March 5–11 is National Consumer Protection Week. Learn about how your organization can play its part in fighting fraud and cybercrime through effective governance, risk, and compliance (GRC) management.
Cybersecurity continues to be a top concern in the financial services industry, as organizations address issues such as consumer protection and fraud prevention, data privacy, and cybercrime.
In the FBI’s most recent Internet Crime Report, cybercrime accounted for nearly $7 billion in losses to individual victims — a 400% increase compared to five years prior. In addition to targeting consumers, cybercrime is the biggest fraud threat facing most businesses, the World Economic Forum reports, with nearly half of organizations worldwide having experienced some form of fraud or other economic crime in the past 24 months.
A cyberattack can be detrimental to any organization, whether through financial losses, data breaches, regulatory fines, or erosion of consumer trust. There is no one clear-cut way to minimize all cyber threats; there are, however, some practices and processes that institutions can implement to bolster their cybersecurity posture:
Cybersecurity is not only a concern for the IT department but also for the organization as a whole. Providing proper training, communicating and enforcing information security policies, and encouraging good cybersecurity hygiene across all departments are key to ensuring that employees have the tools and knowledge to identify and mitigate cyber risks.
Related Reading | 4 Ways to Boost Your Cybersecurity Awareness →
A siloed approach to the interconnected risks of cyber breaches, financial crimes, and fraud is becoming “increasingly untenable,” McKinsey & Company researchers note, while “the growing cost of financial crime and fraud risk has also overshot expectations.”
Research shows that indirect and compliance-related costs in these risk areas can be significant for financial institutions.
“As banks focus tightly on reducing liabilities and efficiency costs, losses in areas such as customer experience, revenue, reputation, and even regulatory compliance are being missed.”
The solution to silos and insufficient oversight of risks and costs is integration. An integrated approach to risk management is now imperative for the banking industry, McKinsey points out, characterized by shared systems and processes across domains, enhanced data and analytics, and enterprise-wide transparency on threats.
“In taking a more holistic view of the underlying processes, banks can streamline business and technology architecture to support a better customer experience, improved risk decision making, and greater cost efficiencies.”
Regulatory agencies, including the Consumer Financial Protection Bureau (CFPB), are cracking down on consumer protection enforcement. In fiscal year 2022, CFPB enforcement actions resulted in financial institutions and other entities and individuals paying out an estimated $300 million in relief to harmed consumers.
Recently released data from the Federal Trade Commission (FTC) shows that fraud losses reported by consumers are up more than 30% over the previous year, encompassing reports from 2.4 million consumers and nearly $8.8 million in losses.
As consumers and the institutions that serve them experience fraud risk, business leaders are taking note of heightened threat levels and increased regulatory scrutiny of fraud management controls, according to a survey of financial institutions.
“Fighting fraud must be a top priority for CEOs across all industries. The new scale and sophistication of attacks can cripple even the largest organizations and threaten customers’ trust. Smaller start-ups and fintech companies may stay beneath the radar for a while, but they will become credible targets as they scale. To combat the threat, organizations need to achieve a seismic shift: from reactive and siloed fraud mitigation to a proactive, customer-centric, integrated, and continuously evolving approach.”
— McKinsey & Company, “A new approach to fighting fraud while enhancing customer experience”
Best practices for fraud risk management include ongoing risk and threat assessment, a flexible control strategy, and proactive consumer education for a strong “fraud ‘immune system’” supported by capabilities including:
Cyber risks and threats are always evolving. Organizations must guard against complacency in their cybersecurity procedures, prioritizing awareness and proactively addressing and adapting to the changing risk and compliance environment.