The latest PwC “Global Economic Crime and Fraud Survey” describes fighting fraud as a “never-ending battle”. This is certainly the case as fraud numbers escalate and the entire world seems drawn into the eternal job of mitigating financial risk against a backdrop of increasingly sophisticated cyber-attacks threats.
The Global Economic Crime and Fraud Survey 2020 findings
Top Fraud Types
Who Commits Financial Fraud?
The losses due to financial fraud
In the previous 24 months leading up to the report, a total of $42 billion was lost due to financial crimes. The areas where an enterprise feels losses the most include:
- Direct financial loss
- Reputation damage
- Remediation and response costs
On an individual enterprise level, 13% of respondents told PwC fraud incidents resulted in around US $50 million of losses.
The type of fraud experienced directly relates to the amount lost, with areas such as money laundering and insider trading coming in at the costliest of fraud crimes. Fines and sanctions were a compounding factor racking up losses for any organization that become a victim of financial fraud. This is no surprise when looking at the level of fines in this area: In 2019, OPAC issued around $1.3 billion in fines.
Insiders and Fraud
One of the key findings from the report was that insiders, including those who collude with external cybercriminals, result in the costliest of fraud crimes; fraud that was committed by an insider results in larger losses. PwC found that 43% of respondents, who had experienced insider fraud, had losses of $100 million or more. These findings tally with other insider threat analyses, which show that financial losses are higher than other types of cybercrime. One of the reasons for this is that insider threats are much harder to detect than external hacking events.
Governance and analysis
Going through the process of understanding where risk enters an extended service ecosystem and what level of risk presents, is a vital tool in the governance of cyber-risk and fraud. However, the survey identified that around 50% of respondents performed either no risk assessment at all or only assessed risk on an informal basis.
The PwC report stresses the importance of learning lessons from a fraud event. Out of the respondent cohort, a full 60% were able to improve their fraud outlook if they carried out a thorough post fraud event analysis.
PwC concluded that those organizations who successfully managed the current levels of financial fraud and economic crime well, performed these steps:
- Investigate: By using investigations and analysis correctly to identify system weaknesses and areas that were exploitable. PwC pointed out that if a company does not have the internal expertise to perform investigations, they should seek outside help.
- Policies and controls: Global assessment of controls should be done to locate any gaps.
- Discipline: Insider threats should be dealt with swiftly and employees disciplined.
- Disclosure: Informing regulators about a fraud incident was seen as a positive move to mitigate the impact.
- Employee training: Awareness training on fraud is an important part of a holistic approach to fraud mitigation.
An important and positive point to note from the report is that organizations that implement a fraud program spend “42% less on response and 17% less on remediation costs”.
How can smart AI-enabled technology help fight financial fraud?
PwC found that only around one-quarter of respondents are using artificial intelligence (AI) to counter fraud attempts. The researchers found this surprising, as AI is now an accessible and “prevalent” technology. PwC argues that AI is a valuable tool for use in anti-fraud platforms but that it must be used correctly. The researchers point out the importance of having tools that can consume and analyze data as it is generated.
The PwC report states that “external frauds – generally strike from outside the company, are transactional in nature, lend themselves to active monitoring, and when managed properly may reduce financial impact.”
Artificial intelligence (AI) enabled platforms are being used across industry in the fight against financial fraud. In the financial sector, AI is being applied to several areas including:
- Payment lifecycle events: Looking for complex and sophisticated cyber-fraud that exploit areas across the payment lifecycle events. For example, an EastNets survey found that with regards SWIFT payment fraud in banking, 85% of leaders in the space used computer-based user behavior analytics (based on ML techniques) to reduce fraud.
- Compliance: AI-based anti-fraud solutions are being used to ensure that regulatory requirements are met. Some regulations, such as “The Bank Secrecy Act” in the USA, are now mandating the use of smart technologies like AI-enabled AML checks
- Automation (RPA): Automating labor intensive processes in banking using AI can help to alleviate human error and reduce cybersecurity gaps and weaknesses.
The PwC report is enlightening. It describes a mixed bag of organizations that are attempting to take charge of a situation that is fast becoming a serious challenge. The PwC researchers are keen to point out that this challenge is a multi-faceted one that requires a holistic response. A mix of risk assessments, governance, employee awareness, and smart technologies are needed to take on the demands of modern, financially motivated, cybercrime. By using a ‘Swiss Army Knife’ approach to tackling economic crime and fraud, an organization can create an environment that makes it much harder for fraudsters to operate.
Read the full PwC 2020 Economic Crime and Fraud Survey
Learn more about EastNets Payment Fraud Prevention and Cyber Security Services