Once seen as conservative, the modern financial services industry is now characterised by the continuous introduction of new products, services and channels by financial institutions eager to grow market share and retain a competitive edge. In the payments business, for example, 100-year old banks are competing against aggressive new entrants in a fast-changing world where mobile payments are being introduced before internet payments have established market maturity. Compressed product innovation cycles can create problems for fraud managers, unless the fraud risk profile is well understood before market launch and appropriate controls are put in place.
Over the last three years, there have been several notable examples of the exposure that arises when fraud management capability lags criminal innovation. Email-based person-to-person payments in Canada, faster payments in the UK and web-based corporate and small business automated clearing-house payments in the US presented new challenges for banks in those countries, which, in many cases, were only apparent after the services were rolled out. We now see similar trends relating to stored value or prepaid cards and mobile money across the globe.
The lag between product innovation and subsequent financial crime management capability provides criminals with the opportunity to identify and exploit vulnerabilities. Effective governance demands, at the very least, keeping pace with the innovation curve. This can involve a change in mindset and management practice. To be truly effective, the financial crime team needs to work hand in hand with a financial institution’s product management, customer management and IT organisations to ensure that fraud risk controls are ‘designed in’ from the outset.
The success of a partnership between financial crime management and other parts of the organisation relies on the availability of a modern financial crime management infrastructure – one that is agile enough to respond to new business needs quickly. We are all aware of the prevalence of the patchwork approach to financial crime – point solutions that were implemented to manage a specific and immediate financial crime need – but, ultimately, proved inadequate in the face of rapid fraud innovation cycles. Fraud is perpetrated across all products, services and channels and follows the path of least resistance. As soon as one area of vulnerability is identified, it is exploited until the financial institution responds to the attack. Then, as soon as resources are applied to this fraud, another one will be executed in a different area – starting the cycle all over again.
An agile financial crime infrastructure enables a financial institution to break out of this reactive mode of operation, keep pace with business innovation and effectively mitigate fraud risk. What are the characteristics of such an infrastructure? We believe the following to be important considerations:
- Flexible, cross-channel detection tools, managed by the business not the vendor, allow an organisation to respond to its own fraud management needs and plan for new fraud risks in advance.
- Mass data compromises are becoming so prevalent that sophisticated tools are mandated to automate the discovery of compromise points to stem losses.
- Efficient customer-centric fraud investigation tools, which can easily be altered to address requirements unique to the needs of different business units or geographies.
- An integrated reporting approach that provides an up-to-date and holistic view of financial crime threats.
- A technical platform that is not hard-wired, which readily adapts to IT dependencies and integrates seamlessly with existing fraud management systems to provide layered anti-fraud defences.
By changing our point of view to see fraud risk as a direct consequence of innovation, we can reduce, or even eliminate, the lag between new product development and the implementation of financial crime management controls – limiting the opportunity for fraudsters to exploit vulnerabilities and attack the institution. Supported by a flexible, enterprise-wide, real-time fraud management solution, financial institutions can limit the risks posed by innovation.