Fraudsters target financial services

Scan the pages of almost any newspaper personal finance section or website and readers will find tales of woe and misery from the victims of financial fraudsters. These stories relate how scams, such as phishing, vishing and others, are used on a daily basis to transfer five-figure sums into accounts controlled by fraudsters, and despite attempts to crack down on such practices, they keep on occurring.

The Office for National Statistics has estimated there are as many as 3.8 million incidents of bank and credit card fraud annually in Britain, while Financial Fraud Action (FFA) says losses on UK cards rose by 16 per cent to £450 million in 2013.

FFA spokesman Craig Jones says that following the introduction of chip and PIN for credit and debit cards and other improvements in security, criminals are resorting to variations of deception crimes to trick people into disclosing their financial details. “Vishing for example – where fraudsters ring members of the public and ask them for personal details while pretending to be from their bank or the police – has become an increasing problem,” he says.

Even financial professionals can fall victim to such scams, as Charterhouse accountants of Harrow, north-west London, found earlier this year when it was defrauded of more than £80,000. Because staff were tricked into divulging security information over the phone, NatWest has refused to compensate the firm, which employs 28 people.

The resulting animosity in situations such as these means financial fraud is an ever-growing problem both for financial institutions as well as their customers. Nic Carrington, a partner in Deloitte’s forensic and dispute services division, says the scale of financial fraud has increased considerably in recent years. “People just keep on trying to find holes and, if they’re lucky, they only need a few successes to achieve very good returns. It’s a big issue for banks,” he says.

As well as trying to combat “external” fraud, which can also extend to sophisticated cyber attacks launched by criminals based aboard, financial institutions must remain hyper-vigilant to scams committed either by their own staff or with their co-operation.

Since the financial crisis struck, banks and other financial companies have been forced by regulators to keep a much closer eye on their inner workings in a bid to combat rogue traders, such as Jérôme Kerviel, whose unauthorised trades cost Société Générale almost €5 billion in 2008 and threatened its very survival.

RISK AND COMPLIANCE

Some big banks now have as many as 10 per cent of their staff in risk and compliance roles, which is a significant shift given that these employees are not direct sources of profit. “The regulatory agenda now is such that there is a real obligation on the institutions to report to the authorities… there’s an acceptance that the culture of financial services has somewhat changed – things have just moved on,” according to Mr Carrington.

One consequence of this shift has been a move by financial institutions to analyse data in a predictive way to help identify unusual patterns of transactions or behaviour by staff. Rather than relying on “red flags”, there has been a move towards more sophisticated forms of analysis to reveal suspicious activity. However, seeking to analyse the sheer volume of transactions in financial services remains one of the difficulties in trying to identify rogue employees or suspicious actions.

When fraud is exposed, financial institutions often use firms such as BDO to reveal exactly what took place and why controls failed. Richard Shave, head of financial services investigations at BDO, says his firm has been called on to examine a number of cases involving collusion by bank employees with external solicitors and valuers to make fraudulent property loans.

He says it is impossible to know how many instances of fraud, either internal or external, are not being detected, but the increased regulatory scrutiny means that fewer are now likely to slip through the net. “The level of data mining that the banks are doing now will have contributed to the increased levels of detection of fraud in financial services,” says Mr Shave. “Banks are throwing a lot of money at their compliance teams.”

Money laundering is another issue confronting financial institutions given that several have been heavily penalised by regulators on both sides of the Atlantic in recent years. HSBC was fined a record $1.9 billion (£1.2 billion) by US regulators in December 2012 for allowing Mexican drug barons, among others, to use its accounts to launder funds. The bank subsequently spent almost $300 million upgrading its systems to prevent such failures in the future.

How institutions react in the first few hours after a fraud has been exposed can be critical in terms of tracking down the culprits, he believes, and some have better procedures in place than others for dealing with the aftermath.

Risk assessment is a key part of the fraud reduction process, but in Mr Carrington’s view not every institution is taking sufficient steps to identify where the potential vulnerabilities lie in their systems. “If you don’t know what’s possible, then you don’t necessarily put in the controls to cover it – there is more that could be done,” he says.