All organizations are subject to fraud risks. Whether the threat comes from internal or external, the consequences of fraud activities can lead to the downfall of companies, increased regulations, loss of public trust in financial markets, and even incarceration for executives involved. After the financial crisis of 2008 which threatened to collapse the global financial market, much attention was put on how banks and financial institutions manage fraud risks. However, ten years since this financial black swan reports show the financial services industry has shown lackluster efforts in strengthening risk management strategies.
A research study by North Carolina State University focusing on the adoption of enterprise risk management across several industries found that only 34% of financial services companies possess “mature” or “robust” enterprise risk management oversight. Quite an alarming study when you realize the US financial system was directly responsible for the 2008 crisis. Banks and financial institutions must embrace risk management strategies to lower the risks of fraud in terms of both frequency and severity. With global fraud stealing an estimated $4.1 trillion annually, the time is now to fight back against fraud. A strong risk management infrastructure and reporting hierarchy will help financial institutions around the globe decrease the severe systemic impact of fraud within our global financial systems.
Top Fraud Risks for Banks
Fraud is a constant cat and mouse game between banks and criminals. Once a bank upgrades its fraud prevention measures, fraudsters are already looking for ways to beat the system. The ABA Banking Journal listed the top three fraud risks impacting banks globally. Risks which erode the financial system and increase leakage of capital due to fraud activities.
Business Email Compromise (BEC)
Business email compromise is a criminal act where a criminal poses as a bank executive or even customer in an attempt to get an employee to release funds, relying heavily on today’s instant communication abilities. For example, a criminal will send an email to an internal employee masking themselves as a bank executive. The email asks for funds to be transferred for certain reasons whereby the internal employee obliges as they believe this is coming from senior leadership. A Belgian bank fell prey to this scam costing the bank 75 million euros, a manufacturing company also fell victim to this scam costing 50 million euros when it was all said and done. Internal controls are needed to prevent BEC scams that can result in extensive monetary losses for banks and financial institutions.
Related to BEC scams are phishing scams, which are a proven way to defraud banking institutions around the world. One of the most well-known examples of phishing scams is the “Nigerian Prince Scheme.” A scam that has been around for decades whereby communications are sent to a large number of individuals asking for their assistance in getting large sums of money out of the country. Victims are asked for sensitive information (e.g. social security numbers, bank account numbers) which allows the fraudsters to access personal accounts and drain victims of their financial resources. Most would think this scam would be unsuccessful, however, it has resulted in millions in losses and even convinced some to travel to Nigeria where they were subsequently arrested. With a reported 97% of people around the world not able to identify a sophisticated phishing email, this fraud risk is not going anywhere. Banks and financial institutions must ensure internal controls are monitoring and preventing these types of attacks and their potentially immense financial consequences.
Card compromise is not a new risk, it has been around as long as people have been swiping cards to complete transactions. Criminals use tactics such as installing card skimmers on gas pumps or ATMs to steal cardholder financial information. However, a new technology was introduced by major card companies Europay, Mastercard, and Visa (EMV) to prevent fraud related to card swiping. EMV chip card technology, which uses small computer chips embedded in your debit/credit card(s) to prevent card compromise schemes such as skimming, has worked in reducing fraudulent activity for businesses. Mastercard reported a 54% decrease in counterfeit fraud costs at retailers who upgraded to the EMV technology, showing how technology has played a massive role in deterring fraud for point-of-sale transactions (POS). Although EMV technology has decreased POS-related fraud, criminals have since pivoted to card-not-present transactions, subsequently increasing online fraud. This is a great example of how diligent financial criminals are and how banks must be proactive in staying one step ahead of those looking to commit fraud.
Recommendations to create a solid fraud risk management program
Establish tone at the top
For any fraud risk management program to be successful, a tone at the top must be established, showing a deep commitment to combating fraud at all levels of the organization. Banks and financial institutions cannot establish a strong risk culture within the organization if there is not a commitment from the board. The board also has the responsibility to ensure management designs effective fraud risk management documentation to encourage ethical behavior by employees, customers, and vendors. Board commitment to fraud risk management will allow the necessary resources to be allocated to fraud identification and prevention measures across all banking channels.
Creating fraud awareness through assessment
According to the Association of Certified Fraud Examiners (ACFE), the foundations of an effective fraud risk management program are rooted in risk assessments, overseen by the board, which identifies areas where fraud may occur within the organization. Fraud risk assessments should be conducted on consistent and methodical bases to ensure fraud risks whether present or emerging are being assessed on a frequent basis. The presence of board commitment and a strong fraud risk assessment process can even deter would-be criminals from attempting to engage in fraudulent activities against banks and financial institutions. One key of a strong fraud risk assessment is having open communication channels where everyone in the organization can report fraud risks whether originating within or outside the organization. In essence, every employee plays an active role in fraud risk assessment.
Intelligent risk assessments provide a roadmap for fraud prevention strategies to be implemented to deter fraudulent activity and promote a risk-aware culture throughout the organization. Fraud prevention techniques should be tailored to the risks they are mitigating, a standardized approach to fraud prevention is not sustainable for banks and financial institutions. Once fraud prevention techniques are implemented, continued monitoring is needed to gather data on the effectiveness of said techniques. Consistent monitoring and communication of fraud prevention performance is pivotal to optimize fraud prevention techniques. If fraud prevention techniques are showing to be ineffective, they can be revised to ensure they are mitigating fraud as optimally as possible.
A strong fraud risk management program is a necessity in today’s financial services industry. Banks and financial institutions must establish proper risk measures to prevent fraudulent acts both inside and outside the organization. When a fraud risk management program is effective, it creates a risk-aware culture at all levels of the organization where employees have the power to play a direct role in identifying and preventing fraud. Fraud is not going anywhere. A strong risk management program gives banks and financial institutions a roadmap to identifying, assessing, and preventing fraud regardless of its origin.