How banks can enhance their fraud risk management programs

Equipping your institution with the right tools and a well-crafted strategy can help it stay one step ahead, mitigate loss and maintain customer trust and loyalty.

By Ken Tumin

In the face of escalating rates of financial fraud, many banks lack a robust strategy capable of effectively tackling internal and external security threats to their business. In today’s climate, however, a solid strategy is a necessity.

According to a global banking fraud survey from KPMG, more than 60 percent of the banks polled cited an increase in fraud volume. That includes both internal fraud (when the fraud is committed by an employee or someone else who works for or with the bank) and external fraud (when the fraud is committed by someone who has never worked for or with the bank). Tactics include everything from identity theft and phishing attacks to wire fraud and application fraud.

Customers are feeling the impact directly, too. A May 2023 report from J.D. Power notes that 36 percent of banking customers reported being the victim of financial fraud in the last year. That number rose to 50 percent for those younger than 40.

The impact of that fraud is immense, and recovering losses is a costly and time-consuming battle. According to a study published by LexisNexis Risk Solutions, banks and financial institutions paid an average of $4.23 for every $1 lost in fraud in 2022. And then, of course, there are the immeasurable costs, such as loss of trust and reputation.

Traits of successful fraud risk management programs

Customers place their trust in banks, and an effective fraud risk management program plays a pivotal role in cultivating and preserving that trust. But what does a successful plan look like?

All financial institutions are unique, so there’s no one-size-fits-all formula to a risk management program. However, there are best practices to follow, including creating plans that are multi-layered, nimble and dynamic, as financial fraudsters are continually looking for new ways to get what they want.

Here are five steps you can take to bolster your bank’s security:

1. Assess your risk

Each financial institution has its own unique set of risks. Those risks are ever-evolving, as changes in workflow processes, product offerings and market factors present new opportunities for highly adaptable criminals. Analyzing what those risks are on a regular basis is the foundation of a solid fraud risk management program.

Many banks rely on questionnaire responses to help gauge fraud risk, but that’s just a start. Additional assessment layers should be added, such as ongoing interviews with employees and workshops to drill into the most pressing risks.

The Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool may also help. It uses five areas to assess how mature an institution is in its cybersecurity efforts:

  • Cyber risk management and oversight
  • Threat intelligence and collaboration
  • Cybersecurity controls
  • External dependency management
  • Cyber incident management and resilience

Banks should also remain vigilant and monitor fraud threat intelligence, such as chat rooms on the dark web, for chatter about new and imminent activity. Banks without the resources to do such monitoring in-house can outsource the work to a specialist in fraud threat intelligence. Either way, this information is vital to help get ahead of threats and take proactive steps to thwart financial fraudsters.

2. Build a detection response plan

While it would be great if all banks could successfully detect and deter all fraud before it happens, that’s not realistic. Therefore, banks must also have a strong plan and tools in place to detect suspicious activity and deal with it promptly. The established protocol should be clearly communicated to employees at all levels so they can act swiftly.

Banks should also clearly outline the roles and responsibilities of employees and present a cohesive plan for communication between various departments. And, of course, it can’t be static since criminals are constantly trying new tactics that may be undetectable by outdated tools.

3. Train all employees on fraud detection and defense

No matter how robust a bank’s tools to fight fraud, employees are the key to making sure they work correctly. A study by Stanford University Professor Jeff Hancock and security firm Tessian found human error is responsible for 85 percent of data breaches. It’s vital that all employees are well trained on fraud prevention measures and that they continue to be trained as new processes and procedures are adopted. Security experts say trainings should happen at least two or three times throughout each year, and they should include employees at every level.

It’s also important to be on alert for issues of internal fraud. Banks should have systems in place to monitor employee activity for any suspicious behavior and encourage a culture of vigilance and trustworthiness.

4. Educate customers

Customers should be key players in the fight against fraud as well, and customer education is a vital component of any fraud risk management program. For example, banks should provide ongoing updates about the threat landscape. Some customers may also need education and encouragement as to why they should opt in to various security measures, such as two-factor authentication and biometrics.

Banks should make the protocol clear for customers if they suspect suspicious activity, including whom they should contact for help throughout the process. Gathering customer feedback about your bank’s anti-fraud efforts may also prove helpful to address any pain points and enhance your efforts.

5. Consider AI

Artificial intelligence (AI) can be a strong tool in a bank’s fraud risk management plan. With its ability to constantly learn and adapt to new fraud trends, it can help detect and stop fraud in real time. For example, after learning customer habits and patterns, it can detect and alert customers to unusual activity that may lead to identity and credit card theft. It can also identify phishing attempts and document forgery.

Unfortunately, fraud is a reality in the banking industry. Financial criminals are relentless, and banks must be relentless in their efforts to stop them. Equipping your institution with the right tools and a well-crafted strategy can help you stay one step ahead, mitigate loss and maintain customer trust and loyalty.

Ken Tumin is the senior industry analyst at LendingTree and its associated companies, where he is the head writer of and its Bank Deals Blog.