"Dear God, send me an accident," or so goes every risk manager's prayer, jokes Eva Leighton, director of operational risk at Citigroup, making light of the difficulty risk managers face in using only risk data to effect organizational change. But those who uttered that risky appeal may have gotten more than they bargained for in the last six to nine months, as employees and criminals alike react to the financial pressure of the recession. "Fraud is going up dramatically - both internal and external - and that remains a concern across the industry," Leighton told an audience at a recent Global Association of Risk Professionals conference.
As Bank of America now knows, the most money is lost in "rogue trading" cases. You can bet BofA's risk team wasn't praying for an "accident" in early March, when a London-based currency trader was was accused of rogue trading activities resulting in losses of up to $120 million.
"Rogue trading is the most urgent risk as far as risk managers are concerned," says Jaidev Iyer, who used to head operational risk at Citigroup and is now a managing director at GARP. Rogue, or out of limits, trading is far more common than many realize, Iyer says.
On the retail side, but still internal, credit card units are finding significant employee fraud. Take this example from Actimize, the risk mitigation vendor that analyzes transactions and detects anomalies. A client (that was until recently a very large U.S. institution with tens of thousands of employees) had purchased an Actimize employee-fraud detection system but hadn't connected its credit card transaction processing system. But on a sinking feeling that the economy was pushing employees to fraud, the connection was made. "Within one week we caught 19 people that had been stealing money in the few months before we turned on the system," says Amir Orad, CMO at Actimize. "One of them personally stole $350k."
These kind of losses go straight to the bottom line, so it's not surprising that despite the recession, banks are continuing to spend on fraud detection. Most major institutions are vetting surveillance systems with capabilities that reach beyond current compliance systems, Iyer says. Leighton characterized Citi's technology response to the rising fraud issue as the implementation of "industrial strength technology for collecting and reporting KRIs."
But the rise in fraud is laying bare the lack of comprehensive products in the enterprise fraud management category. Aite Group recently surveyed 23 institutions, 80 percent of which were in the top 100 in the US, and found that just about all the institutions cited a need for an enterprise fraud management product, but only one-third had found something. "All of them said they want enterprise fraud case management," says Nick Holland, senior analyst at Aite. "The big disconnect is between wanting it and having it."
Part of the reason banks are clamoring for solutions is because the anti-fraud market is still fragmented, and showing little sign of consolidation. Top vendors in different segments include Retail Decisions, Fiserv, IBM, Norcom, Pegasystems, Fair Isaac, Actimize and ACI.