Have you ever thought of your organization's maturity level in fraud management? Where does your organization stand amongst the competitors? Are the fraudsters targeting your competitors because they are easier targets – or is your organization unable to detect the fraudulent activities?
Without adequate understanding of fraud management, it may be difficult to identify what needs to be detected.
Fraud management maturity can be described with maturity steps that define the level on which an organization’s fraud management is currently perceived to be. It might be challenging to identify the current level – however, the following division gives an idea of the different steps.
The first maturity step can be defined as ad hoc, where there are limited or no controls, and fraudsters are utilizing the reactive nature of the fraud management activities. The organization and its customers may be subject to major financial losses and customer reimbursements volumes are increasing. Most of the fraudulent activities are not identified, thus fraud is not recognized as an actual risk. This may lead to a wrong perception of the situation, and fraud prevention is not included in the investment budget.
On the next level, companies start to realize the severity of fraud management’s importance based on the continuously increasing number of fraud cases and customer losses. There might be media coverage of the ongoing fraud situation, which creates a pressure for quick fixes in the fear of reputational risks. Often these fixes are done in silos, and they don’t solve the underlying deficiencies, for example, in a product or service. Fixing the ongoing situation can be seen as a priority, whereas the long-term solution would provide more sustainable outcome. Making quick and non-optimized fixes can have a negative impact on customer experience.
Once the organization understands that fraud management needs to be embedded in all levels of the business, they begin to streamline the controls and harmonize the processes.
Fraud risk management and regulatory requirements are seen as a shared interest between internal stakeholders, for example, other Financial Crime Prevention units, Cybersecurity, Data Privacy, Product and Service Development. On this level, the company sees fraud management as a crucial part of the company level strategy, governance, policies, processes, and risk assessments.
On the optimal level, fraud management is creating value through better customer experience and by cutting costs from ad hoc activities. Fraud risks can be managed in a proactive way, where collaboration and situation awareness are extremely important. Fraud management is part of the learning ecosystem, where financial institutions, FSAs, authorities, and regulators are co-operating to continuously learn and develop the fraud management landscape.
In order to be able to climb up the maturity steps to a higher level, the fundamental processes, structures, policies, and strategy must be created. As a starting point, there needs to be a holistic understanding and commitment by the stakeholders to realize the impact of efficient fraud management inside the organization. The approach to solving the situation might vary from tackling one specific problem, to analyzing the ‘as is’ and ‘to be’ states and prioritizing the most critical action points or creating fraud management holistically from strategy level to daily processes. For example, internal and external reporting enable data-driven insights, which improve the understanding of the situation to support decision-making in the organization’s management. Without knowing the situation, the activities may be incorrectly prioritized, and the resources may be poorly allocated.
Moving from reactive to proactive fraud management enables the organization to focus on developing, optimizing and planning the resources for efficient fraud management, instead of reacting to urgent situations caused by monitoring system alerts.
The organization should be one step ahead of the criminals in creating products and services, in which the risk for being used for fraudulent activities is minimized.
Successful fraud management and development is based on experience and deep understanding, which ensures that the right actions are taken on strategic and operational levels, on each line of defense. The regulative landscape and criminal activities change rapidly, which is why it is important to look ahead and, at the same time, to identify the right points of development and avoid point-to-point and costly solutions. BearingPoint has deep expertise in fraud management, consisting of building up the fraud organization, understanding the business needs in assessing the technological capabilities, managing solution implementations, and enhancing fraud operations through process optimization and automation.
Aino Arvela-Kymenvirta
Manager, BearingPoint Finland
Joonas Helenius
Business Advisor, BearingPoint Finland