Solution-Inner-banner

Blog

Round-up and Commentary on PwC’s 2020 Economic Crime and Fraud Survey

When it comes to preventing and tackling fraud, our research shows that a dollar invested now is worth twice as much when a fraud hits.” - Kristin Rivera, PwC Global Forensics Leader

The latest PwC “Global Economic Crime and Fraud Survey” describes fighting fraud as a “never-ending battle”. This is certainly the case as fraud numbers escalate and the entire world seems drawn into the eternal job of mitigating financial risk against a backdrop of increasingly sophisticated cyber-attacks threats.

The Global Economic Crime and Fraud Survey 2020 findings

The PwC report on global economic crime and fraud takes its findings from a 5000 strong cohort, 62% of which are at C-level. This is truly a global view of economic crime, taking in 99 territories. The report has some stark and sobering findings.

Top Fraud Types

The top types of fraud are:

  1. Customer fraud (35%)
  2. Cybercrime (34%)
  3. Asset misappropriation (31%)
  4. Bribery and corruption (30%)

Other types of crimes that made the top list include accounting fraud and money laundering and sanctions.

Individual industry sectors suffered from distinct types of cybercrime. For example, in the financial sector, customer fraud was the top concern, whereas, in government, cybercrime was the vector of choice for financial fraud.

Who Commits Financial Fraud?

In terms of perpetrators of financial fraud, the entire gamut of stakeholders is a potential threat: From insiders to customers, to external hackers, and even collusion between external and internal actors.

The report highlights the risks associated with the supply chain and third-party business associates. The survey finding that 20% of respondents said the most disruptive external fraud originated at a third-party supplier. Economic crime and fraud are truly a multi-vector opportunity.

The losses due to financial fraud

In the previous 24 months leading up to the report, a total of $42 billion was lost due to financial crimes. The areas where an enterprise feels losses the most include:

  • Direct financial loss
  • Reputation damage
  • Fines
  • Penalties
  • Remediation and response costs

On an individual enterprise level, 13% of respondents told PwC fraud incidents resulted in around US $50 million of losses.

The type of fraud experienced directly relates to the amount lost, with areas such as money laundering and insider trading coming in at the costliest of fraud crimes. Fines and sanctions were a compounding factor racking up losses for any organization that become a victim of financial fraud. This is no surprise when looking at the level of fines in this area: In 2019, OPAC issued around $1.3 billion in fines.

Insiders and Fraud

One of the key findings from the report was that insiders, including those who collude with external cybercriminals, result in the costliest of fraud crimes; fraud that was committed by an insider results in larger losses. PwC found that 43% of respondents, who had experienced insider fraud, had losses of $100 million or more. These findings tally with other insider threat analyses, which show that financial losses are higher than other types of cybercrime. One of the reasons for this is that insider threats are much harder to detect than external hacking events.

Fixing fraud

The PwC report also looked at how fraud can be mitigated. The conclusion was that a multi-layered approach should be taken. This should include preparedness, governance and analysis, and technology.

Preparedness

Knowing where a weak point is in an organization is a good place to start preparing to tackle the threat of fraud crime. The survey found that:

  • Half of all respondents have inadequate risk-checks or little or no ongoing monitoring of third-parties. This lack of insight into the risk associated with third-parties and the wider ecosystem of a service opens gaps that can be exploited.

  • To compound this situation, the survey also found that less than 30% of companies perform limited testing on control effectiveness, 12% have no testing of control measures whatsoever.

This lack of preparedness means that an organization cannot effectively plan for potential fraudulent events. Without insight or knowledge of the operational capacity of a service, decisions on the correct measures, linked to a risk analysis, cannot be made.

Governance and analysis

Going through the process of understanding where risk enters an extended service ecosystem and what level of risk presents, is a vital tool in the governance of cyber-risk and fraud. However, the survey identified that around 50% of respondents performed either no risk assessment at all or only assessed risk on an informal basis.

Similarly, respondents presented a mixed picture of the wider supply chain management.

Technology

PwC presents a strong case for the use of multiple layers of technology to address a complex fraud landscape. The report points out that an enterprise must “recognise that one tool won’t address all frauds”. The report goes on to look at the role of data in anti-fraud measures, stating the importance of using the “right data with the right rules and requirements”.

Post-Fraud Lessons

The PwC report stresses the importance of learning lessons from a fraud event. Out of the respondent cohort, a full 60% were able to improve their fraud outlook if they carried out a thorough post fraud event analysis.

PwC concluded that those organizations who successfully managed the current levels of financial fraud and economic crime well, performed these steps:

  1. Investigate: By using investigations and analysis correctly to identify system weaknesses and areas that were exploitable. PwC pointed out that if a company does not have the internal expertise to perform investigations, they should seek outside help.
  2. Policies and controls: Global assessment of controls should be done to locate any gaps.
  3. Discipline: Insider threats should be dealt with swiftly and employees disciplined.
  4. Disclosure: Informing regulators about a fraud incident was seen as a positive move to mitigate the impact.
  5. Employee training: Awareness training on fraud is an important part of a holistic approach to fraud mitigation.

An important and positive point to note from the report is that organizations that implement a fraud program spend “42% less on response and 17% less on remediation costs”.

How can smart AI-enabled technology help fight financial fraud?

PwC found that only around one-quarter of respondents are using artificial intelligence (AI) to counter fraud attempts. The researchers found this surprising, as AI is now an accessible and “prevalent” technology. PwC argues that AI is a valuable tool for use in anti-fraud platforms but that it must be used correctly. The researchers point out the importance of having tools that can consume and analyze data as it is generated.

The PwC report states that “external frauds – generally strike from outside the company, are transactional in nature, lend themselves to active monitoring, and when managed properly may reduce financial impact.”

Artificial intelligence (AI) enabled platforms are being used across industry in the fight against financial fraud. In the financial sector, AI is being applied to several areas including:

  • Payment lifecycle events: Looking for complex and sophisticated cyber-fraud that exploit areas across the payment lifecycle events. For example, an EastNets survey found that with regards SWIFT payment fraud in banking, 85% of leaders in the space used computer-based user behavior analytics (based on ML techniques) to reduce fraud.
  • Compliance: AI-based anti-fraud solutions are being used to ensure that regulatory requirements are met. Some regulations, such as “The Bank Secrecy Act” in the USA, are now mandating the use of smart technologies like AI-enabled AML checks
  • Automation (RPA): Automating labor intensive processes in banking using AI can help to alleviate human error and reduce cybersecurity gaps and weaknesses.
  • Sanction list checking: The vast volumes of financial transactions are making it difficult for human operators to spot trends and patterns in data that signify a potential fraud incident. AI-enabled sanction list and PEP (politically exposed person) list analysis continuously improves fraudulent activity signal capture by learning from real data. The results include reduced false positives, the cause of analyst fatigue, and overall improvements in the customer experience.

The PwC report is enlightening. It describes a mixed bag of organizations that are attempting to take charge of a situation that is fast becoming a serious challenge. The PwC researchers are keen to point out that this challenge is a multi-faceted one that requires a holistic response. A mix of risk assessments, governance, employee awareness, and smart technologies are needed to take on the demands of modern, financially motivated, cybercrime. By using a ‘Swiss Army Knife’ approach to tackling economic crime and fraud, an organization can create an environment that makes it much harder for fraudsters to operate.

Read the full PwC 2020 Economic Crime and Fraud Survey

Learn more about EastNets Payment Fraud Prevention and Cyber Security Services

 

JOIN THE CONVERSATION

Subscribe to Newsletter!