By Mike Ressel, vice president of business development, Fiserv
Despite continuing effort and investment by banks to mitigate financial crime risk, fraud is evidently still a growing problem.
So what's going wrong?Platforms and opportunities for fraud and malfeasance are continually opening up in the form of mobile banking and through different technologies, regulations and time zones. The resourcefulness of financial criminals can be taken as given, and is not going to change. What can and must change are industry tactics for countering these attacks. Transaction monitoring, one of today's most widely accepted tactics for mitigating fraud risk, has reached a point of diminishing return.
By its very definition, transaction monitoring focuses on detecting fraudulent transactions after they have occurred. While this reactive approach certainly helps identify and assist affected customers (and can potentially lead to the conviction of fraudsters) it does little, if anything, to address increasing fraud rates.
One area which has spiked in growth due to the economic downturn is internal fraud. For example, the Société Générale rogue trader who hid fraudulent transactions using varied and sophisticated techniques cost the bank over three billion pounds. The UK's Fraud Prevention Service, CIFAS, reports that dishonest actions by staff to obtain benefits by theft and deception increased by 69 percent in the first half of 2009 compared with the last half of 2008. CIFAS also comments that two in five frauds were identified through internal processes and audit procedures, demonstrating the continued importance of having robust checks and processes in place.
In another more recent event, a woman stole nearly 20 million Australian dollars from electrical retailer Clive Peeters, in Australia. After getting payments approved, she allegedly changed the account details so the money was siphoned into her own accounts. The fraud was detected through routine end-of-year ledgers reconciliation, but the company had to substantially restructure to accommodate the cost to their bottom line.
Recognizing the increase in fraud, some banks have implemented real-time detection solutions. The problem is that the solution often falls short because proactive, real-time detection requires a greater commitment of infrastructure and operational resources to interact with, as well as decision exceptions on a real-time basis. It's also only feasible for specific transaction types (e.g., wire transfers, credit card) that are inherently real-time. Like transaction monitoring, real-time detection solutions cannot address the more insidious forms of financial crime such as identity theft, phishing and malware attacks, complex legal entity and time-zone exploitation fraud. Transaction monitoring, batch and real-time, still has its place. It just needs to be seen as part of the solution, not the full answer.
Rather than continuing to implement and then attempt to tune individually siloed fraud risk management solutions for 'better' performance, banks need to take a more holistic approach to financial crime risk mitigation and prevention. They need to 'de-risk' each and every transaction throughout the transaction lifecycle. This includes not just point of transaction initiation and following clearance and settlement, but also the point where users access banks' systems, and when customers first establish their relationship with a bank.
While valuable point solutions do exist for each of these transaction lifecycle 'stages', the key to fighting today's financial crime is the integration of these traditionally siloed solutions into a common framework. This means relevant information could be shared from one transaction lifecycle solution to the next, offering customers the ability to identify, manage and 'de-risk' suspect transactions and banking activities. It creates a seamless, integrated and highly effective multi-layered 'deep defense' fraud mitigation strategy to counter increasingly complex and inventive fraud scenarios.
Fraud is more complex and faster than it has ever been, yet, fraud, anti-money laundering and compliance systems remain focused at the individual or group level of transactions. The monitoring solution then often doesn't calibrate, resulting in a fraud and compliance solution that offers at best poor ROI and, at worst, an expensive false sense of security.
The ultimate goal is to 'de-risk' a transaction from before the point of execution. This requires a revolutionary and highly creative approach to increasing the transparency into fraud and compliance risk which uses existing investments and substantially cuts operational costs. The ultimate goal is to 'de-risk' a transaction from before the point of execution. Combining the defensive layers, including real time, batch, complex, simple, cross product, cross enterprise (which by themselves bring value) - into a common framework magnifies the efficacy. With a common, fully integrated workflow, alert investigation dashboard and case management user interface, revolutionary preventative capabilities can be realized, as well as earlier and more proactive detection and enterprise uniformity in the investigation and management of exposure. The result is a much more robust fraud and compliance environment offering higher prevention rates with increased opportunity earlier in the transaction lifecycle to identify and mitigate exposure. In an era of increasing mobility in financial crime such an approach will offer customers an operationally more efficient, productive and cost effective solution as well as a several fold improvements in exposure transparency. Placing the correct tool, focused on a specific exposure, within the transaction process would also drastically reduce the expensive investigation of false positives.
In such an environment, transaction monitoring - the traditional answer to the challenge - becomes an exception processing solution and not the vanguard against financial crime. In other words, the transaction monitoring system can focus on what it was designed for - to reduce the risk of false positives and spot key risks.
It all comes down to those who recognize the need to cover the whole transaction lifecycle. Banks that recognize this need to ensure tighter integration of financial crime risk management solutions will be among the first to beat back the seemingly inexorable rise in financial crime rates.
Mike Ressel currently serves as vice president of business development at Fiserv. Mike has over 16 years experience in the banking, electronic payments, and commercial software industries, including specialization in cash management, capital markets, retail payments and risk management systems. Prior to joining Fiserv, Mike held various internal audit and security roles at Banc One Corporation.