Our latest insights

Know your criminal: Where are the blind spots in your organisation?

Share this post

Hiding behind technology enables fraudsters to use emotive language to target their victims, so industry experts examine how can people identify the red flags.

What is this article about? How the payments industry can improve its approach to fighting fraud and what needs to be done to improve business and consumer protection.

Why is this important? Fraud is a huge and growing problem that is affects individuals and organisations alike. With an increasingly digitised society, criminals are exploiting weak spots and lack of awareness to cause harm. It is in companies’ and society’s interest to minimise fraud for themselves and consumers.

What’s next? Payment organisations must look at their success rates around preventing fraud and whether they need to take a different approach to strengthen internal and external culture towards fraud.

The existing and complex relationship between society and technology is interlinked with fraud. Criminals steal funds faster and more easily by exploiting payments frameworks using emotive language to push victims to make decisions.

While face-to-face interactions allow people to notice cues that ring alarm bells, intuition is handicapped when it comes to online enabled crime. One the key factors that contributes to this is the language around fraud.

“If I say ‘fraud,’ there isn’t an image that comes to mind to give you an emotional hook as to why you should assess it as a problem,” explains Paul Maskall, manager of fraud and cyber-crime prevention at UK Finance/DCPCU, who spoke in a recent webinar hosted by The Payments Association.

A broader industry and social shift around fraud is required to allow people and organisations to discuss fraud with a more accurate risk profile.

There are different types of fraud: investment fraud, which is largely directed at non-banks, where an entity would present itself as a legitimate business. Another is when entities present websites giving investment advice or acting as investment brokers – this is often targeted at older, more vulnerable people.

“What worked for us in terms of deterring this activity was going above and beyond your typical tick-box, KYC-type process and focusing on what the typology is here,” says Simon McFeely, global head of risk and compliance at TransferMate.

He adds: “ In most instances we found that those websites were copied from elsewhere. That, coupled with the Companies House information, quickly led to an aggregation of red flags.”

Companies must look beyond a select few red flags

To uncover these red flags, staff need training and a change in their broader mindset. It is important for companies to have robust procedures and processes around identifying fraud, however, but the investigating analyst must have a degree of flexibility to look at a select few red flags and apply a deeper approach to investigation.

McFeely points out that there is a difference between ‘regulatory risk’ and ‘real risk.’

“If your whole programme is set up from a typology-led kind of position, then that means your actual risk is going to be managed, your risk assessments are going to be better informed and naturally your AML programme is going to be more targeted,” explains McFeely.

He adds: “I’m a very firm believer that if you’re managing a real risk and you’re serious about it, that trickles down to your sales teams, to your analysts, and how you actually project that to your consumers and customers that are interacting with your products.”

McFeely notes that this approach also helps regulatory checks, allowing the supervisory body to see that the company’s senior leadership team is actively supporting the development of fraud programmes, as well as ensuring the business is carrying the right kind of training, business and consumer risk assessments.

This reflects the difference between implementing policies as part of a tick-box exercise as opposed to reflecting a deeper cultural appreciation of fraud prevention. If that message is not echoed and led from the top, it is reflected in the company’s approach to compliance.

Companies can also turn to RegTech solutions to streamline compliance processes and identify suspicious activity more effectively. However, there is still a lack of awareness around the opportunities that leveraging technology can provide around compliance.

Another key barrier to adoption is the sheer number of solutions available, making it difficult to select the right RegTech.

“Vendors need scrutiny in terms of whether they are they really making it easier or are just in it for the money and the opportunity,” says Sarah Sinclair, founder of Change Gap. “Are they really focused on helping and do they have integrity of the data they use?”

Key themes to identify fraudsters

Mitch Trehan, UK head of compliance and MRLO at Banking Circle, notes that while analysts will have access to the data, they need to take different approaches to high-risk and low-risk entities.

“We have all these checklists, we know this data, we are getting it, so let us take it to that next stage of evolution…,” he states. “What is the information you are getting? What are you doing with it? How can you make it better? How can you get the culture of your firm up to scratch?”

While good practice on knowing your criminal will depend on each organisation’s activities, there are core themes that companies must strive for:

  • Law enforcement outreach programmes – be proactive in public-private partnerships and build out industry networks;
  • Identify scenarios – understand that risk assessment is not a tick-box exercise; you must proactively identify the typologies, capture the risk, and use it to strengthen your programme;
  • Tailored approach – employ system controls tailored to the product/service/client verticals and map it to inherent vulnerability scenarios; and
  • Adjust methodology – tailor procedures for KYC/KYB focused on real risk scenarios for specific clients based on the inherent vulnerability.

McFeely also believes there are ways to do more: “How can we work as an industry and put together a paper to see what good looks like? How can we get all this information that we have in our programmes to a level of industry expertise that is going beyond what the government is trying to do, so were doing more for the consumer?”

Across the sector, there is agreement that there needs to be better education on fraud, as well as applying this learning to a company’s culture and the need for a broader societal shift in thinking about fraud. Organisations must think creatively and proactively to tackle the constantly evolving challenges of fraud.

More To Explore

Know your criminal: Where are the blind spots in your organisation?

Login to your member account

You may be entitled to complimentary passes or discounts, and access to exclusive content as part of your corporate membership. Sign in using your work email address to continue:

Having trouble?

Set up your member account

Logging into your member account means you can:

Get in touch

* Availability depends on membership level that has been applied to your Corporate account. Terms and Conditions apply.

Let's get you logged in!

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having