The rise in the incidence of digital fraud

Frauds in the banking sector have been one of the key concerns not just for the regulator, but also the government and the banking industry. Today, a fraud incident is no longer viewed in isolation or as a one-off compliance issue. A recent Reserve Bank of India report also alluded to this fact. Addressing fraud risk has become a C-suite issue. Managing fraud has become more important for banks not only because of increased regulatory scrutiny, but also due to increased stakeholder expectations and the detrimental effect of the actual fraud loss incurred. For banks, the economic slowdown has only heightened the risk of fraud and money laundering.

Over the years, there has been a significant change in the types of frauds affecting the banking industry. The Deloitte Indian Banking Fraud Survey (Edition IV) indicates that traditional fraud typologies still play a significant role in the types of frauds committed as well as the subsequent fraud loss that occurs. There is an increase in digital or technology-related frauds, such as ATM skimming, mobile/internet banking, and identity/data theft, in addition to cyber risks faced by banks.

With the launch of new digital touchpoints between banks and their customers for contactless banking and other services, banks focus on how these changes will affect their fraud-readiness. They should consider investing in technology to evolve their fraud risk management frameworks (FRM) to tackle newer and more complex challenges.

While cybercrime and technology-related frauds as a trend should not be ignored, actual losses are, at times, not significant enough to have an impact on a bank’s financials. The potentially greater impact from cybercrime is on reputational damage, diminished customer and investor confidence, and theft/loss of personally identifiable information that together add up to substantial risks for financial services companies. These issues ultimately have the potential to affect the financial ecosystem and, in extreme cases, may lead to a systemic crisis.

While banks and financial institutions (FIs) continue to navigate through these unprecedented times, a number of proactive steps should be considered:

• While banks’ awareness of the need to enhance their FRM framework is increasing, they need to integrate a larger financial crime compliance agenda that will work across the business, compliance, legal, credit, and operations departments.

• Institutions need to take the time to measure the effectiveness, appropriateness, and efficiency of existing controls against an updated risk assessment. Using an updated risk assessment, an FI can test if its risk-based approach can mitigate the most prevalent risks and align resources to the highest risk areas. Only 50 per cent of banks do it every year, per our survey.

• With fraud schemes and the sophistication of fraud perpetrators constantly evolving, analytical tools provide the ability to discern anomalies, patterns, and trends across available data that might otherwise go unnoticed. Our experience suggests that current methods of FRM are plagued with a lack of centralised control/monitoring from various systems, and issues related to data availability and quality, resulting in increased frauds and delayed detection.

• The relatively static compliance or policy-centric approach to security found in many FIs may be outdated. For example, the way cyber fraud is tackled is different from how a loan fraud should be tackled. In light of impending risks from digital platforms, banks should consider building cyber-risk management programmes to achieve three essential capabilities: the ability to be secure, vigilant, and resilient.

Risks are inherent in the banking business. However, with frauds on the rise, organisations need to put their business in order by having effective control mechanisms in place. Although banks are making investments to enhance their FRM frameworks, the manner in which they choose to respond to challenges will continue to be the focus of the public, regulators, and investors, and will position them well to cope with any future crises that come their way.

The writer is Partner (Forensic, Financial Advisory) at Deloitte Touche Tohmatsu India LLP