Holding the Fort – Managing Financial and Cyber Crime in the Digital Age

The fast pace of Technology growth and associated intelligence has enabled the Financial sector to develop into a multi-faceted industry. These advancements, however, have come at a price with the sophistication of financial and cyber criminals. At the start of the Covid-19 pandemic (February 2020 to April 2020) cyber-attacks targeting the Financial Sector grew by 238%¹, and financial fraud losses totalled £783.8 million in the UK in 2020².

The gift of technology is widespread, and whilst our financial institutions strive to rapidly adopt it, so do external threat actors³ with a reported $600 billion lost to cybercrime each year across the global economy⁴.  These metrics alone should be a driver for banks to review and develop their Financial Crime and Cybersecurity Risk and Control functions.

Financial and cyber criminals are leveraging technology to develop their routes of attack. For example, methods such as email phishing are used to install malware to obtain financial account details. These details are then used as a starting point for the manipulation of multiple online bank transfers to alternative fraudulent accounts. This is just one example, and consequently these developing technological methodologies are now driving an increased risk to financial institutions.

In light of this, banks must make sure that they are continuously reviewing criminal methodologies to understand common pathways and identify control enhancements to ensure they continue to protect, detect and respond.

Highlighted in the example above, due to technological advances, a key theme being observed across banks’ Financial Crime and Cybersecurity Control functions are that the once distinct criminal approaches that each area serves to defend against are now starting to merge in several scenarios.

Ultimately, a merge in criminal methodologies means a change to the risk landscape that banks need to react appropriately to. Without a prompt response, in alignment with the bank’s size and maturity, this leaves its core digital services vulnerable to Financial and Cyber criminals. Financial institutions can combat the developing risks through implementation of advanced technology themselves. However, with slower adoption timelines for technology in Financial Institutions (6-12 months on average⁵) versus Financial or Cyber Criminals, banks need additional approaches to manage the evolving risk environment.

Aside from technology, there are 3 key areas of change that banks should consider when adapting to a change in risk landscape:

1. Governance and Policy
2. Operations
3. People and Process

In the case of the merge in criminal methodologies illustrated above we can apply these 3 key areas of change across 2 different integration scenarios, each with an aim to break down the silos between the Financial Crime and Cybersecurity Control functions.

In summary, in order to better protect their infrastructure, employees, and most importantly their customers, banks must continually observe their risk landscape. And whilst the scale and size of banks means they might lose the race in technology adoption, using a collaborative and adaptable approach in risk and controls management, across the 3 key areas of change, will put them in good stead to hold fort.

1 ‘Modern Bank Heists’ Threat Report from VMware Carbon Black Finds Dramatic Increase in Cyberattacks Against Financial Institutions Amid COVID‑19 ‑ VMware News and Stories

2 Fraud The Facts 2021- FINAL.pdf (ukfinance.org.uk)

3 Insights from the 2020 Cyber Coordination Groups | FCA

4 Economic Impact of Cybercrime | Center for Strategic and International Studies (csis.org)

5 Implementing Technology Change | FCA