Financial Services Firms Are Being Attacked on All Fronts as Criminals Become Increasingly Adaptive and Sophisticated in Their Approach

  • Cybersecurity
  • 13.08.2020 04:46 pm
  • 28

It’s not just cyber technologies or digital currencies that are worrying financial crime teams in financial institutions across the UK & Ireland. It’s also the increasing volume and variety of more established financial crimes that aren’t new, but are incredibly hard to detect, such as mule activity; the proceeds of trafficking; the abuse of corporate structure and the criminal use of third parties. Despite spending 3% of their annual revenue on financial crime compliance – equating to almost £60 million per annum for larger banks – organisations still worry about their exposure to money laundering and the risk of inadvertently facilitating serious organised crime like trafficking, murder, kidnapping and terrorism, according to a new report, Future Financial Crime Risks, 2020 released today by global data and analytics provider, LexisNexis® Risk Solutions.

In the last 12 months, firms report being exposed to a wave of financial crime methodologies, including the use of money mules (37%); the criminal use of third parties such as law firms, accountancy firms and estate agents (37%); trade-based money laundering schemes (31%); the proceeds of trafficking (27%); the abuse of corporate structures (27%); the misuse of digital currencies (25%); and the misuse of prepaid cards (10%). When viewed across different types of financial organisations, no one crime was mentioned by a majority.

Nearly half of banks (45%) indicated exposure to money mules during the previous 12 months; rising to 56% among building societies and 60% for challenger banks. Exposure to the criminal use of third parties was reported most often by building societies (44%), asset management firms (43%) and private banks (42%) – with the latter also more likely to report exposure to the proceeds of trafficking (42%). With no single financial crime emerging as most common, criminals appear to be targeting different organisations with specific methodologies, where their controls are seen as weakest.

The Future Financial Crime Risks 2020 report, seeks to understand banks, challenger banks and fintechs, asset managers and wealth management firms’ perceptions of the current financial crime landscape, alongside identifying what the current risks are, and where they see risks emerging in future.

Worryingly, this reports’ findings are likely to be just the tip of the iceberg, given the difficulty firms report in recognising the patterns and behaviours associated with these complex financial crimes. Our study reveals many financial institutions to be less than fully confident they can detect many of the most prevalent crimes cited, including the proceeds of trafficking (55%), trade-based money laundering schemes (49%) the misuse of corporate structures (52%) and the misuse of digital currencies (43%), with some highlighting that they simply don’t have the data points to be able to detect these types of offences.

What is more, this onslaught doesn’t show any sign of easing. Almost a third (32%) of respondents expect their exposure to money mules to increase in the next 18-24 months, with almost the same proportion (29%) expecting to see criminals using third-party advisers more prevalently. In fact, across the board, the report shows that the majority of compliance professionals expect exposure to these types of financial crime to increase or remain the same over the next 18-24 months, as opposed to decrease.

As financial crime becomes more targeted and sophisticated, the cost of compliance for organisations is mounting. However somewhat surprisingly, firms are spending twice as much of their compliance budgets on people (64%), as compared with technology (36%), likely to deal with the volume of processing and reporting required to remain compliant with regulation. For mid to large UK firms, the average annual cost of compliance is £45.1 million, while for small UK firms the average cost was £8.8 million. In Ireland the costs are relatively lower, with mid to large firms spending £23 million and small Irish firms spending £3.1 million.

Despite the clear benefits of using technology to automate processes, allowing firms to redeploy humans to carry out more effective, risk-based analysis, the balance is still tipped heavily towards people. However, it’s not necessarily that firms don’t understand the benefits that technology could bring; many firms surveyed talk about outdated technologies, ineffective tools, IT gaps and system shortfalls. In many cases, the problem is that firms are operating legacy infrastructure which they believe restricts their capability to invest in newer and more agile technologies and solutions. They believe the costs of stripping out and replacing existing technology would greatly outweigh the benefits, certainly in the short term.

Meanwhile, the latest government statistics indicate that at least $100bn is still being laundered annually through the UK, with only around 1% being detected. If financial crime continues to rise exponentially and firms continue to invest two thirds of their compliance budgets in people, then the fear is that far from narrowing the gap, it will continue to widen. What the financial services industry needs is more investment in technology to build scale, automate essential processes including aspects of monitoring and reporting, and apply advanced analytics and machine learning to data in order to significantly improve detection rates.

Steve Elliot, Managing Director at LexisNexis® Risk Solutions says:

“Businesses require a far higher volume of more sophisticated data attributes that can provide better insight on the individuals and transactions involved in the complex, inter-connected and evolving financial crime ecosystem, as well as the ability to run strong analysis against these attributes. In this way, financial institutions can hope to gain a clearer picture on risks that they may not previously have seen.

These large datasets then need to be combined with careful monitoring and reverse engineering, using outcome data, taking confirmed crimes and transaction flows and understanding how they occurred, what were the patterns of activity and flows of money, and what can be learnt from this. This type of outcome-based approach to solving problems can already be seen across a wide range of different sectors, including manufacturing and medicine.

Ultimately, it’s vital that businesses move beyond just focusing on ensuring compliance, and focus more on how they can effectively detect, deter and disrupt financial crime. Although data and technology can be costly, the costs of not getting it right are far higher.”

Related News