Several relevant reports show how the world of fraud and financial crimes is mutable and always changing. Recent research – such as PwC’s 2018 Global Economic Crime and Fraud Survey or Javelin’s Overcoming the Top 10 Challenges to Omnichannel Fraud Management – quantify costs and trends. But they also raise qualitative aspects, sometimes with even more impact. These include reputational risks, requirements for digital transformation and new regulations. These are never isolated topics. All of them relate to each other technically and functionally.
This context provides additional perspectives to other studies, including the recent Anti-Fraud Technology Benchmarking Report, a benchmarking study conducted by ACFE and sponsored by SAS. This report helps organisations understand what anti-fraud technologies their peers are using to guide the future adoption of anti-fraud technologies.
Banking and financial services
Traditionally, this industry is a leader in new technology investments to fight fraud, money laundering and cybercrime. In an industry based on data and risks, we don’t expect this to change. Payment systems are evolving to adopt new methods, adapt to new regulations, and meet new convenience and flexibility demands from customers. Regulatory bodies are really conscious of this. This year FATF is including digital identity and virtual assets in their strategic priorities and recognising the potential that innovation offers to improve AML/CFT efforts.
In this world of changing and evolving risks, we can observe additional parallelisms. Let’s consider as an example the moment of acquiring a new customer or product. AML/CFT regulations now force banks, insurers and other financial institutions to meet customer verification requirements in the onboarding process. Banks must screen for PEPs, terrorists and other risky profiles with additional requirements, in addition to managing AML/CFT risks after onboarding, such as monitoring transactions.
On the other side, anti-payment fraud controls are usually mature in most institutions and geographies today, in the form of rules and machine learning. This was perhaps the first area of the industry to use these techniques, in some cases more than 10 years ago. However, because of this maturity, the rise of e-commerce and digital transactions, and new regulations aimed at helping customers and improving market flexibility, fraudsters are refocusing their efforts on leveraging consumer identity information in the financial institutions’ digital platforms. So, the trend is moving upstream. From payments fraud to application fraud, banks require a more comprehensive and integrated way to apply anti-fraud countermeasures to these business processes.
Retail, communications, energy and others
Historically, the traditional retailers – as well as other industries like communications, energy and others with physical shops – have invested more in physical security measures to attack theft and shrinking. Because of the e-commerce explosion, omnichannel experience trends and new technologies at the disposal of current digital consumers, these industries are now paying more attention to anti-fraud programs and projects. They focus on point-of-sale fraud patterns for the physical shop. And they are also looking at identity and payment fraud patterns in the digital shop, including identity theft and card-not-present fraud.
On the regulatory side, new requirements are coming to stay for all industries. There is a growing need to control internal anomalous behaviours in the procurement-to-pay process, as well as the provider onboarding process. This is similar to the way banks need to control the customer onboarding process and is a current reality with growing requirements. The huge reputational impact derived from the rise of different scandals in the media that are continuously appearing is driving this need, as well as new commercial regulations being enforced by different jurisdictions across the world.
We are seeing more sophisticated and well-orchestrated attacks growing in an increasingly digital ecosystem. Useful anti-fraud strategies, however, have similarities that we can apply in different situations. So more loops or cycles are blurring the borders of all the different fraud, AML and security topics. For example, criminals use cybercrime techniques to steal identity data, which they then use to steal money via fraud. They can then use this money to fund further criminal activities, then launder the proceeds.
This reality makes convergence in fraud, AML and security programs necessary. The already huge efforts invested in each of these programs individually can then benefit them all. Financial crime analytics can clearly help you understand this cycle in a comprehensive manner. This helps you combat fraud, money laundering and cybersecurity risks holistically, as well as individually.
Organisations have significant roadblocks to this convergence. Probably we all know organisations, including banks, that completely separate fraud discipline and AML practice. This separation includes people, processes, systems, departments and data. Breaking down data silos is not simple at all, and neither is breaking up the intelligence and investigation management silos.
However, uncovering money laundering and preventing fraudulent transactions require much of the same data. Differences in prevention processes may still exist, but they are growing more similar over time.
So, on one side there is plenty of research discussing this topic. On the other side, we can find more and more individual examples where a more unified and holistic approach is needed. And many are initiating convergence, in different industries with different levels of maturity and sophistication in their programs, because we all coexist in a more hyperconnected and hyperregulated world.
The degree and speed of adoption of such approaches are uncertain, given the complexity required in some or most cases. We are observing that strategies sponsored at the highest executive level are required to run the organisational transformation that this convergence implies. We would expect that, if more companies adopt and then share the results of such approaches, this will become hopefully the new normal in the future.
By Manuel Rodriguez, Fraud Solutions Manager at SAS