The risk control line of financial institutions remains fragile, and external fraud poses a greater threat-Industry-SearchFx- the most authoritative information query platform for derivatives industry -searchfx.cc

Affected by the environment, geopolitics, market performance and other factors, the risk control situation of financial institutions is becoming increasingly severe. In this context, how can financial institutions cope with the increasing popularity of online transactions, mobile transactions, and the emergence of artificial intelligence technologies earlier this year? Do they have adequate risk controls in place? On May 5, the World Health Organization declared that the COVID-19 pandemic no longer constitutes a public health emergency of international concern, which means that the world has officially entered a post-pandemic era, but in a volatile economic environment, have financial institutions put in place appropriate policies and incentives? What kinds of fraud risks will financial firms face in the coming years?

In a report on risk and economic crime, Pricewaterhousecoopers (PWC) said: "So far, although various types of risk behavior have been reduced by compliance policies, internal training and other measures, but the greater threat still lurks." The risk control line of the enterprise is still weak, especially the fraud from the outside of the enterprise has brought greater harm to the enterprise.

Industry-wide: Cybercrime poses the greatest threat vs Finance: Customer fraud poses the greatest threat

First, the PWC report shows that, industry-wide, fraud, corruption and other economic crime indicators showed a year-on-year decline from 2018 to 2022. In 2022, less than half (46%) of businesses surveyed said they had experienced some form of fraud or economic crime in the previous 24 months (2021-2022).

However, despite the continuous decline of various risk control indicators, risk events still cause huge losses for enterprises of different sizes. Fifty-two percent of companies with more than $10 billion in annual revenue reported being affected by a risk event involving more than $50 million in the past 24 months. In contrast, only 38 percent of companies with less than $100 million in annual revenue reported experiencing a risky event, and only $1 million was involved.

So what are the types of risk events? Which type poses the greatest threat?

Through the following data, we can find that the whole industry is currently facing three major risk events: cyber crime, customer fraud and asset misappropriation. We averaged the industry-wide data in the report and compared it with the financial industry (the top three risk event types in the financial industry did not include "asset misappropriation", but "improper KYC procedures") :

As can be seen from the chart, cybercrime is the largest source of risk across the industry, while customer fraud is the type of risk that financial services organizations need to guard against the most. The common feature of both is that they are caused by external risk factors.

How has the pandemic affected enterprise risk control in the past three years?

In 2021, Fazzaco cited data from the Australian regulator ASIC showing a year-on-year increase of more than 200% in the number of reported financial fraud cases between January and February 2021. Financial institutions affected by the pandemic are also facing a sharp increase in the number of risk events.

In the report, PWC looked at five risk types: misconduct risk, legal risk, cybercrime, insider trading, and platform risk. Then, the surveyed enterprises are analyzed according to the two types of "encountering new fraud" and "increasing risk" :

The pandemic accelerated the adoption of online trading and office work, which had the positive effect that the internal risk of misappropriation of assets was significantly reduced in three years as many employees chose to work from home and had less access to company assets. But this has also brought a negative effect, that is, the risk of digital security has increased dramatically.

Corporate defensive lines are still fragile, and new risk control situations have emerged

The emergence of external entities that are difficult to regulate effectively is changing the current risk management landscape. In the PWC report, nearly 70 percent of organizations surveyed that were affected by scams said the greatest harm came from external attacks, or at least involved external factors. More importantly, criminals from outside are not subject to internal risk control measures such as bylaws, training, and investigations.

Cyber hackers and organized criminal groups are the two most common sources of external risk to the interests of financial institutions, and both types of attacks have increased significantly over the past two years. According to the report, about one-third of external risk incidents were cyber attacks and 28% were organized crime. Online platforms have also become a hot spot for criminal activity. Two out of five organizations surveyed said they had experienced fraud related to online platform services, such as improper know your Customer (KYC) procedures and false information.

peroration

The PWC report gives us a new perspective on how financial institutions should continuously enhance their preparedness and response capabilities in the current challenging post-pandemic era to adapt to the major threats posed by external factors such as cybercrime and customer fraud.

But will these measures be effective against the new types of fraud and economic crime that are likely to emerge in the future? How can financial institutions protect their own interests while also safeguarding the legitimate rights and interests of their customers? These problems deserve our further consideration and discussion.