By Andrew Davies, VP, Global Market Strategy, Financial Crime Risk Management, Fiserv
Andrew, please tell the Risk Insights readers a little about yourself, your experiences and what your current professional focus is?
I work with Fiserv clients around the world to design and deploy effective solutions that mitigate financial crime risks. In particular, I focus on compliance, money laundering and fraud. I have been in the software industry for more than twenty years covering real-time payments, front-office trading, mitigation of financial crime risk, and settlement risk.
At the Technology & Innovation Risk Summit, you are presenting on “Tackling sophisticated payment fraud and cybercrime in the age of digital access and real-time payments.” Why is this a key talking point in the industry right now?
Digital and real-time describe the overall trends shaping global financial services. There are now some 25 different real-time payments infrastructures in the world: as money moves more quickly, the associated risks from fraud and cyber-breaches also increase.
We have also seen new permutations in how people manage their finances, from using apps to fintech platforms. There are more moving parts than ever before, creating new opportunities for criminals and new risks for financial institutions.
At the same time, many bank customers worry about security and can be unforgiving if they fall foul of cybercriminals. Research shows 50 percent of customers would withdraw all or part of their business from their FI if they experience any losses due to fraud. This consumer interest in security also provides an opportunity for banks to differentiate. For example, Chase markets its fraud detection tools, which enable business customers to see for themselves potentially suspicious activity in their accounts.
What key considerations need to be met when combatting the growing risk of payment fraud and cyber threats? What steps can financial institutions take to protect themselves against these threats?
A thorough risk assessment is the foundational step towards improved fraud and cybercrime prevention. As customers expect their financial transactions to run at the speed of life, risk management needs to happen in real-time and follow the cadence of financial services – meaning it needs to be automated, and right the first time.
Institutions will also benefit from a customer-centric approach to risk management. This is harder than it sounds, as it requires risk managers to consider the entire customer relationship, and this degree of visibility if difficult to achieve today.
Multiple techniques and data sources can be used to gain this visibility and accomplish more frictionless risk management: internal analytics obviously plays a role, as does behavioural monitoring, and the ability to learn from industry data.
How can financial institutions effectively protect themselves from financial crime attacks and build cyber resilience?
There are five key concepts to keep in mind:
- Risk management should be flexible: The factors shaping risk management today could look totally different even a few months from now. That means institutions must be able to change what they monitor (and how they monitor it) in response to emerging trends. This flexibility will be a key factor for effective risk management in the digital, real-time world.
- It needs to draw on a wider range of internal data: The increasing automation of risk management means banks can apply a wide variety of risk models to transactions in real-time. They can also draw on a broader range of internal data sets, helping risk managers continually refine their models.
- Analyse behaviours, not transactions: Examining peer groups and outliers, can help institutions spot fraudulent behaviours across customers, even though individual transactions may appear genuine.
- Unleashing the ‘big brain’, or the power of consortia: The ability to continuously build and refine industry-wide intelligence can decrease false positives—not to mention their potential to negatively impact or inconvenience the customer.
- Keeping one eye on the future: To a large extent, financial institutions’ ability to empower their teams to react quickly to emerging behavioural trends will be a big determinant of their future success.
How do you see financial technology evolving over the next 6 – 12 months?
One trend we’re watching closely is biometrics. Technologies like facial recognition have significant potential to enhance security and without disrupting the customer experience.
I think we will also see greater consortium-wide data gathering so the industry can keep ahead of the cyber criminals and provide an enterprise-wide view of financial crime that reaches across institutions.
The move to Open Banking, underway in many parts of the world, will also create many new points of entry into banks’ systems, in the form of APIs (application programming interfaces). So, risk managers need to be attuned to the possibilities of these new capabilities.
Finally, I think we could see more banks exploring blockchain technology – especially for protecting the integrity of institutional data, and further reducing the potential for risk.