Taking on the modern day financial criminal: How banks are fighting back

21 September 2011

by Erik Stein,
vice-president,
Financial Crime Risk Management Solutions,
Fiserv

Financial crime is at an all time high and regulators are increasing the pressure on financial institutions to take more preventive measures. To mitigate loss, improve customer service and soothe regulators, financial institutions need to re-think their strategy for thwarting modern day criminals.

This is especially true in the UK where security fears about financial crime have reached a four-year high, according to recent surveys conducted by Unisys (1). Figures from CIFAS (2), the UK fraud prevention service, report that more than 217,000 cases of fraud were identified in 2010, with an additional untold number that go unreported. While this is a reduction of seven per cent in fraud cases over 2009, one should take small comfort given fraud has increased by 25 per cent in the last five years.

However, banks have not surrendered. Two major shifts have occurred in the way banks fight financial crime. The first is that banks have improved their layered defenses and do not solely rely on front-end prevention tools such as ID verification and password security. The second is that banks have taken up a more holistic, enterprise approach to detecting fraud.

Getting smarter at detecting financial crime

The use of passwords and encryption are often part of a bank’s front-end prevention strategy to stop the criminal from gaining access to commit the crime. These tools work as a locked front door. However, as the figures on financial crime show, the shrewd modern-day criminal has figured out how to circumvent these barriers by picking the locks, going through a window and duplicating the key by compromising customer credentials or otherwise gaining entry through alternative means. Professional criminals are simply finding it easy to commit crimes such as identity theft and by-passing many of the measures put in place to try and stop them.

The cumulative loss is staggering. The National Fraud Authority (NFA) Annual Fraud Indicator survey (3) estimated the cost of fraud to the UK to be £38 billion in 2010.

To that end, more and more banks are increasingly investing in back-end detection tools that take a totally different approach to detecting crime. While copying people’s passwords and personal details is providing relatively easy access for financial criminals, replicating behaviour is far more difficult. Financial institutions have deployed customer behavioural profiling solutions to more accurately detect abnormal transactional behaviour and potentially criminals.

A large European retail bank using Fiserv technology monitors over four million bank accounts with more than two million transactions each day. Once suspicious behaviour is detected, alerts are generated ensuring the events are investigated and tracked through a case management system and reported to the authorities if deemed to be possible financial crimes. The approach has proven to be very effective. The suspicious activity detection results show low alert volumes with a very high hit rate of 60-80 per cent, resulting in very few false positives.

The behavioural profiling and peer group analysis capabilities give this bank a superior ability to uncover suspicious activity (fraud or money laundering) compared to more traditional rule-based products. For peer group analysis, a risk scoring calculation is used to identify extreme deviations, flagging alerts only when a customer’s behaviour is significantly different from others in its peer groups. For example, customers can be assigned to peer groups based on postal code and age. If an account holder shows, a certain amount of cash during a month, this amount is compared to what is usual for the postal code area he lives in and to what is usual for his age-group. If the account holder’s behaviour significantly deviates from the overall behaviour of the peer group he belongs to, an alert will be generated. So with these more accurate methods, the bank can focus its investigative resources on really unusual behaviour, resulting in significant time and cost savings.

The industry now knows that traditional front-end detection tools, such as ID authentication, will no longer stop criminals from getting into the system and stealing money. In addition, further front-end measures only prevent criminal activity for a matter of time before the criminals learn to break through the new barriers or how to circumvent them.

This is not the case with back-end detection technology, because no matter which channel the criminal uses, whether it is via the Internet or ATMs, their criminal behaviour will give them away. This is one of the key benefits of back-end transaction monitoring solutions that provide behavioural profiling and pattern recognition detection techniques. It is also one of the reasons why even the regulators are recommending banks analyse the activities of their customers to identify possible fraud. The Federal Financial Institutions Examination Council (FFIEC) guidelines state this very clearly; “Financial institutions should rely on multiple layers of control to prevent fraud and safeguard customer information. Much of this control is not based directly upon authentication. For example, a financial institution can analyse the activities of its customers to identify suspicious patterns.”

Adopting a more holistic, enterprise approach to detecting fraud

Alongside the adoption of new detection techniques and technology to catch criminals, financial institutions are also trying to move away from the silo approach of the past. As a result, instead of keeping compliance and fraud detection and prevention functions apart, these teams are now being brought together. Some are being merged to form a single financial crime centre and the bigger organisations in Europe are leading the way in this practice. Even in situations where the functions remain separate, the departments are now collaborating more closely, sending each other possible cases of suspicious activity and starting to share the same detection and investigation tools.

An example of this convergence includes watch-list filtering which can be used to spot “bad guys” as easily in the world of compliance as it can for fraud. Case management is another good example, since it is a key investigation tool that can be used effectively by both fraud and compliance departments. This is confirmed in a 2011 report from Aite Group (4), a leading independent research and advisory firm, which states that “technologies that are expected to make big strides across the enterprise include case management systems, account monitoring, transaction monitoring, link analysis and consortium-based databases.” The Aite Group report goes on to confirm that there is a clear move towards adopting enterprise wide strategies.

A large international bank, with over 7,000 employees and 700 branches worldwide using Fiserv AML Manager as its money laundering solution provides an example of a more holistic use of technology. The bank decided to expand the use of the same platform to detect other crime. Using the holistic financial crime risk management platform now generates both money laundering and fraudulent behaviour alerts using sophisticated scenarios that improve risk protection. Use of this type of comprehensive financial crime risk detection to protect customers can lead to improved trust in the bank.

By having fraud risk management and anti-money laundering software on a single platform, the bank also takes advantage of shared functionality and increased efficiencies through use of common resources and reduced maintenance and hardware costs.

Better financial crime tools lead to enhanced trust and reduced loss

Since the economic crisis started in late 2008, there has been a significant rise in fraudulent activity alongside an ongoing need for financial institutions to reinforce customer trust. Banks are increasingly asking technology providers to help them paint a holistic picture of financial crime activity across the enterprise, both to prevent losses and protect their reputations.

Bringing together fraud risk management and anti-money laundering functionality onto a single platform provides a more comprehensive view of a bank’s financial crime risk. It is also a cost-effective way to leverage the investments banks have already made. By combining these efforts, financial institutions can better align their detection activities with the way the modern day criminal perpetrates fraud across multiple channels, products and devices. Holistic technology is the way banks can best fight back.

1. Unisys Security Index
2. CIFAS
3. The National Fraud Authority (NFA) Annual Fraud Indicator survey
4. Aite Group Enterprise Fraud Management: Investments in Integration report

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development