Banks and financial institutions around the world are warning of a fraud ‘epidemic’ according to the Financial Times as fake investments, phishing, and identity theft incidents soar. Industry respondents to a Deloitte survey also reported, overwhelmingly, that they expected incidents of fraud to increase over the next two years. This comes amid a changing risk landscape for banks that are being forced to reassess the way they do things.
Over the next few years, as a result of these changes, banks will have to take a serious look at how they address these new risks and trends. Failure to do so will result in losses and the inability to meet the demands of our evolving and increasingly digital world.
While risks such as high interest rates, inflation, geopolitical developments, and stagflation are significant, there is not much banks can do about them in practical terms. But when it comes to tackling the risk associated with some customers, and others posed by fraud, money laundering, and non-compliance, the ball is very much in their court.
Combatting such a phenomenon is already an arduous and expensive task for institutions, but as not complying is not an option, many are looking for better ways to manage it. Thankfully, technology is providing many solutions, and it is being used successfully in conjunction with existing processes such as Know Your Customer and Due Diligence.
Verifying Identity & Customers
Know Your Customer is a mainstay in the banking world and has been for many years. But over the last decade, as threats such as fraud and money laundering increase, banks have had to react by enforcing more stringent rules.
KYC refers to a set of guidelines that any entity managing finances or dealing with transactions must abide by. These can be set at a local level depending on the industry and regionally, for example, in the European Union. The idea behind KYC is for an institution to understand precisely who they are dealing with. This includes ascertaining their identity, such as name, date of birth, nationality, and address, usually through a government-issued ID such as a passport. Once the entity knows the individual is who they say they are, the scope of KYC can be expanded to include sources of revenue and income using revenue management software, for example, employer, work contract, etc. It can also include the ongoing monitoring of transactions within these pre-established parameters to be able to identify if something is amiss.
Conducting such KYC checks includes an employee requesting a selection of details and then processing them internally. This can mean a lot of work for large institutions, so frictionless KYC checks become essential in managing the process without errors. These solutions can utilize various digital technologies to improve internal processes and ensure the outcomes are more aligned with the applicable regulations, thus reducing risk for the institution.
Using Due Diligence (DD)
Due Diligence (DD) is often lumped together with KYC but refers to another exercise in verifying customers. Asides from KYC, banks, and businesses are expected to carry out DD on every person or entity they deal with, including individuals and third parties. Again, the law often requires different specifications and standards, depending on the industry the business is operating in.
It is also carried out during the merger and acquisition process to ensure that the acquiring party is fully aware of every financial, legal, and reputational matter related to the other entity. The information gained through conducting DD is then used to decide on all risks, benefits, and costs.
When dealing with an individual, DD can include understanding where the person is from, whether they have any sanctions on them, if they are a PEP, whether they have criminal or other legal issues, references from banks, lawyers, and other professionals, CVs, information on their employment, credit history and which companies or corporate entities they are linked to.
By harnessing the vast amounts of data out there, it is possible to create predictive models that can anticipate customers’ behavior or even criminals in various situations. By combining data mining and data intelligence, you can create a powerful tool to both detect illegal transactions and mistakes, even before they happen. Companies hold vast amounts of data on their client’s past and present and thousands, if not millions, of transactions.
This data, combined with data from third-party sources where appropriate, can be used to identify patterns that suggest illegal or irregular behavior or that which could lead to it. This can help banks significantly reduce the risks they are exposed to and losses. While it is impossible to anticipate every single instance, data analytics can help reduce the incidence—for example, location and IP data, frequency and value of transactions, beneficiaries, and recipients. And remember, every incident feeds more data into the system, which can be used to mitigate risk in the future. The potential for data mining, processing, and analytics in preventing harmful activity within the financial and banking system is vast.
Regarding risk management, data analytics can be leveraged to create detailed profiles of each customer based on their activity, history, and even data from social media and other sources. This can then be brought together to create a highly accurate picture of the client, including their level of risk in a range of areas, including lending and credit, insurance, credit and debit cards, and investments.
But overall, the benefit of data analytics use in the banking sector is not just about preventing fraud and assessing risk. Instead, it can significantly reduce administration, supervision, and verification costs. Tasks that entire teams of people would have conducted can now be streamlined and sped up through the use of analytics, saving the industry millions, if not more, every year.
There are many other ways that institutions can fight back against the challenges posed today, but all of them require the use of technology as well as arming themselves with knowledge of how these threats evolve. Risk management, compliance, and dealing with fraud is never a battle won, but rather one that must be won and then maintained on an ongoing basis.