit, and deposit account fraud; the other is located in Asia and uses the solution for payments fraud alerts. Fico s solution supports fraud-alert investigations but not fullfledged case investigations that require broader functionality. Executives note several strengths of the solution as follows: Flexible: It is built for future enhancement of transactions. Profiling: Capabilities extend from cards to deposit accounts. Multiple channels: Channels include phone, mobile, etc. Web base: Product is very useful for analytics. Customer centricity: View of all aggregated information is very important. Customer communication: Solution enables optimal customer contact. Areas where executives would like to see product improvement are as follows: Customization: The ability to create specific features is desired (e.g., scoring alerts and bringing back scores to agent or displaying internal scores side by side with Fico scores so an agent can see differences and reasons for differences). Some desired functionality had to be developed in-house. Bulk upload function: Items in hot file currently have to be entered one by one (Table F). Table F: Fico Falcon Fraud Manager s Strengths and Areas of Improvement Strengths Flexibility Profiling capabilities Web base Areas of improvement Customization capability Lack of bulk upload Enables customer communication Source: Aite Group 27

28 FISERV Fiserv is a core processor with clients in over 70 countries. Fiserv sells its products through direct sales. Fiserv s financial crime risk management solutions can be used on their own or in conjunction with Fiserv s core processing solutions. Fiserv s case management solution, Case Investigation Manager, includes the inherent flexibility to empower financial institutions business users to develop and modify case structures and workflows to reflect their unique processes. Fiserv focuses on financial crime remediation and the capabilities that drive investigations; case management captures the data necessary to quantify success. As one example, all the loss information and prevention information captured in case management can be exported automatically to external accounting solutions. Banks can also use the case management system to police itself. The solution can evaluate the likelihood that an investigation will turn out to be genuine fraud based on predictive variables identified in previous investigations, essentially using previous known bads to inform current cases. A few of the solution s overall benefits and key differentiators include an enterprise-wide financial crime prevention solution that delivers an approach consistent with regulatory recommendations, prioritization of alerts with the highest degree of risk, alignment with a riskbased approach, investigation and analysis functionality that allows advanced drill-down and link analysis uncovering suspicious networks and associations, and an intuitive UI that makes it easy to zoom in on specific time intervals or events. R E L E V A N T A C Q U I S I T I O N S Fiserv has made a number of acquisitions in recent years and expanded its capabilities, particularly in the area of fraud products. Acquired companies include M-Com, Maverick Network Solutions, Credit Union On-Line Inc., and CashEdge Inc. in 2011 as well as Open Solutions Inc. in P L A N N E D E N H A N C E M E N T S A recent release of the case management solution included a number of improvements, such as enhanced self-service reporting capabilities to empower business users and additional management dashboard facilities to enable oversight for operational efficiency and risk mitigation. Also, an enhanced UI allows investigators to focus on the information that is most relevant to their investigations. Further enhancements related to providing an overarching fraud risk score for all customers are planned, as are further flexibility around workflows and work queues. V E N D O R A N A L Y S I S Aite Group spoke with three clients that are using Fiserv s case management solution. Two of the clients are banks with under US$20 billion in assets located in the United States, while the third is a very large bank located in Europe. All three use the solution for AML, and two use it for fraud. 28