Fraud by numbers

In PwC’s 2020 Global Economic Crime and Fraud Survey, half of the respondents indicated that they had experienced some form of economic crime or fraud in the recent past. The list of crimes suffered by organisations include, in no specific order, fraud, money laundering, corruption, cybercrime and tax evasion, among others.

Meanwhile, the top four instances of fraud identified by the survey were Customer Fraud, Cybercrime, Asset Misappropriation, and Bribery and Corruption. The survey also showed that as many as 47% of companies experienced a fraud in the past 24 months with an average of 6 frauds reported per company.

Moreover, only 56% conducted an investigation into their worst fraud incident even as a staggering US$42 billion was reported as total fraud losses by respondents, on top of the damage to brand, reputation, and market share. Most worryingly, nearly half of reported incidents resulting in losses of US$100 million or more were committed by insiders.

What is financial crime?

Historically, financial crime has generally meant money laundering and other criminal transgressions that involve the use of financial services to support criminal enterprises (think terrorism financing, proliferation financing, tax evasion, bribery and corruption). Financial crime is generally viewed as a compliance issue in terms of adhering to relevant regulation and averting regulatory fines with AML/CFT programmes.

Fraud and cybercrime, on the other hand, are viewed as deception of financial personnel or services to commit theft. These are often viewed as less of a regulatory burden and more of an operational loss problem, with detection measures put in place to reduce the loss.

However, this approach is no longer effective. The boundaries between different financial crimes have blurred, especially since the rise of cyberthreats, which reveal the extent to which criminal activities have become more complex and interrelated.

Consider a realistic example: a cyber intrusion carried out by sanctioned states and/or terrorist groups (cybercrime) can lead to theft of customer and financial data (fraud) and these funds are then laundered through a myriad of financial institutions (money laundering) and used to finance purchase of weapons and/or terrorism activities (proliferation and terrorism financing).

In the example above, from an organisation’s perspective, who is responsible for identifying, detecting and resolving the matter? In a siloed environment, the aforementioned scenario would make it difficult to detect and join the dots, and the resolution of the matter would probably involve duplication of effort, inefficiency and would ultimately prove to be very costly to the organisation.

The case for integrated financial crime risk management

Consider the following emerging themes in financial services:

The current reality of financial crime risk management relies on rule-based scenarios, depends on manual interventions, has generic risk scoring models, encourages a silo-based approach and is unsuitable for the emerging needs of the business and the customer.

The current reality as described has resulted in increasing compliance costs and poor customer experience without a corresponding increase in compliance levels, risk mitigation and loss prevention. In the current context of working remotely or less available resources, this model would be inadequate to manage the risks and prevent financial loss.