Importance of Monitoring Risks and Frauds in an Era of Digital Transformation
Updated: Aug 22, 2019
Digital is the new normal. A whole-hearted embrace of digitization in media, transportation and retail industries has now stretched the realm of digital transformation looping in banks and financial institutions too. While on one hand, financial firms adopting digital transitions are welcoming a wave of change and innovation in the business, on the other, they are getting more and more vulnerable to cyber-attacks, frauds and risks. This is where there is a need for implementing effective financial risk management solutions in banks and financial institutions.
With an increased use of digital devices in the banking scenario, the security and access mechanisms of these devices are under constant threats from hackers looking to gain access to sensitive information, thereafter initiating online banking frauds. Saved information related to account details, passwords, etc. across digital devices often makes it difficult for banks and merchants to differentiate between real and fraudulent transactions. Everyone’s looking to get quick access to payments, and in the process they become the easiest victims of bots and malware/phishing programs.
Online banking frauds are the most prevalent in case of cross-border payments, more so because there is a slim chance of recovery that banks have, once the money has gone out of the bank. Moreover, the lack of transparency in the transactional procedures makes it even more exploitable. Furthermore, there is no single global regulatory body monitoring cross-border transactions. Every country has its own set of regulations and security policies. It is only unfortunate that businesses in emerging countries looking for expansions, do not pay heed to implementing stricter policies around security and access mechanisms, and in the meantime make themselves even more vulnerable to cyber threats and scams.
Due to a diversity of options available, there has been an upsurge in fraud monitoring channels through which payments are initiated by customers. However, backend systems through which payments are distributed to correspondent banks via bilaterally agreed transfer mechanism (FTP) or networks (SWIFT) have been given lesser priority so far. Let’s take an example of an incident where hackers siphoned close to $81m out of Bangladesh’s central bank in 2016. It is said that the hackers broke into the bank’s system virtually, used malware to log on to the SWIFT network using the bank’s unique code, and re-routed transactions to new beneficiaries through to multiple countries.
In 2018, the Nirav Modi-PNB scam had taken the nation by a storm. The detection of fraudulent transactions totalling to Rs.14,000 crores at Punjab National Bank put forward major loopholes in the software framework of the bank and a patchy implementation of its CBS and its non-linkage of SWIFT. The funds were siphoned off from the bank by employees who wilfully manipulated SWIFT, and issued letters of undertaking (LoU) on behalf of companies associated with Nirav Modi, to avail credit from overseas branches of Indian banks.
Against a backdrop of such growing cyber heists, there is an immediate need of a thorough reinforcement of fraud prevention and detection frameworks in the SWIFT payment transactions today. Only then, concerns related to processing different types of SWIFT messages, number of entities involved in the message, a knowledge gap between personnel in payment operations and the individuals implementing the transaction monitoring systems can be tackled without falling into the radar of potential fraudsters.
Banks must implement a fool-proof financial risk management solution within their frameworks in order to strengthen their internal control structure. Access control mechanisms must be tightened on granular levels, ensuring high level security standards as part of the total solution. Every action taken by the system or an employee must be validated and recorded for future investigation. Additionally, integrating fraud engines to scan every transaction that it processes for health check, also improves chances of catching errant behaviour if any. In case of any suspicion or inconsistency, transactions must be queued for operations to further investigate and take appropriate action on.
While implementing a new cross-border payment system, banks should ensure that the implemented technology has gone through a rigorous testing for code coverage, ethical hacking, penetration testing, access security testing, etc. The system should also be capable of supporting various encryption techniques to encrypt data when it is to be distributed to correspondent banks or other partner applications.
Simply put, risks related to online banking frauds cannot be ignored anymore. After the Nirav Modi scam, certain SWIFT-related operational controls proposed by the Reserve Bank of India mandated all Indian banks to implement a fraud detection and prevention framework within their core banking system, and asked them to integrate SWIFT with their core banking solutions.
The need of the hour is to implement a robust risk monitoring and control framework in the financial sector, and the key to accomplishing the same depends on the active involvement of key banking personals in defining anti-fraud policies in line with regulatory guidelines, monitoring audit procedures, ensuring correct exchange of information between all stakeholders, and rolling out a holistic approach to resist online banking frauds effectively. Few banks in India have already started their journey towards safeguarding their business risks proactively with the help of Fintech firms. The savings in terms of losses prevented, time and effort saved, outweighed the costs involved in undertaking an end-to-end security mechanism and provided a competitive advantage to these banks. Banks which have not met the timeline proposed by the RBI have been penalized with hefty amounts for non-compliance.
The Road Ahead
In an era of mass digitization, the importance of effectuating an unerring fraud management system in the banking and finance sector has been established by all means. Now, one can essentially point at the future of risk management as an adoption of cloud-based technologies to receive digital information accurately, and using advanced AI systems to assess risks with an aim of maximizing profits alongside maintaining client privacy and compliance.
Banks must implement a fool-proof financial risk management solution within their frameworks in order to strengthen their internal control structure.
There is an immediate need of a thorough reinforcement of fraud prevention and detection frameworks when effectuating cross-border payments
Few banks in India have started their journey towards safeguarding their business risks proactively with the help of Fintech firms.
Banks which have not met the timeline proposed by the RBI have been penalized with hefty amounts for non-compliance.
The future of risk management predictably points towards an adoption of cloud-based technologies and using advanced AI systems to assess risks.