Fraud and Financial Crime Management
Detect, Investigate, and Protect Against Internal and External Threats. Take a proactive approach to risk management while removing complexity and enabling compliance.
John Gaffney: Greetings and welcome to the latest episode of the Payments Podcast. My name’s John Gaffney, I’ll be your host for a discussion that asks the question, “When it comes to fraud are enterprises really on the case?” It’s shameless, I must admit, and obvious twist on the issue of enterprise case management which is where this episode is going to focus.
I’m not nearly as expert as our two guests who I’ll introduce shortly but I do want to start with a take on the definition of ECM. For me as, I said a little less expert than our people that are on the podcase today, it’s best understood by comparing to the analogue days of payment and fraud activity. So back then when an enterprise was visited by fraud it took a hard to mix manage of automated detection, disparate information sources and human effort to track down and investigate fraud.
ECM done properly these days will allow investigators and analysts to manage and track all cases within a single automated system for creating and managing alerts, cases of suspicious activity and support for suspicious activity reports.
We’re fortunate to have some exclusive research that we based our podcast on today, courtesy of our relationship with UK based fraud and financial crimes consultancy Themis. Here to help us discuss the key findings from that report we have their financial crime researcher Eliza Thompson, welcome Eliza.
Eliza Thompson: Hi, how are you? It’s great to be here.
John Gaffney: Good to have you and from Bottomline we have global senior project manager for fraud and financial crime Mohammed Al Zraiqat. Mohammed has 16 years of experience, more than 16 years of experience in this space in various roles at global banks, regulatory bodies, tech companies. He has, I think you’ll find over the next 15 or so minutes, a unique financial crime compliance knowledge which is kind of a blend of academia, domain expertise, enthusiasm, and a good regulatory mindset.
So with all that Mohammed welcome.
M Al Zraiqat: Thank you very much and I’m very glad to be here thank you.
John Gaffney: It’s good to have you. There’s a lot of great data in this report, I would urge anybody to go to- keep a heads up for a link within our communication channels and on our site when it does become available.
The respondents were dominated by private and commercial banking, which is where we wanted to be, and pretty much spilt between the UK and the US, which was what we wanted. Among that data a couple of things that jumped out to me, 42% of all companies have encountered fraud during the past 2 years. 27% lost more than $1 million annually which I found surprising.
Eliza I know there were some other findings that jumped out at you, could you tell us about them?
Eliza Thompson: Yes definitely. I think as you said the report had some really key insights into payment fraud trends across the financial sector and then really hit home at just how important anti-fraud and case management solutions are in combatting those risks.
I think one key takeaway that stood out to me was just the elements of today’s payment landscape that are creating the most fraud risk. One thing that was really highlighted was the increasing speed and volume of payments stood out as two really key risk factors. So 51% of respondents identified these as their greatest risk and then building off of that really interestingly 59% of respondents identified real time capabilities as the most important factor when selecting payment fraud solutions.
I think this really shows the demand for faster and digital payment options as creating a really tough terrain for financial institutions to navigate. So companies want real time solutions in order to respond to real time threats, which makes sense obviously.
Then I think some other key really interesting insights, one was around priority areas for anti-fraud strategy. Particularly around selecting case management solutions and two of these key priorities that were identified by respondents were self-empowerment and then no coding configurability as well.
John Gaffney: Interesting. Mohammed I’ve been reading a lot about the priority of no code solutions. Could you tell us a bit about that, what are their advantages if there are any?
M Al Zraiqat: Yes, I’m really delighted that this type of problem is highlighted in this report. Just let me clarify what this no code configuration concept is, just to put it into perspective, it is really not a solution or not a feature within a solution. It is rather a concept in which the vendors of the solution will give the capability for the users to slice and dice a solution the way they want, the way that works better for them without any technical skill or engagement with the original vendor of the solution.
So that is where this no code configuration sits in as a concept. Now the reason for this is because in the enterprise case management in general for the financial crime investigations there is really no size fits all in terms of the way the investigation process works. So there is really no handbook you follow and all the investigations across all the organisations around the world are dissimilar.
There is variation between each institution and their way of investigating the financial crimes so they will be an absolute and important aspect of the customisation of the configuration between those organisations. That is why the no code configuration is absolutely important and one of the key advantages or benefits is it basically gives the organisation more autonomy over the solution. They can configure the solution the way it works for their teams, if it is one team, if it for other enterprises, different teams it also helps them.
Another advantage is it copes with the changing the requirements and if you look for example the change in the requirements requires more adaptation for systems. If you have control over the system you can customise the system the way you want without interaction with the vendors and that saves some cost and will lower the total cost of ownership of owning the solution itself as an organisation.
Lastly I want to say really, I work as a regulator and one of the things I really don’t like is a black box. If someone came up to me saying, “This is a black box solution or this is the secret sauce or recipe for the solution,” we don’t like that. We need the transparency, we need auditability of the system and everything has to be really clear for the users, for the organisations to adapt. That’s what no code configuration really allows you to do and customise without actually getting involved into change requests, link to process and arrangement with the vendor of the original system.
That’s how I see the advantages here.
John Gaffney: Great well said, good explanation. Let’s get to enterprise case management which will be the topic of the day and the data. So Eliza, 39% of respondents said they currently have a commercial ECM solution, 32% said they had a custom solution but 17% don’t have one at all which I found to be surprising. What are some of the other significant findings from your perspective in this area?
Eliza Thompson: Yes definitely I agree there are some interesting data points within what we found. I think 1 in terms of respondents’ satisfaction rate was fairly neutral for the ECM tools, respondents on average said they were around a 6 out of 10 in satisfaction rate. So not bad but not ideal in terms of being highly satisfied with how it’s working.
Then as you mentioned 17% of respondents said they don’t have a solution at all currently. Then really interesting of that is 34% said that they plan to invest in a solution within the next year if they don’t have one already but of those that don’t have one, kind of concerning, 37% said their organisation only planned to invest in the next 12 to 24 months and then 11% said they had no plan to invest.
So I think this identifies that there’s kind of a gap in this area, whether it’s financial institutions, banks potentially either not seeing the importance of the solutions or maybe not having the resources to invest in one. I think this really highlights that there is a key gap in the fraud prevention strategy across industry in terms of integrating case management solutions.
Then another area that was interesting that ties into this was around budgets. So 21% of respondents said their anti-fraud spending budget decreased over the last year which I think is really potentially worrying due to the fact that financial losses associated with payment fraud is increasing in key markets such as the US. So I think now is really a time to focus a lot on anti-fraud strategy and hopefully organisations are factoring that in.
Then as already discussed, for those looking to invest in case management solutions self-empowerment and no coding configurability were top priorities. Then some other interesting key areas of importance that were highlighted were CLO automation and then flexibility reporting capabilities and also the scalability of solutions were really key areas that stood out.
John Gaffney: Thanks Eliza. Mohammed this sounds to me like it should raise some very serious questions among banks and non-financial institution companies. If you’re dissatisfied with your current solution or shopping for your first what are some of the things that they should be looking out for?
M Al Zraiqat: One of the things I really concur very well with what Eliza has said about the no code configuration is really a key player in the selection process. Given the budgets and constrains about the resources and the scarcity of basically the talents in the market that really helps in the process.
The other areas really very important is the capabilities or the enterprise case management around data digestion and holistic risk view. This is really important stuff that is in my opinion very important with the investigation process because you need the data because investigation really relies so heavily on the data in order for you to make a decision, so you need the data information.
The data usually, you need to make sure that the data also is accurate, that’s a very important aspect. The data is updated, because obsolete data doesn’t mean help of the investigation and whether it’s available and if its available with the right portion or knowledge that we need from the data and again the relevancy of the data to the case.
These are very important and on top of that once you get the data you need to do some more of the normalisation on the data so this is another area I see in the industry people will look into this. The normalisation basically is you get data from structured and unstructured sources and some of them would come in these different formats, the currency would be three digits or the sign of the currency.
A good example actually, I remember once I had been approached by one of the colleagues during the investigation asking me about what this code means for a country which basically happened to be UAE. That sounds good because this person probably doesn’t know what UAE stands for, United Arab Emirates for example, not everyone knows that, but the system should know that, the system should make it very user friendly to the investigators given that this is what the country’s- I get the currency as a USD but could be US Dollar, make it very clear.
So this is the normalisation and this is very important because it helps in the insides. That leads me to the other area, we see the financial institutions looking for really an important dashboard in which they can have an insight of where the loses, where the recoveries happen on the financial impacts of these cases. Because you already have the data and this has been investigated by the team and we need to make sure that we have an insight about where is the projection of the loses over the next five months, five or six years. So it helps the management understand where the organisation is headed in terms of these fraud loses.
It could be something wrong with the policies, it could be something wrong with the onboarding of specific types of customers and that’s what led the whole influx of these cases. Ultimately the bank will be on the brink of bankruptcy because of this amount of loses. It’s good to have that insight and I see this is one of the important areas I have been involved in and see there’s a lot of interest in the market for.
John Gaffney: Eliza, 11% of respondents took more than a month to detect fraud, 52% discovered it through automated alerts, 38% discovered it manually, it’s quite a spread. What does the survey say in your interpretation about detection? What are the challenges to implementing more effective strategies here?
Eliza Thompson: Yes definitely, I think to me the two biggest challenges that stood out in terms of implementing effective strategies and really making full use of fraud detection tools and case management tools, the two things that respondents identified as their biggest challenges were lack of human resources and then inadequate employee training or awareness. So I think this really highlights that enduring importance of humans within an anti-fraud process.
It’s really important, as we’ve talked about, you know if organisations, companies are potentially seeing a decrease in budget or just struggling with resources how can they make the most of what they have? How can they make their whole process more effective, more accurate? Again this is really where case management solutions come in, it’s really key to think about how these solutions can amplify and support the work of employees.
How can you make the investigation process more efficient? How can you make reporting more efficient? How can you make teams across the organisation, whether you don’t want any duplicate work happening?
I think it really demonstrates thinking about where the human fits in to all of this and making sure that with all the challenges happening today and also the digitalisation of payment today and the digitalisation therefore of a lot of the risks, really making sure that the solutions factor in just where exactly the actual employees fall into it.
John Gaffney: Yes interesting, you mentioned investigations, now Mohammed I know that your expertise and some of your passion lies in this area. I noticed a lack of patience in fraud investigations in here. I wanted to check that with you, when asked about the main challenges faced during the investigation process 44% of respondents said false positives, which is somewhat predictable but they also said that investigations take too long to complete and there’s too much information to get an investigation done in time. Your reaction to that?
M Al Zraiqat: You’re right, I mean the false positive dilemma is really not something that’s easy to resolve. Over the years we’re witnessing a lot of innovation take place in the attempt to minimise. We probably haven’t done the bitter job of advancing those forward to solve the biggest problem. Because organisations or financial institutions have to balance between how many false positives I really can live with and without infringing on the risk tolerance that they currently have or they can actually accept.
Because you can increase the risk tolerance and you can decrease it as the false positive instantly, but it’s the balancing that is the issue that remains. We see actually they’re doing a great job on encouraging the machine learning aspects and the advanced technologies to resolve the false positives and process and produce a high quality of suspicious activity reports. Because that’s what matters in the end for them.
We see some advancement, I hope we can see more advanced the technology impact on the false positive reduction soon.
In the survey itself actually I also noticed there was like 60%, literally 60% of the respondents they were sharing their- it takes them about one to two weeks to conclude a case investigation. That’s your second point about how long the process takes to conclude on a case. I understand complex cases absolutely will take more than typical time, but as an average two weeks to close a case that’s quite a long time and really risky to notice from the respondents on this case.
It’s not because they would like to have it that long it’s because that’s how they process and that’s why the investigation process and maybe the tools that they have is what needs to be updated. I really truly believe updating the tool will help in the investigation process and time of resolving the cases.
You need to remember the investigation is in the heart of any financial crime compliance programme. It is in my opinion the most important line of defence, and the organisations that rely heavily on how efficient that line of defence is and what can be done to make it even more advanced.
So that’s why really we see the investigations need more tools and these tools that help them reduce investigation time by bringing again professional efficiencies and workflow automations.
John Gaffney: So I think or I’m wondering anyway is there an intimidation factor or a sense of mystery around what an ECM investigation would look like. Could you take some of that away, what does it look and feel like if you’ve been victimised by fraud and a company like Bottomline comes in to investigate?
M Al Zraiqat: Today, this is real reality, most organisations do really use more than just one tool in their investigations. I remember when I was working for one of our financial institutions I used to have almost seven or eight systems to carry on throughout my daily investigation process. That is a lot of systems and these are systems that are not connected they are siloed that requires multiple log ins, navigating through the structured and unstructured data is a nightmare. Trying to understand where the case started and who was involved in that case and each party involved requires a lot of work to be associated to.
This is really where most of the investigation time is being spent. Another area which is really on the other end of the investigation which is writing the salary of the case and of course preparing the to be reported, that is another area where the whole time is also being taken.
If you think in between these two processes there is a lot of manual process going on there, there is a lot of manual errors that could happen. In my opinion poor case management tools can really result in poor decision making and low quality, missed fraud and financial crime incidents and the frustration of the team who’s handling the cases and the investigation and of course no work efficiency and ultimately higher cost.
Honestly, ideally a single platform for investigation that really, really looks into the intelligently- this is really important, intelligently looks into and gather all the case related information from all these different systems to provide the case in a very visualised and really storytelling navigation. So a narrative of the case and for the case analysts easily to make a decision ultimately on how the case should be processed and how the case should be taken to the next level of escalation.
John Gaffney: All right we’ll look out for that. So that’s a wrap on our latest episode of the Payments Podcast which is centred on enterprise case management. We encourage you to tell friends, tell people at work. You can find Payments Podcast on Soundcloud, Apple or Spotify or wherever you get your podcasts.
I want to extend a non-fraudulent and completely true sincere appreciation to you Eliza Thompson, financial crime researcher at Themis, thanks a lot for your contribution and look forward to reading the complete report.
Eliza Thompson: Yes definitely, it’s been a really great research process. The report I think has some really key and unexpected findings so I recommend checking it out.
John Gaffney: Mohammed Al Zraiqat who is our global senior project manager for fraud and financial crime here at Bottomline Technologies, any parting words of wisdom Mohammed?
M Al Zraiqat: Yes I really find this study so insightful, I encourage everyone to have a look at these results and share feedback with us I’m really excited.
John Gaffney: Excellent, okay, thank you for listening, see you next time on the Payments Podcast.
In this episode, industry expert James Richardson, Head of Market Development Risk and Fraud for Bottomline, talks about the rise in fraud and financial crime that rings the alarm for better detection and prevention based on the findings of the latest 2022 Global Business Payments Barometer.
7th annual edition of the Treasury Fraud & Controls Survey underwritten by Bottomline and written/produced by Strategic Treasurer. 230+ finance and treasury professionals from corporations and banks around the world participated in this comprehensive survey sharing their thoughts and practices.