Fraud & Scams

Acting quickly and decisively to prevent, detect, and respond to fraud and misconduct concerns is essential to minimize disruption and loss. Anticipate increased regulatory attention to fraud identification, oversight, investigations, and mitigation.

For example, regulators will evaluate companies’ activities related to:

Identification/Tips

Identification and escalation of potential cases of fraud, through active monitoring of:

• Fraud reports received from employee and vendor hotlines.
• Alerts generated by surveillance systems and models/thresholds.
• Investigations reports related to non-compliance with guidance and regulations (e.g., market manipulation, red flag indicators, securities registration, telemarketing sales).

Complaints Management

Ongoing and thorough reviews of customer complaints management with a focus on issues identification including trends/fact patterns, escalation, investigation, and resolution. Within the fraud and investigations management processes, regulators will evaluate the timeliness, substance, and completeness of responses/remediation to customer complaints, claims, and disputes as a measure of “fair treatment”. They will also consider the clarity of consumer communications, including what is reimbursable as well as the consistency of responses and/or remediation between consumer groups. Key areas will include:

• Data sharing (e.g., use in large data models, sharing with third parties and affiliates, customer permissioned sharing (and new open banking rules)).
• Authorization/authentication procedures/protections.
• Account holds and freezes.
• Identity fraud (e.g., imposter scams, synthetic identity fraud).

Enhanced Oversight

The effectiveness of risk and compliance oversight of fraud and coordination across the AML/CFT, cybersecurity, and fraud functions. Regulatory attention will also focus on demonstratable, effective Board oversight and the implementation of threat detection/ monitoring processes that include:

• Maturity of endpoint detection and monitoring solutions.
• Coverage of threat intelligence (both on premises and cloud environments).

• Add analytics and automation to client and third-party onboarding.
• Aggregate data and reporting to have a single view of the customers o more effectively manage complex fraud activities and strike a balance between fraud controls and customer experience.
• Eliminate antiquated technology and evaluate/implement emerging regtech capabilities to enhance transaction monitoring.
• Enhance fraud models to align to consumer protection regulations, monitor for suspicious activities, and provide real-time notifications and alerts.
• Evaluate and enhance, as needed, processes for sharing information real-time across departments (e.g., fraud, cyber, disputes).
• Establish a mature conduct risk program.
• Strengthen controls in regulatory focal areas (e.g., FinCEN priorities).
• Implement strong IAM strategies, including PAM and MFA, to secure access to critical customer systems and data. Regularly review access privileges.
• Integrate BSA/AML requirements into KYC processes.
• Conduct dynamic skills assessments of staffing needs for day-to-day operations of fraud monitoring/identification, investigations, and escalations. Enhance processes and sharing of information real-time across departments (e.g., fraud, cyber, disputes).
• Develop and promote customer education and awareness campaigns.