4 ways to enhance your fraud risk management programme in a changing landscape

Written by Jake Plenderleith on Tuesday May 5, 2020

Crises rarely announce themselves in advance, and the COVID-19 pandemic is no exception. It has proven to be the great disruptor of 2020, affecting the public and private lives of millions worldwide.

Criminals, always unscrupulous, have seized the opportunity presented to them by the pandemic to exploit new technologies and existing products and services to carry out their illicit activities.

For counter fraud professionals, such threats are nothing new. The spread of the coronavirus has merely elevated the visibility of fraud for the general public and exposed to senior management in firms the seriousness of the consequences of underestimating the fraud threat.

Europol, for instance, described the criminal response to COVID-19 as ‘very fast’ and expect instances to rise further.[1] How we respond to fraud carried out now will reverberate as and when we gradually return to business as usual.

That’s if we can indeed ‘go back’. The likelihood of increased working from home arrangements, and the certainty of ongoing criminal activity, mean the challenges we face during this current crisis will persist beyond COVID-19. The following are among the key questions that will need to be answered if we are to be prepared for the new normal.

ICA ADVANCED CERTIFICATE IN MANAGING FRAUD ►

1. How do I keep up with changing fraud typologies?

Criminals have responded with characteristic ruthlessness and speed to exploit COVID-19. One case in the US saw the theft of hundreds of log-in details via CEO Fraud (pretending to be the CEO of a firm); other instances have involved fraudsters posing as government agencies through SMS messages with a phishing link. In response, none other than the US Secret Service have been forced to contact US firms warning that email fraud has and will continue to grow during the pandemic. [2]

The risk surrounding new products and services, always susceptible to fraud, must also be borne in mind during these unprecedented times. Connected cards – a card given by one self-isolating to a trusted friend or relative – have been set up by the UK’s Starling Bank, for example.[3] The risk of fraud has been mitigated by limiting purchases to in-store only, setting a £200 spend limit and the use of a PIN. These practical steps may not prevent fraud entirely, but significantly narrow the window of opportunity for criminals.

Knowledge of new products and services, including their potential flaws and loopholes, is a vital defensive tool in any anti-fraud department. 

2. Criminals are flexible – How do I adapt and respond?

Criminals are without qualms when it comes to exploiting others for their own gain. For their illegal schemes to work, criminals ensure that they are flexible and act quickly as situations unfold. Counter fraud professionals can, paradoxically, learn something from a criminal’s spontaneity. Though their methods change, their embrace of innovation tells us a much about how criminals work; recognising this helps anticipate and nullify new threats.

Equally, unsuccessful criminal activity is often hugely informative in exposing the methods and techniques that criminals adopt. Learning how criminals behave, and how they think, is crucial for counter fraud professionals. Only by studying the behaviour of criminals can their ways of operating be understood and, ultimately, identified and prevented.   

3. How do I get staff to engage with counter-fraud controls?

Embedding a zero-tolerance approach to fraud is perhaps a counter fraud professional’s number one priority within a firm. However, an anti-fraud culture is more than just signing up to certain well-meaning mantras – it must be a thorough, practical and easy to comprehend framework instilled across all levels of a firm.

To achieve this end, an anti-fraud culture should be part of the wider culture of the firm. Positioning fraud beneath this wider umbrella underlines the danger it poses to everyone within a firm. After a data breach last year, Capital One’s stock dropped 5%, and the bank explained it expected recovery costs to be more than $100 million.[4] Clearly this fraud affected the whole business, and by disseminating such examples to staff, the threat of fraud becomes far more vivid; the damage fraud can do to a firm’s profit margins is an excellent way of passing on your message.

With many now working from home, less obvious cases may need a little more reinforcement. Take  using a company laptop for personal use, or vice versa, which is fraught with risk. IT controls standard in an office environment need to be implemented domestically, including ensuring ID&V during onboarding is performed as robustly as it would have been in the firm’s office. Awareness of the challenges around onboarding must be circulated whilst staff adjust to off-site work.

Employees should be reminded that fraudsters will try to exploit any slackening of security bought on by a lowering of IT standards.

4. How do I get senior management to recognise the threat posed by fraud?

The COVID-19 pandemic has demonstrated how those most vulnerable amongst us can quickly find themselves dangerously exposed when society is convulsed by unexpected events. For senior management, the reputational risk of leaving vulnerable customers exposed is a potent one, and something about which a well-informed and savvy general public are increasingly intolerant.

If counter fraud professionals can highlight this risk – and tie it to concrete numbers that show that the amount that would have been lost had anti-fraud measures not been taken – then senior management are far more likely to recognise fraud as just as damaging a threat as money laundering and sanctions exposure (remember that real-life case studies are of inestimable value in demonstrating this danger). Making fraud part of the bigger risk agenda solidifies its importance.

A holistic approach is key here: fraud must be brought under the financial crime compliance canopy, instead of just credit risk. UK Finance revealed that investment in advanced security systems in the financial industry prevented almost £2 billion in unauthorised fraud in 2019; yet some £1.2 billion was fraudulently obtained by criminals.[5] Detail such as this can help drive home the message to senior management, and secure support for counter fraud professionals.

Final thoughts

Fundamental to overcoming the issues that confront counter fraud professionals is learning and education; without it, none of the questions above can begin to be addressed. This can be as simple as setting up email alerts or taking part in LinkedIn discussions with other professionals (from whom much insight can always be obtained) to the more thorough-going experience of virtual classrooms and hot topic events – such as those offered by ICA – or absorbing the latest reports and publications.

Senior management need to be informed of the substantial threat fraud poses, and the surest way of engaging them is for counter fraud professionals to arm themselves with the facts on fraud, as well as the answers on how to mitigate the threat. Such learning must be continual; criminals are unceasing and persistent in their efforts, and counter fraud professionals must be unceasing and persistent in turn, making us better equipped to navigate an ever-changing landscape.

[1] Europol, ‘How Criminals Profit From The COVID-19 Pandemic’, 27 March 2020: https://www.europol.europa.eu/newsroom/news/how-criminals-profit-covid-19-pandemic – accessed April 2020

[2] Scott Zamost and Jennifer Schlesinger, ‘US Secret Service warns that coronavirus email scams are on the rise’, CNBC, 2 April 2020: https://www.cnbc.com/2020/04/02/us-secret-service-warns-that-coronavirus-email-scams-are-on-the-rise.html – accessed April 2020

[3] Starling Bank, ‘Introducing: Connected cards for Starling personal accounts’, 8 April 2020: https://www.starlingbank.com/blog/introducing-connected-cards-for-personal-accounts/ – accessed April 2020

[4] Rob McLean, ‘A hacker gained access to 100 million Capital One credit card applications and accounts’, CNN, 30 July 2019: https://edition.cnn.com/2019/07/29/business/capital-one-data-breach/index.html – accessed April 2020

[5] UK Finance, Fraud – The Facts 2020: The definitive overview of payment industry fraud, 18 March 2020: https://www.ukfinance.org.uk/system/files/Fraud-The-Facts-2020-FINAL-ONLINE-18-March.pdf – accessed April 2020

This article forms part of the #BigCompConvo - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the Big Compliance Conversation get in touch with us at contributions@int-comp.org