Banking on a holistic approach to combating financial crime

Paul Clandillon is EMEA practice lead for fraud & financial crime at IBM

Fraud and financial crime are growing substantially in their nature and complexity as we continue to evolve into an ever more connected world. New technologies, particularly the spread of mobile devices, have opened up different avenues of attack for technically sophisticated and well organised gangs of fraudsters and criminals. The social and economic costs of organised crime in the UK alone are estimated to be £24bn, of which £8.9bn are associated with fraud, writes Paul Clandillon.

The cost of fraud to a financial institution is not limited to the direct financial losses incurred as part of a fraudulent attack. Institutions face the cost of significant reputational damage as customers become much less forgiving of data losses and system breaches.  Traditional approaches to combating fraud are typically based on lines-of-business within the organisation.  This siloed approach could exacerbate the problem by driving a high number of false positives and consequently a negative customer experience due to a lack of a holistic, customer centric approach to resolving a potential fraud issue.

A less mature approach to fraud could also lead a financial institution into conflict with the regulatory authorities. Experience demonstrates that a high proportion of fraudsters are also engaged in money laundering.  The inability to resolve the identities of individuals and groups operating in different parts of the organisation could give rise to significant regulatory exposure as well as risk substantial fines for non-compliance.

Criminal exploitation of technology

Crime, including fraud, is becoming increasingly organised and collusive. Networks of criminals provide a wide range of services from subversion of employees, through large scale theft of sensitive customer data to the establishment of networks of mules to launder the proceeds of fraud.

New styles of cyber-attacks have given money launderers a way to penetrate banking systems and evade anti-money laundering measures, without leaving a detectable online footprint.  We are all aware of recent attacks on IT systems of high profile, retail stores and banks leading to fraudulent transactions and large breaches of customer data.  Inside knowledge of how banks defend against fraud enables criminals to identify gaps through which to slip undetected.

Securing against attacks

Historically, banks and insurance companies have protected themselves against attack using different specialist systems designed to identify fraud in a single channel. Typically, a bank puts in place an analytics engine to identify suspicious credit card transactions and refers those transactions for investigation.  Similarly, insurance companies guard against false claims by subjecting each claim to analytics and rules-based capability to identify any potentially suspicious claims.  These approaches have been valuable in restricting relatively simple, easily anticipated fraud schemes.

As we see the emergence of more complex, organised typologies, these systems start to become challenged by the problem of increasing false positives and false negatives.

False positives arise where a transaction is incorrectly flagged as suspicious, which can lead to wasted expense as well as having an impact on the customer experience.

Fortunately, developments in the areas of big data, analytics, unstructured data analysis and case management provide a platform to address these new threats. Re-evaluating organisational constructs and adopting new ways of thinking will also be required in order to take advantage of these developments, and contain the threat of financial crime.

What can financial institutions do to address this seeming conundrum?

A successful approach to combating financial crime will require new approaches to how technology is used as well as revisiting business processes and how financial institutions culturally view cybersecurity.  While line-of-business based fraud detection capabilities will continue to be valuable, they will need to be supplemented by more general purpose capabilities to enable the identification of new and complex, cross line–of-business, fraud typologies.

Integrating different fraud departments through a comprehensive and scalable case management system will enable the creation of a deep pool of intelligence related to customers, the entities with which they trade and their normal patterns of activity.  AML departments, which share similar detection, investigation and discovery requirements, can be integrated in the same way, further enriching the pool of financial intelligence available.  Deep mining of this financial intelligence will allow the institution to find new fraud and AML typologies as they emerge and update their detection systems to account for these new typologies.  This results in a virtuous circle which allows banks or insurance companies to react to new and emerging threats in a timely manner.

Paving the way for a holistic fraud and financial crime strategy

In order to combat fraud and financial crime, an institution will need to make organisational and cultural changes that include:

1. Elevating the fraud agenda.  This requires a board level appointee to be accountable for combating fraud and financial crime across the enterprise
2. Expanding the observation space.  Collating data related to fraud and financial crime into a single source of financial intelligence that includes unstructured and open source intelligence, and looking at it holistically
3. Leveraging this intelligence using new analytic capabilities, such as predictive and contextual analytics, to identify new and emerging typologies and stay ahead of the criminals.

Companies that are able to adopt a proactive response to fraud will have a real competitive advantage in the market.  Taking a holistic approach to fraud and AML, combined with a strong cybersecurity strategy and appropriate process controls, will ensure that a financial institution has a robust defense against the most difficult fraud attacks it may encounter.