Fraud Attempts on the Rise Since Pandemic’s Start

As Covid-19 passes its one year anniversary in the United States, businesses are still adjusting to the pandemic’s impacts on their industry.

Banking is no exception. While banks have quickly adjusted to new initiatives like the Small Business Administration’s Paycheck Protection Program, the most notable impact to financial institutions has been the demand for online capabilities. Banks needed to adjust their offerings to ensure they didn’t lose their client base.

“ATM activity is up, drive-through banking is up 10% to 20% and deposits made through our mobile app are up 40%,” said Dale Oberkfell, president and CFO of Midwest Bank Centre last June.

The shift to digital account openings has been drastic. The chart below looks at the percent change in cumulative number of evaluations from 2019 to 2020 for a cohort of Alloy customers, limited to organizations that were clients for both years. Since the onset of the pandemic, digital account opening has increased year-over-year by at least 25%.

Although the shift to digital was necessary to meet consumer demands, online banking opens up the possibility of new types of fraud. To study the pandemic’s impact on fraudulent applications, we took a closer look at changes in consumer risk scores since the onset of the pandemic. Similar to credit scores, risk scores predict the likelihood of identity or synthetic fraud based on discrepancies in information provided, behavioral characteristics and consortium data about past fraud activity.

Comparing the pandemic months of March 2020 to December 2020 to the same period in 2019, Alloy clients saw a dramatic rise in high-risk applications. Total high-risk applications increased by 137%, driven both by overall growth in digital application volume and a comparatively riskier population of applicants.

There are several ways for you to protect your organization against this growing threat. One way is to use multiple data sources to create a more holistic understanding of your applicants and identify risky behaviors. It also ensures that you are not falling victim to compromised data from any one source. It’s a universal best practice; Alloy customers use, on average, at least 4 data sources.

Another way for you to protect your institution is by using an identity decisioning platform to understand and report on trends in your customer’s application data. Many data providers will return the values that triggered higher fraud scores, such as email and device type. An identity decisioning platform can store that data for future reference. So, even if a risky application is approved at onboarding, you can continue to monitor it throughout its lifetime with you.

Digital banking adoption and usage is expected to only increase in the future. Banks need to ensure that their processes for online capabilities are continuously improving. If your organization is spending too much time running manual reviews or using an in-house technology, it may be time for an upgrade. Click here to see how an identity decisioning platform can improve your process and help you on-board more legitimate customers.

Covid-19 Fraud: A Financial Pandemic

Even as some regulators have reduced reporting requirements, the Financial Crimes Enforcement Network (FinCEN) has opted for a less-relaxed approach in regard to financial institutions and Bank Secrecy Act compliance.

Earlier this year, FinCEN offered some insight into its expectations regarding the Covid-19 pandemic as it applies to BSA. It noted that financial institutions will face challenges related to the pandemic but “expects financial institutions to continue following a risk-based approach” to combat money laundering and related crimes and “diligently adhere” to current BSA obligations. There are some special issues that banks should look out for, along with reporting requirements surrounding those issues.

Potential Fraud Indicators
An 2017 advisory letter outlines some potential fraudulent activities that can occur during a natural disaster or relief efforts. The release was intended to help financial institutions identify and prevent fraudulent activity that may interfere with legitimate relief efforts. The following are likely issues that could arise in the wake of a disaster.

  • Benefits Fraud — Benefits fraud typically occurs when individuals apply for emergency assistance benefits to which they are not entitled. Financial institutions are at risk when fraudsters seek to deposit or obtain cash derived from the emergency assistance payments. FinCEN noted that fraudsters often used wire transfers to perpetrate these scams. In those situations, they request withdrawals and the banks wire funds to the accounts, where the fraudster immediately withdraws the funds.
  • Charities Fraud — Charities provide a vehicle for donations to assist disaster victims; during times of disaster, criminals seek to exploit these vehicles for their own gain. Both legitimate and fraudulent contribution solicitations and schemes can originate from social media, emails, websites, door-to-door collections, flyers, mailings, telephone calls and other similar methods.
  • Cyber-Related Fraud — Cyber actors take advantage of public interest during natural disasters in order to conduct financial fraud and disseminate malware. The Center for Internet Security expects this trend to continue, as new and recycled scams emerge involving financial fraud and malware related to natural disasters.

According to an October release, FinCEN advised financial institutions to remain alert when it comes to fraudulent transactions that resemble those that occur in the wake of natural disasters. FinCEN is monitoring public reports and BSA reports of potential illicit behavior connected to Covid-19 and notes some emerging trends, in addition to those issues identified above.

  • Imposter Scams — Bad actors could attempt to solicit donations, steal personal information or distribute malware by impersonating healthcare organizations or agencies like the Centers for Disease Control and Prevention or the World Health Organization.
  • Investment Scams — The U.S. Securities and Exchange Commission urged investors to be wary of coronavirus-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect or cure coronavirus.
  • Product Scams — The U.S. Federal Trade Commission and U.S. Food and Drug Administration have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to Covid-19. Additionally, FinCEN has received reports regarding fraudulent marketing of coronavirus-related supplies, such as certain face masks.
  • Insider Trading — FinCEN has received reports regarding suspected coronavirus-related insider trading.

Suspicious Activity Reporting
FinCEN still expects institutions to report suspicious activity — however, there are some special expectations within the reporting fields. FinCEN requests, though does not require, that financial institutions reference the 2017 advisory letter and include the key term “disaster-related fraud” in the SAR narrative and in SAR field 31(z) (Fraud-Other) to indicate a connection between the suspicious activity being reported and possible misuse of relief funds.

New FinCEN COVID-19 Online Contact Mechanism
FinCEN has created a coronavirus-specific online contact mechanism, via a specific drop-down category, for financial institutions to communicate related concerns to FinCEN while adhering to their BSA obligations. While this reporting program is in place, FinCEN has not committed to more than an automated response to any communications received.

FinCEN has continued to encourage banks to follow existing guidance and regulation in an effort to secure transactions within the financial services space. FinCEN will offer additional guidance as fraudsters are identified and their efforts are better understood. Until then, financial institutions may do well to ensure that their BSA and anti-money laundering programs are prepared to weather the storm.

Community Risks That Community Banks Should Address

States and counties are starting to reopen after a prolonged period of sheltering in place due to the Covid-19 pandemic.

Many community banks that function as the primary lenders to small businesses in the rural Midwest have yet to see a significant negative financial impact because of the shutdown. In fact, many community banks stand to receive significant loan origination fees from the U.S. Small Business Administration for participating in the Paycheck Protection Program. They’re also flush with cash, report the community bank CEOs I’ve asked, as many borrowers haven’t used their PPP loan funds and consumers have been holding their stimulus payments in their checking accounts.

But just because things look stable from a financial perspective doesn’t mean there isn’t risk in your community and to your bank. Let’s take a brief look at some issues community banks should be monitoring today:

Increasing personal debt caused by prolonged unemployment. Unemployed Americans received an unprecedented amount of unemployment benefits that for the most part ended on July 31, 2020. What are Americans doing now? Some furloughed employees have been recalled, but others weren’t. When income is scarce, the use of credit cards, overdraft protection, and personal loans increases. What is your bank doing to monitor the increasing financial pressure of your individual borrowers and account holders?

Delayed business closures. Small businesses without a significant online presence are finding it difficult to operate in this new environment. “Nonessential” small businesses survived the shutdown by using government funds, furloughing employees, drawing on credit lines, or using personal savings. The lost sales may not have been deferred to a later date. Instead, they are truly lost and won’t be recaptured. Without a fast and heavy recovery for small businesses, they may be forced to close and may not be able to support their current debt load. How is your bank monitoring the performance of your small business customer?

Reduced need for office and retail space. With the increase in employees working remotely, especially at businesses that typically use commercial office space, the perceived need for office space is declining. Once a lease term expires, community banks should expect some commercial borrowers to experience reduced rental income as tenants negotiate for less square footage or overall lower rates. Are you tracking the going rate for rent per square foot in your market?

Increased fraud risk. When people experience all three sides of the fraud triangle (rationalization, opportunity, and pressure), they’re more likely to commit fraud. Identification of the fraud can be significantly delayed. A bookkeeping employee whose spouse has been laid off can rationalize the need for the company’s money, has the opportunity to take it, and feels the financial pressure to use it for personal needs. This person may be able to cover it for a short time; but, covering it becomes more difficult as it grows. That can happen within the bank or at any of your commercial borrowers.

Community banks have yet to see a dramatic increase in past dues or downgrades in loan ratings; it’s likely too early to see the financial stress. Several community banks are adding earmarked reserves to the allowance for loan losses in each loan category as “Covid-related.” However, community banks should carefully evaluate loans that were “on the bubble” prior to the shutdown, were granted some form of deferral by the bank, or are in certain industries like hospitality. Interagency guidelines permit banks to not account for these loans as troubled debt restructures (TDR) if they meet certain criteria, but banks are still responsible for maintaining a proper allowance. A loan in deferral may need an increased reserve, even if it isn’t accounted for as a TDR. The time it takes for that stress to show (called “loss emergence period” in accounting) is longer than many think.

Two other significant financial impacts to banks relate to overdraft fees and interchange fees. As spending decreased, so did overdrafts and associated fee income. And without the discretionary debit card swipes, interchange fees fell significantly as well.

How much of the above information will you use as you prepare the 2021 budgets this fall? What will your baseline for 2021 be: 2019 or 2020? Regardless, assess the risks to the bank and plan accordingly.

This article is for general information purposes only and is not to be considered as legal advice. This information was written by qualified, experienced BKD professionals, but applying this information to your particular situation requires careful consideration of your specific facts and circumstances. Consult your BKD advisor or legal counsel before acting on any matter covered in this update.

How One Bank Flattened Fraud

Argo.pngProtecting the bank and its customers — through cybersecurity measures, identity verification, fraud detection and the like — is vital in ensuring a financial institution’s safety and soundness, as well as its reputation in the marketplace. These investments typically represent significant cost centers, but fraud prevention tools can be an exception to the rule if they’re able to pay for themselves by preventing losses.

The idea is, when you put in a fraud system — and this is where some folks lose it — you want to make sure to catch more fraud than the system costs,” says Ronald Zimmerman, vice president in the operations department at $32.2 billion IBERIABANK Corp., based in Lafayette, Louisiana. “You always have to make sure that the cost doesn’t supersede your savings.”

Zimmerman implemented ARGO OASIS about a year ago. OASIS, which stands for Optimized Assessment of Suspicious Items, uses neural networks and image analytics to detect and prevent fraud. Modeled after the human brain, neural networks are a form of artificial intelligence designed to recognize patterns, making it well suited to identify check alterations, forgeries and other forms of transaction fraud. The solution then provides bank employees with detailed information to enable them to further investigate the activity.

Bank Director’s 2020 Risk Survey found that just 8% of executives and directors report that their bank uses AI technology to improve compliance. One-third are exploring these types of solutions.

IBERIA brought in OASIS to identify fraud in its “two-signature accounts” — customer accounts that require two signatures on a high-dollar check. “We have a queue set up in OASIS to monitor these checks as they come in through clearing. If a signature is missing or is in question, OASIS flags it for review,” Zimmerman says.

One thing about the technology that sets it apart is its check stock validation tool. “You have an overlay button where you can place a questioned check on top of a good check, and you have a little slide bar [so you] can see the small differences,” he says.

That tool alone has helped the bank stop roughly $300,000 in check fraud over the first eight months of use — meaning ARGO has already paid for itself. “We’ve caught a ton of fraud through this product,” says Zimmerman.

And $300,000 is a conservative estimate of the bank’s savings, Zimmerman says, because fraudsters have learned not to target his bank. “Check fraud flattened out, because the fraudsters have probably moved on, knowing that we’ve covered up a hole that was there before.”

ARGO OASIS was recognized as the Best Solution for Protecting the Bank at the 2020 Best of FinXTech Awards in May. ALTR, a blockchain-based security solution, and IDology, which uses big data for identity verification and fraud detection, were also finalists in the category.

Importantly, ARGO helps IBERIA stop fraud efficiently. A task that used to occupy three full-time employees’ time now takes two employees just a couple of hours.

IBERIA will soon merge with Memphis, Tennessee-based First Horizon National Corp. to form a $75 billion company. The deal was driven in part by the pursuit of scale.

Generating efficiencies is essential to better compete with big banks, said First Horizon CEO Bryan Jordan in a 2017 presentation. “We’ve got to be invested in technologies in such a way that we’re at or above table stakes,” he said. “The trick for us will be to … create efficiency in other parts of the business to create money that we can invest in leading-edge technologies and processes that really allow us to be competitive.”

Leveraging AI to reduce compliance busywork is a great place to start.

Small Changes Lead To Big Payoffs In Reducing Fraud

Banks can leverage their relationships with clients and empower to better control fraud.

Many financial institutions find themselves in difficult positions as a growing number of their customers are targeted for business takeover attacks. Hackers gain access to company funds through a variety of manipulations, often tricking an internal employee to send a wire transfer. Some corporates have ineffective controls around their bank accounts or make poor decisions when sharing banking information. Banks are often stuck in the middle. Regardless of its lack of involvement in a fraudulent transaction, the bank will likely receive the first call when money goes missing.

Organizations are increasingly concerned about these business takeover threats, according to RSM’s recent Middle Market Business Index Cybersecurity Special Report. The survey found that 64% of middle market executives believe their businesses are at risk of attempted employees manipulation in the coming year, up 9% from the previous year. They are right to be worried: These attacks are growing in popularity with criminals because of their low-tech and low-risk nature, combined with the potential of significant rewards.

Business takeover cases are simple on the surface, but can have complex details. In one recent example, a portfolio company from a private equity company sent an email to the PE firm’s chief financial officer seeking additional funds. A hacker who took control of the portfolio company’s email sent a follow-up email with the hacker’s bank account information to receive the fraudulent wire transfer. The CFO quickly recognized that something was wrong and called the bank. The company and the hacker used the same bank, which froze the funds. But the hacker successfully convinced the institution to release the funds and wired them out of the country.

While banks are not required to encourage customers to adopt stronger protections against takeover threats or modify their own internal processes to identify fraud, some small adjustments can make a big difference to help deter criminals.

Many banks still do not coach customers on how they can discourage takeover threats, or help them understand the tools at their disposal. For example, many banks offer two-factor authentication for wire transfers that customers choose to disable it, creating unnecessary vulnerabilities. When customers elect to turn off security controls, banks can intervene and help them understand how why those controls exist. Coaching can help clients avoid painful experiences.

In addition, banks should offer security information and training to their clients on a regular basis to help understand threats and the role the bank plays. Institutions need more visibility into emerging risks and the behavior and activity that clients need to avoid. They can use these touchpoints to check on their customers’ status, improve business relationships and discuss any additional necessary services. 

Many banks utilize flexible core banking systems that can identify high-risk transactions. These platforms feature extensive functionality, but banks often do not use all of the built-in capabilities and sometimes miss questionable transactions in real time. In many cases, they can establish controls to flag suspicious activity. 

For example, if a middle market company that traditionally only does domestic wire transfers sends funds to Romania, that transaction should stick out like a sore thumb. Perhaps a company that usually sends wire transfers under $20,000 suddenly sends one for $60,000. While large banks may not be able to pick up the phone to validate that transaction, community banks have an opportunity to reach out personally and provide more value than their larger counterparts.

Obviously, detecting a fraudulent wire transfer from within the bank is not always this straightforward. But the institution is often the last point of resistance in these attacks. Individuals responsible for oversight should review suspicious activity reports and other notifications of wire transfer fraud regularly to identify criminal activity.         

Banks may be able to better control fraud in three ways: confirming transfers with clients, being more conservative with internal fraud detection processes and paying attention for any outlier transactions.

Most banks and many customers have taken steps to improve their internal cybersecurity following high-profile attacks and increased regulatory scrutiny. However, plans to reduce business takeover risks both inside the bank and when guiding customer activities must be adaptable to new threats. Criminals’ methods will constantly evolve to circumvent today’s detective controls and protective measures.

Educating clients about how to avoid and address risks while adjusting internal bank processes can improve operations for both your bank and your clients. A stronger risk environment can increase customer satisfaction, reduce the strain on internal employees tasked to track down lost funds and help you avoid having to guide your customers through the fallout of a criminal hacking.

How Innovative Banks are Eliminating Online Card Fraud

Card fraud has a new home. Just a few years after the prolonged and pricey switch to EMV chip cards, fraud has migrated from purchases where the card is physically swiped to transactions where the card is not present. The shift means that U.S. banks might be on the cusp of yet another move in card technology.

EMV chips were so successful in curbing cases of fraud where the card was swiped that fraud evolved. Fraud is 81 percent more likely to occur today in “card-not-present” transactions that take place over the phone or internet rather than it is at the point of sale, according to the 2018 Identity Fraud Study by Javelin Research.

Technology has evolved to combat this theft. One new solution is to equip cards with dynamic card verification values, or CVVs. Cards with dynamic CVVs will periodically change the 3-digit code on the back of a credit or debit card, rendering stolen credentials obsolete within a short window of time. Most cards with dynamic codes automatically change after a set period of time—as often as every 20 minutes. The cards are powered by batteries that have a 3- to 4-year lifespan that coincides with the reissuance of a new card.

Several countries including France, China and Mexico have already begun adopting the technology, but the rollout in the United States has been more limited. The new Apple Card, issued by Goldman Sachs Group, boasts dynamic CVV as a key security feature. PNC Financial Services Group also launched a pilot program with Motion Code cards in late 2018.

Bankers who remember the shift to EMV might cringe at the thought of adopting another new card technology. But dynamic CVVs are different because they do not require merchants to adopt any new processes and do not create extra work for customers.

But one challenge with these more-secure cards will be their cost. A plastic card without an EMV chip cost about 39 cents. That cost rose to $2 to $3 a card with EMV. A card with the capability for a dynamic CVV could cost 5 times as much, averaging $12 to $15.

But advocates of the technology claim the benefits of eliminating card-not-present fraud more than covers the costs and could even increase revenue. French retail bank Société Générale S.A. worked with IDEMIA, formerly Oberthur Technologies, to offer cards with dynamic CVVs in fall 2016. The cards required no change in customers’ habits, which helped with their adoption, says Julien Claudon, head of card and digital services at Société Générale.

“Our customers appreciate the product and we’ve succeeded in selling it to customers because it’s easy to use.”

He adds that card-not-present fraud among bank customers using the card is “down to almost zero.”

Eliminating card-not-present fraud can also eliminate the ancillary costs of fraud, says Megan Heinze, senior vice president for financial institutions activities in North America at IDEMIA. She says card fraud is estimated to cost banks up to $25 billion by 2020.

“A lot of prime customers ask for the card the next day. The issuer then has to get the card developed—sending a file out that has to be printed—and then it’s FedExed. The average FedEx cost is around $10. The call to the call center [costs] around $7.50,” she says. “So that’s $17. And that doesn’t even include the card.”

What’s more, dynamic CVVs could also create a revenue opportunity. Société Générale charges customers a subscription fee of $1 per month for the cards. The bank saw a more than 5 percent increase in new customers and increased revenue, according to Heinze.

Still, some are skeptical of how well a paid, consumer-based model would fare in the U.S. market.

“The U.S. rejected EMV because it was so expensive to do. It was potentially spending $2 billion to save $1 billion, and that’s what you have to look at with the use case of these [dynamic CVV] cards,” says Brian Riley, director of credit advisory service for Mercator Advisory Group. “If it tends to be so expensive I might want to selectively do it with some good customers, but for the mass market there’s just not a payback.”

Still, dynamic CVVs are an interesting solution to the big, expensive problem of card-not-present fraud. While some institutions may wait until another card mandate hits, adopting dynamic CVV now could be a profitable differentiator for tech-forward banks.

Potential Technology Partners

IDEMIA

Idemia’s Motion Code technology powers cards for Société Générale and is being piloted by PNC and WorldPay.

GEMALTO

Gemalto’s Dynamic Code Card hasn’t been publicly linked to any bank or issuer names, but the company cites its own 2015 Consumer Research Project for some impressive statistics on customer demand for dynamic CVV cards.

SUREPASS ID

SurePass ID offers a Dynamic Card Security Code. The company’s founder, Mark Poidomani, is listed as the inventor of several payment-related patents.

FITEQ

FiTeq’s dynamic CVV requires cardholders to push a button to generate a new CVV code.

VISA AND MASTERCARD

Visa and Mastercard are leveraging dynamic CVV codes in their contactless cards

Learn more about the technology providers in this piece by accessing their profiles in Bank Director’s FinXTech Connectplatform.

How Innovative Banks are Eliminating Online Card Fraud


technology-5-8-19.pngCard fraud has a new home. Just a few years after the prolonged and pricey switch to EMV chip cards, fraud has migrated from purchases where the card is physically swiped to transactions where the card is not present. The shift means that U.S. banks might be on the cusp of yet another move in card technology.

EMV chips were so successful in curbing cases of fraud where the card was swiped that fraud evolved. Fraud is 81 percent more likely to occur today in “card-not-present” transactions that take place over the phone or internet rather than it is at the point of sale, according to the 2018 Identity Fraud Study by Javelin Research.

Technology has evolved to combat this theft. One new solution is to equip cards with dynamic card verification values, or CVVs. Cards with dynamic CVVs will periodically change the 3-digit code on the back of a credit or debit card, rendering stolen credentials obsolete within a short window of time. Most cards with dynamic codes automatically change after a set period of time—as often as every 20 minutes. The cards are powered by batteries that have a 3- to 4-year lifespan that coincides with the reissuance of a new card.

Several countries including France, China and Mexico have already begun adopting the technology, but the rollout in the United States has been more limited. The new Apple Card, issued by Goldman Sachs Group, boasts dynamic CVV as a key security feature. PNC Financial Services Group also launched a pilot program with Motion Code cards in late 2018.

Bankers who remember the shift to EMV might cringe at the thought of adopting another new card technology. But dynamic CVVs are different because they do not require merchants to adopt any new processes and do not create extra work for customers.

But one challenge with these more-secure cards will be their cost. A plastic card without an EMV chip cost about 39 cents. That cost rose to $2 to $3 a card with EMV. A card with the capability for a dynamic CVV could cost 5 times as much, averaging $12 to $15.

But advocates of the technology claim the benefits of eliminating card-not-present fraud more than covers the costs and could even increase revenue. French retail bank Société Générale S.A. worked with IDEMIA, formerly Oberthur Technologies, to offer cards with dynamic CVVs in fall 2016. The cards required no change in customers’ habits, which helped with their adoption, says Julien Claudon, head of card and digital services at Société Générale.

“Our customers appreciate the product and we’ve succeeded in selling it to customers because it’s easy to use.”

He adds that card-not-present fraud among bank customers using the card is “down to almost zero.”

Eliminating card-not-present fraud can also eliminate the ancillary costs of fraud, says Megan Heinze, senior vice president for financial institutions activities in North America at IDEMIA. She says card fraud is estimated to cost banks up to $25 billion by 2020.

“A lot of prime customers ask for the card the next day. The issuer then has to get the card developed—sending a file out that has to be printed—and then it’s FedExed. The average FedEx cost is around $10. The call to the call center [costs] around $7.50,” she says. “So that’s $17. And that doesn’t even include the card.”

What’s more, dynamic CVVs could also create a revenue opportunity. Société Générale charges customers a subscription fee of $1 per month for the cards. The bank saw a more than 5 percent increase in new customers and increased revenue, according to Heinze.

Still, some are skeptical of how well a paid, consumer-based model would fare in the U.S. market.

“The U.S. rejected EMV because it was so expensive to do. It was potentially spending $2 billion to save $1 billion, and that’s what you have to look at with the use case of these [dynamic CVV] cards,” says Brian Riley, director of credit advisory service for Mercator Advisory Group. “If it tends to be so expensive I might want to selectively do it with some good customers, but for the mass market there’s just not a payback.”

Still, dynamic CVVs are an interesting solution to the big, expensive problem of card-not-present fraud. While some institutions may wait until another card mandate hits, adopting dynamic CVV now could be a profitable differentiator for tech-forward banks.

Potential Technology Partners

IDEMIA

Idemia’s Motion Code technology powers cards for Société Générale and is being piloted by PNC and WorldPay.

Gemalto

Gemalto’s Dynamic Code Card hasn’t been publicly linked to any bank or issuer names, but the company cites its own 2015 Consumer Research Project for some impressive statistics on customer demand for dynamic CVV cards.

SurePass ID

SurePass ID offers a Dynamic Card Security Code. The company’s founder, Mark Poidomani, is listed as the inventor of several payment-related patents.

FiTeq

FiTeq’s dynamic CVV requires cardholders to push a button to generate a new CVV code.

Visa and Mastercard

Visa and Mastercard are leveraging dynamic CVV codes in their contactless cards

Learn more about the technology providers in this piece by accessing their profiles in Bank Director’s FinXTech Connect platform.

How And Where Blockchain Fits in Traditional Banking


blockchain-12-26-18.pngMany banks haven’t found an efficient way to deal with issues like payment clearing inefficiencies, consumer fraud, and the general limitations of fiat currencies.

Blockchain, however, may be the go-to solution for many of these challenges.

Issues Traditional Banks Face Today
Traditional banks and financial institutions have faced some challenges for decades, but we have yet to see the technical innovations to mitigate or eliminate them, including inefficient payment clearing processes, fraud and currency options.

Inefficient Payment Clearing Processes
One of the biggest roadblocks that banks face today is how to quickly clear payments while complying with regulatory procedures. The number of payment clearing options available in 2018, is not different from the options available in 2008 – a decade ago.

In the U.S., for example, same-day ACH is likely considered to be the biggest improvement during this decade. Only in recent years have cross-border fintech applications emerged that reduce payment clearing costs and wait times. For the most part, we are still stuck with old architectures that lack innovation, efficiency and the data to make a meaningful impact on money laundering and fraud reduction.

Inability to Stop Fraud
Fraud has always been notoriously difficult to stop. Unfortunately, this remains the case even today. Fraud costs are so high in the US, that interchange fees paid by merchants are some of the highest in the world. Despite an increase of available identity fraud detection systems, banks are still unable to make a material improvement in fraud reduction.

For banks, this leads to financial losses in cases where funds are paid to the fraud victim. For customers, this can reduce trust in the bank. For merchants, it means higher fees for facilities, which creates higher costs for customers. Additionally, customers often wait to receive a new bank card. In 2017 alone, the cost the data lost to identity theft totaled $16.8 billion.

Limited Number of Currency Options
Fiat currencies are limited by geography and slim competition.

When we think about fiat currency around the globe, we have seen a steady move towards standardization. This presents risks for banks and consumers. For example, a heavy reliance upon a single national currency relies upon factors like economic growth and monetary policy.

Twenty-eight nations have experienced hyperinflation during the past 25 years. Not only did banks fail in some cases, but entire economies collapsed. Because there were no currency choices, the problem could not be easily avoided.

This process continues to happen in many locations globally.

Benefits of Blockchain Over Traditional Systems
There are ways blockchain can reduce or eliminate these issues for financial institutions.

More Efficient Approval Systems
When compared to traditional payment approval processes, many blockchains are already more efficient. Instead of waiting days for payments to go through clearinghouses, a well-designed blockchain can complete the verification process in minutes or seconds. More importantly, blockchain also offers a more transparent and immutable option.

With innovations like KYC (Know Your Customer) and KYT (Know Your Transaction) transactions conducted via blockchain, banks can be more capable of preventing finance-related crimes. This means traditional finance can more effectively comply with laws for AML (Anti-Money Laundering), ATF and more.

In addition, legitimate transactions can be approved at a lower cost.

No More Fraud
While fraud seems like a pervasive issue in society, this can be reduced using technology. Blockchain can change how people prove identity and access services.

Instead of having to wait to stop a case of fraud, blockchain can stop transactions before they ever occur. The Ivy Network will have smart contracts which will allow banks and financial institutions to review a transaction and supporting KYC and KYT before accepting the deposit. Because blockchain transactions are immutable, we could see a reduction in counterfeiting of paper currency and consumer products.

Increased Digital Payment Options
While blockchain has many use cases, this is one example of how technology can change finance and the global economy. In the early days of cryptocurrency, there was really only bitcoin. Now, there is a range of coins and tokens like Ivy that serve important purposes within existing regulatory and legislative frameworks.

One of the biggest misconceptions is crypto and fiat payment systems have to be direct competitors. By creating a blockchain protocol that links fiat and cryptocurrency, businesses and consumers can have more, better market choices and use cases for cryptocurrency.

At the same time, financial institutions can serve an important role in the future of digital payments and fiat-crypto currency conversions.

As financial institutions look to solve many challenges they face around payment clearing inefficiencies, consumer fraud, and the limitations of fiat currencies, blockchain is a viable solution. Financial institutions that fail to embrace blockchain’s potential will face heightened monetary and reputational risks, and miss opportunities for growth and innovation.

What Bank Directors Are Worried About Now


Apparently, bank directors are a very worried bunch. Nearly 20 members of Bank Director’s membership program responded to the question posed in last month’s newsletter: “What worries you most about the future?” We’ve compiled a word cloud that shows which words came up most often in bank directors’ responses, followed by direct quotes.


Scandals and Internal Audit: Where Banks Can Do Better


7-28-14-Bishop.pngMany well-known banks are paying billions of dollars to settle allegations of a wide range of wrongdoing. Directors at all financial institutions would be wise to ask how these things could happen without internal controls preventing or timely detecting them. Is there a systemic weakness in internal controls that could also affect your institution? Studying The Institute of Internal Auditors’ (IIA) last Global Audit Survey in light of recent events suggests there is such a weakness and that it impairs 62 percent of the internal audit functions in the financial services industry.

Widespread noncompliance
So what’s the issue? Essentially, an alarmingly high proportion of internal audit functions are failing to comply with the “International Standards for the Professional Practice of Internal Auditing,” which set out basic requirements that the IIA considers essential for an internal audit function. The IIA mandates that members comply fully with its Standards. Failure to do so is a violation of the IIA’s Rule of Conduct 4.2.

This is not just a paperwork issue: it is substantive and affects the quality and reliability of internal audits. According to the IIA’s Global Internal Audit Survey, last conducted in 2010, only 38 percent of finance industry chief audit executives self-reported that their internal audit function complied fully with the IIA’s quality assurance standard, AS 1300: Quality Assurance and Improvement Program. Self-reported compliance with other IIA standards was higher, but still worryingly short of what investors, regulators and bank directors might reasonably expect. Only 60.6 percent of chief audit executives said they complied fully with PS 2600: Resolution of Senior Management’s Acceptance of Risks. This standard requires them to inform the board of directors if management failed to resolve risk-taking that the chief audit executive believed to be excessive—an extremely important issue for directors.

Looking at two of the simplest, most basic standards, while 76.1 percent complied with AS 1200: Proficiency and Due Professional Care, that still means that nearly a quarter of internal audit employees in the finance industry apparently operated without the skills necessary to do their job properly or failed to conduct their work with appropriate care. For AS 1100: Independence and Objectivity, chief audit executives self-reported 83.4 percent compliance, suggesting that one-sixth of internal audit departments in finance failed to meet the requirements to be independent and objective, a fundamental tenet of auditing.

I have many friends who are internal auditors whom I respect highly, yet the internal audit profession has allowed the IIA standards to be widely disregarded without disciplinary consequences. This situation has been going on for years, is well-known within the internal audit profession, but has not been well communicated to the broader financial community.

In addition to putting their reputation at risk, bank directors who allow such noncompliance to occur at their financial institution may expose themselves to allegations of negligence and breach of their duty of care.

Actions You Can Take
Some actions you can take to help your bank deal with this issue are:

  • Ask your chief audit executive whether the internal audit function operates in full compliance with all IIA standards. If it is not, ask why and whether there’s a plan to come quickly into compliance. Probe, with professional skepticism, any negative responses.
  • If there is noncompliance, identify potential legal, regulatory, financial and reputational risks, as well as the potential impact on the effectiveness of the entity’s enterprise risk management.
  • Work with your chief audit executive, chief financial officer, chief executive officer and board chair to implement any appropriate changes to bring your bank’s internal audit promptly into full compliance with all IIA standards as a minimum level of quality. Going beyond the minimum standards may also be necessary for more sophisticated entities and those with high risks.

Conclusion
Internal audit is a key internal control for preventing and detecting major fraud and other wrongdoing at banks. Customers, investors and other stakeholders can reasonably expect bank directors to ensure that their internal audit functions meet, or exceed, IIA standards. Bank directors can help internal audit get sufficient moral and financial support from management and the board to comply fully with IIA standards