Wednesday, 24 September 2008

Fraud not on the agenda at banking conference

Posted by Anita Hawser

As investment banks and mortgage providers were dropping like flies last week as the credit crunch increased the pace of market consolidation, I was attending one of the world's largest international banking conferences, Sibos, in Vienna.

Hosted by SWIFT, the Society for Worldwide Interbank Financial Telecommunication, Sibos 2008 attracted approximately 8,000 bankers, however some conference speakers dropped out at the last minute as investment banks and mortgage lenders fell victim to market speculation and takeovers.

SWIFT as you may or may not know, is a bank-owned messaging network, which prides itself on never being hacked into or compromised by an external or internal threat. However, it did get into hot water a couple of years back with data privacy zealots when it allowed US intelligence agencies to look at messages being sent on its network as part of the US government's efforts to combat terrorism and money laundering.

While I can understand that banks probably have a lot more on their minds in today's difficult climate than combating fraud, I was surprised to see that identity fraud and banking fraud in general was not featured on the Sibos conference agenda.

Fraud only appeared to be up for discussion on the exhibition floor where a handful of dedicated information security vendors (SafeNet, NetEconomy) and AML solution providers were exhibiting their anti-fraud technologies and strategies.

"There is a lot of interest from banks around service-oriented architectures and designing security in from the get go rather than an afterthought," said Rene Bastien, product manager, payment products, SafeNet. Bastian says Basel II is also forcing banks to address operational risk.

SafeNet says that the current business climate is good for security vendors as it is forcing banks who were "caught with their pants down" to address their risk management and operational practices. And it seems security vendors are trying to make it easier for banks to embed security natively within applications using common standards such as XML, which means application developers do not need to be "crytographic geeks" in order to understand security.

Of course, banks en masse don't like to talk about fraud, particularly in this climate where banking failures in general are dominating newspaper headlines. Yet, fraud is an area banks cannot afford to ignore, not only because of the hefty fines likely to be imposed by regulators, but also the reputational risk and the impact on banks' balance sheets.

According to a survey conducted by Kroll on behalf of the Economist Intelligence Unit, financial services providers lost an average of $12.9 million to fraud in the last three years, although this figure is probably higher if one takes into account the reputational costs and the costs of fraud that banks are not even aware of or that remains undetected.

Kroll says the most common types of fraud financial service providers are exposed to include; regulatory or compliance breach (35%), financial mismanagement (29%), theft of physical assets or stock (27%), management conflict of interest (25%), information theft, loss or attack (24%) and internal financial fraud or theft (24%).

While it is difficult to put a precise figure on the reputational costs and brand damage caused by fraud, research by security software vendor, Symantec, suggests that consumers take a dim view of companies that do not do enough to protect their private data. Approximately 90% of consumers surveyed by Symantec stated that "reckless or repeated" data breaches should be punishable by imprisonment.

Seventy-six percent of companies polled by Symantec expected to lose customers if a data loss or breach occurred and 50% expected customer loyalty to fall off immediately. “These statistics are very concerning for business, particularly in the current unstable market conditions,” said John Brigden, senior vice president for Europe, the Middle East and Africa at Symantec. “Not only do they risk losing large numbers of customers following an incident of data loss, but almost 60% of companies said it would be a lot harder to attract new customers once the reputation had been tarnished.”

Fraud is so pervasive now that it is not just something CTOs or chief risk officers need to be concerned about. CFOs and CEOs should also be more attuned to the impact of fraud on their businesses.

"We expect to see fraud increase as conditions become tougher for business and the full impact of the credit crunch unfolds. Financial services companies need to focus their efforts, especially against regulatory and compliance breaches as the loss involved is far too much to justify," says Blake Coppotelli, senior managing director in Kroll's business intelligence and investigations division.

It is no longer acceptable for banking CEOs to say they do not understand the instruments their investment banking divisions are trading, nor should it be excusable for them to say they are not aware of the impact fraud is having on their business.

No comments: