Mitigating Fraud in Financial Institutions

Help clients become more difficult targets

We’re living in times that are ripe for financial crime. The strains of the current macroeconomic environment can drive people to take money that isn’t theirs - and advances in technology are providing them with ever-expanding ways to do so. While these crimes still occur through traditional means, technology-supported tools such as AI, phishing, smishing, vishing, and deepfake technology are all making financial crimes easier for threat actors to commit.

These risks affect all sectors, but financial institutions, being gatekeepers to vast sources of funds, are an especially target-rich environment for fraudsters. UK Finance reported that the sector spends more than any other on fighting economic crime, including fraud. Last year, risk management measures prevented a total of £1.2 billion of unauthorised fraud alone, an increase of 7% over the previous year.¹

Still, the risks are severe and evolving. UK Finance found that last year, the amount of money stolen through payment fraud in the UK totalled nearly £1.2 billion - and fraud in all of its forms now represents 40% of all reported crimes. Beyond the financial damage these crimes can cause, an institution may have to rebuild its reputation with clients and face time-consuming legal and regulatory consequences following a fraud.

Having procedures and controls in place to protect against these crimes is not enough to prevent them, according to Chris Muir, senior development underwriter for financial institutions at Travelers Europe.

“We have seen a number of claims where a financial institution has controls in place but hasn’t followed them,” he said. “For example, hackers play upon a bank’s sense of urgency on a Friday afternoon when a transfer must be completed by the weekend. Despite procedures being in place, in urgent situations the vital checks may get skipped to meet deadlines. Vigilance is crucial - and will continue to be as cyber criminals commit increasingly sophisticated financial crimes.”

How technology is changing the game

The expansion of AI in recent years has added a layer of complexity to fraud risk. In January 2024, fraudsters using deepfake technology were able to pose as the chief financial officer of a multinational firm and, over a video conference call, trick a finance worker from that firm into paying out over $25 million. CNN reports that even though the worker was initially suspicious of the request, his doubts dissolved when he took part in a video call about the transaction and the people in attendance during the call looked and sounded just like colleagues he recognised.²

Such incidents will surely become more common as generative AI grows in sophistication and threat actors find new ways to deploy it. Indeed, Deloitte’s Center for Financial Services predicts generative AI-driven fraud losses to grow significantly in the years ahead, climbing from $12.3 billion in the United States in 2023 to $40 billion in 2027.³

The importance of detection and prevention

In an environment where potential losses are so high, layered protections are critical - and far more effective at protecting financial institutions than any individual protection on its own. Systems that alert businesses to potential fraudulent activity, regular employee training in fraud detection and prevention (particularly for those in roles with access to accounts), and frequent audits and other checks all play a part in strengthening a firm’s safety net. Insurance is the final layer of support for an institution when other protections fail.

“Crime insurance and directors’ and officers’ liability insurance are there to defend financial institutions that experience financial fraud and protect their balance in the aftermath. Cyber insurance can also help them get back on track following an event, but it’s best for financial institutions to focus on making it more difficult for threat actors to commit the crime in the first place,” Muir said. “In the current economic climate, where margins are thin and businesses are trying to navigate difficult times, falling victim to a crime can mean the difference between a business continuing and failing. Prevention needs to be a top priority.”