Since the pandemic hit, remote working has rocketed, meaning that financial services organisations need controls in place to protect against the risk of fraud.
According to a study by McKinsey, the finance and insurance sectors are best suited to substantial long-term remote working, with "three-quarters of time spent on activities that can be done remotely without a loss of productivity".
Remote working also provides the opportunity to save money by spending less on fixed overheads. That and the success of the lengthy, real-time experiment that was full remote working during the pandemic makes it likely that remote working will feature, at least in part, in the futures of most financial services staff.
Financial services organisations are now looking to strengthen their remote work infrastructures through fraud prevention strategies.
Fraud has been rising during the pandemic
A LIMRA survey in June 2020 saw over 40% of their respondents experiencing an increase in fraudulent activities in the previous sixty days. Particularly interesting was how much related to account takeover fraud, with almost 50% of saying they had experienced this type of fraud.
However, this did not mean that firms believed they were operating under a broken system. Mass homeworking did not immediately open the door to invite fraudsters in without any checks. Only 21% of respondents 'strongly agreed' that the shift to remote working had directly increased their fraud exposure. Around 45% said they 'somewhat agreed', leaving a further 34% saying they disagreed or did not know.
There is no room for complacency
These statistics prove two things. Firstly, financial services firms should not think that employees working from disparate locations connected only by technology allow a feeding frenzy for fraudsters to occur. Secondly, there is no room for complacency, and firms cannot ignore the issue altogether.
How can FS firms improve fraud prevention?
There is much that financial services firms can do to ensure that the controls they have in place to prevent fraud still work, even when no one is in the same building.
Authorisation & reconciliation
Levels of authorisation can continue to operate remotely, which can leverage email audit trails and electronic signatures as proof of sign-offs at the appropriate management levels. Reconciliations of the relevant ledgers and expense reports can still occur, as can regular checks on bank accounts, invoices and supplier arrangements.
However, the pandemic has meant that firms, especially those who are consumer-facing, have had to make adjustments to existing processes to accommodate the practical difficulties of lockdowns. Firms will have been feeling the pressure to continue to meet consumer expectations, driven in part by regulators' wishes.
Increase awareness of social engineering scams
Back to LIMRA again, about half of its survey respondents stated they were scaling back on controls to maintain consumer outcomes. In about a third of cases, the information provided over the phone was relied upon more to enable transactions to occur instead of paper forms or other confirmation methods.
The concern is that the opportunities for fraud are not necessarily happening by exploiting existing authority levels and segregations of duties. The most commonly used route still appears to be social engineering and our old adversary, cyber-crime. Combined with a greater reliance on the telephone and electronic interactions, staff who cannot just turn to a colleague and talk through an issue with them could find themselves inadvertently persuaded to allow a transaction to take place that turns out to be fraudulent.
Even back at the start of the pandemic, financial services firms saw increased attempts at COVID-themed social engineering. Fraudsters would exploit situations concerning financial hardship and moving money or information by remote means with time pressures. They would even impersonate senior individuals asking employees to transfer funds or information because of remote working-related urgency.
All of this means that social engineering is alive and well and that fraudsters are not needing to resort to expensive and sophisticated technological attacks to harvest information and money from businesses. They still have ample opportunities to use tried and tested methods.
This time, the difference is that employees working on their own will need more support and guidance to prevent such events, and should they occur, with the aftermath.
What should financial services firms do differently?
IT infrastructure & usage policies
Firstly, the latest anti-virus facilities must be active on all hardware/software used remotely. Usage policies for business equipment must be reiterated and clearly understood by all employees. Where a certain amount of personal usage of business equipment is permitted, this needs to be made clear. Employees should know where those boundaries lie and feel safe knowing that they will not be contravening any restrictions if they use company video conference facilities for personal calls.
Make sure employees stay connected
Employees need to feel that they are still connected to the firm and that the contribution they make on a day-to-day basis is valued. Regular firm-wide communications and updates will help to achieve this, and these have two benefits. Firstly, they will reduce the extent to which employees feel vulnerable about working from a remote location, and secondly, they will help to reinforce the need for continuation of controls, authorisation levels and monitoring arrangements, thus helping to achieve higher rates of co-operation.
However, it is essential to provide structured training and awareness programmes, particularly in fraud cases. The pandemic has shown an increase in opportunities to commit fraud without the corresponding increase in their sophistication. Staff are on the front line in the fight against this crime; therefore, knowledge and awareness of what fraud looks like, how it could affect the business, and their roles and responsibilities are the most effective defence.
Couple training and regular tests to help identify potential phishing threats will allow firms in financial services to take substantial steps forward in protecting against fraud – not just during the pandemic but for a considerable time afterwards.
Want to learn more about Fraud?
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.