Share this article
PwC recently surveyed ~2,300 organisations and learned that although rates of fraud and economic crime remain reasonably consistent globally, some fraud types are becoming increasingly disruptive. Attacks by more sophisticated external actors, particularly organised crime, are more prevalent and increasingly targeting customers directly. These trends would come as little surprise to risk managers within financial services (FS) organisations who battle the threats daily.
The experience of organisations globally is anything but homogenous. The United Kingdom (UK) (68% of organisations surveyed experienced some form of economic crime), Australia (62%), Canada (60%) and India (59%) are significantly above the global average by way of example.
Know Your Customer (KYC) failures represented the most disruptive issue for more than 6% of organisations which is telling within the context of increasing regulatory scrutiny on the area. It also links to a common challenge - how can FS organisations better protect their customers and quickly identify anomalous behaviour when records don’t have accurate and up to date customer information?
Remote working and bank branches being less likely to be accessed by customers (or in some cases closed) has accelerated use of digital channels and pressured the ability of FS organisations to effectively maintain compliant KYC processes. This has in turn opened opportunities for criminal activity, most commonly identity theft and the use of synthetic identification (ID) to establish fraudulent customer profiles for the purpose of conducting fraud. Significantly, 65% of FS organisations impacted by customer fraud experienced identity-related fraud, with identity takeover, device cloning and synthetic ID being the most prevalent issues over the past two years.
In terms of external perpetrators, the biggest upswing (within FS) is in relation to organised criminal elements, up from 18% in 2020 to an extraordinary 40% this year.
Organised crime groups have capitalised on identified weaknesses in fraud controls driven by disrupted business practices and vulnerable communities. A common example is where criminals use stolen credentials to impersonate legitimate customers and take over their accounts. These criminals also have increasing access to off the shelf technology applications that they can leverage to create fraudulent paperwork to apply for loans and credit cards, or file fraudulent insurance claims.
Risk managers and executives alike are looking to technology to strengthen their defences, with suspicious activity monitoring being the most common method of detecting an organisation's most serious incident. Many stakeholders will have welcomed a gradual key shift away from rules-based detection platforms and approaches to more sophisticated behavioural approaches. By way of example, instead of setting a dollar threshold above which transactions may be considered high risk, behavioural analytics approaches look to identify anomalous purchases relative to an individual's transactional history.
Nearly two thirds of FS respondents expected either some (36%) or significant (26%) increase in funding to combat external fraud threats over the next two years.
But adoption of disruptive technologies is not without its own challenges - soaring alert volumes and higher operational headcount chief among them. Significant opportunities still exist to strengthen technology-enabled preventative measures, improve detection and realise efficiency gains. These opportunities are being hampered by cost pressures (rated by respondents as the number one challenge preventing the implementation or upgrade of technologies). Investment in programs, and in particular technology-enabled processes, is often easier to justify in terms of regulatory compliance. As a result, we’ve seen some organisations fall behind in terms of maturity due to fraud being assessed purely along materiality lines or relative to other risk types where there is more overt enforcement action (read big fines and civil penalties).
Sustained focus on fraud risk management controls across the FS industry saw an uplift (from 13% in 2020 to 18%) in these being a key detection mechanism for the most disruptive incidents reported by organisations.
As expected, the percentage of FS organisations with dedicated fraud risk management teams (81%) is higher than the cross-industry average (74%) with over 60% of FS respondents noting these teams have grown over the past two years.
But now is not the time to become complacent - it continues to be vital for FS organisations to ensure controls are contemporary and constantly matching evolving fraud threats and typologies.
Reputational and regulatory risks stemming from fraud and other forms of economic crime have at least levelled with, if not outpaced, the direct financial losses. It’s important for organisations to think about the issue in terms of the potential impact a significant incident can have on an organisation’s standing within its industry. Hence investment in fraud and economic crime prevention and detection is crucial at a time when there has never been greater scrutiny of corporate behaviour, whether that be by consumers or regulators.
A growing area of particular concern is scams, which have experienced a veritable explosion in the past few years - more than half of the respondent organisation reported being impacted by scam activity. The legal, and financial, liability for scams more often rests with customers rather than organisations, but more mature organisations that want to win the battle for customer sentiment and trust are actively focussed on how they can better educate and protect their customers.
If you would like to find out more about the Global Economic Crime and Fraud Survey 2022, get in touch with the contacts from your region listed below.
Penny Dunn
Partner, Assurance, Forensics and Financial Crime, PwC Australia
Tel: +61 407 367 561
Kristin Rivera
Partner, Global Investigations & Forensics Leader, Global Crisis Consulting Leader, PwC United States