Recently, Tesco Bank was fined over 20 million dollars for failing to prevent debit card fraud which affected it and 131,000 of its customers. Although the bank’s controls prevented 80 percent of the attack’s unauthorized transactions, the FCA, the UK’s financial regulatory agency, determined the firm didn’t meet a piece of anti-fraud regulation which specifies banks to “conduct its business with due skill, care, and diligence” to prevent this type of fraud.
Though Tesco Bank committed no criminal activity itself, the risk is assumed by failing to prevent the fraud was enough to warrant a fine. The recent example of Tesco bank reflects the regulatory penalties banks around the world face more and more frequently on a regular basis.
Fraud itself represents a significant cost to banks every year. According to McKinsey & Company bank losses due to credit and debit card losses amounted to almost $23 billion in 2016 and could reach $44 Billion in 2025. The level of risk banking fraud introduces into a bank’s financial equation is not only dangerous for banks, but for the entire global economy. For this reason, strict regulations have been passed on both international and national levels to obligate banks to reduce these types of risk.
To protect against losses due to fraud and regulatory fines, banks must understand the regulations they are subject to and best practices for compliance. Enterprise BPM software can enable banks to meet best practices by automating compliance throughout their entire operations.
Types of Fraud and Anti-fraud Regulations
Banks face an ever-growing and ever-evolving list of fraud tactics. For this reason, it is more important than ever for banks to follow best practices for fraud prediction and detection to mitigate the threat of losses due to fraud and regulatory fines. Here is a quick overview of the most common forms of banking fraud banks face today:
Credit/Debit Card Fraud is one of the most common and rapidly increasing forms of banking fraud. Generally, credit card fraud is broken into two categories: Card not Present, which is typically committed over the phone or online with stolen card information, or EMV Fraud, scams which involve physical EMV chips. Debit card fraud alone constituted 58 percent of losses in the banking industry in 2016 according to Financial Regulation News.
Bill Discounting fraud involves a fraudster gaining the goodwill of a bank by portraying themselves as a good, legitimate clients of the bank. The fraudster will use the bank to gather payments from its customers for a period of time. Once the bank has accepted the fraudster as a legitimate client, they will ask the bank to settle their balance before collecting payments from the customer. Then, the fraudster and their “clients” will disappear.
Money Laundering poses an increasingly complex challenge for banks as cryptocurrencies pose an unexplored threat and regulations continue to evolve each year. Last year, 18 out of Europe’s 20 largest banks were sanctioned for failing to prevent money laundering in a single week. According to Forbes, the software many banks are using to combat money laundering are now outdated, leading to a high number of false positives and higher operational costs for banks. As many as 95% of alerts are false positives.
Check Kiting occurs when clients use non-existent funds as credit using the float (the time in which money has already been deposited in the recipient’s account before being removed from the client’s account). This is often committed between multiple accounts in a process known as “circular kiting.”
Each of these forms of fraud can be reduced by collecting more reliable customer data and through process automation. Anti-fraud bank regulations referred to as “Know Your Customer”(KYC) and “Anti-Money Laundering” (AML) laws are designed to obligate banks to collect detailed information on their clients so they can calculate the fraud risk associated with each of their accounts. In the United States, an example of one such law is the Customer Identification Program, which includes detailed requirements for customer verification and thorough documentation of these procedures.
With fraud protection, it pays to go above and beyond basic regulatory requirements and follow best practices. According to Forbes, most regulators around the world have kept AML and KYC regulations purposely vague to encourage banks to go beyond fulfilling only its minimum requirements. Though verification requirements can vary widely from bank to bank, regulators can fine banks for failing to abstract due diligence standards on a case by case basis.
How BPM can help meet regulations
By automating customer verification, risk calculation, and suspicious activity monitoring processes with Business Process Management (BPM) software, banks can ensure that these processes are followed according to best practices each time. Additionally, and just as importantly, all documents are cataloged for a simple and fireproof audit.
The fraud prevention journey begins with onboarding. With BPM technology, banks can digitize paperwork required to create new accounts, authenticate users, and verify new customers. Then, the processing and evaluation of this information can be automated in an approval workflow. This way, new accounts are always processed according to the correct procedure each time, with an audit log to prove it.
Next, risk calculations can be automated using a BPM suite. Fraud risks should be calculated on an ongoing basis based on factors such as the device clients use to log into their account and by monitoring for suspicious transactions. These recurring calculations can be monitored with dashboards and alerts. Many banks save significant amounts of time and energy for their analysts by automating routine calculations.
Banks may use compliance software to complete many of the best practices covered so far. However, when organizations encounter problems that these software tools aren’t built to tackle out of the box, BPM can be used to extend their capabilities to meet any specific need. With workflow software, banks can build forms that enable employees to easily engage with necessary data entry and decision making from anywhere. Finally, BPM software integrates easily with enterprise technology tools like compliance management software, CRM, DMS, and others so that information is shared across platforms in real-time.
Given the complexity of meeting compliance regulations in 2019, process automation is the key to any successful compliance initiative. BPM solutions provide the flexibility to coordinate human tasks and various technology systems around the specific processes a bank requires to meet compliance on all of its accounts.
For information on how our customers have used ProcessMaker to automate many of the processes listed here for greater compliance and fraud protection please read ProcessMaker’s financial case studies.