If you take a glance through the current fraud cases typologies such as: CEO Fraud, Email Hacking, Money Mulling, SIM Swapping and other, it may seem that fraudsters are way ahead of the game. On the other side, it looks like Fraud Risk or Compliance Managers from Financial Institutions do not have the necessary “speed” to catch up, being caught up in procedures, numbers and never ending compliance to new regulation. If you add to it the low level of Customers’ Education, that are ready to offer “anything that is needed on a silver plate” during a Social Engineering scheme and Law Enforcement’ s lack of digitalisation & domestic legal restrictions, you have the perfect PICTURE, with all the necessary ingredients, to make the fraudsters Happy and nevertheless Prospere.
Still, in this game, the number and resources should turn the balance the other way around as Financial Institutions and Law Enforcement are in high advantage.
Some of the great battles in the history such as the Austerlitz one from 1805, showed that the number is not that important ,when you have ONE GOAL and the INFO at the right moment.
Most of the fraud risk management strategies done by Financial Institution, are built on four pillars: Prevention, Detection, Recovery and Deterrence. An efficient strategy will focus always on Prevention where it will allocate most of the resources, as it is cheaper to Prevent rather than to Detect or Recover.
Hypothetically, if we would consider the same strategy, when it comes to Law Enforcement, I do believe that the goal is to arrest the Bad Guys and as per experience, Judges are more sensitive to: Losses and Actual consumption of a crime, instead of an Attempt. This approach shifts the Law Enforcement’s goal to Detection Pillar.
So how can you work with a partner when you have different GOALS?
I believe that a start should be that both parties need to TRUST and RELY upon each other more, until they have a common ground.
To take a nowadays example, if you register many cases of identity theft, it would be better to validate online the ID of the customer at onboarding using the Law Enforcement database and his written consent, rather than the old fashioned eye-check or the new generation of biometrics’ verifications.I am convinced that this could save a lot of resources for Law Enforcement & Private Sector, as it will discourage fraudsters and so more time can be allocated for proactive activities instead of reactive ones.
And YES, this is GDPR compliant!
Another project could be the sharing of data between Law Enforcement, FIU and Financial Institutions, in order to prevent Money Laundering or Terrorism Financing. I am sure that the list can continue. As a final output, this can be translated in a less bureaucratic and more secured climate for a citizen/customer.
The good part is that some initiatives started to appear such JMLT in UK: http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/economic-crime/joint-money-laundering-intelligence-taskforce-jmlit ,EFIPPP with Europol: https://www.europol.europa.eu/about-europol/financial-intelligence-units-fiu-net, or the similar one in Netherlands. The value added is fantastic, but this should be followed on each country level so it can be efficient, as the fraud and money laundering have no boundaries.
As great things are never accomplished by just a single Providential man, but more by the energy of a Community, maybe the solution could be for all of us involved, to:
Share Ideas and Trust our Partner.
Alin Becheanu, CAMS, CFE