Research report – By Senior Research Executive, Center for Financial Professionals.
As technological advances continue at pace and various regulatory initiatives begin to come into effect throughout 2018 and beyond, financial institutions in the UK and Europe continue to face the challenge of criminals potentially infiltrating systems resulting in financial and reputational damage. In addition, financial institutions have to cope with the increased scrutiny from regulators in ensuring that they have effective tools and controls in place to protect against criminal interference. With banks and financial institutions remaining a primary target for criminals and as techniques continue to develop, this continues to prove an ongoing challenge. Banks therefore need to ensure they are continually monitoring and keeping up with the evolution of fraudsters through effective monitoring, detection and prevention of fraud and financial crime related activity. When this is all coupled with the need to reduce costs and increase efficiency, there is no doubt that fraud and financial crime professionals will be kept on their toes over the coming years.
With fraud and financial crime being a naturally sensitive topic invoking such a high degree of debate, The Center for Financial Professionals undertook extensive research ahead of the upcoming Fraud and Financial Crime Europe Summit, taking place on April 17-18, 2018 in London. This piece will assess three of the key areas that came out of this research as upcoming challenge areas for professionals within the space from banks, which vary from the interaction between fraud and AML to internal fraud and scams.
During the research, the most prominent area and theme that surfaced was around the understanding of risks across both fraud and AML and the interaction between the two. Whilst AML is generally regarded as one of the subsets that falls under financial crime, the research indicated that there is no overall consensus or ‘one size fits all’ approach as to where both fraud and AML sit within the organisation. Many take the approach of fraud coming under operational risk and financial crime under compliance, whilst financial crime and fraud have their own individual departments in some or sit in legal departments in others. What does seem to be clear is that whilst fraud and AML sit in different areas there is a general trend in the larger organisations of better aligning fraud and financial crime departments and bringing together under a combined header. While they have always worked closely together research hinted at further synergies between the two, perhaps even a potential convergence in the future. With budgets constantly slashed and the need to look for efficiency gains throughout banks, this is certainly something to look out for as we approach 2018 and beyond.
With fraud and AML as a whole being in separate departments and having different teams, this leads to the inevitable challenge of communication between the two departments. Organisations have to ensure that whoever is responsible for investigations are in constant communication. Often fraud and AML teams sit in completely different locations, not uncommonly in different geographical regions. Therefore, there needs to be a constant mechanism for effective communication. Similarly, also challenging is working out at what stage a fraud case becomes a money laundering case. Where is the handover stage between the two and can this be done efficiently so that nothing is missed? This can be particularly interesting as the line between what fraud is and AML can be a grey area as to who is detecting and handling what. In its entirety, organisations need to ensure they have clear lines of communication and effective interaction between both fraud and AML teams in order to understand risks across both disciplines and increase convergence across departments.
Whilst increasing convergence and communication between departments was a general theme throughout much of the research, on top of a number of other areas internal fraud came out as a key focus for banks. Many banks naturally focus on external fraud, particularly from a cyber perspective, but banks need to ensure that they are not overlooking internal fraud and forgetting about insider risk. The consequences of internal fraud can be devastating, with the potential for insiders or employees to cause havoc with the ability to result in large amounts of money and data shared externally. Banks need to constantly ensure they have effective analytic tools and systems in place to be able to monitor employee behaviour, cross reference employee accounts to client accounts and ensure there are no transactions between the two.
The risk of internal fraud has become more apparent in recent years. Given continued advances in technology and the general move towards AI and robotics, an increased number of coders and technology professionals are employed throughout banks. Coupled with the increase in algorithmic trading in investment banks and the high frequency of trading, there is the ability for these tech shrewd individuals to insert rogue codes and cause damage. Whilst banks want to have experienced and innovative coders the downside is that procuring technology professionals can increase their ability to cause malicious damage to the bank if desired. Banks must safeguard against this, ensure effective supervision and also have the controls in place to monitor and mitigate against internal fraud. For example, systems can be set-up so that a banks test environment is separate to its live environment, so someone cannot alter code and then release it into a live environment. Similarly, client data is one of the biggest assets banks have and ensuring technologically educated individuals do not gain access to this data giving them the ability to sell on the dark web or put on the cloud is a general concern. Banks need to have various firewalls and controls so that only certain individuals have access and see certain types of data, so that they can mitigate and monitor the threat of data leakage. The challenge is that as we move into an increasingly technologically advanced era, the more technologically savvy individuals who have the motivation to do so, have the ability to cause banks a major leak if not controlled and managed effectively.
Finally, an area that was consistently mentioned as a challenge for banks was the increase in the number of scams over the last few years and bank approaches for handling these types of scams. Phishing has been particularly rife recently and there have been a number of instances where customers believe the fraudster more than they believe the bank and end up transferring funds to criminals impersonating banks. However, there are a number of other different types of scams such as SMiShing, telephone deception and push payments, with scams as a whole and customer protection having a large governmental focus. Much of the problem surrounds controls on the customers side being weak and therefore the challenge from the banks perspective is constantly educating customers and employees effectively to ensure criminals cannot infiltrate through basic scenarios such as clicking on links in text messages or from phone calls. Banks can also help in putting buffers in place to remind their customers of potential scams; such as pop ups on a screen when payments are made. The research illustrated that the customer education piece is the key area within scams, and with the proliferation of scams in recent years banks must continue to educate customers to ensure scams are limited.
Scams, internal fraud and the interaction and convergence between fraud and AML are only a snapshot of some of the challenges within the fraud and financial crime space over the coming years. There is no doubting that with increased advancements in technology in particular, banks have to be more on their toes than ever in mitigating the threat of fraud and financial crime related activity.
You may also be interested in…