FF News Logo
Wednesday, December 04, 2024

EXCLUSIVE: “Heroes and Villians: The UKs fincrime debate” – Eddie Vaughan, LexisNexis Risk Solutions; Jim Winters, Nationwide Building Society and David Callington, HSBC in ‘The Fintech Magazine’

Eddie Vaughan from LexisNexis Risk Solutions, Jim Winters from Nationwide Building Society and David Callington from HSBC ask if it’s time for a new approach to fighting economic crime

Read that the annual cost of financial crime compliance for UK financial services firms is estimated at £34.2billion, and you may raise an eyebrow. Learn that this equates to three-quarters of the UK’s annual defence budget (£46billion in 2022) and you’ll be scraping your eyebrows off the ceiling.Hats off to the researcher at LexisNexis Risk Solutions who thought to draw that comparison in the firm’s most recent financial crime compliance report.

It’s an apt one, given that UK Finance has labelled rising fraud a ‘national security threat’, a statement endorsed by the National Crime Agency (NCA), which added: “There is a realistic possibility that the scale of money laundering impacting the UK annually is in the hundreds of billions of pounds.”

The UK economy is heavily dependent on its financial sector, yet the industry has developed a reputation for being less than scrupulous when presented with foreign money – even the government acknowledges that London is a laundromat for foreign money trying to dodge the tax system or elude serious crime fighters (or both. Meanwhile, the Social Market Foundation named the UK the ‘card fraud capital of Europe’ last year, with 134 card frauds per 1,000 people, compared with Germany’s 15. A shocking 41 per cent of all crime against individuals in England and Wales is fraud – and yet the vast majority of crimes will never be prosecuted, a House of Lords committee report said last year.

“41Investment in technology and people are both rising. That does suggest that the underlying strategy may be fundamentally wrong”

Eddie Vaughan, LexisNexis Risk Solutions

In light of this reputation, the NCA rightly warns of criminal and regulatory penalties – imposed on UK firms from the US or EU – and even the withdrawal of major financial institutions from the UK.Seen one way, the eye-watering compliance costs shouldered by UK firms are a sign that these issues are being taken seriously. But you could also pose the question: how can they be spending so much, and achieving so little?

“It’s multifaceted,” says Eddie Vaughan, sales director at LexisNexis Risk Solutions, the data-driven solutions firm. “Figures suggest that we are actually no more effective now than we’ve ever been, although there’s no definitive measure.”

The LexisNexis Risk Solutions report found that financial services firms spend an annual average of £196million each on financial crime compliance, with retail and commercial banks leading the spending, at around £264.4million and £241.2million respectively. Costs are felt most keenly by smaller firms, whose compliance budgets represent around two per cent of their total revenue; for larger organisations, it’s 0.37 per cent. Most significantly, total annual spend on compliance is up 19 per cent on 2020 figures – and looks set to increase by a further eight per cent over the next three years.So what are banks spending the money on? Mostly, it’s people, says Vaughan. “Staffing costs in any organisation are going to be a big driver; in the report, we identified that at around 61 per cent.”

But he adds: “The study shows that investment in technology and people are both rising. That does suggest that the underlying strategy and investment in some firms may be fundamentally wrong.”

LexisNexis Risk Solutions covers fraud prevention, identity verification, due diligence, and KYC, many of them supported by big data. Where it has seen an overall slight increase in money spent on technology and a decrease in that spent on people, there’s been ‘much more return on investment’, says Vaughan. Jim Winters is head of economic crime at Nationwide Building Society and David Callington heads up HSBC’s fraud team and sits on the Advisory Board of Cifas, the UK’s fraud prevention community. For Winters and Callington, financial institutions have no alternative but to increase spending on both.

“Even if the cost of mitigating economic crime is rising, it’s always a strong business case,” says Winters.

Part of that cost-benefit analysis is the catastrophic consequences of loss of faith in the financial system, adds Callington. Every heartbreaking victim story erodes the trust at the very core of a bank’s business model.

“Trust is an intrinsic part of banking, and we shouldn’t lose sight of the customer at the heart of this,” he says. From the banks’ perspective, both Winters and Callington agree that the technology is already mostly in place – it’s just that it is struggling to keep pace with the fraudsters.

“There was a time when we saw more new approaches becoming available for banks to select, but there isn’t that much that’s new anymore,” says Winters.“Most large firms use similar technology, including some payment profiling, some behavioural profiling, some biometric profiling, some device insight, and whatever other contextual information you can bring in. You supplement that with good people, with very capable data scientists. There’s a place for machine learning too, but not as a standalone tool.”

NEVER-ENDING STORY

While criminals can up sticks and migrate to new methodologies on a whim, banks have to keep the old holes plugged while racing to address new ones. ”Over the last few years, especially in the fraud space, banks have invested in technology, in terms of unauthorised access,” says Callington. “Now the bad guys have gone back to social engineering, which is why we are focussing on human intervention again.” Callington’s talking about authorised push payment (APP) fraud, a methodology that tricks victims into making a bank transfer to the account of a fraudster in the belief that they are a legitimate payee.

“David’s right” agrees Winters. “This is where we’ve been taking a ‘low-fi’ approach, if you will. All firms invest v ery, very heavily in all sorts of layers of technology, but we’re finding that, in this push for digitisation and everything instant and real-time, some of the controls we used to use aren’t sufficient to ‘break the spell’ in APP. That’s a corny phrase but very accurate when it comes to scams driven by social engineering.

“What we’re finding is that the bad guys, like any other kind of business model, are reinvesting their profits heavily in good quality people. So at Nationwide, we do two things. First, we make sure we invest in humans, as well as systems, so that we can have meaningful interactions with customers and break that spell, because we find that automated approaches are not effective.“Second, we provide what we call our Scam Checker Service, which is something we publicise heavily, because we want our customers to call us before they carry out a transaction, and we’ll tell them whether it’s genuine or not.”

Losses to APP fraud skyrocketed in the UK in 2021, overtaking losses from card fraud for the first time, although the latest figures from UK Finance show a 17 per cent decrease in APP fraud losses in 2022, down to £485.2million.

This is a methodology that exploded onto the scene during the pandemic, so it’s encouraging that banks’ mitigation techniques, like those described by Winters, appear to be working.“What’s absolutely clear is that with certain areas of fraud, particularly APP, the threat is increasing,” agrees Vaughan. “It’s becoming ever more complex, and because of the victim impact, it’s always going to attract higher interest, including from regulators and government. I agree there isn’t one silver bullet to solve this problem; it’s actually a multi-layered approach that combines both technology and individuals. So, how can we develop technology that enables organisations to identify when there is a true risk? “We’ve been doing a lot of work around the integration of behavioural biometrics into our device authentication capabilities. So, for example, where we have a customer who might be part of an APP scam, how can we identify if that customer is under pressure?

“We need to look across the ecosystem, at the telcos, the social media companies, the online marketplaces, where this fraud is originating”

David Callington, HSBC

“Is the way in which they’re interacting with their devices not the norm, and would that suggest an element of risk? At each and every point of that customer interaction, there are different treatment strategies that need to be instigated. “That might be technology, but also it may be that human touch. Being able to speak to an operator at a bank to ask questions is fundamentally important, too.”

FIGHTING THE GOOD FIGHT

LexisNexis Risk Solutions has built out a digital intelligence network through which 96 billion transactions are processed annually, and nine billion active devices are identified.

“That richness of insight, through the consortium model, and that ability for all regulated entities that use some of our products to see that insight of both good and bad information and intelligence to establish trust is key,” says Vaughan. While no one in the industry is putting their heads in the sand, the LexisNexis Risk Solutions report, which surveyed 300 financial services professionals, found that only one in six believe the UK financial sector’s collective efforts in fighting financial crime is ineffective, and the vast majority believe their organisation is helping to tackle the fraud epidemic.

But it’s a lonely fight. While fraud makes up roughly half of all UK crime, specialist economic crime fighters represent only around one per cent of police resources.When UK Finance conducted an analysis of more than 59,000 APP cases earlier this year, it found that three-quarters of online fraud cases originated on social media.

Yet banks have been handed the lion’s share of the responsibility to mitigate financial crime, and take much of the accountability when things go wrong.

“By the time the customer comes to the bank to make the payment, they’re already under the fraudster’s spell, and that’s been driven by some interactions elsewhere within the ecosystem,” explains Callington. “We need to look across the ecosystem, at the telcos, the social media companies, the online marketplaces, where this fraud is originating. So, it’s not a traditional bank or fintech challenge; it’s an end-to-end challenge, across the ecosystem. The challenge is breaking the spell.”

This touches upon a broader debate in government: how to legislate to protect UK citizens from online harms without alienating Big Tech and stifling the UK’s innovation scene.

As the Online Harms Bill approaches its debut in parliament, banks are continuing to push for online scams to be included in the legislation.Meanwhile, in May, UK-based business banking platform Tide called on the government to tax social media firms and telecoms in order to fund a ramp-up in fraud and scam policing. You’d expect this intervention to be cheered from The City to the Isle of Dogs, even if the proposed levy is yet to generate any support from lawmakers.

“There needs to be more collaboration,” agrees Winter. “The new frontier will be in bringing the insights together from across these different industries, that all have a part to play. If financial services is the focal point for all the controls, you’re effectively making financial services the gatekeeper for all economic crime prevention globally, which isn’t right.

“If financial services is the focal point for all the controls, you’re effectively making financial services the gatekeeper for all economic crime prevention globally, which isn’t right… We do a heck of a lot and we’re collectively investing hundreds of millions of pounds every year into prevention, but we can’t do it on our own”

Jim Winters, Nationwide Building Society

“That’s probably why you see scam losses growing, because you can’t leave it to financial services. We do a heck of a lot, and we’re collectively investing hundreds of millions of pounds every year into prevention, but we can’t do it on our own.”It’s clear that legislation will be required to establish a broader community of fraud fighters.

But an anonymous respondent quoted in the LexisNexis Risk Solutions report makes an important point: “I think we have too many bits of legislation and it’s like putting another room on your house… it gets to the stage where you need to knock down the house and start again.”

As the regulation debate rolls on, a tension is developing between consumer protection on the one hand, and innovation on the other. For banks, that tension is drawing a new line between instant, seamless experiences and authenticated safe services.

In Whitehall, the Online Harms Bill is likely to tread on toes across the private sector. WhatsApp owner Meta has already threatened to pull out of the UK if the bill goes through in its current form. Expect similarly hard-nosed responses should Big Tech be drawn into sharing the costs of fraud prevention.But, unless the siloed approach to financial crime compliance changes, the LexisNexis Risk Solutions report concludes:

“A tipping point will soon be reached by the industry, whereby every extra pound spent on compliance will have no additional impact on effectiveness. “No one – not industry, not government, not society – can afford for that to become a reality.”


 

This article was published in The Fintech Magazine Issue 14, Page 40-42

People In This Post

Companies In This Post

  1. The Big 2025 Predictions Round Up: What’s Going to Happen in Fintech Next Year? Read more
  2. East of England Co-op Extends Relationship With NCR Atleos, Expanding Cash Access for Local Communities Read more
  3. Clear Street Launches in UK Following FCA Approval, Joins London Metal Exchange Read more
  4. PayPoint and Lloyds Join Forces to Empower the Nation’s 60,000+ SMEs with New Payments Offering Read more
  5. Why Are You Attending the Conference? | FF News at Retail Bank Transformation Europe Read more