Financial crime in a digital age — Why banks need a holistic approach
By Ashok Kadsur, co-founder of SignDesk
Fraud, financial crime, and cybersecurity have long been problem areas for financial institutions (FIs). Fraud and financial crime was a trillion-dollar industry in 2018, with the World Economic Forum (WEF) reporting that banks spent US$8.2 billion on anti-money laundering (AML) efforts alone.
The advent of COVID-19 and consequent trends including large-scale digitization increased demands for digital channels, and a general increase in online presence have all contributed to a rise in cyber threats throughout the pandemic.
Risks for banks have also increased due to a number of factors such as the vulnerabilities inherent to massive automation, increase in transaction volumes, and greater integration between banks and geographies.
The profiles and methods of financial cybercrime have changed to maximize these risks, and banks now need to evolve an improved and holistic approach to mitigate this new breed of threats.
Evolving pathways in cybercrime and finance
Traditionally, banks have had a siloed approach to dealing with the threats of fraud, cyber breaches, and financial crimes.
Fraud has generally been understood as a crime involving the deception of financial personnel and services to commit theft, via forgery, credit card scams, insider threats, etc. Financial crimes have usually meant money laundering and other criminal transgressions such as bribery and tax evasion; and cyber breaches, rather eponymously, refer to events responsible for compromising the security structures of FIs.
In the standard operating model for banks, these threats are dealt with separately. For example — fraud is typically transaction-based and the response is channel-specific and point-based, while the response to money laundering is pattern-based and involves comprehensive monitoring of activities.
The distinctions between these three categories, which were organizational, to begin with, are blurring due to new forms of cyber threats. Threats are now posed to banks from a variety of different channels and in a streamlined way, that the aforementioned siloed approach is simply not equipped to handle.
Banks need to adopt a new, holistic model to deal with such crimes. One that views the customer journey as a basis for creating security models and employs risk-based assessments of threats.
Integrating fraud, financial crime & cyber security
Several leading banks are already spearheading a holistic approach to combating digital crimes. The efforts of these banks include defining the exact nature of the threat, employing a data-based approach to analyzing threats, and clarifying the roles and responsibilities across teams.
A strategic approach to prediction
To effectively combat cybercrime, banks must think like criminals and use these insights to shore up any weaknesses. Any system designed using these principles will automatically be fluid and allow for tracking of the migratory flow of crime. A strategically designed system will also improve the efficacy of the measures being implemented.
By employing a ‘big picture’ view of cyber threats, banks can make the best use of resources available and create a strategic, predictive system to combat fraudsters and hackers.
However, banks have a larger set of tools at their disposal, which provide further insights into threats and help to manage risks.
Leveraging automation, controls & data analytics
Banks can no longer adequately deal with threats of cybercrime on a case-by-case basis, due to the sheer volume of threats. In such cases, the best approach is rule-based automation.
When designing these rules, banks need to use insights gained from data analytics to create a risk-based approach to mitigating and ameliorating digital threats. Predictive AI and ML now offer huge opportunities for rapid decision-making, by aggregating data from various sources and gleaning key insights using these data.
Automation in areas of compliance and customer ID verification also offers avenues for customer monitoring, data collection, and risk management.
Further, by bringing together groups addressing fraud, cyber threats and financial crime; the resultant aggregate data will greatly increase the institution’s capacity for risk detection while ensuring that efforts to combat digital threats are streamlined and deliberate.
Digital trust and customer experience
In an age where the majority of customers are generally averse to face-to-face interactions with bank professionals and would much rather prefer interactions on digital channels, establishing digital trust with customers is paramount.
By streamlining and combining efforts to manage threats against customers, banks can offer their customers concrete assurances and earn their trust. By employing a risk-based approach, security threats are delineated according to customer experience, and the objective is to solve issues of cybercrime by solving customer experience problems and the threats therein.
Therefore, a unified and risk-based approach to cyber threats would ensure a high standard of digital trust between a bank and its customers, while also ensuring the highest levels of transparency and convenience.
Conclusion — From collaborative to holistic
The typical bank employs a collaborative model to address financial crime — a model in which there are separate units for fraud, financial crime and cybersecurity. Such a model offers little transparency and often leads to gaps or overlaps in functionalities, allowing for savvy cybercriminals to fall through the cracks.
With several cybercriminals manipulating the blind spots inherent to the collaborative model, banks are now shifting to a unified, holistic, and risk-based approach to financial crime. By leveraging a holistic approach, banks can make huge gains in efficiency and expenses saved, while enabling quick end-to-end decision making.
The risk functions for banks are becoming more expensive and less effective due to the changing nature of cyber threats. Banks must make some headway in designing a unified framework to mitigate cyber threats to turn this tide around. Money laundering, fraud, and cyber-attacks can all be accommodated under a unified approach; which provides both long-term security benefits and short-term cost and efficiency advantages.
About the author
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.