Site Search

Menu

Capabilities

Menu

Cybersecurity, Risk and Regulatory

Loading Results

Strengthen bank fraud and financial crime defenses amid activity surge

Our Take Special Edition - March 22, 2023

The current banking industry stress can be unsettling for customers. Bankers, too, must respond to the rapid movement of customer funds and accounts which can create operational, compliance and liquidity challenges.

These uncertain market conditions can create an opportunity for increased fraud in customer account and transaction activity. Many legitimate customer transactions will take place outside of their normal, expected patterns of behavior, and as a result malicious activity can fail to be detected by transaction monitoring systems.

The increased customer movement also presents an opportunity for banks that are prepared to grow their business. To do so, they need to have a welcoming onboarding experience, but friction created by suboptimal verification and authentication controls could repel potential customers and create additional operational stress.

We see four important areas of focus for fraud and financial crimes departments to expand operational capacity, strengthen defenses, and streamline responsiveness to customers.

Operational strain due to surge in volume

It’s been several years since banking operations had to contend with a sudden large influx of customer requests, whether by new customers opening accounts and depositing funds or existing customers increasing activity as they react to market events. This increase in volume strains an organization’s ability to rapidly onboard new customers and handle a significant upswing in requests.

Potential issues:

  • Significant backlogs in processing caused by a lack of automation or deals activity, compromising the customer experience. This includes settlement instructions changes, withdrawal verification and new account verification queues such as know-your-customer (KYC) programs.
  • Increased false positive fraud alerts as large customer withdrawals or deposits exceed usual transaction amounts, fostering a negative user experience and consuming resources.
  • Incomplete new customer reviews, including collection of key AML/BSA and FDIC 370 data components, hampered by the influx of large portfolios.
  • Decreased operational efficiency due to gaps in employee skills, knowledge and experience as well as increased operational risk due to staff turnover or temporary staffing.

Key actions to consider:

  • Increase operational surge capacity by leveraging third party labor and services. Prior to contracting, firms should gain a solid understanding of the third party supplier’s skills, capabilities, locations (offshore/onshore), quality control processes and technology assets. Banks will need to continuously monitor these fundamentals as regulators have expressed concerns related to persistent quality issues during operational backlog remediations.
  • Use operational automation, such as robotic process automation, to speed manual reviews.
  • Leverage automated identity, account and document verification tools while still conducting appropriate customer due diligence and enhanced due diligence where needed.
  • Understand the origination of new funds to meet regulatory and supervisory recordkeeping requirements.

Unintended customer impact

Current systems and controls may not have been designed to accommodate the high volume and velocity of customer fund movements caused by the market stress. Customers who urgently want to move money or open new accounts may feel that an institution is not being responsive enough given the circumstances. In such cases, they may abandon their efforts because of the poor customer experience or banks may attempt to work around existing controls, threatening the institution’s reputation.

Potential issues:

  • Customers who infrequently transact may not have up-to-date authentication methods in place (e.g., mobile app verification, verified email or SMS for one-time passcode verification, voiceprint) creating a strain on fallback controls. 
  • Waiving of certain authentication or verification controls due to pressure from frustrated customers.
  • Authentication that falls outside of the bank’s standards due to a dormant account.
  • Account verification systems strained by a substantial rise in volumes at call centers and web portals.
  • False positive fraud alerts resulting from customers seeking to segregate recently migrated funds into many accounts to stay within the FDIC’s deposit insurance limit.

Key actions to consider:

  • Incorporate fraud strategies with real-time decisioning that segments users based on risk (e.g., address and phone number verified) and apply the appropriate level of authentication and reviews during onboarding and money movement.
  • Assess effectiveness of money movement, identity and account holder verification. For example, less active or dormant customers may not have a voice print on file, which may mean older and less secure forms of verification (e.g., knowledge-based authentication, paper-based signatures) are used.
  • Evaluate quality controls in key processes to confirm that they can handle an exponential increase in activity.
  • Update transaction monitoring rules and models to reduce false positives generated by a sudden increase in transactions in active or dormant accounts.

Heightened risk of fraud and other financial crime

Fraudsters and scammers will likely try to take advantage of the surge in customer account and fund movements by impersonating customers or by using a stolen or synthetic identity to create accounts or pull money from a customer’s account. Banks may also see transactions that could raise concerns of potential money laundering, insider trading or other financial crimes.

Potential issues:

  • Opening of accounts for the purpose of misappropriating funds or receiving misappropriated funds.
  • Targeted phishing and phone-based scams where fraudsters pose as a bank and pressure customers to divulge personal and/or account information.
  • Movement of funds by either insiders at affected institutions or individuals who may have been privy to sensitive, non-public information before its public release.

Key actions to consider:

  • Evaluate fraud detection controls, including identity proofing, authentication, and rules and models to confirm the overarching control environment includes the newest fraud risks created by the current market stress. 
  • Work with commercial onboarding teams for fraud referrals when unusual activity (e.g., new settlement instructions) is identified. 
  • When fraud activity meets defined thresholds, coordinate with incident response teams to confirm that the activity is being shared to support identification of broader attacks.
  • Review transactions to determine if concerns related to money laundering, insider trading or other financial crimes might apply. Institutions should obtain information from customers or public sources as appropriate and make timely regulatory filings when warranted.
  • Monitor for infiltration risk into the institution (including via contractors) or collusion. In particular, temporary labor should be well vetted and provisioned with minimally sufficient user access and/or entitlement restrictions to mitigate the risk of a potential insider threat (i.e., access to personal identifiable information or sensitive information, segregation of duties).

Risk oversight issues

To address the expected increase in transaction volume and potential operational backlog, risk oversight teams should have the capabilities to adjust to these conditions when monitoring the business and operations areas of the bank. This includes monitoring more frequently and differently in addition to evaluating key risk indicators (KRIs) to understand the impact to the risk and control environment and inform strategic decision planning.

Potential issues:

  • Expected volume surge may occur on an accelerated timeline - perhaps more quickly than periodic reports and key performance indicators (KPIs) are updated, making it difficult for independent risk functions to gain visibility to true state of affairs in the business or operations.
  • Existing fraud KRIs that are not tuned to the surge may breach, resulting in either a masking or an overinflating of the true impact of fraud risk.
  • Poor communications within business and operations and/or between lines of defense impair an institution’s ability to manage fraud and exposures.

Key actions to consider:

  • Increase the cadence of independent monitoring over first line functions to account for new or elevated risks. Second line staff should challenge the assumptions and operational strategies of the first line to confirm that much higher volumes and potentially larger operational backlogs remain manageable and within risk tolerance.
  • Monitor and evaluate fraud KRIs to understand true fraud impacts and inform short- and long-term strategic decision making.
  • Accelerate monitoring and reporting with new, well-defined indicators to supplement KPIs and KRIs with a threshold based action plan.
  • Increase the frequency and evaluate the scope of communications about risk and operational stress across the organization to confirm that all emerging, ongoing and future changes to the higher risk fraud environment are communicated to relevant stakeholders across lines of business.

How PwC can help

PwC offers a variety of services to help our clients address activity surges in an agile way.

Services include:

  • Identity proofing and verification
  • Fraud alert vetting and review (new account opening, transactional)
  • Fraud investigations
  • Customer due diligence and enhanced due diligence reviews
  • SAR drafting
  • Fraud detection rules and model tuning

In addition, PwC specializes in enhancing Fraud and AML programs by advising on the design and implementation of organizations, policies, procedures, processes and controls. Our teams help clients identify and assess regulatory risks, gaps and controls. Example offerings include:

  • Risk and control assessments
  • Fraud controls and technology architecture design
  • Fraud program cost analytics 

Download

Strengthen bank fraud and financial crime defenses amid activity surge - March 22, 2023

{{filterContent.facetedTitle}}

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide
Audit and assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.