APAC banks vulnerable to fraud due to lack of investment
Research suggests that banks in Asia are failing to invest in fraud mitigation – even though fraud continues to rise and many authorities are beefing up their regulations, writes Sebastian Aldeco
Many banks across Asia are still not investing enough in fraud mitigation. This is one conclusion that can be drawn from a speech given last year by Heng Swee Keat, Singapore’s minister for finance and a member of the country’s monetary authority board in which he said that hackers are 80 percent more likely to target organizations in Asia, and that the region’s banks are taking 1.7 times longer than the global average to discover cyber breaches. He went on to say: “Clearly, more needs to be done to strengthen Asia’s and the Association of Southeast Asian Nation’s cyber threat resilience.”
Fraudsters are opportunistic and look for weaknesses, particularly in new areas of banking, and Asia is clearly a hot target. The Deloitte research puts this into perspective, quoting the cost of fraud in the Asia-Pacific region at $160bn of the global total of $600bn.
Digital banking opens new fronts to fraudsters. Across APAC, there are huge variations in how governments and regulators tackle the problem. This creates its own problems: when one country or region successfully beefs up its regulations, the fraudsters simply move their focus to another country or region that is less well protected.
Governments and regulators are increasingly cottoning on to this and sometimes work together – for example, South Korea and Japan often harmonize their fraud mitigation efforts, as do Australia and New Zealand, both of which heavily influence Hong Kong. Singapore, meanwhile, often takes a similar line. This leaves the laggards increasingly vulnerable.
Where there is strong regulation it is comparable to that in Europe. Hong Kong and Malaysia are great examples – in both countries anti-fraud solutions are mandatory for banks. In July 2019, the Malaysian central bank issued its Risk Management in Technology Policy, which comes into force at the start of 2020 and applies to all licensed financial institutions.
The policy sets out an expectation that banks will take a holistic approach to fraud mitigation with regular reviews and tests of their fraud mitigation procedures, including technology, reporting, processes and staff training.
Australia, too, has detailed fraud regulations that require banks to train staff regularly, update fraud mitigation software and even dictate how they investigate problems. However, in other countries such as the Philippines and China, where the authorities are at best, playing catch-up, often implementing guidelines only after a major cyber fraud event.
Following a massive cyber heist in Bangladesh in February 2016, when fraudsters stole $81m using the SWIFT inter-bank messaging network, for example, the Philippines beefed up its anti-money laundering and fraud mitigation guidelines, providing a bigger budget and more people.
But even when countries do try to introduce effective fraud mitigation regulations, banks are often guilty of pushback – a trend recognized by the KPMG report concludes that banks are failing to invest adequately in this area.
Many still see fraud as a cost of doing business, with big banks preferring to reimburse affected customers rather than invest in fraud mitigation software, while small banks believe they can’t afford such software, so do without and take their chances. Neither approach is sustainable for a number of reasons.
Even when banks in countries with poor protection are attacked, the effects can be felt elsewhere due to globalization. Increasingly, governments and regulators are doing their best to protect banks as well as citizens that find themselves in these circumstances. The long arm of US law enforcement authorities, for example, is highly vigilant against money laundering and international criminal and terrorist activity and will impose large fines and even sanctions against those it finds wanting. As a result, international pressure is growing for a set of minimum requirements.
Looking ahead, more regulations across the region are inevitable. The authorities have no choice and those that move slowly will see the fraudsters increasingly focusing on them. Banks taking a strategic view are now investing in fraud mitigation that will stand the test of time. That means installing technology that can identify new, as well as existing, types of fraud; provide detailed audit trails to make reporting quick and easy; and keep false alerts to a minimum to ensure a good customer experience and that the bank doesn’t waste precious resources on pointless investigations.
The technology to do this and more is readily available. NetGuardians’ NG|Screener uses advanced machine learning and artificial intelligence to build detailed customer and staff profiles. It checks all transactions against those profiles, blocking out-of-character transactions in real time before any money has left the account. So successful is it that in a trial using historical data it found nearly a fifth more fraud than the bank previously knew about.
Solutions like NG|Screener allow banks across APAC to protect themselves from internal and external frauds. It also sets them up to meet existing and future regulation – regional and from other areas. It makes them compliant with Europe’s Payment Services Directive 2, for example, in terms of transaction monitoring mechanisms and transaction risk analysis, putting them in pole position to be compliant with regional regulations when they are introduced. Furthermore, NG|Screener has connectors to the major digital banking platforms, so implementation takes just a few months, reducing risk and cost.
Forward-looking banks are already investing in cutting-edge fraud mitigation software. That means that for those that aren’t, the odds are steadily rising against them.