Recent research by Temenos with the Economist Intelligence Unit reveals that banks are investing more than ever in cyber security, with 71 per cent focusing their digital investment in this area. Clearly, the mitigation of financial crime has moved to the top of the agenda – to thwart criminals, protect customers and safeguard a bank’s reputation.
Fraud is no longer seen as an acceptable cost of doing business. The impact has simply become too great. Keep in mind that since 2008, banking fines for non-compliance have topped $320 billion globally, according to Boston Consulting research, while Thomson Reuters quotes figures suggesting the banks’ annual compliance bill is set to rise from $80 billion to $120 billion within five years.
However, those figures pale into insignificance when you look at what the fraudsters get away with. Last year UK law firm Crowe, working with Portsmouth University, estimated that fraud globally nets criminals £3.2 trillion a year, the majority of it financing gangs involved in human trafficking, drugs, terrorism and money laundering.
While the financial cost is galling, sadly it doesn’t stop there. There’s also a very high human cost – paid by the victims of terrorist attacks, people traffickers and drug addiction. There is, too, a reputational cost to banks that get caught in fraudsters’ nets. The human, economic and reputational costs are terrifying. Thankfully, banks agree.
Their fight against financial crime comes at a time when technology is offering some truly game-changing solutions. Machine learning, artificial intelligence, data analytics, Big Data and the power of cloud computing are all being put to work in the fight against fraud and financial crime.
In the past, fraud mitigation, for example, focused on the criminals, trying to track and stop their activities. Today, it has spun through 180 degrees. Using cutting-edge technology, effective fraud mitigation looks at customer behaviour to build up detailed profiles against which all transactions can be measured to spot anomalies. This means banks don’t have to understand the latest fraud type, malware or phishing attack; they just have to know their customers.
By basing analysis on spending patterns, transaction types and customer behaviour, and by using advanced statistical analysis and machine learning to crunch large quantities of data, we can build up a unique behavioural DNA for each banking customer. When a transaction seems out of character, the software raises an alert that can be investigated.
However, to improve the software further and minimise false alerts, we can put customers with similar behavioural DNA together to create peer groups, giving us statistical norms. This means that a transaction that appears at first to be out of character – perhaps increased spending in the run up to Christmas – when compared to the peer group looks normal. In this way, false alerts are kept to a minimum, ensuring a good customer experience. And thanks to robotic process automation, the model learns from how alerts are dealt with over time, refining the profiles to further reduce false alerts.
This type of analysis doesn’t just spot fraud. It can also be used to spot money laundering. The software can rank different peer groups from low to high risk, ensuring investigative resources are focused where they are needed most. This will mean banks are more likely to identify and trace money launderers.
Solutions that encompass hi-tech fraud-mitigation and anti-money laundering elements, such as Temenos’s Financial Crime Mitigation module, couldn’t come at a better time. Regulators, fully aware of the social and economic cost of these activities, are stepping up scrutiny of both. The EU’s Fifth Anti-Money Laundering Directive, known as 5AMLD, came into force in July 2018 and subsequent national laws, to be enacted by 2020, are likely to force banks to rethink their approach to know your customer, AML and counter-terrorism financing rules. So not only is there an economic argument for investing in top-level cyber security, but the compliance imperative will be just as important.
Lastly, a quick nod to open banking. Regulators have acknowledged that open banking presents fraudsters with new ways to get to customers and have produced a new set of rules to try to combat this. While the goal of these rules is laudable – to protect the customer – their imposition could be cumbersome or annoying.
The rules come down to allowing frictionless transactions (where the customer is not contacted for verification) only for low-risk, low-value cases. Where the risk and transaction value are higher, the customer must be asked to authenticate it. This means getting two out of three protocols right – for example, password, device or a biometric.
However, if the bank has software that allows it to really know the customer, the risk will easily and accurately be identified, so higher-value transactions within the customer or peer-group profile will nevertheless be low risk and could become frictionless too. The customer is not only protected from fraud, but from unnecessary authentication procedures – both key to building trust and loyalty.
Fraud-mitigation technology is becoming a differentiator for banks offering superior customer experiences. It will play a key role in defining a bank’s credibility, in protecting customers and in fighting back against criminals. It really will mean that banks can truly know their customers and their customers will thank them for it with their business. And it means they no longer have to put up with fraud as a cost.