The new virtual banks about to set up shop in Hong Kong need machine-learning technology to protect them, their customers and the regulator from the ever-changing threats posed by cyber-fraud, writes Neel Shingadia
We are just weeks away from seeing the Hong Kong Monetary Authority (HKMA) issue the first licenses for virtual banks in the territory. These banks will be able to operate without branches, relying instead on technology to offer differentiated, secure banking over the internet.
By licensing virtual banks, the regulator hopes the new entrants will offer low-cost banking services for retail clients and small and medium-sized companies in what has predominantly been a cash economy. Of the 60 or so parties that registered an initial interest in receiving a license, 29 filed applications by the August deadline. There are reports that of these, one third have already been rejected by the HKMA after not supplying adequate information.
Some of those that have applied are well-established banks; others are consortiums and there are also established overseas digital banks working with local partners. Each applicant is hoping that success in Hong Kong with its 7m residents will pave the way for expansion into China. But the move doesn’t come without risks.
Fraud is a major problem across the region, and Hong Kong is no exception. Fighting it is difficult because the fraudsters constantly tweak and alter their scams to avoid detection. Criminal gangs are often involved.
November saw police arrest a gang responsible for HK$4m worth of fraud over an 18-month period, while in the first three weeks of the same month, 18 fraud scams including phishing emails, fake websites and suspicious mobile apps were listed on the HKMA website. This is not an unusually high number. The risks are exacerbated by the fact that the people fraudsters target – SMEs and low wage earners – are particularly vulnerable, because they do not know how to spot scams and protect themselves. There is also the problem of internal fraud, where bank staff initiate or collude in fraudulent acts.
So it’s no surprise that in the 2017 Fraud Management Insights Report, Hong Kong had one of the lowest trust scores – 3.87 out of 10. Scams include phishing, malware, fake mobile-phone offers, such as free meal vouchers, and fake bank websites.
We provide insights and data on key regional markets, including the international financial centers of Hong Kong and Singapore, as well as Indonesia, Malaysia, Thailand, the Philippines, Vietnam, Cambodia, Laos and Myanmar.
In spite of the risks and low trust score, both the applicants and the HKMA believes the benefits of virtual banking will outweigh the risks. Nevertheless, the new virtual banks will have to proceed with extreme caution, because the penalties for failing to protect customers from fraud go far beyond the lost cash and big fines. Fraud also poses a significant risk to a bank’s reputation and the loss of business as customers leave for a more secure rival.
With this in mind, the HKMA has set out stringent requirements for applicants very similar to those that regulate a traditional bricks-and-mortar bank. These include showing how they would manage risk, having robust cyber-resilient technology, and having an independent assessment of all elements of the initial submission, including the technology architecture. The HKMA has said it will give priority to applicants that demonstrate credibility in technology and security.
The best way to meet these requirements is for applicants to employ cutting-edge fraud-mitigation software designed, ideally, specifically for the financial-services industry. A solution such as that from NetGuardians fits the bill. Built for financial institutions, it is easy and fast to implement, using open APIs to link to the leading digital core banking platforms. An average implementation time of three to six months is also shorter than other providers and helps to keep costs down.
With machine learning and AI to build up accurate and dynamic 360-degree profiles of customers and staff to spot out-of-character transactions, it evolves over time to beat the fraudsters. Meanwhile real-time monitoring allows banks to stop fraud before any money has left an account.
It is proven to spot 18 percent more fraud than traditional rules-based mitigation processes alone and cuts the number of false alerts by 83 percent, helping to ensure an excellent customer experience. In addition, it reduces the amount of time spent investigating fraud by 93 percent, freeing up resources for more value-added tasks. In West Africa, it has been assisting virtual banks to successfully cut fraud, and worldwide it is used by banks big and small from Tier 1 to credit unions.
In Hong Kong, NetGuardians has recently helped a global bank meet key regulation requirements in its internet banking. These include mitigating the major risks inherent in e-banking, provision for risk governance in e-banking, customer security, and controls related to e-banking services, systems and network security, fraud and incident management as well as system availability and business continuity.
For the 29 applicants, considering software that provides anything less than this simply means they will not achieve the best protection for themselves, their customers and the regulator’s reputation, thereby threatening the success of the regulator’s aims to increase financial inclusion.