Last year, a wave of digital transformation took over the world, and along with it, so did growing concerns about fraud and financial crime.
In Southeast Asia, one in every three people experienced online fraud amidst this digital transformation last year. Meanwhile, online fraud emerged as a top critical enterprise risk for Southeast Asia-based businesses. This was on top of the US$260 million that they already lost in 2019 to digital fraud.
In this growing threat landscape, financial institutions (FIs) have several new, complex considerations to take into account for their fraud management systems. This was highlighted by Dev Dhiman, Managing Director Asia Pacific, GBG Plc, and Nitin Parmar, Partner, Financial Crime Unit, PwC South East Asia Consulting, at the IDC Conference: Financial Insights 2021 Thailand and Indonesia.
Dhiman and Parmar discussed the emerging threat landscape and concerns around fraud management systems, speaking at the Indonesia and Thailand editions of the conference.
They were also joined by Polawat Witoolkollachit, Chief Information Officer of Krung Thai Bank (KTB), in the Thailand edition of the conference.
Fraud management concerns in Southeast Asia’s two biggest economies
Witoolkollachit said during the panel that KTB saw digital transformation grow 2-3x in the past year. This growth was attributed to both a government drive to push a Digital Thailand policy, as well as KTB’s internal digital agenda.
Dhiman added that this push towards digitisation led to the emergence of sophisticated fraud typologies. This connected to what Dhiman referred to as the global issue of Financial Crime 4.0, a term coined by GBG which refers to “an increasing sophistication and new typology of fraud.”
Meanwhile, Parmar noted that although Thailand has advanced banking, technological and operational capabilities, most of the fraud systems at Thai banks were only able to capture known typologies. To address unknown risks, they need to upgrade their systems and talent, Parmar said.
Elsewhere, in Indonesia, Dhiman noted that an unprecedented growth in the financial products market was presenting FIs in Indonesia with new challenges, spanning fraud, identity, credit, and working capital management.
Hyper digitisation, growth and pace also led to an increased risk of bad actors entering the ecosystem, Dhiman said.
Parmar added that existing systems to detect fraud and money laundering in Indonesia have not been kept up to date, and have led to a large number of false positions and operational burden on FIs.
To buy, build or rent?
The base to setting up effective fraud management systems is to understand whether FIs need to build themselves, buy the system, or rent a managed service. This decision is highly contextual to the FI, and comes with multiple considerations depending on the model they choose.
An added layer to this decision is that the pandemic is likely to extend well into 2022, with new variants emerging. This calls for FIs to think about extending, replacing or transforming their fraud management systems, Dhiman noted.
Dhiman said during the panel that more and more FIs in the region were choosing to use a hybrid mode, building some elements on their own, and sourcing the rest from third parties.
For instance, KTB buys the initial technology and expertise for its fraud management system, and then builds around it depending on their needs, Witoolkollachit said. The bank also sustains the system on its own. The decision involves balancing both basic and complex security needs and detection requirements, as well as budget constraints, Witoolkollachit added.
Managing fraud risk holistically
All options come with their unique considerations. For instance, FIs that build not only have to maintain, but also innovate their systems to match the increasing sophistication of fraud typologies, Dhiman said. Further, they also need to account for the level of expertise available, which Parmar noted was in short supply.
So for FIs that may not be able to afford this effort, including sourcing talent and technology, buying or renting would be a viable bet. These managed services can allow these FIs to access a layer of expertise without having to undertake heavy capex projects.
It also helps FIs to stay up to date, retire models that were no longer working, and put newer-age systems in place, Parmar said.
“For the majority of Southeast Asia, unless you’ve got deep pockets, and massive IT departments to stay on top of things all the time, the larger question is buy or rent, not build,”
At the same time, regardless of building in-house or leveraging a managed service, FIs needed to retain control over incidents and response tools, Witoolkollachit said, as they were still accountable for when things go wrong.
“You may not want to take a chance to outsource that risk,”
Dhiman pointed out.
From a technology standpoint, technologies such as AI/ML play a big part in financial crime, and can help tackle newer threats (including unknown ones), Parmar said. Further, FIs need to tap into a powerful investigative suite that can link multiple events and actors, understand the time and sequence of events, and gather all evidence for legal and regulatory needs.
Apart from talent and technology, there is also the wider issue of ecosystem collaboration. The key to addressing Financial Crime 4.0, Dhiman said, is for FIs to make full use of their internal data, and for partners to provide more comprehensive checks and solutions.
For this, internal data as well as wider third party data needs to be broken out of its silos, and collated and shared, Dhiman said. Further, Parmar added that this kind of collaboration needs to be considered by regulators and law enforcement authorities too.
Ultimately, it all comes down to taking quick and effective action, as Parmar noted.
“The minute you design a channel, whether it’s a mobile, internet banking, or a branch, somebody else is studying your design. They’re looking for the loopholes in there. You can’t put fraud, money laundering and financial crime on the back burner,”