EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
EY teams can help your business respond rapidly to alleged fraud, bribery and other misconduct, as well as provide support through any regulatory, civil or criminal proceedings.
Read more
Fostering a robust control framework to meet compliance expectations from regulators at the state, federal and global levels have become increasingly difficult as customer demand has shifted to expect quicker money movement. As institutions try to meet customer demands, real-time payments have reduced the time to identify and respond to suspected fraud. Global institutions are finding various ways to enhance scam detection capabilities, such as in Australia where institutions are slowing money transfers between individuals with no connections.1 In the UK, legislators have proposed a law to allow institutions to delay payments for up to four days when there is suspicion of fraud.2 Detection has been further complicated as scams have become more sophisticated, with some leveraging artificial intelligence (AI) to develop complex impersonation schemes that imitate individuals, businesses and governments. New technology has made it more difficult for individuals to know whom they are speaking with.
EY professionals have helped clients mitigate the risks associated with scams by focusing priorities to identify relevant typologies and enhancing their existing frameworks to better educate customers and limit exposure to the institution. Identifying and thoughtfully understanding scam typologies is a useful tool in the fight against fraud as it helps group scams into more consistent categories and clearly defines what type of scams are specifically impacting the business and the related areas of exposure. Institutions are then better equipped to identify key control vulnerabilities through root cause analysis and focus resources to combat their unique risks. Successful identification and categorization of scams can also aid institutions in identifying high-risk product types (e.g., cryptocurrency), their most vulnerable customers and the most common methods of scammer outreach (e.g., social media). The FTC’s latest annual release noted that scams initiated through social media have increased from $250 million in 2022 to $1.4 billion in 2023. These numbers are likely understated as victims are at times hesitant to report losses.
When regulatory bodies determine that institutions lack proper safeguards against scams, those institutions can be held financially liable. Historically, there has not been clear guidance on a firm’s obligation to remediate scam victims, leading to ambiguity and inconsistency in the reimbursement process. Many institutions handle reimbursement on a case-by-case basis and have been inconsistent in reimbursing scam losses when customers are intentionally authorizing the fund transfer (e.g., romance scams); however, this may no longer be sufficient. As regulatory scrutiny increases, institutions must place greater emphasis on educating their customers to help them identify and prevent scams and minimize losses before funds ever leave their accounts.
Nick Spinella and Casey Fitzgerald also contributed to this article.