Don't Forget The Basics: KYE Means KYCKnow Our Enemy: How Banks Can Identify and Beat The Evolving Threat of Financial Crime
As the old saying doesn't go, keep your enemies close and your customers even closer. Having a complete overview of your clients and their banking habits - a must for both Know Your Customer (KYC) and basic good customer service practice - means you will inevitably have a greater understanding of your adversaries. This is crucial in the fight against cyber-enabled fraud and other financial crime.
Good housekeeping of customer access, payments and so on is always important, of course, but so too is minimising friction for your valued customers. After all, everybody wants good security but nobody wants to experience a disruption to their service.
"This is driven by increasing specialisation and division of labour. Examples of this collaboration include the attacks on July 20, 2016, where cyber attackers attempted to steal $150 million from a bank in South Asia and then minutes later attacked a bank in West Africa for the same amount. Clearly attackers can coordinate and collaborate in complex attacks across different continents."
Education plays a large part in this. "Banks have a duty to communicate about fraudster behaviour with their customers," says Nick Ryder, Professor in Financial Crime at the University of the West of England. "Banks really need to make their consumers more aware of things like sophisticated email scams claiming to be from the UK 'Inland Revenue', for example. If people are new to the internet then they're going to be susceptible."
It's about knowing your customers' habits thoroughly. You know that your over-65 segment, for example, aren't likely to be paying money to the relevant income tax authorities regularly.
The problem is that as security systems develop, creative criminals will find new ways to disguise their dealings. Prof Ryder suggests banks look closely at seemingly legitimate operations - "things like people testing their online security. This is a growth area for criminals." Of course, putting a stop to criminals seeking to test your security and fraud controls is not a viable solution, but continually evolving your security and fraud controls to address your enemies current and future tactics is essential. Equally, sharing intelligence within your organisation is critical; often your cyber team will know information that is incredibly valuable to your fraud team, or vice versa.
Another problem, explains Prof Ryder, is that "laws are always going to be reactionary, as are policies, so it's like fighting a fire with a small garden hose." Prevention and early-warning systems are key and this, he says, comes down to knowing customer behaviour extremely well, as well as cyber-crime trends. Banks need to know "which countries are deemed to be at risk, which countries have weak levels of compliance." This is where banks will be involved in de-risking.
Moreover, knowing the appropriate behaviours of your staff is almost as important as knowing your customer. Insider crime is a real threat and being able to quickly identify when staff activities deviate from normal behaviour is critical in the fight against this. Additionally, when banks are reluctant to bring charges against this type of fraud (usually to guard against negative publicity), it can have an adverse effect on the fight against financial crime.
Good practice when it comes to housekeeping, staff management and high-level Know Your Customer (KYC) will mean banks are far more likely to be able to detect when something's not right and act to stop or limit the damage caused to their customers and their bottom line.
To find out more, get the full report at https://www.content.baesystems.com/banking-know-your-enemy