Corporations around the world, from the financial services (FS) sector to industrial manufacturers to retailers, are facing a constant battle against fraud. As the reliance on IT for funds transfers and internet trading continues to grow, so does the threat of organised crime and fraud. The scale of the problem was highlighted in October’s fifth annual ‘Kroll Global Fraud Report’, prepared in co-operation with the Economist Intelligence Unit, which recently revealed that 67% of FS businesses have been victims of fraud, with 30% of other firms suffering some form of information loss or attack, and 25% experiencing internal financial fraud or theft. If a treasury’s banking partner is targeted, rather than the corporation itself, it can still have an adverse effect on business.
The FS sector is also facing increasingly stringent regulations, such as tougher Anti-Money Laundering (AML) enforcement, as evidenced by the US$1.5bn fine by US authorities this year against HSBC for allowing Mexican drug cartel money to be flow across its business, and stronger sanctions screening measures in the wake of the Arab Spring and the effective embargo against Iran for developing nuclear weapons, which lead to a US$340m fine for Standard Chartered. These measures are, of course, designed to improve transparency and require business of all types to enhance risk management strategies and look towards adopting real-time data analytics and other fraud prevention or compliance tools. In this environment, businesses need to act and introduce measures and systems that detect and mitigate security threats to prove compliance.
Using the Information Available
Data volumes are currently growing by approximately 2.5 million terabytes every day. As a result, company treasurers now have a huge amount of information that needs to be fed into and managed by effective risk management systems. However, a recent survey by the Information Security Forum (ISF), a not-for-profit trade body, revealed that only half of organisations are currently using some form of data analytics for fraud prevention, forensics and network traffic requests. Less than 20% are using this approach to identify information related to subject matter requests, predict hardware failures, ensure data integrity or check data classification, which can also help to prevent security breaches and potential fraud later on down the line once identities and networks are compromised.
Corporations and their treasurers need to implement tools and services that offer the ability to analyse large volumes of disparate and complex data in real-time in order to identify any anomalies in funds transfer or other key activities. This can provide senior executives with a holistic view of the organisation’s risk profile and enable them to identify the internal and external threats that the business is facing much more easily.
Adopting a strategic approach to business analytics also provides businesses with access to the granular level of data that is needed to gather valuable insights into current activity. Not only will this approach help to boost business agility so that organisations can quickly identify and respond to new trends, but it will also enable treasurers to prove compliance with the growing number of regulations that require firms to have greater transparency into incidents, as well as improved data privacy controls.
Don’t Forget the Insider Threat
The vast amount of information that is now available means that sharing information is a key component in doing business today. At a time when financial organisations are being deliberately targeted to gain illegitimate access to information, businesses need to learn from recent data breaches and create a risk model that indicates which areas within the organisation need greater assurance and protection.
Many corporations have a combination of legacy IT systems and complex supply chains and protecting these estates is not easy. The IT infrastructure within firms is likely to become even more complex as businesses’ adopt new technologies such as cloud-based outsourced processing services and bring your own device (BYOD) schemes for employees that breach company firewalls and perimeter defences. This means that an organisation’s data is likely to be spread across many parties and end points, and that more corporations face the risk of falling victim to incidents at banking partners or suppliers as a result, sometimes initiated by disgruntled employees in the chain.
Company treasurers therefore need to clearly define their businesses security requirements so that they can illustrate the information security requirements of suppliers more effectively, including clauses on IP protection covering mobile devices. In addition, businesses need to continue educating staff on how information can be used, shared and protected across the organisation in order to enhance data security and help protect against internal and external threats.
Develop a Risk-based Approach
Today, all businesses are in the process of rethinking how they handle enterprise risk and how they can deploy data analytics to fight fraud. In particular, this could include a move away from a reliance on standard security audits towards understanding the organisation’s risk appetite, BYOD, and protection end points. Only when a policy and integrated tools are in place, will it then be possible to implement a programme of continuous improvement that ensures risk management schemes meet the needs of the businesses and provide an adequate level of protection.
By creating a more business-focused security strategy in this way, risk management can be fully integrated into the heart of the organisation and embedded at a senior level. This approach will help to minimise risk and prevent the reputational damage of a data breach in the short term or an unauthorised hedge trade or funds transfer, while also providing a more resilient approach to risk management threats from the outside. If implemented such a policy, allied to powerful data analytics, can cope with and respond to the threat landscape as it continues to evolve.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.
Politicians have united in urging the Reserve Bank of Australia to lend its backing to the digital currency by officially recognising it.