Fighting Cyber-Enabled Fraud with BSA, Fraud & IT Collaboration – Video
Combating Cyber-Enabled Fraud Requires Communication
Increases in cybercrime or cyber-enabled fraud deserve attention from financial institutions, as Abrigo expert Terri Luttrell explains in this video.
You might also like this whitepaper, "The 2021 BSA/AML and Fraud Staff Survey: Top Issues for FinCrime Fighters"
Bank Secrecy Act (BSA) and fraud functions have historically been siloed within financial institutions' structures in the compliance world. Meanwhile, the IT security function has historically been entirely out of financial institutions' compliance areas. However, that has changed with the spike in cybercrime. Now it is imperative that all three areas within financial institutions look at fighting cyber-enabled fraud as a collaborating effort.
Watch the video above or continue reading to learn more.
BSA and fraud staff have very different roles, and each role requires unique investigative skillsets. Fraud is real-time hard dollar losses, requiring generally black and white analysis. BSA investigators use historical transaction data, looking at unusual patterns. The two departments typically don’t collaborate on suspicious or fraudulent activity. Financial Crime (FinCrime) experts are not IT experts. They don’t have that knowledge, training, or background. Similarly, IT security professionals generally do not have a compliance background.
Coming together and discussing what cyber-enabled fraud looks like so cross-functional risk teams are on the same page is more critical than ever. Each function can assist with developing an enterprise-wide risk assessment of cyber-enabled fraud. The collaboration between BSA, fraud, and IT security is crucial to understanding this serious criminal threat. Sure, the teams may not be under the same management, but the three groups are melding together more within financial institutions with cross-communication.
Behind the changes: COVID-19 cyber-related fraud
The COVID-19 pandemic increased cyber-related fraud exponentially. In 2020, the Federal Bureau of Investigations reported approximately 800,000 complaints of suspected internet crime to their complaint bureau. That's an increase of 20% over the previous year, pre-pandemic. That's significant. Reported losses exceeded $4.2 billion. This number includes all cybercrime or cyber fraud from the basic definition and any illicit act transacted using a computer. If it's performed on the internet, it's considered cybercrime or cyber fraud, no matter what kind of fraud it is.
In 2020 many more people began using the internet for the first time, particularly the elderly. People were isolated and were spending a lot of time on the internet, opening up more opportunities for fraudsters. Many were lonely and anxious. They were receiving those phishing e-mails, clicking when they shouldn't have. It easily could have been financial institution employees as well.
The FBI has also reported that cyberattacks rose significantly in 2020. It is clear how serious the cyberattacks have been, particularly by ransomware, as evidenced by the attacks on the U.S. food supply, energy resources, and other high-profile breaches. Financial institutions are a prime target in the United States, and the industry must be ready. Eleven million dollars is the average cost to any organization that has been involved in an attack resulting from cybercrime, and 48% of these are small businesses.
It is considered a cybercrime if it comes through a computer, the internet, or online banking. These crimes include cyber fraud, identity theft, Paycheck Protection Program (PPP) loan fraud, phishing, social engineering, and other known typologies used by illicit actors.
Collaboration, training, and inclusive investigations will better arm financial institutions to detect and report this rising risk threat.