50% of banks carry out a risk assessment every year; Increase in bank fraud.
Despite an alarming increase in the number of post-Covid bank frauds in India, only 50% of Indian banks conduct fraud risk assessments and update the fraud risk register once a year, according to a recent report, India Banking Fraud Survey Edition IV, by Deloitte, published in January 2022. The survey included responses from banks and financial institutions such as private, public, foreign, cooperative and regional rural banks in India.
While only 50% of banks only carry out a risk assessment once a year, 45% do it once every two or three years. In a few cases, 5%, the risk assessment has not been done once in five years.
Main bank frauds
Data theft and cyber crime are the two main factors behind the increase in bank fraud in India, according to the study. More than 20% of bank fraud involved loans. Among the biggest concerns are identity theft and mobile/net banking fraud.
“Banks were facing a three-pronged ‘attack’ in the fight against financial crime: growth in digital transactions, ever-changing regulatory guidelines and new trends in fraud. Although banks have not yet fully understood the implications and impact of the current environment on fraud-related issues, a portion of banks appear to accept that the pandemic may eventually lead to an increase in fraud,” concludes the report.
Inability to deal with growing fraud
While on the one hand, technology has made banking easier for customers and banks, on the other hand, it also poses a threat to banking and finance, the report says. Lockdowns and social distancing norms have restricted the mobility of bank staff and customers, increasing the use of digital channels and other forms of remote banking. Additionally, with a significant number of bank employees working from home, banks needed to provide their staff with remote access to their organization’s network and information. This has forced banks to adopt significant organizational and operational changes in a short period of time to avoid service disruptions. While remote access was granted to employees, banks failed to develop the mechanism to counter the resulting vulnerability, the report said. Various undiagnosed vulnerabilities further complicate the configuration of banks.
Most vulnerabilities go unreported unless routine account audit/reconciliation or process reviews are performed. With 50% of banks conducting reviews once a year, the security of the banking system could be a growing concern.
Although the majority of fraud can be detected through internal audits, conducting such an audit presents several challenges. Technological limitations and lack of required skills are major challenges. More than 50% of banks lack the technical teams and infrastructure to conduct internal forensic audits, the report says.
Although technology is a threat, the study also suggests that it is also the means to combat bank fraud. Banks can implement artificial intelligence (AI) and machine learning (ML) technologies to improve their financial risk management systems.
“Banks should take the time to measure the effectiveness, adequacy and efficiency of existing controls against an up-to-date risk assessment. A key challenge for banks managing their regulatory obligations is finding the balance between risk management and efficiency/effectiveness through innovation using AI and ML,” the report suggests.