Sponsored by ?

This article was paid for by a contributing third party.More Information.

Tackling insider fraud – Best practice for banks

Tackling insider fraud – Best practice for banks

Volatile markets, the pivot to remote working and the prevalence of private messaging are just some of the factors contributing to the rising risk of insider fraud. At a recent Risk.net webinar, an expert panel explored the challenges for banks and financial institutions in monitoring and mitigating this complex threat

The panel

  • Omri Kletter, Fraud and Risk Management, Global Vice-President, Bottomline
  • Chandrra Sekhaar, Managing Director, Global Head of Audit, ING
  • John Keogan, Head of Fraud Risk, Internal Fraud Prevention, Standard Chartered Bank
  • Francisco Mainez, Global Head of Analytics, Business Financial Crime Risk, Wealth and Personal Banking, HSBC
  • Moderator: Steven Marlin, Risk.net

Banks and financial institutions worldwide are struggling with the management and control of insider fraud, a growing problem in the current environment. Changes in work practices, financial hardship, new communication channels and heightened market volatility, all induced by the Covid‑19 pandemic, have added to the circumstances in which fraudulent activity may thrive.

Recent Risk Quantum analysis shows that in the UK, external and internal fraud accounted for a major share of the operational risk losses at five top UK banks in 2020, and made up a greater portion of the average total than the year before.

At Barclays, Lloyds, NatWest Group, Santander UK and Standard Chartered, fraud was cited as the cause behind 38% of total op risk losses by value on average. The year before it was 22%. 

The recent surge in insider fraud cases is concerning for the industry. Regulators around the world have recognised these challenges and are united in urging firms to address the problem as part of their operational resiliency agenda and to prevent disruption as much as possible. 

The Bank of England’s policy statement on operational resilience for financial firms, published in March 2021, states that the Prudential Regulation Authority (PRA) expects firms to plan for all severe stresses, whatever their probability. 

To be operationally resilient, companies should be able to prevent disruption occurring to the greatest extent practicable and adapt systems and processes to continue to provide services and functions in the event of an incident, according to the PRA. They must also return to normal running promptly once disruption is over, and learn and evolve from incidents and near misses.

While staff can be reluctant to believe their colleagues are capable of criminal behaviour, firms are waking up to the fact that insiders represent one of the easiest channels through which the most resilient of defenses can be breached. The Monetary Authority of Singapore (MAS) also issued a circular in March, alerting firms to the increased risks of fraud due to remote working, including lack of physical oversight, collusion with other insiders or external parties, circumventing controls and inappropriate communications with customers.

The MAS recommends that banks conduct periodic reviews of remote access activities in higher-risk functions, such as trading and investment advisory, to identify suspicious incidents and trends. It also recommends enhanced surveillance of trades to ensure that they were transacted in accordance with established procedures, as well as monitoring keystrokes logging. 

It is clear that incidents of insider fraud – whether rogue trades, payment frauds or interest rate benchmark collusions – are on the rise. And the lingering effect of such events on data integrity and security, consumer trust and brand reputation is far-reaching and in most cases immeasurable.

To be prepared for these exigencies while being resilient, firms will need to prioritise best practices. They must also adopt agile next-generation technology that can detect fraudulent activity early and effectively with the use of data and smart analytics.

Fraud pandemonium 

Insider fraud – whether internal or external – is not a new phenomenon. Banks and other financial institutions, including certain government departments, have been at risk of internal fraud since the industry’s inception. 

But the risk is in sharper focus now because of the combined challenges brought on by altered working environments and heightened market volatility. In turn it is becoming more essential for firms to re-assess surveillance controls and test their strength across various work arrangements, whether in-office or remote locations. 

Omri Kletter, Bottomline
Omri Kletter, Bottomline

Omri Kletter, global vice-president for fraud and risk management at Bottomline, said that internal fraud impacts all organisations, big and small, across all regions. “Fraud is becoming one of the main pandemics of our [time],” he warned.

Fraud can be facilitated more easily today across the digital landscape of real-time payments, new user accounts or payment support systems. “Full collusion is 10 times easier when there is a digital application,” Kletter added. 

As a result, internal fraud has intensified and Kletter estimates that, for some organisations, up to 50% of overall payments fraud today is related directly, or indirectly – in effect, triggered by – internal fraud. 

Cut the silo noise

Organisational silos pose a perennial challenge in fraud detection, but firms are beginning to observe more grey areas and elements to internal fraud, beyond the traditional distinction of internal fraud and external fraud. “The concept of [an] employee is not necessarily as it was before – we have more contractors or vendors now,” Kletter said. “Being open-minded to the different types of employees, not just the different types of fraud, is critical for [the] success of detection.”

Insider fraud can be complex, especially when there is collusion across areas of asset misappropriation, rogue trading, manipulation of indexes, data theft, outright theft, abuse of position and overriding controls. Determining the nature of each risk allows firms to benchmark fraudulent activity levels in better detail.

When implementing data collection and monitoring solutions for clients for instance, Kletter pointed out that the aim is not just to detect fraud but also preempt it. “There are a lot of activities around policy and processes’ violation and those are good indicators sometimes that fraud will follow.”

Collecting and monitoring data and raising the red flag earlier is critical for fraud prevention. A more holistic viewpoint on fraud, irrespective of its business type and silo, can provide clearer insight into the direction fraud risk will travel.

Optimise best practices

Financial institutions and banks across the board are already using analytics to better manage security and controls. Nevertheless, organisation-wide culture, as well as systems and processes, must be adaptable to changing patterns of fraudulent activity. 

John Keogan, head of fraud risk, internal fraud prevention at Standard Chartered Bank, emphasised the importance of having the right message and tone from the top: “It’s absolutely important to have the right culture and the right messaging from the senior management of the bank.” 

Firms must stress to employees that fraudulent activities will not be tolerated, and that staff must display exemplary behaviour in this respect, he said.

“It is a clear message that needs to be shared and this is further cemented by having a very robust training and awareness programme, which focuses on the business and also talks about the business-agnostic types of fraud such as travel and expenses fraud,” Keogan added.  “If you allow small frauds to happen, there is potential for other misdemeanors also.”

How else can firms raise their game in tackling insider fraud? Developing best practices in resource management, prevention and processes is vital. Keogan recommends setting up ‘insider threat working groups‘. 

“Having a group that can get together and look at the [similarities and] common control structures, and share that information about their risk population is a powerful tool,” Keogan said. 

Sharing risk resources that can span areas such as IT specialists for data exfiltration, anti-bribery and corruption risk team members, sanctions violations as well as other fraud management teams must become essential, according to Keogan.

Chandrra Sekhaar, managing director and global head of audit at ING, agreed, recommending that firms set up a cross-business working group to focus on conduct. He also believes controls should be built around risk appetite. 

“What is acceptable and what can be done to keep the risk within that acceptable level? This helps define and drive the strategy on awareness, training courses and market abuse scenarios to help inform data analytics to spot unusual behaviour.”

Risk appetite aside, one of the most crucial aspects of any surveillance process is technological advancements. New tech is at the forefront of early and effective fraud detection. Machine learning, which is also being applied in detection systems and tactical surveillance systems, is becoming more prevalent. 

Next-generation platforms offer automated workflows for payment processing and bill review, and state-of-the-art fraud detection, behavioural analytics, and regulatory compliance solutions.

A way forward

The aim of any surveillance – especially that of fraud risk surveillance – must be deterrence, not just detection. 

Building solid strategy must go hand-in-hand with technology, while making the data available and adopting a proper analytics approach. 

Allowing data inputs to bring in information from external resources and carefully managing them can together prepare firms for the next stage of fraud prediction, prevention, and the resulting future resilience.  

Rendering data collection such that it is non-intrusive is essential in fraud tracking, Kletter noted: “One of the best practices is really to understand the journey of any internal attack and be ready for it.” 


You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here