Covid-19 has provoked a surge in criminal activity as fraudsters jump on the pandemic to deceive the public, companies and even national authorities. But by pursuing a risk-based approach to prevention and mitigation, banks can tightly focus their efforts and better protect their customers from all financial crime, not just that linked to the virus, writes Adam Gable, Product Director, Financial Crime, Treasury & Risk, Temenos.
In mid-March, just as Europe was preparing to protect its citizens, the German Health Authorities were sucked into a fraud that covered three countries when they tried to buy €15 million-worth of face masks over the internet. They placed the order through a Spanish website, which appeared to be linked to a legitimate company. In fact, it was a fake and the firm’s email address had been compromised. The money was transferred, but the masks were never delivered.
Meanwhile, in India, February saw a 667 percent rise in virus-related phishing attacks month-on-month. But perhaps most worryingly, VMware Carbon Black found a 238 percent rise in cyber attacks explicitly directed at banks since the start of the pandemic.
It is clear from these statistics that fraud relating to Covid-19 has been spreading as fast as the virus. Indeed, the World Health Organization, Europol, and the UK’s National Crime Agency are all predicting further significant increases in fraud and financial crime related to Covid-19.
Even as lockdown in some regions is easing it’s clear that bad actors will continue to exploit a “new normal”. It’s a big problem – not just for the victims of fraud, but also for the governments and authorities working to stop the criminal gangs. The same goes for banks, with their legal responsibility to do all they can to protect their customers’ money and data and prevent money laundering.
In response to this increased threat, we’ve seen government bodies and watchdogs such as the Financial Action Task Force (FATF) encourage banks and other financial institutions to consider whether their current internal controls are up to scratch. But let’s be clear here. While the size and shape of the problem has changed thanks to Covid-19, we are still talking about financial crime.
When the authorities encourage organisations to look at their controls, they are reminding them that they should follow a risk-based approach (RBA) where the bulk of their efforts are efficiently and effectively aimed squarely where the highest risks lie. But of course, it’s not that easy. To pinpoint risk, banks have to crunch a whole lot of data. And then be able to understand the outputs and act in a timely way without unnerving – or aggravating – their customers.
Lately, pre-covid, there has been lots of emphasis on ‘advanced segmentation’ or ’peer grouping’. Whatever you want to call it, the goal is to understand your customers deeply and group them into similar categories.
This is something we’ve been focusing on for some time at Temenos. And while I’m the first to argue against the ‘silver bullet’ hype of Artificial Intelligence (AI) (albeit very useful, it’s a tool and technique that adds value, or augments, in a given business problem), AI has been instrumental. Though not without more conventional statistical techniques.
By looking at transaction types, peak and trough inflows and outflows, averages across timeframes, along with other spending patterns, we can better understand the financial DNA of each customer.
A very simplistic analogy I use is to compare the artisan bread maker selling sourdough loaves at Borough Market with Greggs, the mass-market bakers. For Borough Market think urban bounty of gourmet food v the national retail chain of blandness which is Greggs (they have their place!). Using conventional attributes, they are both bakers in similar geography but looking deeper, they have very different financial DNA and warrant very different treatment.
Once you can understand this – not the difference between bakers – you can group customers with similar DNA together and then put the appropriate measures and controls around the riskier business.
Even better if this can be done automatically and adjust as customer behaviour changes!
Of course, peer grouping is only part of the risk-scoring process but understanding this financial DNA is a critical piece in cutting through the noise.
Undoubtedly the current crisis has created new opportunities for the financial criminal but what seems clear is it has not changed the game – merely amplified the problem. Regulators are not only mandating that banks do not relax controls while focus is elsewhere – but they are actively promoting that banks lean on the existing RBA framework.
Banks have to protect the whole of society, businesses and all other organisations against the nefarious activities undertaken by the criminals. These include human and drug trafficking, child exploitation, counterfeiting, the illegal arms trade and terrorism.