Digital banking across Asia Pacific is booming, with many new entrants and a huge spike in traffic due to COVID-19 lockdown measures. The region boasts some of the most engaged users in the world thanks to high smartphone ownership and penetration, a young, digitally savvy population, and good internet infrastructure. It is also about to see a slew of countries including Australia, Hong Kong, the Philippines, Singapore, and Malaysia, offer digital-only banking licenses, which will encourage further growth.
While this makes for exciting times, a booming digital banking sector carries a number of financial, operational, technological, and strategic risks. The key risk is fraud, with fraudsters favoring account takeovers, man-in-the middle, and BEC (Business Email Compromise) scams. Last year, Interpol issued specific warnings about BEC in Asia which doubled between 2018 and 2019. Increasingly, banks will need to turn to digital innovation to protect themselves as well as their customers’ interests.
Learn more: Read our white paper on Digital banking fraud: Best Practice for Technology-Based Prevention
|
What all digital banks have in common is their ability to create and distribute products and services digitally over a number of different channels – mobile apps, digital wallets, the internet, and interactive chatbots. They have a few branches or none at all. This set-up is a great draw for customers who love the low-cost, carefully tailored services these banks can offer. The easy-to-use apps make banking simpler and provide a unique user experience. But digital banking is also proving a great opportunity for fraudsters.
Traditionally, banks have tried to protect their customers, their balance sheet, and their reputation from fraud with stringent processes and frequent audits, both of which are time-consuming and can aggravate the customer experience.
Fraud is also often spotted only after money has left the bank, with the bank absorbing any losses. This strategy is no longer sustainable. Digital banking can involve millions of real-time transactions and the old rules-based checks, processes, and passwords simply aren’t up to the job.
In light of this, regulators are increasing their focus on fraud risk management across digital channels. We saw the Hong Kong Monetary Authority implementing TM-E-1, Monetary Authority of Singapore with its TRM Guidelines, and from Bank Negara Malaysia, the recently revised RMiT guidelines. Regulators are also imposing enormous fines on banks with weak fraud mitigation and may even withdraw licenses. They are insisting that banks implement real-time behavioral monitoring tools to detect fraud across e-Banking and mobile banking channels.
As a result, risk management and fraud mitigation have risen to the top of the agenda and C-suites are moving decisively towards predictive and preventive fraud-protection tools and procedures. This is where FinTech can play a really important role.
According to Tom Clifford, NetGuardians’ business development manager, the flurry of new regulation indicates how keen the watchdogs are for banks to implement real-time behavioral monitoring tools to detect fraud across digital channels.
Solutions that operate in real-time can read patterns, and spot and stop fraud before any money has left the bank, protecting customers’ cash and the bank’s reputation. In Deloitte’s recent report Digital banks in Asia Pacific: adding value to financial services?, my colleagues recommend banks use technology to detect and prevent potentially fraudulent transactions. However, they caution: “The nature of certain technological risks may be different from a traditional bank’s and therefore require a different approach to risk management.”
Traditional banks have typically been self-reliant when it comes to business models and security. Digital banks, on the other hand, sometimes rely on collaboration with third parties to manage key parts of their operations, from back-office software to tailored financial products. Fraud is a prime example of where banks can work with the best-of-breed FinTechs to help manage risk.
When it comes to fighting fraud, the best FinTechs will be leveraging the latest and emerging technologies such as artificial intelligence (AI). The key to success is to build dynamic models and know which ones need to be implemented for each type of bank. This way, even a new digital bank can have protection from day one.
This type of protection is delivered by fraud-mitigation FinTech NetGuardians, with whom Deloitte has partnered. With Deloitte’s advisory and implementation services and NetGuardians’ AI based anti-fraud solutions which are tailored to the banking sector and monitor the market closely, banks can rest assured that their needs are met. NetGuardians’ models have been proven to detect more fraud, reduce the number of false positives, and demand less investigation time than traditional fraud-mitigation systems.
But fraud mitigation is not just about the software. Banks looking to adopt best practice need to view everything they do through a risk lens. This means carrying out appropriate due diligence on customers to satisfy know-your-customer regulations to prevent the risk of money laundering. They also need a strong internal audit team to institute and insist on the right checks and reporting, such as encryption and one-time use passwords. This team also needs to be well versed in the latest anti-fraud technology as well as emerging fraud types, and we encourage them to share this information with their counterparts at other banks.
Banks must also educate their customers to be aware of how their behavior can leave not just them, but the bank vulnerable. Some are working with national associations on this. For example, Singapore is running a public-information campaign, warning people of the dangers of scams, phishing emails, and phone calls where fraudsters try to elicit information that could help them hack into a bank account. Some banks also use SMS messages to remind customers to be careful and have information on their websites.
Digital banking is good news for the financial services industry, customers, shareholders, and society – allowing banks to meet the needs of customers who are increasingly looking for flexibility and convenience at a lower cost and helping to lift returns on equity. However, banks offering digital services need to ensure they are taking appropriate measures to manage the associated fraud risks.
“Not looking at the benefits and risks holistically may leave banks open to unnecessary threats,” says Shabana Muhajir, the business development manager responsible for NetGuardians’ key partnerships in the APAC region. “These threats could easily be addressed through careful planning and the use of appropriate solutions that not only protect the banks themselves but their clients as well.”
Gopal Kiran is Director, Financial Services focused on digital banking, FinTech/RegTech at Deloitte Malaysia
Shabana Muhajir is the Business Development Manager, focused on developing key partnerships in the APAC region for NetGuardians
Tom Clifford is the Business Development Manager, responsible for Strategic Accounts in the APAC region for NetGuardians
You may also be interested in this white paper:
|