Reimagining Enterprise Fraud Risk Management

A Digital Transformation

Increased sophistication in technology platforms, banking channels and digital initiatives has ushered in transformation in the banking industry. But these changes have also brought about increasingly sophisticated financial crimes. Bank fraud is now being committed by tech savvy criminals who find means to bypass the fraud detection rules bank platforms employ.

Introduction

The last two decades have seen phenomenal transformation in the banking industry, through sophistication in technology platforms, banking channels and digital initiatives. Financial technology (FinTech) has brought about a complete revolution in the ease with which the common man does banking! From “brick” to “click,” banking today is not about visiting a bank’s physical branches as much as it is about conducting transactions online through the internet and mobile devices (mobile banking and digital wallets) at a click. Even ATMs are being reimagined to cater to a number of banking operations which could not be envisaged a decade ago!

This transformation has brought about enhanced agility, greater efficiency and flexibility in banking. But at the same time, there are widespread concerns about some complex problems banks are facing today, including sophisticated financial crimes, which are difficult to track using the regular rule-based financial crimes risk management systems. Bank fraud and money laundering are now being committed by tech savvy criminals who understand the systems and processes in place in banks to detect financial crimes and hence find means to bypass the detection rules to commit such crimes.

In this article, we try to explore the current fraud control frameworks in banks, the challenges faced by banks in fraud risk management and how emerging digital innovations can strengthen such frameworks, thereby reducing the risk of financial crime and ensuring improved regulatory compliance.

The Fraud Risk Management Landscape

The banking and financial services sector has witnessed exponential growth in fraud over the last few years. While some reports peg financial fraud to be around $20-30 billion annually, the actual figure may be much higher, as several financial institutions are unable to identify and accurately assess the losses they incur due to fraud. With innovation and technology improvements – meant for better customer experience, higher productivity and cost optimization for banks – criminals have also done some upgrading, making technology their strength in order to commit organized fraud.

Fraud management frameworks in most banks currently follow a line-of-business-based approach, with disparate fraud control systems applicable to individual business lines, including cards, online payments, core banking transactions, loans and trade service payments, mobile-based transactions, domestic and cross border fund transfers and so on. As these platforms are generally not integrated and do not exchange data between them, cross-channel fraud detection becomes a challenge for banks. Moreover, case management systems for investigating fraud alerts generated by the various fraud detection engines are also not unified in several cases, so they miss out on an enterprisewide behavior analysis of suspected fraudsters across various banking business lines and channels.

Lack of a consolidated data store, containing dynamically updated customer profiles and history of past transactions for at least a six-month look-back period are also common pain points among banks. A single transaction in isolation may not present itself as fraudulent, but when it is compared against the customer profile, peer behavior and the customer’s own transaction behavior over a certain duration, a suspicious pattern might emerge. While convergence of AML (anti-money laundering) and anti-fraud platforms and data has been a talking point among the banking fraternity, convergence of cross-channel and cross-service-line fraud control data needs to be placed on equal footing to prevent and detect fraud at an enterprise level.

The legacy fraud detection engines in banks have rule-based triggers for alert generation, which are not necessarily reviewed and modified very frequently. Most legacy fraud detection platforms generate an average of 80-90 percent false alerts, the investigation of which costs banks heavily, while the chances of missing true alerts remain. Criminals are aware of these transaction-based rules and hence conduct their business in a more organized manner to bypass such rules, spreading them across channels and entities over a period of time to avoid getting caught.

Harnessing Digital Solutions for Effective Fraud Risk Management

One of the major challenges in fraud risk management is around data – banks are sitting on huge volumes of fragmented data, both structured and unstructured, which must be sourced, analyzed and processed accurately and promptly for the prevention, detection and reporting of fraud incidents. These include customer, account and channel transaction data; historical behavior profiles of customers; beneficiary and related parties’ information; employee surveillance data; and so on. A big data enabled unified fraud detection and case management platform with a consolidated fraud and AML data warehouse can make the process of fraud oversight and control more effective. Advanced analytics-based models and data visualization tools employed in big data management can then unearth cross-channel suspicious behavior patterns with agility and accuracy; it is unthinkable to use traditional tools and a purely manual effort! U.S.-based Zion Bank is a pioneer in this field and has been successfully employing big data for cross-channel fraud detection over the last couple of years.

Machine learning (ML) and artificial intelligence (AI) too have started making their presence felt in the fraud risk management and AML compliance space. ML-based cognitive computing is being increasingly used to discover suspicious behavior leading to money laundering and fraud and to detect outliers even when they do not breach any defined fraud or AML scenario – something rule-based platforms are incapable of. Colossal amounts of data from multiple sources can be processed by the system, which has been fed with the ML algorithms, revealing deviations from expected behavior. A testimony to this fact is that large banks in the U.K. (e.g. HSBC, RBS, Barclays and Lloyds) are now embarking on ML- and AI-based platforms to combat fraud and enhance compliance; the U.K. has been grappling with the highest incidence of card frauds (including credit, debit and payment cards), causing millions of pounds in fraud losses.

Blockchain-powered, shared KYC registries are making waves as the next generation technology, promising to bring about operational efficiencies and mutualizing cost among the participating banks while also sharing AML- and fraud-related intelligence. In India, a consortium of banks led by the State Bank of India, the largest bank in the country, has recently launched “Clear Chain,” a blockchain-based initiative to enabled shared KYC and AML efforts among the member banks, including the sharing of KYC data, case investigation reports, suspicious transaction reports and cross-border wire-transfer reports. Honduras and Greece are exploring blockchain-based land registries, as a central database of land ownership details. Banks can integrate with such land registries in order to avoid mortgage fraud, where false title deeds are submitted or the same land is mortgaged to multiple banks as collateral against loans. Canada, which faces a high incidence of mortgage frauds, can benefit from such blockchain-based land registries, as banks can rely on this reference data while accepting land-based property as collateral for mortgage loans.

Digitizing Enterprise Fraud Risk Management: The Road Ahead

Digital innovation has brought about a revolution in the banking industry in the last few years, and banks have been aggressively adopting digital strategies to transform their businesses. For the risk and compliance offices of banks, digitization is slowly transitioning from a being differentiator in terms of improved oversight and risk management to a necessity for staying a step ahead of financial criminals and preventing losses due to fraud, money laundering, cybercrime and so on.

A lot of digital innovation in the financial crimes risk management space is still in its nascent stages, such as voice biometrics for phone banking fraud prevention, launched last year by Citibank in Hong Kong and Barclays.  It is just a matter of time until banks globally will follow suit to replicate the success of these banks in fraud prevention. The Financial Conduct Authority, the U.K.’s banking regulator, issued guidelines in 2015 to banks within its jurisdiction to monitor customers’ social media behavior as a tool to combat fraud. Banks worldwide are now looking at using AI to conduct social media screening of their customers and detect early warning signs of fraud.

While a beginning has already been made to tap the potential of digital technology in controlling fraud and other financial crimes, advanced innovation in this space is bound to take the industry by storm and completely change the way fraud risk is managed in banks. Fraud control is destined to move from reactive to proactive, and digitizing enterprise fraud risk management is a step in just the right direction!