FRAUD, A PROFIT KILLER?

Transcription

1 FRAUD, A PROFIT KILLER? HOW DIGITALIZATION OF FRAUD RISK MANAGEMENT CAPABILITIES CAN INCREASE BANK PROFITABILITY AND CUSTOMER FOCUS AUTHORS Dominik Käfer, Partner Dr. Lue Wu, Principal Jonas Heckmann, Engagement Manager

2 CONTENTS Introduction The Economic Case For Good Fraud Risk Management Overcoming The Fraud Risk Management Dilemma Starting The Digital Transformation... 7 Conclusion... 8 Contacts... 9 Copyright 2018 Oliver Wyman 2

3 INTRODUCTION Improved management of fraud risk can help catch criminals and reduce losses, while improving efficiency and cutting costs. It can also help to increase revenue by making the customer experience smoother. In both these respects, this paper sets out the important role that digitalization can play in refining fraud risk management, and exactly how this can be achieved. 1. THE ECONOMIC CASE FOR GOOD FRAUD RISK MANAGEMENT Fraud risk can be costly for banks. Net fraud losses often reduce a bank s operating income by up to 80 basis points (bps). 1 Fraud risk can also have a negative impact on the client experience, thus limiting business growth. The management of fraud risk is therefore not the same as for financial crime compliance risks. In the latter instance, risk management is normally motivated by regulatory requirements, with the principal aim of avoiding fines. On the other hand, there is a broader business case for good fraud risk management. Investment in higher standards of fraud risk management can boost profitability in two ways: firstly, through improved bottom-line performance resulting from both a reduction in fraud-related losses (a reduction equivalent to bps of operating income is realistic), and also from lower operational costs (for example by cutting back on staff currently involved in fraud operations); and secondly, through revenue growth generated by a more client-centric approach. In both cases, the digitalization of banks fraud risk management capabilities is crucial. 1 Source: Oliver Wyman s proprietary fraud loss benchmarking database Copyright 2018 Oliver Wyman 3

4 2. OVERCOMING THE FRAUD RISK MANAGEMENT DILEMMA The only way for us to not incur fraud losses is to stop doing business this quote by a leading bank s fraud risk executive summarized the dilemma all banks are facing. Analogous to credit risk, a bank cannot do business without being exposed to fraud risks and losses. The decision that banks must make is the trade-off between business growth and the level of security. This dilemma cannot be completely resolved. But what banks can do is to enhance their fraud risk management capabilities in a way that makes higher growth possible without undermining security. Schematic example: The 2 nd Line of Defense (LoD) sets a fraud risk appetite that requires a minimum level of fraud protection The business makes trade-off decisions between revenue growth and security level within the overall scope of this risk appetite. The resulting compromise will correspond to one point on the trade-off frontier Through improved fraud risk management capabilities, the trade-off frontier can be pushed outwards to allow for higher growth without compromising on security. Successful banks have adopted a disruptive approach, and transformed their fraud risk management framework through improved digital capabilities. Digitalization helps to increase efficiency and reduce costs. By making use of big data and machine learning for their monitoring capabilities, and drawing on robotics for generating and managing alerts, banks can certainly minimize fraud-related losses and costs. Moreover, digitalization also promotes a seamless client experience, bolstering potential for growth. Copyright 2018 Oliver Wyman 4

5 A. Rethinking the fraud risk management processes in a digital world Fraudsters and fraud syndicates are becoming increasingly sophisticated. At the same time, the proliferation of online and mobile platforms has generated new ways to defraud a bank and its customers. A constant arms race is being fought between fraudsters and banks. To combat the increasing sophistication of fraudsters, banks need to establish fast and flexible control mechanisms within their risk management processes, with a high degree of system integration and automation. The time taken by banks to respond to alerts has often been unsatisfactory. This slow response has stemmed from the complexity of systems, the multitude of manual work processes, and the low prioritization of alerts in the traditional fraud risk management processes. To make the fraud risk management processes more efficient, robots can complete simple manual work tasks more quickly and reliably, and less expensively, allowing fraud operations teams to concentrate on highpriority and more complex cases. B. Using behavioral analysis to identify and mitigate fraud risks Impersonating customers or employees has become increasingly easy for fraudsters, with personal data obtained through data breaches, mining or simply from social media. However, it remains difficult for fraudsters to mimic an individual s entire banking behavior, which would include a combination of usual transaction times, the transaction channel used, the person s location, the device used and / or routine shopping habits. Behavioral analysis is therefore an important element of advanced analytical models and machine learning to detect fraud and to identify and prosecute criminals. Such analysis refines fraud transaction monitoring systems through identifying genuine high-risk transactions and reducing the rate of false positives. For example, one machine learning fraud-detection system claims a measured accuracy of 95 percent, with only a 0.6 percent rate for false positives. 2 Another company reported a 70 percent reduction in the number of genuine credit card transactions declined learning-fraud-detection-systems-could-save-card-issuersand-banks-12bn-annually/ Copyright 2018 Oliver Wyman 5

6 Schematic example: Traditional transaction monitoring systems have relied heavily on sets of pre-defined rules to identify fraudulent transactions The risk score derived from these rules does not sufficiently discriminate high risk from low risk transaction leading to fraudulent transactions not being identified Using behavioral analysis, transaction monitoring systems can become more dynamic and achieve better performance in identifying true fraud incidents C. Creating frictionless client experience and empowering the client The digitalization of fraud risk management capabilities may not only reduce costs and losses; it can also help banks to achieve growth through a more client-centric approach. More efficiency in processes and advanced analytics contribute to a frictionless client experience and client satisfaction. Specifically, applying behavioral analysis eliminates the need for controls that create high client friction a poor customer experience - and instead allows the account holder s behavior to be monitored automatically. This generates a major opportunity for banks to make their processes more efficient and increase their focus on the client. We have recently helped a leading bank in the Europe, Middle East and Africa (EMEA) region to redesign their fraud management framework, streamlining their client processes by approximately 80%. Copyright 2018 Oliver Wyman 6

7 Digital developments make direct customer engagement possible by empowering the client to add or disable certain security features, actively shaping their own customer journey. Examples might include: Disabling certain types of transaction for example, a credit card could be blocked for e- commerce transactions Push notifications could be enabled or disabled for all transactions or certain types of transaction Accounts or cards could be blocked and unblocked via the existing mobile banking app. For example, a card could be blocked for the duration of a holiday period These features can educate the client about fraud risks and reduce the likelihood of the client becoming a victim to fraud. They can also introduce additional security for banking products, without creating a perception of overly complicated processes. It is the client who sets the security thresholds. Leading banks have recognized the commercial potential of digitalization and increased their focus on the customer experience. They have actively promoted these capabilities as competitive advantages. Some are also providing these services to smaller and less sophisticated players in the market. 3. STARTING THE DIGITAL TRANSFORMATION The digitalization of fraud risk management capabilities within banks requires a combined effort across both the first and second lines of defense (fraud management in the digital age can no longer simply concentrate on the second line of defense). Various functions - business, operations, technology/data and risk need to participate in active management and decision making. Banks can choose from a range of initiatives at the outset of this journey. They often start by conducting a benchmarking exercise to analyze both the extent of their fraud loss, and their fraud management operating model and capabilities. Such a study clarifies their current position in relation to peers, and identifies potential for improvement. The results also give business leaders the platform to decide on the most appropriate approach for the bank. This could range from improving customer experience by streamlining existing client processes, to a targeted upgrade of digital fraud prevention capabilities and creating a business case for offering these services to peers, right through to setting up a comprehensive transformation program to restructure the bank s business processes around a client-centric approach. Copyright 2018 Oliver Wyman 7

8 CASE STUDIES: THE DIGITALIZATION OF FRAUD RISK MANAGMENT Case study 1: Advanced analytics for fraud detection in credit modelling We helped a global universal bank to improve the first-payment-default model by using unconventional data and machine learning tools such as neural network and random forest. Applying advanced data analytics significantly increased the discrimination power of the model as measured by the Gini coefficient. Through using the new model, the client reduced the first payment default rate by 25%, while maintaining approvals at the same level. Case study 2: Next generation fraud risk management target operating model (TOM) We reviewed and redesigned the fraud risk management TOM for a leading universal bank in EMEA. The focus of the new TOM design was on a customer-centric approach. We created new ways of working by centralizing fraud operations and establishing risk managers in the first line of defense. We also upgraded the fraud monitoring systems, and streamlined customer processes by reducing the number of touch points and turnaround time. As a result of these changes, we significantly increased customer satisfaction as measured by the Net Promoter Score, and reduced the number of customer complaints. Case study 3: Global fraud risk management benchmarking We carried out a comprehensive benchmarking study of fraud risk management for a global universal bank. As the reference base, we put together a list of peer banks across the world, collecting relevant data and conducting interviews with key stakeholders at all participants. The benchmarking covered both quantitative and qualitative aspects, including governance and organization, framework and methodology, IT infrastructure and technology, and the loss and recovery record. A comprehensive remediation program, based on the benchmarking results was set up. CONCLUSION Banks can greatly improve their fraud risk management capabilities through digitalization. With a considered approach and the commitment of leaders throughout various functions, such digitalization can bring criminals to justice, cut losses, reduce costs and refine the customer experience, with a substantial positive impact on the bank s profitability and the society as a whole. Copyright 2018 Oliver Wyman 8

9 CONTACTS Dominik Käfer, Partner Frankfurt, Germany Graeme Jeffery, Partner London, United Kingdom Tom Ivell, Partner Zurich, Switzerland James Bryan, Partner Madrid, Spain Copyright 2018 Oliver Wyman 9

10 ABOUT OLIVER WYMAN Oliver Wyman is a global leader in management consulting. With offices in 50+ cities across nearly 30 countries, Oliver Wyman combines deep industry knowledge with specialized expertise in strategy, operations, risk management, and organization transformation. The firm has more than 4,700 professionals around the world who help clients optimize their business, improve their operations and risk profile, and accelerate their organizational performance to seize the most attractive opportunities. Oliver Wyman is a wholly owned subsidiary of Marsh & McLennan Companies [NYSE: MMC]. For more information, visit Follow Oliver Wyman on Copyright 2018 Oliver Wyman All rights reserved. This report may not be reproduced or redistributed, in whole or in part, without the written permission of Oliver Wyman and Oliver Wyman accepts no liability whatsoever for the actions of third parties in this respect. The information and opinions in this report were prepared by Oliver Wyman. This report is not investment advice and should not be relied on for such advice or as a substitute for consultation with professional accountants, tax, legal or financial advisors. Oliver Wyman has made every effort to use reliable, up-to-date and comprehensive information and analysis, but all information is provided without warranty of any kind, express or implied. Oliver Wyman disclaims any responsibility to update the information or conclusions in this report. Oliver Wyman accepts no liability for any loss arising from any action taken or refrained from as a result of information contained in this report or any reports or sources of information referred to herein, or for any consequential, special or similar damages even if advised of the possibility of such damages. The report is not an offer to buy or sell securities or a solicitation of an offer to buy or sell securities. This report may not be sold without the written consent of Oliver Wyman.