Fraud Risk Reduction Program Development (FRRPD)
The latest ACFE Report to the Nation estimates the total losses annual loss to fraud exceeds $7B. With a median loss per case of $130,000.00 and a median duration of a scheme of 16 months, these trends represent not only a significant financial and operational risk but are likely the most damaging to an organization’s reputation. It is easy to assume given the size of the problem that large organizations suffer the most damage and manage to move past a single incident, but in reality, it is the mid-market businesses that are most vulnerable. These organizations lost almost twice as much per fraud scheme. To add insult to injury, in these same organizations, the fraud perpetrators who were with the company longer than five years stole nearly twice as much. If there was collusion between fraudsters the loss is almost five times larger ($339K versus $74K). While different size organizations may face slightly different fraud risk, fear of bad publicity, and only a handful of victims recovering anything would indicate the fraud is very likely underreported in both occurrence and impact across every industry sector.
With the emphasis on digital transformation initiatives, there is a window of opportunity for organizations to more effectively address this set of operational, financial, and reputational risks. Riding the big wave of cost savings, increased efficiencies, and improved client experience, migrating legacy business processes to new platforms is accelerating. New capabilities realized via automation, increased platform availability, and a dissolving corporate-controlled perimeter that now extends to BYOD (Bring your own devices) smartphones and IoT (Internet of Things) devices has also created an increased attack surface. Similar to the shift in fraud trends that occurred with the introduction of EMV (Chip & PIN) technology in credit payment channels, it is logical to expect that more fraud will shift to online business processes. Addressing the risk of fraud during these transformation initiatives is imperative as more processes extended beyond an organization’s internal control environment to external partnerships that could involve many layers of suppliers and outsourced service providers.
The Fraud Triangle
A converged operations center that addresses the impact of fraud in parallel with other business processes, IT transformation, and cyber risk will likely be the most effective use of limited resources. Organizational siloes must be eliminated to create an integrated capability that spans across identity & access management, credit & underwriting, and customer experience. The employees and partners in these integrated teams will need updated cross-functional skill sets. Newly created business processes will rely on integrated orchestration & automation platforms, supported by data-driven analytics and artificial intelligence solutions. These new business risks analysts will need to be agile and responsive to keep up with the pace of events created by new threats and automation. Most organizations should expect to encounter targeted malware, ransomware, bots designed for credential stuffing. Brand equity and reputational integrity will be put at risk by bad actors using spoofed social media accounts, misleading images included in deep fake videos as well as ad fraud. Addressing threats such as client accounts takeovers, impersonating trusted partners, exploiting weaknesses in applications/network resources to gain unauthorized access to data/computing resources/financial vehicles, or manipulating authentication mechanisms to disrupt mission-critical business processes must now be addressed proactively by the Board of Directors and C-suite level. Risk Neutral has certified fraud examiners on staff to provide guidance and thought leadership on how to address these emerging risks most effectively.
Converged Digital Risk Management
