Fraud Protection & Compliance
In case you missed it, FICO World 2022 was a very welcome return to in-person learning and networking for the global fraud detection and financial crime-fighting community. At FICO World, I was delighted to host a couple of fraud breakout sessions, one of which was a chat with Julie Conroy, Head of Risk Insights and Advisory at Aite-Novarica Group, about fraud management data.
Over the years, I’ve had the pleasure of sharing the stage with Julie many times. For this presentation, Julie and I decided to have a relatively unrehearsed discussion, a talk-show format with a live studio audience … and this time, the prize for the audience was private access to Universal’s Islands of Adventure Theme Park later that night. Yup, everyone at FICO World got to ride the rides as many times as they dared with none of the typical 90–120-minute waits!
While rollercoasters are stiff competition, our session delivered thrills too. It was titled “The Role of Data in Managing Fraud and Financial Crime in the ‘New Normal’” and our conversation focused on how to integrate intelligence effectively to meet due diligence requirements, provide the solid foundation for suspicious activity reporting, and stop fraud before financial losses happen.
How Did the Pandemic Change Fraud?
Julie and I kicked off our discussion with two essential questions: “How does the pandemic change the way banks operate, from a fraud perspective?” and “Are organizations more focused or less focused on data because of the pandemic?”
Julie put the pandemic’s impact on fraud operations in perspective: “We went through an unprecedented shift to remote workforces, and figuring out to manage the people, process and technology aspects. The pandemic had a significant impact on some organizations, as we had overseas first lines [of fraud operations] shut down for periods of time. Organizationally, everyone is coming out of the pandemic and looking at what worked, what didn’t, where the gaps occurred and how to make sure they don’t happen again.”
She continued, “Data goes hand-in-hand with this assessment because the underlying analytics infrastructures need to be able to support fraud organizations. With the rapid shifts in transaction and fraud patterns we saw through the pandemic, there needs to be an equally nimble infrastructure to understand what’s happening. I don’t think any institution really thought that they had that level of data analytics infrastructure.”
“Or if they thought they had it, they found out really quickly that they didn’t,” I chimed in. (The audience graciously laughed on cue.) I elaborated on how the explosion of remote channels, digital onboarding and the like ushered in a tremendous set of additional incoming data that needed to be dealt with, in terms of format and other ingestion-related issues.
In fact, I believe that one of the biggest challenges in coping with all that data, particularly when analyzing fraud and anti-money laundering (AML) problems, is rationalizing all the different formats.
A Holistic View of the Customer: Are We There Yet?
Our conversation then turned to what institutions have done to tackle misalignment in data formats. Of course, that topic naturally leads to another: the elusive holistic customer view, which banks have been in hot pursuit of for decades.
“The way organizations have grown has not been conducive to achieving a holistic view,” said Julie, noting that growth through acquisition creates “huge silos from those acquisitions that never get put together. With credit card, deposit accounts and other areas growing, the different data formats and schemas make that really hard.”
To illustrate the burden of legacy data structures, Julie talked about an industry colleague who’d moved from a large bank to a neobank and said, “It’s amazing how much faster we can get things done because we don’t have the data wrangling challenge. We started with one schema.”
Fraud Detection and AML Collaboration
Putting aside the holistic customer view topic, Julie and I then got into the heart of our conversation, about sharing data between fraud detection and AML systems and functions. “Business cases built on the assumption that ‘we’ll just plug into the AML data lake’ often blow up because the AML data lake doesn’t exist,” I said. Beyond challenges with data format and location, there’s also a timing aspect when talking about tackling the fraud problem versus the AML problem. “How are organizations dealing with getting the data they need at the moment?” I asked Julie.
“In fraud detection, the business decision is real-time, so you have to get all the data in place, in the moment,” she replied. “We are seeing AML move toward real-time as faster payments expand, with transaction rails now in 50 countries. With things like instant issuance of credit, application fraud is moving toward much more real-time decisioning. Before it was much more divided, fraud in real time and AML in batch, now we’re seeing the decisioning converge more.”
The Latest Trends in Data Sharing
Any move toward converged detection of fraudulent transactions and AML decisioning requires data sharing. To illustrate where financial institutions are at on this journey, Julie shared some findings from recent Aite-Novarica research.
In terms of information and data sharing, “We’ve seen the pendulum swing,” said Julie. “We’re seeing collaboration in the technology and data layers among these two competencies.” Already, 42% of the respondents (which comprised 26 compliance and AML executives) had some level of info and data sharing between fraud and AML, another 50% said they were likely to do this in next one to two years. “Banks are moving data and tech collaboration forward,” she said.
Unified policies and procedures, and shared governance structures, present the next level of integration. Of this group of respondents, 42% said they are already there, and 31% said this kind of integration is likely to occur in the next one to two years. What struck me was the high level of organizational integration, as Julie said most of the financial institutions included in the survey have more than $30 billion in assets. At FICO, we see that integration often manifests first in investigations, a natural starting point. I mentioned that I believed banks had taken advantage of the anomaly of pandemic-related organizational changes, thinking about how to bring fraud and AML functions into a more integrated structure.
I could see some surprised looks in the audience, so I volunteered a starting point for collaboration as some of us return to the office. “Go to lunch,” I said. “Have lunch with your counterpart in fraud or compliance. You’ll be amazed at the analytics overlap and opportunities for big wins.”
Julie added that bank mergers and acquisitions, and retirements, open up the possibilities for change. We agreed that the rise of cryptocurrencies is accelerating integration. “If you’re large or small institution, the primary concern [with cryptocurrencies] is AML exposure and detection. Once the dollars get into the crypto exchange, that’s where the fraudulent activity happens. There will be more opportunities for collaboration,” she described, noting that 62% of the Aite-Novarica survey respondents said that “Identification of new money laundering risks and typologies” is a key driver of new technology adoption, followed closely by the “Ability to build more holistic entity views of customers and risk,” at 58%.
Where Are Banks Making Technology Investments?
Naturally, Julie and I wanted to share the latest trends in how banks are going to achieve fraud-AML integration and data sharing. Post-pandemic, banks are taking a “first things first” look at operations, making robotic process automation (RPA) their top investment priority. (This FICO post dives deep into the details of how RPA is reducing banks’ AML and know your customer [KYC] burdens.) Half (50%) of the Aite-Novarica respondents said they would be adopting RPA for their AML programs in the next two years.
Coming in second at 42%, cloud computing is also a top technology investment. The pandemic accelerated banks’ migration to the cloud, with “cloud first” coming up in many conversations Julie and I have had with financial institutions over the last two years. She shared an interesting anecdote about how one large bank, after swearing in 2020 to keep its technology operation on premises, “flipped – post-pandemic, they’ve gone total cloud,” Julie said.
“Well, not everyone has, completely,” I replied, pointing out that inherently cloud-based Compliance-as-a-Service (CaaS) ranked at the bottom of planned technologies, at just 8%. In my opinion, that’s because this solution is not only far removed from the familiar on-premises environment, but a third party is also making compliance business decisions.
After talking with Julie for a few minutes about money muling, which I consider the signature financial crime of the COVID pandemic, I wrapped up the session with a second piece of advice: when it comes to data or process integrations of any sort, start small. If you try to “boil the ocean, it never gets done. Find a small transaction area to collaborate on, with a small amount of data. Get a win and find momentum around it.”
Thanks to all of our customers and FICO colleagues worldwide who attended FICO World 2022. Follow my latest thoughts on fraud, financial crime and FICO’s entire family of software solutions on Twitter @FraudBird.