Category Archives: Financial Risk Management

Immediate Vault

Strategies to Prevent Internal Fraud

Posted on by

As employees can be key perpetrators of fraud, creating and implementing best practices with regard to insiders is a key part of an enterprise’s everyday risk management procedures. For example, developing internal controls that involve multiple layers of review for financial transactions, and arranging independent reviews of the company’s financial records can prevent malfeasance, detect ongoing fraud and prevent it from continuing.

buy atarax online iddocs.net/images/photoalbum/gif/atarax.html no prescription pharmacy

In fact, according to Kroll’s 2019 Global Fraud and Risk Report, businesses discovered insider fraud by conducting internal audits 38% of the time, through external audits 20% of the time and from whistleblowers 11% of the time.

Technology solutions provider Column Case Investigative recently examined five common types of fraud that businesses face, including employees falsifying their timesheets to steal money from the company, taking intellectual property or passing off counterfeit items as genuine, funneling money away from vendors to themselves, or soliciting favors or compensation from clients or vendors for preferential treatment. These tactics can impact a company’s profits and expose it to possible litigation, but also pose risk to its reputation with customers and partners, as well as its competitiveness.

buy zantac online iddocs.net/images/photoalbum/gif/zantac.html no prescription pharmacy

To best mitigate these risks, the provider recommended that companies do their due diligence in the hiring process to detect any warning signs that applicants may have a motive to commit fraud. To limit intellectual property theft and misuse, they should limit access to important information and materials.

buy robaxin online iddocs.net/images/photoalbum/gif/robaxin.html no prescription pharmacy

Enterprises can also create clear ethical standards for employee conduct and a positive culture in which workers are happier, more committed to the company and more comfortable reporting fraud when they see or suspect it happening.

Check out the infographic below for more best practices to mitigate employee fraud risks:

Using Adaptive Behavioral Analytics to Detect Fraud

Posted on by

While fraud threats are nothing new for payments processors and financial institutions, the degree and magnitude of such incidents have escalated in recent years. A February 2018 Javelin study found that nearly 16.7 million consumers were victims of identity fraud in 2017—up 8% from the previous year.

Fraud prevention solutions must be flexible and sophisticated enough to not only counteract increasingly-savvy fraudsters, but also distinguish true fraud from false positives, which occur when genuine activity is mistakenly treated as fraud. According to CreditCards.com, four out of five blocked transactions are actually genuine, and these misunderstandings often result in customers being locked out of their accounts. In many ways, the aftermath of false positives can prove more damaging and costly than an actual instance of fraud, as institutions miss revenue generation opportunities while simultaneously hindering customer loyalty and trust.

As consumer payment technologies evolve, so too will the complexities of fraud detection and mitigation. Therefore, it is vital that risk management teams end their reliance on rigid, manually-programmed rule sets or static machine learning models and instead capitalize on the advanced capabilities offered by today’s more versatile tools. By modernizing their fraud strategies with adaptive behavioral analytics, payments processors and financial institutions can better mitigate risk and increase revenue.

How Does it Work?

Unlike the static machine learning of the past, adaptive behavioral analytics are extremely proficient at differentiating between actual fraud and activities that appear suspicious but are ultimately genuine. As a result, friction in financial services and e-commerce is significantly reduced and customers can maintain confidence in their preferred transaction method.

Adaptive behavioral analytics empowers machine learning through a set of sophisticated, automated, self-learning algorithms that review account activities and notify security teams of anomalies.

buy clomiphene online greendalept.com/wp-content/uploads/2023/10/clomiphene.html no prescription pharmacy

These algorithms construct baseline behavioral profiles to reflect a customer’s activity type and frequency. In every interaction—regardless of if a payment occurs—information is gathered and evaluated on the type of device that is used, how it’s used, its location and the amount of the purchase. Combined, these behaviors create a customer portrait that becomes increasingly more accurate over time. Every subsequent interaction then can be measured against the behavioral portrait, within milliseconds, to determine if their activities are fraudulent or genuine.

For example, if a user logs into his or her account at an abnormal rate or suddenly begins adding priority shipping to high-priced orders, the system will detect the irregularity and block future activity. However, if a user simply purchases an expensive holiday gift or books travel arrangements—behaviors that coincide with seasonal activity—the system will recognize and differentiate the fraudulent from the legitimate accordingly.

Adaptive behavioral analytics also optimizes the speed and convenience of fraud detection by processing volumes of data and delivering critical intelligence accurately and immediately. Through this more comprehensive investigation, the software enhances the customer profile to better understand and recognize behavioral trends—a welcome sight for security teams that previously spent hours sifting through reports to locate red flags.

Where Can Adaptive Behavioral Analytics Help Most?

The ubiquity of mobile technology has created a consumer audience who prefers to conduct business through a smartphone, tablet or another device that eliminates a trip to a physical store or bank branch. In turn, these consumers demand leading-edge mobile technologies that are intuitive, convenient and offer a full range of services.

The combination of the U.S. adoption of the EMV standard in 2015 and the rise in e-commerce has escalated the volume and prominence of Card Not Present (CNP) fraud. Whether through online purchase portals or apps that access mobile wallets, the digital entry of account information raises the likelihood of a person’s information becoming compromised.

buy prelone online greendalept.com/wp-content/uploads/2023/10/prelone.html no prescription pharmacy

With more transactions taking place, the volume of both true fraud activity and regular behaviors that appear suspicious will increase. However, adaptive behavioral analytics enables a more refined detection between the actual fraud and genuine activity.

buy albenza online greendalept.com/wp-content/uploads/2023/10/albenza.html no prescription pharmacy

It is the best of both worlds: a much-needed, innovative line of defense that combats payments fraud and clears a path for more revenue-generating transactions.

Lawfulness of Financial Crime Data Processing Under GDPR

Posted on by

Much that has been written about the General Data Protection Regulation (GDPR) relates to the burden of obtaining proper consents in order to process data. This general theme has provoked questions about whether and how financial institutions can process data to fight financial crime if they need consent of the data subject. While there are certainly valid questions, GDPR is much more permissive to the extent data is used to prevent or monitor for financial crime.

Clients and counterparties will often be more than happy to consent to data processing in order to participate in financial services. But consent can be withdrawn, so offering individuals the right to consent will give the impression that they can exercise data privacy rights which are not appropriate for highly-regulated activities.

Rather than relying on consent, the GDPR also permits (1) processing that is necessary for compliance with a legal obligation to which the controller is subject and (2) processing that is necessary for purposes of the legitimate interests pursued by the controller or a third party.

Some areas of financial crime prevention are clearly for the purpose of complying with a legal obligation. For example, in most countries there are clear legal obligations for monitoring financial transactions for suspicious activity to fight money laundering. The European Data Protection Supervisor stated in 2013 that anti-money laundering laws should specify that “the relevant legitimate ground for the processing of personal data should… be the necessity to comply with a legal obligation by the obliged entities….” The fourth EU Anti-Money Laundering Directive requires that obliged entities provide notice to customers concerning this legal obligation, but does not require that consent be received. And the U.K. Information Commissioner’s Office gave the example of submitting a Suspicious Activity Report to the National Crime Agency as a legal obligation which constitutes a lawful basis.

Very few commentators have attempted to cite a legal authority for anti-fraud legal obligations. The Payment Services Directive 2 (PSD2) requires that EU member states permit personal data processing by payment systems and that payment service providers prevent, investigate and detect payment fraud. But PSD2 has its own requirement for consent and this protection may fail without adequate implementing legislation in the relevant jurisdiction. Another possible angle is that fraud is a predicate offense for money laundering, and therefore the bank has an obligation to investigate fraud in order to avoid facilitating money laundering.

“Legitimate interests” are also permitted as a basis for processing. However, this basis can be challenged where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Financial institutions may not feel comfortable threading the needle between these ambiguous competing interests.

The GDPR makes clear, however, that several purposes related to financial crime should be considered legitimate interests. For example, “the processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest” and profiling for the purposes of fraud prevention may also be allowed under certain circumstances. It is also worth recognizing that many financial market crimes such as insider trading, spoofing and layering are often prosecuted under anti-fraud statutes.

Compliance with foreign legal obligations, such as a whistle-blowing scheme required by the U.S. Sarbanes-Oxley Act, are not considered “legal obligations,” but they should qualify as legitimate interests.

While legal obligations and legitimate interests do not cover all potential use cases, they should cover most traditional financial crime processing. Some banks have been informing their clients that a legal obligation justifies their processing for AML and anti-fraud. Others have included legal obligations and/or legitimate interests as potential justifications for a laundry list of potential processing activities.

While the GDPR became effective earlier this year, financial institutions will continue to fine-tune their approaches based on continuing familiarity with the requirements and legal and regulatory developments. Financial institutions need to revisit their client notifications to make sure that they have disclosed their data processing in a manner that reserves their rights for financial crime purposes. They should also confirm that their financial crime processing adequately falls under a defensible basis. And with this basic housekeeping performed there is hopefully little disruption to their financial crime and compliance operations.

Compliance in 2018: Q&A with James Reese of the SEC

Posted on by

The Securities and Exchange Commission (SEC) recently named James Reese as the Chief Risk and Strategy Officer for the Office of Compliance Inspections and Examinations (OCIE), which also leads the Office of Risk and Strategy (ORS). These offices assess companies’ and products’ risk to the financial markets and influence the SEC’s rule-making initiatives, among other actions. OCIE conducts the SEC’s National Exam Program (NEP), which was created to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies that:

  • improve compliance
  • prevent fraud
  • monitor risk
  • inform policy

Risk Management Monitor reached out to Reese to find out what he has in store for his office and U.S. businesses.

Risk Management Monitor: Your office administers the NEP to businesses to ensure they are operating in compliance with the law and the SEC rules. Can you describe the information you gather and how it is used?

James Reese: During examinations, we may request and review policies and procedures, supervisory processes, trading activity or any other aspect of a registrant’s business. The results of the NEP’s examinations are used by the SEC to inform rule-making initiatives, identify and monitor risks, improve industry practices and pursue misconduct. The NEP maintains a critical presence among market participants by conducting thousands of exams annually. This provides us with timely, accurate, and reliable information to assist the program and SEC in fulfilling its mission.

buy cytotec online healthdirectionsinc.com/flash/swf/cytotec.html no prescription pharmacy

RMM: You had been OCIE’s acting chief since shortly after its inception. How has the office grown and what is your vision for the next five to 10 years?

JR: Now that we have built synergies across groups, the focus is turning more toward enhancing our risk assessments, providing better support to exam teams, improving our technology and using big data.

Centralizing the staff has led to a more cohesive approach to risk assessment and more opportunities to collaborate and take advantage of cross-discipline problem-solving.

buy renova online healthdirectionsinc.com/flash/swf/renova.html no prescription pharmacy

It has also helped us prioritize those areas where we can make the greatest impact on the NEP, allowing not only our office to maximize its limited resources but in turn also allowing us to focus on how we can provide exam teams tools and data to maximize their resources.

Ultimately, our office’s goals are wide-ranging and include:

  • identifying risks to investors, particularly retail investors, and the markets
  • assisting the home and regional offices in identifying exam candidates
  • developing technology tools and quantitative approaches that exams teams can use to, for example, identify potentially problematic practices at firms and more quickly analyze trading activity
  • monitoring and examining some of the largest financial firms to understand the various market and their operational risks

RMM: What risks are you closely monitoring (or are most influential)?

JR: Since 2013, OCIE has annually published its examination priorities, which generally reflect certain practices, products and services that OCIE believes may present a heightened risk to investors and/or the integrity of the financial markets. In 2018, as in prior years, we have prioritized matters of importance to retail investors, including seniors and those saving for retirement. This translates to pursuing examinations of firms that provide products and services directly to retail investors and focusing on the disclosure and sales practices associated with higher risk products.

buy lariam online healthdirectionsinc.com/flash/swf/lariam.html no prescription pharmacy

We are also focusing on risks to market infrastructure, cybersecurity as well as firms’ anti-money laundering requirements.

RMM: How has a risk manager’s role (and/or its importance) changed since you began at the SEC in 1999?

JR: I have seen more firms identify individuals to either serve as a chief risk officer or build out their risk management function. As SEC Chairman Jay Clayton noted in his recent remarks at the Equity Market Structure Symposium: “One of the few certainties of trading markets is that they continually evolve. New technologies spur new market mechanisms, which, in turn, lead to new trading practices.”

Risk managers face an increasingly difficult task of identifying and triaging these changes, and also having to be proactive. Trying to look around corners, identify emerging issues and spot trends before they metastasize within an organization is the cornerstone of any good risk organization and ORS spends a great deal of time on those activities, as well.