13 March 2024
Fraud is now the most frequently reported crime in the UK, representing 41% of offences reported to police. Adding to the challenge, only around 1% of fraud cases result in prosecution. UK Finance, the collective voice for the banking and finance industry, reported in its annual fraud report that £1.2 bn was stolen through fraud in 2022. Figures obtained by RSM UK under a freedom of information request also show a 10% rise in reported cases of fraud committed by employees against their employers. Banks and building societies are natural targets for fraud-related crimes, as there’s a lot of money and sensitive data at play. Therefore, it’s crucial for them to understand the fraud risks associated with their operations in order to best prevent future attacks.
Fraud risks in finance
The table below explores various types of risks, in addition to employee fraud, that banks and building societies face.
Type of fraud | Mitigation |
Change of bank account fraud Involves fraudsters attempting to change the bank account details for payments or direct debits, redirecting payments to their own accounts or money mule accounts. |
|
Identity theft and account takeover fraud Involves fraudsters stealing personal information or using impersonation techniques to open new accounts or take over existing accounts. |
|
Application fraud Involves providing false information on applications for loans, accounts or services. |
|
Payment/transaction fraud Involves using stolen payment card data to make unauthorised purchases or transferring funds without permission. |
|
Insider fraud Involves internal employees misusing their system access to steal money or data. |
|
Increased fraud threat through hybrid working
Since the pandemic, there has been a rapid shift to extensive hybrid working, bringing significant benefits for the workforces of banks and building societies. In fact, our People Perspectives survey identified hybrid working as the top benefit offered to attract or retain employees at 41%. Meanwhile, 57% of respondents had already begun, or were considering, upskilling managers to better manage a hybrid workforce. A recent survey has also found that UK employees are working from home more than workers in other European countries, doing so for an average of 1.5 days a week. However, these agile working patterns present an increased exposure to fraud risks, including heightened cyber security vulnerabilities, weaker preventative controls, misuse of sensitive data, increased insider collusion opportunities, and new avenues for social engineering attacks.
It’s key for banks and building societies to balance the benefits of agile working with strong preventative measures, auditing, and oversight controls. Ongoing risk assessments and fraud prevention training for the workforce are also critical.
Conclusion
As the landscape of agile working evolves and technologies including generative artificial intelligence develop, banks and building societies are faced with an increased fraud risk. To counteract this, they find themselves needing to bolster their fraud defences. Just as importantly, there is an increasing need to foster an ethical and risk-aware culture. This can be achieved through frequent and bespoke workforce education on fraud red flags and effective security habits, applicable to both remote and in-branch work. Leadership must clearly communicate expectations around information security, data privacy and fraud prevention in an agile environment.
As well as a continuous assessment of current obligations to prevent financial crime, banks and building societies will need to ensure that they consider the ‘failure to prevent’ offence, introduced by the Economic Crime and Corporate Transparency Bill in October 2023.