The Financial Conduct Authority (FCA) recently ran a survey on UK financial crime to understand the threats faced by the market. As a regulator with nearly 60,000 financial services firms under its purview, the FCA required all UK-based banks — as well as 2,000 financial institutions (FIs) — to complete the survey.
In November 2018, the FCA published the results. The survey data provides industry-wide context on the risks to UK society and how banks and other financial institutions are choosing to respond. While financial firms’ fraud prevention strategies range from implementing the latest technologies to hiring financial crime professionals, the costs of fighting fraud are high — and growing.
According to the FCA, “The industry collectively employs 11,500 full-time equivalent staff in financial crime roles. We estimate the financial services industry is spending over £650 million annually in dedicated staff time to combat fraud, laundering and other financial crimes.”
That excludes costs such as IT investments in fraud prevention and detection or time non-specialized staff might spend preventing UK financial crime. In fact, “The total amount being spent is likely to be much higher than this estimate,” the report states.
The survey findings come on the heels of news that Authorised Push Payment (APP) scams and other types of fraud cost consumers and financial institutions more than £500 million in the first six months of 2018, according to UK Finance.
Key Findings on UK Financial Crime
The FIs surveyed by the FCA represent 549 million customer relationships globally, of which 78% are in the UK. Respondents indicated that concerns related to financial crime caused them to turn away over 1.15 million prospective customers and 375,000 existing customers. Although this represents a small percentage of total customer relationships, the raw number of more than one million customers declined for financial services is staggering. It illustrates the compliance concerns that FIs face, in order to have assurance that the customer does not pose a fraud or money laundering risk.
Some of the key findings include financial institutions’ assessment of the prevalence of fraud. Results showed that “for all types of fraud, most respondents who expressed a view thought the fraud was growing.”
Not surprisingly, identity fraud and identity theft top the list, while phishing attacks, hacking, malware, application fraud, and account takeover also rank high on the list. According to the report, “Cyber-crime is shown to be a key concern, with many of the frauds that were most frequently mentioned (such as identity theft and phishing) enabled by information technology. Nonetheless, some long-established crimes (such as account takeover, insurance fraud, card fraud and even cheque fraud) were also highly cited threats.”
While hacking and account takeover are top concerns for financial institutions globally, victims of account takeover in the UK ranked second only to pension liberation fraud where people are duped into transferring their money early and incur significant tax penalties. Of course, hackers aren’t going away anytime soon, but when the PSD2 Strong Customer Authentication requirement goes into effect in September 2019, it is expected to significantly reduce account takeover fraud. In future surveys, we should see this type of fraud move much further down the list.
Static Passwords at Fault
When it comes to the social engineering threats mentioned in this report, compromised usernames and static passwords are generally at fault.
According to PhishLabs, phishing emails are on the rise and more sophisticated than ever. Unsuspecting consumers are tricked into clicking malicious links to provide confidential information to cybercriminals. The links often take the user to a fake website that prompts them to log in and give up their login credentials to criminals. Stolen credentials are then used by the attackers to log in to other online services (e.g., email) as a launch pad for other phishing campaigns that can include, for example, requests to transfer money to a fraudulent account.
In addition, a recent survey by Verizon found that, “80% of hacking-related breaches leveraged either stolen and/or weak or guessable passwords.” To combat these threats, FIs and other organizations are deploying user-friendly multi-factor authentication (MFA) solutions to employees and customers, to enable them to securely access account information and execute transactions. Where permitted, the latest in user-friendly, frictionless authentication technologies have been deployed to the delight of CISOs and customers alike.
Two Considerations for Fighting UK Financial Crime
The FCA invested time and money to conduct this informative survey. While the survey provides valuable qualitative research, the reality is UK financial crime has many parallels with financial crime globally. Financial criminals know no borders and it is imperative for FIs to tackle fraud at both ends of the spectrum: at the front-end through strong identity management and two-factor authentication (2fa) or multi-factor authentication, and at the back-end through risk analytics and fraud detection solutions.
To learn more, download the Buyer’s Guide to Evaluating Fraud Detection Tools.