Protecting a financial services organization against fraud requires much more than a strong password policy and client education. The sophistication of cyber attacks and high risk of fraud necessitate a comprehensive anti-fraud program that includes policies, processes and technologies. While no two anti-fraud programs are identical, there are steps you can take to develop a program that will demonstrate a measurable return on investment (ROI) and minimize the risk of fraud.
The risk of fraud is high and so are the costs. According to the Association for Financial Professionals’ 2015 Payments Fraud and Control Survey, 62% of companies were targets of financial fraud in 2014. Twenty-eight percent of large organizations (those with over 100 payment accounts) report that the potential loss from fraud in 2014 was greater than $250,000.
But those aren’t the only costs financial services organizations have to consider in relation to fraud. Increasingly, fraud attacks are conducted online. In the 2014 Global Report on the Cost of Cyber Crime, the Ponemon Institute states that the average time to contain a cyber attack is 31 days. By the end of the 31-day period, the average cost to the organization is $639,462. Financial services organizations can’t afford not to develop an anti-fraud program.
Process for Developing an Anti-Fraud Program
The best anti-fraud programs not only reduce the risk of fraud but also show an immediate and measurable ROI. However, developing such a program requires organizations to take a strategic, step-by-step approach:
Step 1: Conduct a fraud gap analysis
The first and most important step in implementing an anti-fraud program is understanding the current state of fraud in the organization. This involves conducting a fraud gap analysis. To do so, analyze all financial operations exposed to clients and evaluate the fraud losses that have occurred. This analysis will provide metrics that will allow you to gauge the effectiveness of the current anti-fraud program.
Step 2: Perform a root cause analysis
A root cause analysis will shed light on how criminals are using the organization’s systems to commit fraud. This will help you understand what systems require protection and what to look for in the future. Together, the root cause analysis and fraud gap analysis should provide a clear understanding of the channels being leveraged for fraud, the processes that are most vulnerable and the losses in terms of cost.
Step 3: Conduct process modeling and analysis
Every process exposed to end users, whether it’s making a payment via a mobile app or opening a new account online, is a target for cyber criminals. Decisions about protecting each process should take into account possible exposure, probability and the ability to mitigate. To this end, the organization should model, analyze and secure each process with the goal of balancing security, functionality and ease of use. Keep in mind that strengthening any one of these elements is likely to have an adverse affect on the other two.
Step 4: Perform a fraud risk assessment
Financial services organizations should proactively protect customers against fraud regardless of whether or not they think it’s occurring. That’s where a fraud risk assessment comes in. A fraud risk assessment is intended to identify and measure fraud risks before they become a legitimate threat. The assessment should be customized to address the organization’s specific needs while covering all vulnerabilities that can lead to fraudulent activity. All existing policies and controls are examined, and possible fraud scenarios are created in order to identify, measure and mitigate electronic fraud.
Step 5: Implement program oversight
An oversight process governed by the board of directors and/or an audit committee is a crucial piece of any anti-fraud program. A well-designed oversight process helps further mitigate risks and reduce fraud. The process includes gathering fraud metrics to gauge program success, identifying and responding to fraud risks, and making improvements to the program.
Step 6: Call in a specialist
Don’t assume that you have the skills on staff to select and deploy anti-fraud solutions. To be most effective, personnel require knowledge of complex financial transactions with an understanding of how and why fraud incidents occur. Organizations have several options when it comes to acquiring these skills: They can hire a Certified Fraud Specialist, procure the services of a consultant or pay for an existing staff member to be trained.
Implementing an anti-fraud program is a significant undertaking and, unfortunately, there is no off-the-shelf solution that can be applied to every organization. But its importance cannot be overstated. Given the high risk and costs associated with fraud, developing a measurable anti-fraud program should be a priority for every financial services organization.