Streamlining Fraud Defense with Enterprise Case Management: A Smarter Approach

Fraud and Financial Crime


Ruud Grotens

Mar 14, 2023

As it heads into its second quarter, 2023 is proving to be an active battleground between fraudsters and the forces trying to check them. It’s a chess match that could determine the reputation, security and financial health of financial institutions (FIs) and corporates all over the globe. For every positive development like the UK’s Confirmation of Payee solution and the global, data-rich ISO 20022 standard, there are new attack vectors that show that fraudsters move in packs. If one vulnerability is secured, they move to the next one. One thing is sure: Fraud always seeks the point of least resistance. 

A good example of this is the case of insider or employee fraud. It’s well-known that hybrid work has led to vulnerabilities for insider fraud.  It comes in many forms. The first involves “good employees turned bad” who deliberately accesses, uses or shares business or customer data, capital or intellectual property for misuse.  This might also involve collusion with outsiders intent on misuse of data and capital.  Another involves the insider whose use of core banking or customer systems creates an accidental leak or data misuse opportunity in the normal course of access. But a new report from IBM and the Ponemon Institute shows how fraudsters are taking it a step further. According to “The Cost of Fraud 2022,” when remote working factored into a data leak, costs averaged nearly $1 million greater than in breaches where remote working wasn’t a factor — $4.99 million versus $4.02 million. Remote work-related breaches cost about $600,000 more on average compared to the global average. 

Fraudsters are getting smarter. The increasing complexity of fraud – from identity theft to securing payments to insider fraud – requires a simpler, more holistic approach to fraud prevention. Gone are the days when each team at a bank or business had their own data and proprietary technology to secure its essential functions. The current fraud landscape demands that FIs and corporates take a simpler view of fraud, one that tears down silos and mandates data and technology sharing from top to bottom within the organisation. Whether it’s insider risk management that needs the spotlight or tools to mitigate business email compromise, a coordinated approach to leadership, data and technology are the best weapons against the expertise of bad actors. 

Siloed problems; coordinated solutions 

If there had to be one culprit outside of the criminals themselves in this current fraud landscape, it would be silos. In a siloed approach to fraud prevention, investigative teams work in isolation, hoarding information, technology and best practices. Different departments may implement their own controls and monitoring systems without coordination or standardisations, leading to redundant or conflicting processes. This detachment leads to gaps in controls and monitoring, making it easier for fraudsters to exploit weaknesses in the system. And it complicates the management and cost of operations focused on financial crime.

Cornell University study in late 2021 found that remote work has exponentially increased the siloed nature of most organisations and that they were less stable as a result. Another 2022 study from Airtable and Forrester Research found that 79% of knowledge workers reported that teams throughout their organisations are siloed, and 68% said their work is negatively impacted because they don’t have visibility into cross-functional projects. Here’s how that might look in a fraud and financial crime defence context at an FI: An AML team, card fraud team, and online fraud team investigating the same customer/account on suspicious activity are operating without knowing what the other is doing. There’s no exchange of information and a higher likelihood that the increased activity could tip off the party under investigation. 

In a simpler world, investigations would share tool sets and processes for a better return on investment, more effective prosecutions and a higher percentage of losses recovered. Perhaps more importantly, simplicity produces a holistic view of threats. Every fraud vector is inherently linked. Card fraud can easily lead to online fraud, for example. The criminal who moves from payment fraud to business email compromise can make contacts and access funds that it later will launder using those legitimate contacts in the process. Or even worse, the money launderer engages in terrorist activity. The complexity and growth of financial crime mean it has an arc, and the fraudster rarely moves downmarket. 

Inside information

Which brings us to the issue of internal or insider fraud. It’s tempting to see these threats as separate from payments or social engineering fraud. Many fraud solutions providers make a clear distinction between them, which can lead to the siloed approach discussed earlier. In some ways, a dishonest, sloppy or even criminal employee can hide unauthorised activity in the typical workflow and manage to commit payment fraud through account takeover, for example. On the other hand, there is also the risk of unethical behaviour that can lead to more serious offences. The employee who innocently sends a client’s email address to a friend isn’t viewed as a criminal. But at a larger scale, it is criminal when an employee leaks data to external fraudsters to prepare for cyber fraud such as business email compromise.

There is an overarching principle that can erase silos and bring simplicity to this admittedly complex set of circumstances: Enterprise case management (ECM). Let’s remember that fraud is a financial crime. As such, it requires gathering evidence and involving law enforcement with all the internal procedures and policies that come with it. It helps financial institutions and corporates to organise, prioritise and manage cases in one system and allows them to collect all the evidence in one system.

ECM = simplicity. And to carry the equation further, its corollary is a holistic approach to fraud defense. Keep three things in mind when considering an ECM solution:

ECM is the easiest/most effective approach to drive convergence across siloed solutions. Siloed solutions are not a choice made with forethought. They occurred over the years as a pile-up of what were once best-of-breed solutions. So financial institutions are dealing with ‘legacy’ fraud detection systems and AML systems that are hard to replace and never designed to work together. Therefore, a case management solution must contain an integration layer through which alerts from the siloed solutions are consolidated in one single case around a particular client, employee or group. That will provide FIs with a holistic fraud management view, i.e., they will find all the information from disparate fraud detection systems consolidated in one single case.

ECM also enables collaboration and communication between teams or amongst team members. It’s important to note here that many financial institutions have started using case management solutions for AML purposes. The issue here is that case management systems designed for AML (which is a financial crime, not a type of fraud) will not work well for fraud investigations. This tracks back to the simple, holistic approach meaning that a bank should monitor ALL the accounts and products from a customer, a.k.a. the 360-degree customer view. So, consolidating investigative evidence in one central collection point is a substantial advantage for fraud and financial crime teams. This allows for easier access to critical information, streamlines the investigative process, and facilitates suspicious activity reporting.

An ECM solution for banking should include financial impact analysis capabilities, such as calculating losses and recovering losses. This is crucial functionality for fraud investigations because it enables organisations to understand the extent of their fraud losses, which in turn helps them to identify and address the root causes of such losses. It must also protect that kind of sensitive data. ECM systems contain investigative data, Know Your Customer (KYC) data, PII data and much more. FIs remain responsible for assessing risk and compliance issues associated with the cloud.  If the cloud is an option, FIs should work with a hosting partner with proven experience, certification, and a track record of providing the same service to similar financial institutions. You don’t want to be their first banking client.

The Bottomline: In this chess match between fraudsters and fraud defenders, it’s important to remember that the bad guys have the advantage of the counterattack. Financial institutions and corporates need to stay one step ahead in terms of strategy and tactics. Just as in chess, a wrong move may dictate the course of the entire game. Be smart; be simple. And use enterprise case management as your best ally against a worthy opponent. 



Posted by

Ruud Grotens

Ruud Grotens, Certified Financial Crime Specialist (ACFCS), is Head of Solution Consulting, Fraud and Financial Crime, at Bottomline Technologies. With over 30 years of experience internationally, advising banks (including central banks) and non-banks (including asset management firms, insurance firms, and MSBs) about financial crime risk management technology, covering anti-money laundering, counter-terrorist financing, sanctions, tax evasion, internal/external fraud including payment fraud and cybercrime.
Browse all posts
footer curve