Banks must practice Know Your Customer (KYC) due diligence. But what if it’s just as important to Know Your Enemy, too?
As the old saying doesn’t go, keep your enemies close and your customers even closer. Having a complete overview of your clients and their banking habits – a must for both Know Your Customer (KYC) and basic good customer service practice - means you will inevitably have a greater understanding of your adversaries. This is crucial in the fight against cyber-enabled fraud and other financial crime.
Good housekeeping of customer access, payments and so on is always important, of course, but so too is minimising friction for your valued customers. After all, everybody wants good security but nobody wants to experience a disruption to their service.
Education plays a large part in this. “Banks have a duty to communicate about fraudster behaviour with their customers,” says Nick Ryder, Professor in Financial Crime at the University of the West of England. “Banks really need to make their consumers more aware of things like sophisticated email scams claiming to be from the UK ‘Inland Revenue’, for example. If people are new to the internet then they’re going to be susceptible.”
It’s about knowing your customers’ habits thoroughly. You know that your over-65 segment, for example, aren’t likely to be paying money to the relevant income tax authorities regularly.
Evolving your security and fraud controls
The problem is that as security systems develop, creative criminals will find new ways to disguise their dealings. Prof Ryder suggests banks look closely at seemingly legitimate operations – “things like people testing their online security. This is a growth area for criminals.” Of course, putting a stop to criminals seeking to test your security and fraud controls is not a viable solution, but continually evolving your security and fraud controls to address your enemies current and future tactics is essential. Equally, sharing intelligence within your organisation is critical; often your cyber team will know information that is incredibly valuable to your fraud team, or vice versa.
Another problem, explains Prof Ryder, is that “laws are always going to be reactionary, as are policies, so it’s like fighting a fire with a small garden hose.” Prevention and early-warning systems are key and this, he says, comes down to knowing customer behaviour extremely well, as well as cyber-crime trends. Banks need to know “which countries are deemed to be at risk, which countries have weak levels of compliance.” This is where banks will be involved in de-risking.
The threat of insider crime
Moreover, knowing the appropriate behaviours of your staff is almost as important as knowing your customer. Insider crime is a real threat and being able to quickly identify when staff activities deviate from normal behaviour is critical in the fight against this. Additionally, when banks are reluctant to bring charges against this type of fraud (usually to guard against negative publicity), it can have an adverse effect on the fight against financial crime.
Good practice when it comes to housekeeping, staff management and high-level Know Your Customer (KYC) will mean banks are far more likely to be able to detect when something’s not right and act to stop or limit the damage caused to their customers and their bottom line.
To find out more, get access to our full research below:
Know Your Enemy: How banks can understand the evolving threat of financial crime
It has never been more important to understand the range of adversaries banks face. Get an up-to-date picture of the criminal line-up in our new report.Find out more
About the author
Simon Viney is Security Consulting Sector Lead, BAE Systems Applied Intelligence