The U.S. Justice Department has made the fight against money laundering and financing of criminal organizations a priority.
Money laundering was in the international spotlight as recently as June 28 with the arrest of 10 people in the U.S. for allegedly spying for Russia. They were charged with conspiracy to commit money laundering. Several of these defendants lived in New York and Boston, both considered large banking hubs.
The estimated size of money laundering worldwide through the banking sector is more than $500 billion annually. The Financial Action Task Force has formulated recommendations meant for financial service providers including banks, insurance companies, asset management companies, brokerage firms and other financial intermediaries to safeguard from these risks.
First and foremost security is a key issue in almost any organization, but especially when dealing with financing. There are many illustrations that have pointed out the cost of a lack of interest in security.
Fraud in banking is a costly and complex matter that needs close, unyielding attention. The financial downturn, and some external matters, has driven financial institutions to invest in a broad array of security topics.
To tackle these risks, the trend for both large and small financial institutions is the transition away from task-oriented compliance programs to process-oriented compliance programs. Process-oriented programs require compliance and security procedures to be practiced, tested, validated and evolved through out the organization on an ongoing basis.
It is important we learn from history to put the knowledge back into the prevention cycle and fine tune existing rules. Flexibility and a mid- to long-term vision, one that is open for changes within the market or region, are key when addressing security issues.
To benefit from structural changes, the complete chain of partners should be integrated. They all need to understand and agree on implementation, deployment and follow up. The chain always fails at the weakest link.
Recent incidents within financial institutions have shown that just a partial update leaves doors open for fraudsters probing to achieve access, install malware and/or redirect transaction traffic. In a short timeframe huge financial losses occur again, putting a company’s reputation and bottom line at risk.
Payment schemes have boosted compliance efforts, putting pressure on banks to change unsafe and non-certified POS terminals. Being non-compliant at a specified timeframe will result in financial fines towards the banks.
Banks have another important role - education. Creating awareness amongst the end users but also bringing all members internally up to speed. We notice that in remote areas, outside of metropolitan cities, the level of knowledge on newly used techniques to defraud the payment system is not widely known.
The vast majority of bank robberies do not involve a masked bandit busting into a bank brandishing a gun. In fact, most banks robbers never cross a bank’s threshold. Banks are robbed through organized fraud: there are online schemes, credit card breaches and counterfeit checking scams. All they need is a computer, a scanner, a printer and they’re golden. They can sit at home in their bathrobe and slippers and become a millionaire through fraud.
As a result, banks today are dealing with a wide range of security challenges, and they’re using a variety of strategies. They rely on the basics — thorough staff training and investments in physical infrastructure — and increasingly, a bank’s physical security is tied in more closely with the company’s IT infrastructure.
Security includes the interaction with law enforcement agencies and that is not always very straightforward. Throughout various countries, specialized units have been put in place, sometimes financed by the banking industry. They partly rely on the intelligence they get from bank staff or through the payment card industry.
In many cases reporting these incidents is not a priority for banks as they see it as being vulnerable. On the contrary a lot of valuable time and usable information is being lost, knowing that fraudsters are constantly on the move. Interpol and Europol have shown a huge interest as well as the technical laboratories, that are more than willing to move forward and put their resources in reengineering seized devices.
But a lack of cooperation or achieving a global standard with no dedicated task force from both regulators and law enforcement, slow down the process drastically, leaving criminals the chance to do their thing.
According to EastNets, this is why it is critical for there to be a support system between banks and financial institutions to partner with the law enforcement professionals who investigate fraud. A committed team – in both arenas – will help to make these professionals’ jobs easier and more effective.
Banks and financial institutions are undergoing a sea change and today face an environment marked by growing consolidation, rising customer expectations, increasing regulatory requirements, proliferating financial engineering, uprising technological innovation and mounting competition. This has increased the probability of failure or mistakes from the operations point of view – resulting in increased focus on managing operational risks.
Operational risk losses have often led to the downfall of financial institutions, with more than 100 reported losses exceeding US$100 million in the recent years. The regulators of financial companies and banks are demanding a far greater level of insight and awareness by directors about the risks they manage, and the effectiveness of the controls they have in place to reduce or mitigate these risks.
Money laundering is on the rise around the world, regulatory response is also increasing. Recent enforcement actions have focused on an institution's lack of consistent internal controls, governance and oversight.
According to PricewaterhouseCoopers (PwC), financial crime is a prominent issue that financial institutions need to tackle with great care. From PwC’s recent Global Economic Crime Survey, it is clear that internal fraud is more prevalent in the Financial Sector than in any other.
Many financial institutions are undergoing significant changes, often resulting in weakened control environments. The closing of certain activities within financial institutions could impact the incentive to commit fraud for those who leave the company in the near future.
While fraud has been on the agenda of internal auditors for some time, it is useful to take stock and discuss where companies stand in terms of fraud, and how internal auditors are responding to it.
There likely will be plenty of debate around how organizations approach timely detection and efficient prevention of fraud risks and advanced internal audit practices relating to fraud.
Co-authored by Paul Buelens, product manager at EastNets, and Eric Marks, director at Price Waterhouse Coopers.
