Risk Management and Fraud in Banking: An Overview

Fraud is a consistent problem for financial institutions, threatening them and their consumers. In 2022, the Federal Trade Commission (FTC) reported that consumers lost an estimated $8.8 billion to fraud – a 30% rise from the previous year. The number of cases has only increased in 2023.

Financial institutions pay a steep price for fraud: $4 in cost for every $1 lost, according to the American Banking Journal.

Fraud management in banking refers to the controls your institution establishes to prevent crime. Your program's strength relies on evaluating the effectiveness of your controls and continuous employee education to spot fraudulent activity.

As illegal schemes become more sophisticated and complex, financial institutions must increase their investment in fraud risk management tools.

Combating crime in both digital and physical environments is challenging. But community banks and credit unions, especially, must implement robust policies and processes to avoid balance-sheet losses and secure the allegiance of consumers.

Table of Contents 

Types of fraud in the banking industry 

Regulatory guidance on fraud risk management in banking 

Fraud tools for banks and credit unions 

Bank fraud software solutions

Types of fraud in the banking industry

Check fraud has become increasingly widespread recently. Financial institutions issued 680,000 reports of check fraud last year, according to the Federal Reserve Bank of Boston.

Experts predict $24 billion in losses for financial institutions from check fraud in 2023 – double that of five years ago.

Regions Bank revealed huge Q2 and Q3 losses totaling $135 million due to check fraud from April to September 2023. In an article from the ABA, Regions disclosed several substantial losses from counterfeit checks.

After announcing a $82 million loss at the end of Q2, CEO John Turner tacked on another $53 million for Q3 in the bank’s earnings report.

Check fraud remains a prevalent crime because it doesn’t require extensive technological knowledge. Bad actors can steal checks from mailboxes, remove the ink with everyday household cleaners and pass them off as their own.

On the opposite end of the spectrum, FIs have also experienced an uptick in cybercrime. Thousands of financial institutions suffer a data breach every year. The cost to undo the damage from a cyberattack averages $5.9 million.

The expansion of online banking increases the risk of consumers falling victim to phishing and vishing schemes. Once criminals access a consumer’s credentials, they can easily divert funds from deposits and other accounts. Financial institutions lose hundreds of millions yearly through fraudulent electronic banking transactions – online bill pay, P2P and wire transfers, and other transactions through Automated Clearing House (ACH) systems.

P2P fraud cases are on the rise

FIs are in a tough position with P2P fraud from BaaS partners: either they eat significant monetary losses, or their consumers do. When consumers lose money because banks and credit unions underestimate third-party risk from fintech partners, they often decide to take their business elsewhere.

The reputational and monetary damage from P2P fraud is immense, and financial institutions need robust risk controls for every financial product they offer.

For example, Senator Elizabeth Warren issued a report in October 2022 uncovering fraud from four banks that partnered with the P2P payment platform Zelle. More than 190,000 Zelle users lost $255 million – up from $90 million in 2020.

Banks only reimbursed 3,500 consumers, with 47% of funds returned. As more financial institutions partner with fintechs to satisfy consumer demand, they must exercise caution – especially with peer-to-peer money transfer apps.

Regulatory guidance on fraud risk management in banking

Bank fraud results from inadequate processes and internal controls, simple human error, blatant employee misconduct, and other adverse incidents. Examiners and industry experts have identified five characteristics of financial institutions that manage fraud risk well, captured in the OCC’s Operational Risk: Fraud Risk Management Principles.

Every financial institution’s fraud risk profile is unique. The guidelines below offer general best practices for risk officers and banking leaders.

Governance  

Institutions require their board and leadership to create a culture of accountability among employees. Does your FI have ongoing employee training programs, strong identity theft controls, an employee code of conduct, and an overarching ethics policy?

Some financial institutions develop a system of rewarding employees who spot and prevent fraudulent activities.

Fraud Risk Assessment 

When was the last time your FI conducted a fraud risk assessment? When community banks and credit unions make fraud risk a part of their enterprise risk management (ERM) strategy, they reduce potential losses and protect consumers.

Agencies push financial institutions to treat risk holistically, with vendor management, cyber security, business continuity planning (BCP), and fraud risk all falling within an FI’s ERM framework.

Fraud risk assessments pinpoint vulnerabilities that bad actors exploit. Your assessment should include different scenarios, the probability of occurrence, and potential consequences.

Data from BSA/AML compliance assessments and Suspicious Activity Reports (SAR) often prove useful in identifying fraud and strengthening an institution’s internal controls.

Fraud Risk Controls

The OCC offers a comprehensive list of common fraud risk controls. For our purposes, we divide some these controls into prevention and detection.

Prevention

• Training employees in fraud risk management 
• Systems and controls designed to decrease the likelihood of fraudulent activities by employees, outside consultants, and third-party contractors 
• Separation of roles and dual control over accounting and consumer transactions

Detection 

• Monitoring and reports of possible fraud across your institution’s business lines 
• Data analytics and trend monitoring focused on practices such as fee waivers or charge-offs, along with the number of fraudulent activities measured against transaction volume 
• Strong complaint resolution policies and procedures

Fraud Risk Monitoring 

Financial institutions should review historical losses from fraud and benchmark performance by industry standards. When the board or banking leaders have up-to-date reports on fraudulent activity from current and past years, they can decide to implement more robust controls if necessary.

FIs should monitor:

• Fraud by type (check, account opening, loan, credit card, etc.) and amount (recoveries and net fraud losses) 
• SAR filings 
• ACH return rates 
• Unusual activity in consumer accounts and complaints

Investigating Fraudulent Activities 

After building a solid foundation for assessing, monitoring, and controlling fraud, financial institutions can introduce a process of investigation and remediation. FIs need to designate specific employees to oversee suspicious transactions. They must keep close tabs on consumer complaints and respond quickly to incidents.

Additionally, your FI is required by federal law to report suspicious activities – whether they were successful or averted. For further information about SARs filing requirements, financial institutions should consult the Financial Crimes Enforcement Network (FinCEN) laws from the U.S. Department of the Treasury.

Podcast: Financial Inclusion Isn’t Just Checking a Box

Fraud tools for banks and credit unions

When financial institutions implement the proper controls following the outcome of a thorough fraud risk assessment, it’s much easier to monitor consumer accounts for unusual activity.

Financial institutions should educate their employees on spotting and reporting fraudulent activities, while also spending resources educating their consumers.

Making sure your people understand all the scams criminals attempt to gain access to accounts – from social engineering to stealing checkbooks from mailboxes – is perhaps the most potent fraud tool for banks and credit unions.

As fraud cases grow, you are responsible for your institution’s bottom line and the community you serve.

Bank Fraud Software Solutions

Beyond the laws regulating SAR filings, fraud risk management is not a regulatory requirement. However, it helps financial institutions avoid significant monetary losses, keeps current consumers happy, appeals to prospective customers, and satisfies agency expectations for creating a risk management culture.

Tracking and monitoring fraudulent activities is impossible to do manually. As you can see from the list of responsibilities above, keeping up with consumer complaints, employee training schedules, unusual account activity, and fraudulent activity ratios quickly becomes a heavy lift for even the best teams.

Because risk exposure to fraud varies so widely by institution, you need a platform that offers the flexibility to develop your unique fraud risk assessment and manage controls based on your institution’s particular financial products, services, and consumer base.

Your bank fraud software system must empower you to create a customizable risk assessment model, establish the proper controls, and test their effectiveness. You want a proactive way of evaluating control deficiencies and ensuring that discovered issues receive attention.

There’s no beating around the bush – if your financial institution is serious about preventing fraud, it needs a complete risk management solution.

Prevent Fraud and Master Operational Risk