Global cases of financial scams, social engineering and cyber/online fraud in the banking sector are increasing as criminals are finding new ways to steal from banks and their customers, reveals the inaugural Global Banking Fraud Survey by KPMG International.
KPMG's Global Banking Fraud Survey was conducted between November 2018 and February 2019 across 43 retail banks, 13 of which are in the Asia-Pacific, 5 in the Americas and 25 in Europe, the Middle East and Africa (EMA) region. Based on the survey, 61 percent of banks surveyed have reported an increase in external fraud – in value and volume – over the past three years. The survey also found that over half the respondents recovered less than 25 percent of the fraud losses, thereby demonstrating that fraud prevention is key.
According to Tan Kim Chuan, Head of Forensics at KPMG in Malaysia, banks are still reactive towards fraud and are not investing enough on fraud risk management. In fact, the survey found that the total cost of fraud risk management is not monitored by 52 percent of banks surveyed. This makes it an outlier within bank operations and reduced visibility to the Board and Risk Committees who make key budget, resourcing and investment decisions.
Tan commented: “Criminals are becoming more sophisticated today and are leveraging on technology to scam more victims. This means financial institutions need a paradigm shift in their approach to mitigate fraud risks in a sustainable and effective manner.
“Ineffective fraud risk management models can severely hamper how well banks detect and prevent fraud or scams as most cases happen outside of the bank’s control. Regardless, customers will still hold banks responsible for safeguarding their data and preventing fraud. In order to meet mounting customer expectations, financial institutions should focus on building a well-structured fraud management model that can deal with evolving digital transformation, identify unknown risks, harness the benefits of technology and reduce the cost of compliance,” explained Tan.
Cyber and data breaches remain the most significant challenge as reported by banks across all three regions. This challenge may be amplified with the increasing popularity of open banking, as banks across the globe are getting ready to open their doors to third parties to access their customer data. However, questions are being raised on the reliance that can be placed on third party controls.
The seriousness and complexity of this matter has certainly spurred Malaysia’s policymakers and regulators into action. On 18 July 2019, Bank Negara Malaysia (BNM) issued the Risk Management in Technology (RMiT) policy, which aims to guide financial institutions in Malaysia to combat the rise in cybercrime.
The policy, which will come into effect beginning 1 January 2020, sets out the expectations for banks to establish a holistic technology risk management framework (TRMF), which encompasses all levels of the organization from the board level down, to continuously assess risks, identify gaps, and prioritise activities to mitigate and manage technology risk against its approved financial risk appetite.
“Around the world, regulators increasingly expect financial institutions to achieve greater consistency and integration of the first and second lines of defence in their approach to prevent, detect and respond to fraud risks. Hence, the introduction of Bank Negara’s RMiT policy is timely and will be a useful guide on the backdrop of increased technology adoption within the financial services sector,” said Tan.
© 2020 KPMG PLT, a limited liability partnership established under Malaysian law and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.