Online Fraud: Understanding Risk and Compliance

All of us – as individuals, societies, banks and companies – need to watch out for risks in three areas:


For anyone who has ever suffered fraud on their bank account (personal or corporate) or card, or experienced the pain of identity theft, this will be very familiar. There are many types and techniques, from complex social engineering attacks to hacks of your online banking account or PC.

McAfee estimates that the total global cost of cybecrime now amounts to over US$400bn. With so much banking going on over the phone and online – and now over mobile devices – there are many more opportunities for criminals to find a vulnerability to exploit. Moreover, today these criminals might be anywhere around the world: just as banking is global, so is financial crime.

The statistics are troubling:

However, there is good news to report. Banks have worked hard to drive down fraud volumes affecting customers, by educating staff and customers, improving systems and processes and collaborating with other banks and law enforcement. Hopefully the industry will see its efforts pay off, as chip and personal identification numbers (PINs) and other protection technologies become more widely adopted. Nonetheless, fraud volumes are still too high and we all must remain vigilant.

Money Laundering

Except for the criminal, individuals won’t ever see money laundering directly – but it has a bigger effect on people than they might imagine. Money laundering enables criminals to profit from acts that harm society, such as government corruption, drug trafficking and tax evasion, and the resulting funds can sometimes finance terrorism and other criminal groups. Moreover, volumes are growing across the European Union (EU).

Nordea money laundering stats for Nordic region 
While governments and law enforcement lead the action to deter, detect and prevent money launder-ing, banks have a role to play too. They are obliged to investigate the legitimacy of customers’ identities and the validity of their transactions so they can report anomalies to law enforcement. Accordingly they ask questions when a business or an individual sets up an account and when they make certain transactions.


Sanctions are prohibitive and restrictive measures directed at foreign governments and nations, individuals or groups, or non-state actors or groups. Sanctions have an impact on, among others, financial institutions and their customers through restrictions, and controls introduced on provision of goods and services and the movement of funds involving sanctioned countries, individuals and entities.

Sanction violations are punishable by law and the consequences of breaching sanctions laws and regulations may result in significant fines and in severe violations, even imprisonment.

However, maintaining compliance is easier said than done: sanctions cover not only nations but companies and individuals and they are constantly changing. For example, during the 2014 crisis in Ukraine, sanctions were imposed by Japan, the European Union (EU), Canada, the US and other countries on dozens of Russian politicians, business people and companies; Russia, in turn, sanctioned US individuals and embargoed a range of agricultural imports from the US, EU and other countries, including Norway. The EU alone has a complex set of sanctions in force against 33 countries and groups.

Depending on where the company trades and what kinds of goods it imports or exports, treasurers may come up against sanctions completely unintentionally. Where a breach of sanctions occurs, both he/she and the bank may be held liable in law and subject to fines into the millions, as well as the cost of damage caused to corporate reputation. The US Treasury issued 17 penalties to companies for sanction violations totalling more than US$1.2bn in January to July 2014 alone.

The bank has an obligation to ask questions during any transaction to find out what goods are in-volved, who the counterparties are, and other details to make sure that the treasurer and the company are not in violation – it’s in everyone’s interest to co-operate so that payments can be processed without delay.

Nordea figs for US fines re breaking sanctions 
Changing Risks

Fraud, money laundering and sanction violations are all made easier by the rise of online banking ser-vices and globalisation. For instance with same-day payments now common, it’s easier for today’s tech-savvy and well organised criminals to launder money by rapidly moving it through a complex network of accounts, and have the money gone before law enforcement or banks can freeze or recall it. The financial world is increasingly complex and connected: it is a truly global economy. There are more devices and sites and user behaviours for criminals to exploit, and criminals can conduct their operations from a distance, at low cost and with little risk of being caught.

Regulators and the banking community have responded by tightening security and setting strict stan-dards of conduct. The expansion of fraud operations, increased use of anti- money laundering checks and evolving sanctions undoubtedly increase the burden of money and time for both customer and bank provider to maintain security and avoid the risk of non-compliance when performing transactions online. However these are obligations that neither companies nor their banks can afford to ignore – we need to collaborate together to protect our businesses and the wider societies in which we live and work.

Articles published by Nordea on its approach to online fraud and recommendations that clients can follow may be accessed here


Related reading