Fraud’s Fast Lane: PwC On the New Rules of Commercial Banking Fraud and Risk

Fraud in corporate and commercial banking isn’t just a persistent threat but a moving target, accelerating with every leap in technology and every shift in criminal tactics.

What once seemed like manageable risk levels overseen by specialists is fast becoming a boardroom-level concern. The stakes are higher now, the schemes are smarter, and the margin for error is vanishing. In this environment, corporate and commercial banks need to get even more serious about new fraud threats and risks while dealing with existing ones.

The need for realistic risk assessments and adaptation strategies to counter those risks has never been greater. Against that backdrop, the latest “PwC Commercial Banking Fraud Survey” delivers valuable insights on changing industry practices.

Based on interviews with large banks across different geographies, the “PwC Commercial Banking Fraud Survey” notes that most banks have similar approaches to risk and fraud except in three areas: 1) “Organisational structures and allocations across lines of defence,” 2) “development and ownership of overall fraud strategy,” and 3) “definitions of fraud risk appetite and fraud risk metrics.”

Discussing these findings and trends with self-described “fraud geek,” PwC Partner, Banking and Payments, Alex West, we got a candid, insider’s perspective on the insidious problem that financial fraud represents in all of its forms, and the steps that leading banks are taking to stay ahead of increasingly sophisticated criminals.

 

For Banks, Standing Still Isn’t an Option

“Fraud is a risk that commercial banks have been managing forever,” West says, adding that the pace of change is now relentless. That makes the undertow more treacherous. But as the survey says, top performers are facing up to this. They are “…beginning to focus on how to bring a more cohesive approach to fraud risk management across the bank.”

“If you’re standing still as a bank, you’re going to fall behind very quickly,” West warns. But what is standing still, and what is progress, when the rules are changing so fast?

The survey shows that banks have mature fraud controls and capabilities, for example. However, digital threats are propagating faster. Hijacked tech (mostly AI) plus a new criminal playbook is already forcing Covid-era anti-fraud measures into early retirement.

Partly for this reason, West emphasises that fraud is no longer for specialists only. “To deploy good fraud controls, you have to interact with customers in different ways,” he says. “You have to put friction in the right places and right processes, and you have to make risk appetite choices.”

The strain between delivering a seamless customer experience and maintaining robust fraud controls is also a C-suite matter; governance has to harmonise with market forces.

“You’ve got this constant tension between providing the best product and possible customer experience at the best margin for your customer, while also protecting them effectively,” West says. “That’s not an easy decision, and it is dynamic. It’s constantly shifting.”

There are no simple answers. Fortunately, that very fact is triggering more collaboration and “co-opetition” across the business payments space. It’s a big trend, but quietly unfolding.

 

Fraudsters are Levelling Up, and So Must Banks

The worldwide existence of ‘Big Fraud, Inc.’ as well as various state actors is nothing new. But the consumerisation of B2B cybercrime comes with dangerous new levels of expertise.

“In [B2B] payments fraud, it’s many of the same trends that we’ve seen in retail, like social engineering scams, phishing, and smishing,” West says, observing that waves of retail fraud made fraudsters wealthy, and taught them how to hunt bigger game.

 “They’ve now gotten better and are going after corporate and commercial customers that have deeper pockets,” he says. Fraud methods are familiar, but the stakes are much higher. On the small business side, AI fraud is accelerating. West points to forged documentation being produced by AI tools, or synthetic identities creating fake companies, as prime examples. In a corporate banking context, the drivers for lending fraud are more likely to be macroeconomic drivers where businesses are in distress.

The complexity of swindles that prey on lending is making detection harder. “That means we need more sophistication in detection capabilities, and more reliance on technology,” West says. Some banks are leaning into automation and advanced analytics for this.

“Cutting-edge banks are building technology platforms that allow them to automate review processes, to triage cases, to spot subtle indicators of fraud very early,” he adds. “If you can spot something early, you can de-risk early.”

But not all banks are keeping pace, as the survey uncovers. “There was a real distinction in banks that were just running the controls and processes they have today and getting incremental improvements, versus those that saw a step change to be made in capability and had a roadmap to get there,” West says.

 

Defining Fraud Types and Building Resilience

One of the survey’s most surprising findings was the wide variation in how banks define fraud. For example, in lending, “If you think about fraud as only those cases that are absolutely proven, your loss number looks very small,” West says. But it’s misleading.

A broader definition of fraud, he argues, “opens the business’s eyes to the value of fraud prevention. You encourage an open dialogue about capability to detect, which ultimately reduces your losses.”

When it comes to first-party lending fraud, where the customer is the fraudster, West says automation is making inroads. “Several big banks are using technology to automate elements of the lending decisioning cycle that have traditionally relied on expert manual review. These tools triage cases quickly and allow expert attention to be focused where it is most useful,” he says, adding that “tools are becoming increasingly sophisticated and leveraging third-party data to enable peer comparisons across sectors.”

After origination, active in-life monitoring is key to spotting early warning risk signals and enabling appropriate investigation and de-risking. But how do you spot anomalies quickly? “By looking at data as much as possible,” he says. “Things like director disqualifications or adverse media reports, or early winding up orders or suspicious activities” should all be on the fraud-fighting checklist.

 

Better Detection in 3 Steps

For third-party payment fraud, West highlights three priorities reflected in the survey: improved detection, education, and authentication. In the first instance, he noted that “Investment by banks has been around improved detection models, moving away from rules-based [systems], and using more machine learning detection.”

Education is equally critical. West says he was “surprised” at the high number of ‘catch and release’ cases, as they’re known, seen among banks. This describes situations where anti-fraud measures block a suspicious payment, an investigator contacts the client about dubious money movement, and the client says to allow it, regardless of red flags.

Educated staff are less likely to make this kind of avoidable mistake. “Some banks we surveyed go as far as running bespoke training programs for their corporate and commercial clients about what payment fraud is and how you spot it,” West says.

Authentication is the third pillar. “A new set of authentication technologies is allowing [banks] to make this step much more fine-tuned,” he says.

Even so, B2B can quickly repurpose the retail roadmap on authentication. “The PwC Commercial Banking Fraud Survey” is clear about the dynamic nature of the problem. Fraud is not a static risk; to be effective, the response can’t be static either.

“If you don’t have a vision of where you’re trying to get with your risk management framework, then investing in any technology at any point in time will seem like the right thing to do,” West cautions.

The future belongs to banks that can balance innovation with vigilance and are willing to rethink what it means to be truly resilient against shapeshifting threats.

Download The PwC Commercial Banking Fraud Survey (June 2025)