Despite huge investment in compliance, levels of economic crime are growing. New thinking is needed. Could war game simulations help companies prepare for and respond to crime more effectively?
PwC has published a paper examining how the financial services industry (including both banking, capital markets and insurance) responds to economic crime. It points out that, despite huge investment in compliance, almost half of the financial service companies in PwC's economic crime survey have had experience of economic crime in the previous 24 months. The survey showed that 46 per cent of financial services firms had reported an economic crime in the past two years, compared to an average of 36 per cent of companies in other industries. This is despite the fact that financial service entities are investing more in combatting crime than other types of company.
The cost of financial crime
Some of PwC's economic crime survey results include:
- almost a quarter (24 per cent) of the survey respondents said that the economic crime cost them from $100,000 - $1m;
- 16 per cent of those that reported experiencing economic crime had suffered more than 100 incidents, with 6 per cent suffering more than 1,000;
- cybercrime reports increased 10 per cent (49 per cent experienced), and insider trading increased by 6 percentage points (from 4 per cent to 10 per cent);
- 53 per cent of respondents reported that spending on fighting economic crime was increasing – 55 per cent expect it will continue to increase;
- 33 per cent of the respondents revealed that data quality still can restrict compliance with anti-money laundering regulations; and
- 35 per cent of respondents thought financial crime had high or medium impact on relationships with regulators.
AML skills shortage and insider crime
Some of the challenges facing the financial service industry include a global shortage of qualified and experienced compliance personnel with expertise in AML and counter-terrorist financing, as well as the problem of economic crime perpetrated by company employees. Insiders were responsible for financial crimes in 29 per cent of cases within the financial services industry.
"New thinking is needed to make investment in compliance deliver value and to tackle economic crime more effectively,” said Andrew Clark, PwC's EMEA financial crime leader.
A new approach?
An approach discussed by Chuck Saia, of Deloitte, in Compliance Week involves the idea of using gaming simulation techniques in scenario planning. He describes a “war game” simulation that reveals the challenges organisations face before, during, and after a cyber-incident: “Participants are faced with many business-impacting decisions, including whom to report to and when, cyber-insurance issues, regulatory challenges, third-party vendor relationships, and brand and reputation management. It’s a tense and uncomfortable experience. Even when you know it’s a simulation, your heart sinks when your organisation’s reputation is in danger.”
Simulate a cyber attack
Saia suggests that such simulations can help companies to see gaps and weaknesses in their crime prevention and response strategies. He concludes that it allows them to 'practice' their response procedures and strengthen preventive strategies: “A war game simulation is one way to test your ability to survive and even thrive in a crisis.”
CTMfile take: It sounds a little far-fetched, but with data to suggest that compliance simply isn't helping companies to defend themselves from economic crime, then trying a war game simulation as part of the corporate scenario planning could well open up executive eyes to gaps and weaknesses in the corporate's crime prevention and response strategies.
‘How customizing your fraud prevention can increase your bottom line’
Kount and Blue Snap show how tight fraud control can enable merchants to grow revenue without worry and at same time cut costs
How to protect your business in cyberspace
Four resources that businesses can use to protect themselves from cyber crime
Cyber fraud prevention - the vital questions for your board
UK’s NCA Strategic Cyber Industry Group concluded: “Perfect security is almost impossible”, so your board better have appropriate answers to these questions or are you already in big trouble?