In July 2022, Ernst & Young LLP (EY US) conducted the first wealth and asset management fraud insights point of view exercise to understand the challenges facing our clients and the approaches taken to combat the spike of fraudulent activity currently being experienced. This includes managing staffing needs, identifying technology solutions and innovative fraud investigation management. The following is a summary of the EY US insights, including key takeaways, market themes and emerging trends.
- New account fraud (NAF) and account takeover (ATO) continue to be the two most prominent fraud concerns for firms. A vast majority of the respondents noted both ATO and NAF are in the top three fraud risks for their organization.
- Teams have seen an influx in fraud volume and a steady increase in average fraud losses over the past three years.
- Many firms ask their existing fraud response teams to manage spikes in fraud volumes. These spikes in volume can put a strain on the existing fraud framework and leave firms vulnerable to large-scale attacks. Over the past three years, some firms have experienced as much as a 500% increase in annual fraud loss from year to year due to large-scale events.
- Some firms have false-positive rates of over 97%, showing fraud teams are potentially inundated with unnecessary alert volumes. As a result, firms have an opportunity to tighten fraud alert intake channels appropriately.
- Firms have a large variety of detective controls used to identify potential fraud red flags; however, they do not have an equally substantial preventative control framework currently in place.
- A majority of firms are utilizing an in-house case management tool, some of which reflect limited functionality, like an inability to report on key metrics accurately. Many tools are also not being leveraged universally throughout the organization, indicating potential inefficiencies between related business lines.
- Firms have expressed concern over their ability to prepare and respond to insider threats. The reporting structure, roles and responsibilities of insider threat programs vary throughout the industry, leading to uncertainty about leading practices.
The future of fraud: EY US point of view
Based on our conversations with wealth and asset management firms and the current market trends we observed, we suggest the areas below will become a key focus as firms look to continue enhancing their existing fraud framework.
Firms are making investments to enhance their existing fraud infrastructure and preventative control framework, further integrating machine learning, automated alert generation and behavioral analytics to better inhibit bad actors from gaining access to their network. Specifically, machine learning and behavioral analytics will assist in identifying fraudulent patterns, for which agile preventative controls can be developed and adjusted to fit the most current fraud trends observed.
A comprehensive and integrated insider threat program will be necessary to protect against potential exposure and future vulnerabilities. Firms are assessing their existing insider threat framework maturity and determining if the program is fully integrated into the enterprise risk management strategy. In addition, insider threat programs are being designed to proactively detect insider threat activities with risk indicators in place to focus on higher-risk employees (e.g., those with access to confidential information, or low-performance indicators).
Social media and dark web investigations will become widespread and commonplace across the industry. Firms will continue to heavily leverage a combination of third-party vendor tools and in-house resources as effective resources to identify when and where bad actors have identified vulnerabilities and where they are coordinating future attacks.
Providing additional fraud training and raising awareness will further bolster a firm’s preventative framework and assist in combating fraud. Enhancing education for customers and employees on how to spot fraud red flags internally and externally, how to defend themselves against bad actors and where to go if they identify potential fraud can create operational efficiencies for the business and help optimize manual alert intake channels.