In our last issue, Dr Stefanie Rummel took a practical look at what impact communication has in preventing fraud and financial crime. This issue, Elif Morgenroth explains how to identify patterns of financial crime and examines the importance of knowing you enemy, utilising IT effectively, and turning compliance burdens into business opportunities.
New types of crime, such as cybercrime, are a major concern for financial institutions and companies. Just one type of cybercrime, online fraud, costs over US$600 billion a year in the United States alone.
The globalisation of finance and the development of instantaneous electronic payment systems across multiple devices has had an unparalleled impact on the evolution of fraud. By the end of 2017, many countries will process transactions in real time (on the block chain, permission-less distributed database protocol) so delinquent patterns will need to be detected within nanoseconds. This presents considerable challenges for the monitoring of transactions, sanctions screening and customer due diligence.
An effective programme for the identification of patterns of financial crime in order to prevent it includes the following key elements.
Intelligent self-learning (ISL) is crucial. It is not just about the fraud itself: erroneous charges and fines levied by credit card processors on customers are secondary consequences of a fraud that have a major impact on a business’ bottom line. A thorough understanding of the behaviour of customers as a result of a system applying ISL can effectively analyse a situation and enable the business to take steps to end the fraudulent behavior, or at least prevent it from happening again.
As patters of fraud are identified, so are levels of risk attached to certain countries, behaviours, types of customers, etc. The attachment of a risk to a factor is the start of an automated risk management solution and the development of best practices that protect businesses from fraudulent transactions while preserving operational efficiency.
Case management system
A case management system can be an extremely useful addition to ISL as employees’ or management’s suspicions of fraud can be manually inserted into the system even when a fraudulent pattern has not (yet) been revealed.
Based on a business’ experience, existing sanctions and applicable regulations, a basic set of rules or an algorithm can be created to automatically reject a transaction that triggers certain country or product risks.
Command and control centre
The effective management of fraud and cyber security always entails the screening of vast amounts of data. Only a strong, efficient and effective IT platform will be able to cope with the challenge of real-time transactions. In order to avoid cybersecurity, AML and anti-fraud regimes falling into separate silos, most businesses will benefit from one streamlined, digital IT platform what operates in real-time and incorporates ISL and case management within one “command and control centre” to manage all the data that would have formerly fallen into a silo.
Comprehensive approach from the start
Patterns of fraud can only be analysed by recording and monitoring the history of a business’ relationship with its customers. For example, when a bank opens an account for a new customer, it launches a process of know-your-customer due diligence, risk scoring, background checks, etc, which continue sthroughout the relationship. Other businesses can adopt this model of comprehensive and ongoing customer monitoring in order to identify patterns that may emerge.
Know your enemy: what does a typical fraudster look like?
The process of identifying a typical fraudster by recognising certain types of behavior has a long and problematic history. Research has shown that convicted fraudsters have similar personal and professional backgrounds to each other, but of course this research only applies to fraudsters who have been caught. Different profiles might apply to more successful fraudsters who manage to evade detection.
Robust internal business controls will assist in identifying potential risks at the earliest opportunity and, of course, the visible detection of fraud and ensuring law enforcement can be a keen deterrent.
Research also shows that an effective way to prevent fraud is to remove excuses used to justify offending. This can be achieved by making policies and procedures that govern behaviour known throughout the business and understandable at every level, thus making it easier for workers to act honestly. Explaining the benefits of compliance, and the penalties for non-compliance, can help prevent staff from arguing that “no one suffers as a result of fraud” or that “the government can afford it”.
Finally, the evidence available from fraud profiling can be used to identify those at highest risk of offending, such as sales staff far from home. They can then be provided with additional support and advice to help them to act honestly in the workplace
As with other areas of crime control, intervention at the earliest opportunity has considerable benefit in terms of reducing losses and harm, and enabling otherwise productive employees to continue to pursue risk-free patterns of work.
Compliance as an opportunity, not a burden
The effective management and prevention of financial crime provides a business with the opportunity to demonstrate its integrity to customers, third parties, competitors and employees.
Customers make their choices very carefully and, according to a CGI survey, take protection against cybercrime and fraudulent activities very seriously. Most expect their bank to initiate the very highest standard of measures to combat financial crime, which is a good example of how compliance can generate a secondary gain for a business.
By implementing best practices and then promoting that implementation across traditional and social media, client loyalty can be increased and market perception improved
The better the knowledge a business has of its employees, the more likely it is that financial crime can be avoided. This creates a win-win situation for employee and employer.
It has been proved that fraudulent acts are prompted by a combination of greed and work pressures. Employees who are well looked after by their employer (with adequate benefits and salaries, and realistic pressure to achieve targets) have a higher level of commitment to their employer, which could prevent the development of corruption. At the same time, the employer benefits from the employee’s higher performance. This approach again demonstrates the opportunities afforded by compliance obligations.
Management of big data
The effective management of big data will contribute to the effective prevention or detection of financial crime. In many cases, data (whether big or small) is somewhat unstructured, e.g., handwritten notes, disparate electronic lists, etc., which can help facilitate financial crime. The structuring of data in a streamlined digital process is vital to managing the problem. A key element of this structuring is an integrated IT portfolio, designed with the business’s regulatory requirements in mind. This can serve as a single repository for all data, and have a positive impact on the quality of the data in terms of consistency, completeness and timeliness of presentation.
Although it is important to undertake checks on existing systems on a regular basis, it is better to ensure that any restrictions or requirements are taken into account at the planning stage. This shifts the intelligence upstream to the time of design, which avoids extra effort, and potential mistakes, downstream.
On the human side, there needs to be appropriate and responsible handling of IT. Management and relevant staff members have to understand the strategic application of IT in order to conform with best practice. As a key element in effective corporate governance, risk management and compliance, the IT structure must include processes and standards that minimise the risk of human error.
A financial crime platform effectively integrated with an effective IT system serves as a single system of reference and provides information on demand rather than necessitating ad-hoc data collection initiatives to gather the data needed. Additionally, an integrated platform allows for the consolidation of information from across the business and, as such, avoids data silos that are the main cause of the bad data quality most organisations struggle with.
A good technological solution can ensure that management has immediate and accurate access to reports that form not just the cornerstone of a regulatory compliance program, but have the added advantage of improving decision-making.
In addition, it is worth considering how else the data can be used to enable improvements in services to clients. Being able to provide data to an auditor is not dissimilar from being able to provide data and information to a client; an increased ability to produce information on demand is a revenue opportunity.
Finally, it also demonstrates to the outside world that the business has taken careful steps to ensure the prevention of financial crime.