"Dear God, send me an accident," or so goes every risk manager's prayer, jokes Eva Leighton, director of operational risk at Citigroup, making light of the difficulty risk managers face in using only risk data to effect real change. But those who uttered that appeal may have gotten more than they bargained for in the last six to nine months, as employees and criminals alike react to the financial pressure of the recession. "Fraud is going up dramatically — both internal and external — and that remains a concern across the industry," Leighton told an audience at a recent Global Association of Risk Professionals conference.
Internally, the most money is lost in "rogue trading" cases. And you can bet that Bank of America's besieged risk team wasn't praying for an "accident" in early March, when a London-based currency trader, Alexis Stenfors, was accused of rogue trading activities resulting in losses of up to $120 million. But no one who deals with fraud and risk at financial institutions should have been surprised by the accusations.
"Rogue trading is the most urgent risk as far as risk managers are concerned," says Jaidev Iyer, who used to head operational risk at Citigroup and is now a managing director at GARP. Rogue, or out-of-limits, trading is far more common than many realize, and, Iyer says, "Senior management is by and large complicit, either by benign neglect or malign neglect, in terms of supervision."
On the retail side, but still internal, less-scrutinized credit card units are finding significant employee fraud. Take this example from Actimize, the risk-mitigation vendor that analyzes transactions and detects anomalies. Actimize's client (until recently a very large U.S. institution with tens of thousands of employees) had purchased an employee-fraud detection system and connected it to its credit card transaction processing system. "Within one week we caught 19 people that had been stealing money in the few months before we turned on the system," says Amir Orad, CMO at Actimize. "One of them personally stole" $350,000.
External fraud, including identity theft and check kiting, remain on the rise, so despite the recession, banks are continuing to spend on fraud detection systems - not least because they can have such an immediate impact on the bottom line. Most major institutions are vetting surveillance systems with artificial intelligence capabilities that reach far beyond the compliance systems being used now, Iyer says. Leighton characterized Citi's technology response to the rising fraud issue as the implementation of "industrial strength technology for collecting and reporting" on key risk indicators.
But the rise in fraud is laying bare the lack of comprehensive solutions in the enterprise fraud management category. Aite Group surveyed 23 institutions, 80 percent of which were in the top 100 in the country, and found that just about all the institutions cited a need for an enterprise solution, but only one-third had found something. "All of them said they want enterprise fraud case management," says Nick Holland, senior analyst at Aite. "The big disconnect is between wanting it and having it."
Part of the reasons banks are clamoring for solutions is because the anti-fraud market is still incredibly fragmented, and showing little sign of consolidation. Top vendors in different segments of the market include Retail Decisions, Fiserv, IBM, Norcom, Pegasystems, Fair Isaac, Actimize and ACI. "It's a very heavily penetrated market, there's lots of vendors out there, but the market share doesn't polarize to any one vendor," Holland says.
Whether the vendors are ready with an effective, easy-to-implement technology set or not, banks are buying because intelligent fraud management is seen as something that directly impacts the bottom line.
"The thing we are creating this year is the 'seeing around corners platform,'" Leighton says, noting that there's been a paradigm shift in how organizations approach their fraud detection mission. The security-and-risk mantra these days, she says, has moved from, "prevent this, to catch them early."