Staying one-step ahead of the headlines…

James Richardson, Head of Market Development Risk and Fraud, Bottomline Technologies

The failure to keep pace with expanding compliance procedures has seen a rise in the number of financial penalties issued by regulators over the past few years. As anti-money laundering (AML), know-your-customer (KYC), counter-terrorism financing and other compliance obligations expand across different territories, organisations large and small have struggled to maintain adequate and comprehensive safeguards – often resulting in sizable fines and significant reputational damage.

In the past eight years, more than $321 billion has been levied globally in fines for compliance failings. While banks continue to dominate AML breaches, the number of corporates and non-bank financial institutions falling foul of the regulators continues to grow.

Last month the Australian entertainment group Tabcorp was issued with an AUD $45 million (£27.4m / US$34m) penalty – the highest ever such regulatory fine in Australia – for failure to comply with AML and Counter-Terrorism Financing obligations. The Solicitors Disciplinary Tribunal in the UK has also just issued one of its largest penalties against a legal firm for non-compliance with AML regulations. Even more grave, individual executives are being sanctioned and fined as part of tighter Anti-Money Laundering enforcement.

Threat Horizons

In addition to tighter compliance pressures, corporate treasurers and operational risk managers face the growing problem of cyber fraud.

The fraud threat facing corporates is broad and growing – an almost daily stream of newspaper headlines reveals yet another victim of data hacking or payments fraud. The 2016 Global Fraud Study conducted by the Association of Certified Fraud Examiners (ACFE) reports that typically businesses lose 5% of annual revenues to fraud, with detection often only occurring many weeks, or months, after the crime was first initiated. In the 2,400 occupational fraud cases the ACFE examined, losses totalled $6.3 billion, with 23% of frauds causing businesses to lose $1 million or more. Can your organisation afford to ignore these risks?

In many instances the direct financial impact from fraud or compliance failure fines can be eclipsed by the severe reputational damage that can follow from highly publicised exposure – headlines every organisation would wish to avoid!

There are however clear strategies organisations can put in place to address the twin challenges of cyber fraud and regulatory compliance. Regardless of the size or complexity of your enterprise structure, there are some common key risk areas businesses should address when reviewing existing procedures to better help identify changes that are required to ensure comprehensive risk management. Here are four distinct threat environments and some of the core capabilities organisations should include in their defensive armoury:

1.Money laundering detection and compliance

Combating money laundering and complying with global regulations can be costly, complicated, and prone to error. Organisations are required to perform appropriate due diligence, including screening financial transactions for suspicious activity, and checking customers against global sanctions lists. An effective AML compliance process should include the ability to detect direct and indirect links between accounts and customers, along with the semantic intelligence to match against similar names, aliases, and spelling variations.

Organisations need to ensure that financial transaction monitoring is conducted in real-time, with any system also able to proactively flag and alert to abnormal customer and employee activity that could be linked to money laundering schemes.

2. Payments fraud prevention

Increasingly sophisticated global fraudsters are using a variety of methods through multiple channels to commit payments fraud. Effective fraud prevention should be able to integrate multi-channel and multi-account systems and be able to detect any suspicious links and flag potentially fraudulent behaviour with real-time alerts for proactive enquiry. Integrated case management systems should make issue investigation and resolutions easy and efficient.

3. Mobile and web fraud

Mobile and online channels are increasingly the heart of businesses and economic activity, providing enormous opportunities for growth and efficiencies. With many of your business activities and processes taking place through a browser or mobile interface, these channels pose a major fraud risk for organisations, enabling the theft of funds and data to an extent that was unthinkable a short time ago.

Mobile and web fraud is becoming extremely sophisticated, spanning advanced Trojan techniques for inserting malware into the corporate network to ‘man in the browser’ technology hijacking user credentials. In response, your digital fraud prevention capability should be able to actively monitor and evaluate the behaviour profiles for each user, comparing with baseline norms and alerting to changes across a wide range of variables that are indicative of fraud.

The ability to detect and block suspicious transactions across your web and mobile channels reduces the risk of identity theft or account takeover.

4. Insider fraud – the overlooked weak spot

While hacks committed by external fraudsters continue to generate much media attention, ACFE investigations confirm that 78% of fraud losses involve insider employees. This statistic is further supported by Bottomline Technologies’ research; where 84% of finance contacts confirmed that system and process loopholes would allow them to commit fraud, and only a minority of corporates have the ability to monitor suspicious behaviour.

A focus solely upon strengthening an organisation’s digital perimeter defences can overlook this significant internal risk. An effective fraud prevention strategy should include the ability to monitor user activity along the full payments chain and across all treasury and enterprise systems.

Insider fraud prevention solutions can compare user behaviour in real-time against historical norms to alert security teams of unauthorised or suspicious behaviour, preventing crime, data and identity theft. Such an approach ensures staff accountability by capturing user behaviour across multiple platforms in all environments, creating centralised visibility. In addition, once employees are aware system actions are being monitored, unauthorised activity is deterred.

With heightened regulatory obligations and growing rates of financial fraud, the importance of reviewing your existing compliance and risk mitigation systems and processes can hardly be overstated. The separate requirements of AML compliance and enterprise-wide fraud deterrence share some common preventative features and should form part of an integrated cyber fraud and risk management strategy.

The benefits of looking for an integrated solution are also significant, rather than bolting together disparate systems from multiple vendors which can often entail complex implementation and operational challenges.

A risk mitigation review across your entire enterprise can ensure you keep your finances, your data and your brand reputation secure – keeping you one step ahead of fraud, and making sure your organisation is in the headlines for all the right reasons!

James Richardson, Head of Market Development Risk and Fraud, Bottomline Technologies

James helps organisations reduce their fraud risk and secure their critical payments. James has worked in the Payments industry in an ever changing landscape for over 15 years with Financial Institutions and Corporates of all sizes. He leads Bottomline’s European team, helping customers by sharing insight on Enterprise SaaS & software offerings in Payments, Financial Documents, and Cyber Fraud & Risk Management Solutions.

With ever increasing threats in internal and external frauds, he regularly presents at conferences, panels and on webinars sharing experiences from organisations on how they can reduce their exposure.

Download your copy of the 5 Keys to Staying Ahead In a Fast-Moving Threat Environment whitepaper by Bottomline Technologies to learn more.

Related reading