Fraud is the word on everybody’s lips. When speaking to financial crime professionals, they increasingly bring up the subject proactively―with strong opinions expressed on the scale of the problem and the challenges and opportunities for tackling it. The sheer volume of fraud has been described as a tsunami by some experts. Fraud is focusing minds in a way that was not always the case in the past and has leaped up the agenda for front-line staff and senior managers charged with putting in place an effective response to an increasingly critical problem.
The uplift in industries’ responses to fraud demonstrates a growing shift from what was a predominantly loss prevention-led issue toward a more holistic approach to tackling the significant harms caused by fraud. After years of fraud seemingly taking a back seat to anti-money laundering/counter-terrorist financing (AML/CTF) and sanctions in financial institutions’ (FIs) response to financial crime, why is this the case?
- Fraud is impossible to ignore. Almost everybody has experienced fraud in one form or another. Whether it is an account takeover fraud where fraudulent retail transactions have been undertaken, a romance fraud such as the ubiquitous pig butchering scams via social media, or the fraudulent establishment of businesses using legitimate residential addresses to conduct investment fraud, this crime is simply too prevalent to ignore.
- Fraud has been elevated by a growing number of governments and multilateral organizations as a national security threat on the same level as money laundering or sanctions evasion. This is borne out of a recognition by law enforcement (LE) and intelligence agencies that fraud is used as a tactic of strategic adversaries to damage Western democracies. When a threat is considered a national security issue, it suddenly grows in importance.
- Regulators and policymakers are paying attention. What was previously a problem that was largely dealt with―if at all―in isolation from other risk management, is now setting off government alarm bells. Fraud is the single largest crime across many jurisdictions, dominates crime reporting and has achieved a status of importance it did not have as recently as five years ago. Consider the uptick in regulatory pronouncements, LE alerts and domestic and international strategies to reduce fraud. This is a call to action.
- Companies are being forced to take rapid and decisive action to protect themselves from the risk of fraud. While fraud was once “a cost of doing business,” this approach is no longer sustainable. The private sector is a target of organized and opportunistic external fraudsters seeking to undermine FIs’ defenses through a variety of typologies, such as mortgage fraud, identity theft, card fraud, fraudulent lending or money muling networks.
The Rise and Cost of Fraud
Although the cost of fraud is notoriously hard to determine, the numbers involved are simply staggering. One recent study put the total losses sustained by various entities at a jaw-dropping $485.6 billion,1 highlighting serious deficiencies in fraud prevention measures. Even taking a single typology, one recent academic paper estimated that losses linked to 4,000 victims of pig butchering and the crypto wallet addresses which received funds added up to $75 billion over a four-year period.2 This is of an order of magnitude which must be considered a clear and present danger to society as a whole and to wider business integrity.
It is worth considering why fraud has moved from being the poor relation of AML to its new status as a priority threat. Although nobody wants to admit it, fraud was previously viewed largely as an unfortunate consequence of naivety and bad luck. Somebody buying fake or worthless shares from a “boiler room” might be seen as a victim of their own greed as opposed to the victim of a complex criminal scheme. Similarly, where a business was subject to fraud, such as fake invoicing or a hacking incident to steal customer data, this may not have been reported for fear of reputational or customer trust damage to the business.
Although nobody wants to admit it, fraud was previously viewed largely as an unfortunate consequence of naivety and bad luck
The steady year-on-year growth in fraud (e.g., fraud now accounts for over 40% of all crime in England and Wales)3 has moved the dial on fraud reporting and the defenses put in place to limit fraud. However, while more people are aware of fraud than ever before, and businesses are more likely to report it, the institutional response to fraud is lagging. Domestically, police forces have minimal experience or the necessary fraud investigators to pursue cases that may take months or years to resolve. At an international level, until recently, there has been a startling lack of focus on fraud; there is, of course, still no Financial Action Task Force (FATF) equivalent shining a spotlight on fraud.
Regulatory Bodies and Fraud
This lack of attention from the authorities arguably led to a stalled reaction from the public, who have been slow to build their own awareness, and by the private sector, who were not encouraged to prioritize fraud. One explanation for the lack of attention given to fraud was that AML and illicit finance stole much of its thunder. Since the establishment of FATF in 1989, the financial crime community―both public and private―has focused on criminal finances rather than the predicate crimes fueling that phenomenon. This trend is exacerbated by the regulatory emphasis put on AML/CTF frameworks and the resultant enforcement and regulatory actions levied against FIs for financial crime deficiencies.
It is noticeable that well-known global regulators and policy bodies such as FATF, the European Banking Authority and the United Nations Office on Drugs and Crime (UNODC) have become more vocal on issues from fraud controls and typologies to the trafficked victims of scam centers. This is partly driven by a reaction to changes in how criminal enterprises have shifted their business models. As enabling factors for fraud have become readily accessible―think cybercrime as a service (CaaS), crypto-assets, darknet marketplaces and, more recently, access to generative artificial intelligence (AI)―organized criminal groups have discovered that the risk/reward ratio for committing fraud has become more attractive.
For many years, fraud simply did not get the attention that it now demands, as sophisticated networks of criminals, terrorists or sanctioned individuals are more likely to dabble in fraud to support their wider activities. This response becomes particularly acute when funds linked to state-backed actors are also identified as being linked to fraud. The proceeds of corruption are also linked to fraud in the form of grand corruption or by individuals using their position to undertake fraud against persons in another jurisdiction sometimes with the tacit acceptance of state authorities. Similarly, terrorist groups are also known to use fraudulent charity appeals and benefit fraud to support their activity.
Another driver for the recent attention given to fraud is the proliferation of financial technology firms (fintechs) plus the growth in “big tech,” social media, messaging platforms and payment technology such as crypto. Prior to these advancements in technology, fraud enablers were mostly low-tech or physical, e.g., virtual offices. However, the reach of big tech and social media has changed the game for fraudsters who can target these platforms to conduct fraud at scale with few safeguards and a ready-made ability to harvest personal identity details. Recent strategies strongly emphasize putting responsibility on tech firms to block fraud at scale.
The Fight Against Fraud
It feels like change is finally coming. Fraud is right up there with AML in terms of coverage and debate. Supervisors outline their approach to tackling fraud and their expectations of regulated firms. Fraud’s ascent toward the top table of national security concerns has been accelerated by various factors out of the control of national governments, including the COVID-19 pandemic, the growth in online crime, digital onboarding and know your customer/customer due diligence all contributing to a surge in consumer fraud, money muling and attempts to harvest personal data.
Concern about fraud was perhaps best personified by a recent summit held in London consisting of 11 major economies and several multilateral organizations, including the European Union, FATF, UNODC and Interpol. The summit communiqué4 committed to building an understanding of the threat, partnerships and capability to respond. It also set out objectives for protecting the public through victim support and asset recovery, pursuing organized fraudsters by sharing data and intelligence, strengthening LE capacity and stronger industry engagement (particularly with tech firms, including taking a best practice approach to the development of AI).
Where does this leave the industry and financial crime professionals as they grapple with how to adapt to a new environment that threatens to overwhelm our collective defenses? The simple answer is that front-line staff, compliance departments and senior managers are moving at pace. This shift is accelerated by the expansion of new payment channels and faster payments, meaning FIs are reconfiguring their risk appetite to address external fraud exposure, which has been elevated to a top five risk management concern.5
While the growing concern in banks and payment firms is, of course, welcome, practical steps are being taken to fight the fraud epidemic. Some firms are moving toward joint fraud and financial crime intelligence functions―sometimes creating intelligence packages in conjunction with their cybersecurity teams. Financial crime and fraud functions are experimenting with using AI to identify fraudulent transactions and muling networks. Threat assessments are being conducted to identify links between money laundering and fraud, and consortium data-sharing partnerships are pooling resources to identify organized networks.
Conclusion
As fraud has exploded globally, the shared response has pivoted to keep up. Criminals are generally ahead of the curve when exploiting new technology on an unsuspecting public or probing firms’ defenses to new attack vectors. Regulators have long considered money laundering a priority, but nobody believes the battle is won despite 35 years of effort. Despite the fraud communities’ best efforts, the international response has often not received the level of focus it so clearly deserves. Growth in investment, resources and capacity in fraud prevention is now led by the private sector with strong encouragement from the government and LE. The elevation of fraud to a national security threat and a nexus with other crimes, including money laundering, may have been instrumental to fraud’s trajectory to the forefront of the public’s consciousness.
Joby Carpenter, SME, Emerging Threats and Illicit Finance, ACAMS, jcarpenter@acams.org
- “2024 Global Financial Crime Report,” Nasdaq, June 24, 2024, https://nd.nasdaq.com/rs/303-QKM-463/images/2024-Global-Financial-Crime-Report-Nasdaq-Verafin-20240119.pdf
- John M. Griffin and Kevin Mei, “How Do Crypto Flows Finance Slavery? The Economics of Pig Butchering,” SSRN, February 29, 2024, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4742235
- “Fraud,” National Crime Agency, https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/fraud-and-economic-crime
- “Global Fraud Summit Communiqué: 11 March 2024,” Gov.UK, March 11, 2024, https://www.gov.uk/government/publications/communique-from-the-global-fraud-summit/global-fraud-summit-communique-11-march-2024
- “External Fraud Enters Top 5 OP Risk Concerns in Latest Top Risk Review,” ORX, January 10, 2024, https://orx.org/blog/external-fraud-enters-top-5-ranking-of-operational-risk-concerns-in-latest-benchmark-report-by-orx#