The Danger That Lies Within


The Danger That Lies Within

Tapan Agarwal – Risk Product Council Chair

11 May, 2016


Fraud Destroys Value, Financial and Reputational Both

“Three bank employees steal more than £2m”

Finextra, 2014

“Anti-fraud boss at UK bank steals £2.4m”

Telegraph, 2012

“Young banker at the heart of £72m bank fraud”

Guardian, 2008

Bitter headlines. Staggering losses. A senior banker at the GTB Advisory Event at London in March 2016 commented, “God save me from my friends, and I can save myself from my enemies.” Sometimes, the person perpetrating a fraud might very well be someone you say hello to every morning, someone you have coffee with every evening.

According to a 2016 Pricewaterhouse Coopers report[1], 1 in 5 banks have experienced enforcement actions by a regulator in the face of failure to curb illicit business practices. Almost half the incidents of serious economic crimes were perpetrated by internal parties. This is a major red flag; it points to potential weaknesses in internal controls of the banks. Unless internal risk audit measures are embedded in an organization’s culture, processes and systems, they will remain merely as check-boxes on a piece of paper and leave the bank vulnerable to internal fraud. According to the same report, financial services has traditionally proven to be the industry most threatened by economic crime, as it serves the financial needs of all other industries.

Forewarned is Forearmed

Setting the right governance model and the right culture is paramount to preventing internal fraud. But what about the systems themselves? Bankers recognize that automation can greatly reduce manual intervention and in turn lower human errors. Can automation also introduce clear and visible reporting and workflow transfer? As customer applications flow from data-entry straight to approval without any interruptions in an automated system, allowing faster processing of applications, can it also reduce the number of touchpoints with a human, lowering the opportunities to commit internal fraud?

Automated business rules and workflows not only lower the time-to-transact, they also reduce manual intervention. Pre-configured, on-demand, detailed reports lets management visualize all the data of the customer, no matter where it is scattered, in a single snapshot, which means that any anomaly in the data can be seen immediately and remedied, especially if some fraudulent act has caused it.

Workflow based systems which manage client onboarding, loan origination, payments exceptions, referrals etc. need to have the intelligence to track the behavior of the internal operator and generate analytics/alerts; for instance, if User X is always approving loans at very low interest rates or if User Y is consistently marking a payment exception as a false positive for a Beneficiary Y. Workflow systems need to used behavioural analysis to generate audit samples. The behavioural audits should also take into account “joint activity” if User X is always routing a transaction to user Y for approval to check if they are in cahoots. The systems should also take into account factors like the longevity of the person in the bank, the time of the transaction, value of the transaction etc. While banks have made good strides in pattern detection for payments, the same has not been applied as extensively to track internal fraud.

Automation Can Counter Fraud

There can be a thin line between a human-induced error and fraud. While internal fraud may not be eliminated completely, reducing dependence on staff to manually manage processes and applications, can free up valuable resources to maximize their throughput and efficiency while at the same time reduce risk incidents. Configurable workflows make it easy to define the entry and exit criteria in the workflow engine, so that customer applications can be approved or denied automatically using that customer’s credit history or track record of loans, thus flagging any unusual requests or transfers that are made, immediately bringing it to the notice of the management.

At the end of the day a bank is only as strong as the policies it defines and configures into its systems. Banks need to drive a culture of internal honesty, integrity, security and whistle-blowing right from the board level. However, automation goes a long way in detecting suspicious activities, whether perpetrated by external parties or by someone internal to the bank. 

Safeguard yourself from nasty headlines. Identify the danger that lies within and use automation to curb the fraudster’s appetites.


This post is a part of the blog series: Commercial Risk – The New Normal. Read more here.


Facebook Twitter Linkedin