As the financial services industry enters a new year, the perpetual game of cat and mouse between criminals and financial institutions continues, with each side unveiling new moves in an attempt to stay ahead of the other.
Criminals are ever more on the offensive, constantly researching new vulnerabilities and developing fresh attack vectors. For financial institutions, that's spurred growth in both process and technology investments to keep pace.
Expect those investments to grow substantially as financial institutions use machine learning, artificial intelligence and real-time transactional data analysis to uncover potential criminal activity. Those technologies can consume more data from more sources more quickly than human investigators, enabling faster analysis of a broader evidence base and, ultimately, more accurate detection as financial institutions build a better mousetrap.
On a macro level, faster payments and the broader digital transformation in financial services will fuel three primary trends in fraud and risk management across the industry in the coming year.
How do you deal with the faster movement of money and make sure you accurately detect financial crime without inhibiting the customer experience?
1. Managing Speed
Financial institutions are faced with a crucial question every day: How do you deal with the faster movement of money and make sure you accurately detect financial crime without inhibiting the customer experience?
From initiating transactions to settling them, everything is happening more quickly. Throughout that process, the primary line of defense depends on using more advanced detection techniques as a way of mitigating risk so financial institutions can find that which is legitimately suspicious rather than just getting a false positive.
Let's say someone sends some money to South Korea for the first time. On the surface, that's clearly fraud. But using more advanced inference techniques, it can show that, given a particular data set, it's actually a legitimate transaction.
But there's another dimension to consider when striking that balance between security and experience. Some people are more cavalier about how they make purchases and send money, so there's also an element of empowering consumers to accept the level of risk that is commensurate with their risk profile. It's about giving them control, particularly corporate customers.
Corporate attacks are becoming more common. But a corporate customer might care about an unusual transaction that's only above a certain threshold. A small business might want an alert for an unusual $5,000 transaction, while a larger company might want to be notified only if it's above $20,000. Customer-centric monitoring, therefore, is critical.
Expect continued adoption of a risk-based approach to monitoring based on the risk profile of the person or organization.
2. Detecting Account Takeovers and Synthetic Identities
The coming year will bring a continued increase in improvised identities, whether stolen or fabricated, used to establish relationships with financial institutions.
Why? Because the nature of the digital transformation in financial services is that more personal information is accessible to criminals, whether through major data breaches or attacks on individual accounts.
Once criminals establish fraudulent relationships with financial institutions, there's a full menu of financial crime possibilities. For example, a fraudster could take out a loan and not pay it back, make a small deposit and take advantage of overdraft services, or establish a mortgage.
How do financial institutions safeguard against those attacks? The first step is using as much information as possible to try to understand identity. Financial institutions regularly access a person's sovereign information, such as a Social Security number. But the search for relevant data also can extend to self-sovereign information, which is identifying information tied to a person's digital devices.
Combining that breadth of information with a deeper commitment to data analytics and machine learning can give financial institutions a powerful defense.
In a rapidly changing environment, financial institutions' most reliable defense is flexibility.
3. Identifying Nontraditional Products for Money Laundering
Once the purview of well-organized crime syndicates and the financial institutions they target, money laundering has become mainstream and part of the public consciousness. Today, it represents between 2 and 5 percent of global gross domestic product, or $800 billion to $2 trillion, according to the United Nations Office on Drugs and Crime.
As the technology and policies to detect and prevent money laundering have become more advanced, criminals have shifted their attention to greener pastures. In 2020, expect to see more criminal activity in areas such as trade finance, securities and insurance.
The goal of money laundering is to move the cash around to create layers that obfuscate the source of the criminal funds and, ultimately, turn the proceeds of crime into "legitimate" assets. But financial institutions have been subject to anti-money laundering oversight for years and many have systems in place to monitor that activity.
So the balloon effect of financial crime applies. Financial institutions squeeze the area of money laundering, and criminals find a new path.
That might mean placing the money in a bank and then sending the cash to an insurance company to pay for a cash-redeemable life policy. Instead of moving money between different accounts and financial institutions, criminals can move to a different product for laundering.
Financial institutions can meet those activities head-on by casting the net of monitoring and investigations wider and sharing intelligence with law enforcement, peers and even competitors in the name of preventing financial crime.
React Quickly, Act Decisively
Money moves faster today than it ever has, and attacks are evolving just as quickly.
In a rapidly changing environment, financial institutions' most reliable defense is flexibility. It's about having the freedom to react immediately to manage risk and adopt new technology to monitor for new attacks.
Security and integrity are differentiators in today's market. But the key element with any new technology or risk-based approach is to enhance, rather than inhibit, the consumer experience through effective security protections.