Banks not investing enough on fraud risk management: KPMG survey

KUALA LUMPUR: KPMG’s Global Banking Fraud Survey finds that banks are still reactive towards fraud and not investing enough on fraud risk management.

According to the survey, which was conducted by the multinational accounting firm between November 2018 and February 2019, the total cost of fraud risk management was not monitored by 52% of banks surveyed.

“This makes it an outlier within bank operations and reduced visibility to the Board and Risk Committees who make key budget, resourcing and investment decisions,“ KPMG Malaysia head of forensics Tan Kim Chuan said in a statement today.

The survey was conducted across 43 retail banks, 13 of which are in the Asia-Pacific region, five in the Americas and 25 in Europe, the Middle Eastern and African regions.

Based on the findings, 61% of the banks surveyed have reported an increase in external fraud – in value and volume – over the past three years.

The survey also found that over half the respondents recovered less than 25% of the fraud losses, thereby demonstrating that fraud prevention is key.

“Cyber and data breaches remain the most significant challenge as reported by banks across all three regions, and these challenges may be amplified with the increasing popularity of open banking, as banks across the globe are getting ready to open their doors to third parties to access their customer data,“ it said.

According to Tan, criminals have become more sophisticated today and are leveraging on technology to scam more victims. This means financial institutions need a paradigm shift in their approach to mitigate fraud risks in a sustainable and effective manner.

“To meet mounting customer expectations, financial institutions should focus on building a well-structured fraud management model that can deal with evolving digital transformation, identify unknown risks, harness the benefits of technology and reduce the cost of compliance,“ he added.

Commenting on Bank Negara Malaysia’s Risk Management in Technology policy issued on July 18, 2019, which aimed at guiding financial institutions in the country to combat the rise in cybercrime, Tan said the introduction is timely and will be a useful guide on the backdrop of increased technology adoption within the financial services sector.

The policy, which will come into effect beginning Jan 1, 2020, sets out the expectations for banks to establish a holistic technology risk management framework, which encompasses all levels of the organisation from the board level down, to continuously assess risks, identify gaps, and prioritise activities to mitigate and manage technology risk against its approved financial risk appetite.