By Monica C. MeinertWith identity theft a top concern among American consumers and large-scale data breaches becoming unfortunately routine, banks must be more proactive than ever in the fight against fraud. One of the crucial steps a financial institution can take is to appoint a strong “fraud leader”—a person who knows not only how to respond to fraud, but also how to clearly communicate priorities, policies and current fraud trends across the organization.
“The banks that I’ve seen that do the best job [with fraud] have one thing in common: they hire a good leader for fraud,” says Frank McKenna, an enterprise fraud consultant at McKenna Strategic and a panelist at the ABA/ABA Money Laundering Enforcement Conference held last week in Washington, D.C.
Often, the biggest challenges fraud leaders face is getting bank leadership and other departments on the same page about fraud prevention. “The hardest part is convincing the organization about the right thing to do: ‘What tools do I need to invest in? How often do I need to impact the customer?’” McKenna explains. “You really need a strong, internal fraud guru that can bring together IT, executives and the operations people and really convince them of the right thing to do.”
Aligning fraud prevention goals with business objectives is not always easy. “A big problem banks face today is that every time they have a fraud process in place, they’re going to impact the customer,” McKenna says, noting that banks must strike a delicate balance between constantly implementing aggressive new anti-fraud tactics on one hand and risking customer inconvenience and potentially lost business on the other. Having strong leadership in the fraud department can help the bank ensure that it remains tough on fraud prevention, even when fraud losses are low.
One way banks can mitigate customer frustration is to educate them on the measures the institution is taking to protect them from fraud and to clearly communicate the necessity of “cyber hygiene” like requiring frequent password changes or using multi-factor authentication for account access. When major data breaches makes headlines or a new fraud trend emerges, financial institutions can—and should—take the opportunity to proactively reach out and train their customers on the importance of protecting their account information, says Aravind Swaminathan, the global co-chair of Orrick Herrington & Sutcliffe’s cybersecurity and data privacy team. Fraud leaders can be instrumental in making sure that these opportunities are not wasted.
Along with customer education, internal training is something that fraud leaders should also make a priority for their institutions, particularly when it comes to cybersecurity. “Training is crucially important: internal training, external training, gathering data,” Swaminathan says. “Cybersecurity becomes a multi-functional response effort. You can’t think of cyber from a purely IT perspective. It’s got to involve other functional groups.”
Enterprise-wide collaboration, communication and training are essential for an institution to be effective against fraud. Fraud leaders must work with IT, operations, anti-money laundering and other departments to develop a comprehensive approach to combating fraud, both externally and from within the institution itself. Part of the trick is to “hard-wire” frontline and back-office employees alike to recognize and respond to fraud attempts like phishing scams. It takes an average of only three to five seconds, Swaminathan points out, for an employee to click on a link in an email—just one example of how a split-second decision could lead to very costly consequences.
Fraud is constantly evolving: new security technologies yield more sophisticated hacking practices, pitting criminals against businesses, banks and law enforcement in a cyber “arms race” with no end in sight. When it comes down to success on the front lines, McKenna says, it’s all about having the right leadership in place. “We can talk about technology, we can talk about processes, but there is a ‘people’ aspect to fraud that I think is the most important thing. You have to have the right fraud leader [to] convince the organization of where fraud is going and what that bank needs to do to stay ahead of it.”