KNOWING THE RISKS

Compliance, fraud, and sanctions continue to be top of mind for payments professionals. When it comes to mitigating fraud risk, cyber attack is top of the list. Just over three quarters (78%) of financial decision makers are concerned about this. In fact, external risks are firmly on the agenda with two thirds (68%) of financial decision makers also concerned about authorised push payment (APP) fraud, where fraudsters deceive a staff member to send a payment under false pretenses to a bank account controlled by the fraudster. This comes as no surprise as the industry has long been aware of fraudsters looking to exploit any weakness in financial processes, systems, or people.

Insider fraud is also on the radar, with three out of five (61%) financial decision makers concerned about this. Yet some financial decision makers only rely on staff vetting processes at the initial recruitment stage to mitigate insider fraud. This could be a false comfort as one-off vetting is unlikely to be sufficient and companies require on-going security checks to protect the business from costly error and reputational risk.

The best in class organisations will implement processes such as real-time transaction monitoring, user behaviour monitoring and screen replay technology, to provide surety and compliance for audit purposes.

‘‘Generally, fraud comes from casual workers in our restaurants. It is never blatant fraud – it tends to be well thought out.’’ – Head of Finance, Large business

THE IMPACT OF FRAUD

Just under half (45%) of financial decision makers say their businesses have been impacted by fraud in the last 12 months. Last year we asked a similar question and only 15% of financial decision makers were sure their business had been hit by fraud. This suggests a good news, bad news situation for businesses.

While this shows financial decision makers are highly aware when fraud hits their organisation, it also confirms that the impact of fraud is on the rise. The data shows half of large and enterprise organisations (50% and 52% consecutively) are aware of incidences of fraud. Whether this is through better fraud detection measures, or due to being a bigger target for fraudsters is difficult to say.

Even with high levels of awareness, how much fraud still goes undetected in a complex business environment? One in six (16%) financial decision makers couldn’t say one way or another whether their businesses had been hit by fraud. The financial loss from fraud is significant, and in the majority of cases the money is lost forever. Nearly one in two (47%) financial decision makers say their business has recovered up to only 20% of their losses.

The average financial loss through fraud sits at £240,092 and falls between the £50,000 and £250,000 bracket in 2019, versus £10,000-£49,999 in 2018. For small businesses in 2019 a typical loss is between £10,000 and £50,000. For any small business this can be crippling. But they are not alone, enterprise businesses have suffered at a phenomenal level. Financial decision makers in these businesses tell us the one in three frauds (34%) are now over £250,000, and nearly one in five (17%) are over £1 million.

The game has changed. While businesses are more aware of fraud, the hits are bigger, and the likely recovery is lower. It is critical that businesses take note of this change in the day to day risk and ensure they apply robust measures across people, processes and technology to secure their business payments.

PAYMENT PROTECTION MEASURES

Bank account validation and verification are becoming the go-to tools in the fight against payment fraud, which will be enhanced further in 2019 with the new Confirmation of Payee Overlay Service being introduced by the industry. Well over half (57%) of financial decision makers use validation and verification defences in their business.

Against this backdrop of rising fraud risk, organisations should consider coupling transaction monitoring with employee monitoring to deal with the new threats in 2019.

While these approaches may be seen as emerging technologies in the eyes of many organisations, it could be a wise move for businesses to look at what they are not doing to find ways of making a better return and impact.

WHOSE RESPONSIBILITY IS SANCTIONS CHECKING?

Sanctions checking is a control used in the detection, prevention and disruption of financial crime. It is good practice to check existing payees are not on any sanction lists as it is a criminal offence not to comply with financial sanctions. Historically, sanctions checking has been the responsibility of the banks, but there is an increased pressure by the banks and payment regulators to place the onus on the corporates.

Considering this, we questioned the industry about this obligation and the results throw up some interesting responses around where the responsibility really lies. With such high stakes for non-compliance, this is becoming one of the biggest industry issues that will need to be resolved. A little under three quarters (70%) of financial decision makers want to abdicate responsibility for sanctions checking to banks. However, is this a sustainable model in the new world of real-time activity and third-party providers (TPPs) gaining access to vaults of bank data? Arguably, in this new era it is now unacceptable for organisations not to know who they are paying and take responsibility for it. And it is these organisations who recognise this that are proactively taking the responsibility in sanctions checking payments, rather than leaving it to the banks.

An upfront check that a payee is legitimate is highly recommended, and four out of five (81%) financial decision makers are doing this. Additionally, 84% want to know if their payments are going to a sanctioned entity. As banks can’t disclose this (it’s classed as tipping off), the solution is for corporates to implement simple sanctions checking at the point of payment.

When used proactively, sanctions checking avoids costly mistakes and enhances reputation management.

For more thoughts about the future of UK business payments, including further insight into priorities over the next 12 months, view the full “2019 UK Business Payments Barometer” or listen to the podcast episode here.

For further insights into the payments industry and beyond, subscribe now to have the latest articles delivered to your inbox to keep you up-to-date on the latest tips, trends, and topics.

Posted by James Richardson

James Richardson has 15+ years’ experience in payments, working with FIs and Corporates to secure critical payments and reduce fraud risk. James is Head of Market Development, Risk & Fraud, for Bottomline Technologies.