Top 10 Trends in Fraud & AML, 2020:

Faster, Higher, Stronger

Licensed to [email protected] - Not for Distribution

JANUARY 2020

Fraud & AML

© 2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited. Photocopying or electronic distribution of
this document or any of its contents without prior written consent of the publisher violates U.S. copyright law, and is punishable by statutory damages
of up to US$150,000 per infringement, plus attorneys’ fees (17 USC 504 et seq.). Without advance permission, illegal copying includes regular
photocopying, faxing, excerpting, forwarding electronically, and sharing of online access.
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

TABLE OF CONTENTS
TOP 10 TRENDS FOR 2020 .............................................................................................................................. 3
FINANCIAL CRIME CONVERGENCE AND COLLABORATION ACCELERATE .................................................. 4
FI EMPLOYEE FRAUD IS RESURGENT ......................................................................................................... 5
SELF-SERVICE SECURITY BECOMES A COMPETITIVE DIFFERENTIATOR..................................................... 6
MOMENTUM BUILDS AROUND MULE TAKEDOWN EFFORTS ................................................................... 7
ACCELERATED INNOVATION BECOMES A TOP REGULATORY PRIORITY ................................................... 8
FASTER PAYMENTS RISKS ACCELERATE .................................................................................................... 9

Licensed to [email protected] - Not for Distribution

FIS INVEST TO ADDRESS CONTACT CENTER FRAUD ................................................................................ 10
BEC AND CONSUMER PUSH PAYMENT SCAMS ENTER REGULATORS’ CROSSHAIRS............................... 11
THE INDUSTRY TACKLES NEW SANCTIONS CHALLENGES AND OPPORTUNITIES .................................... 12
THE EU MARCHES TOWARD SCA ............................................................................................................ 13
CONCLUSION ................................................................................................................................................ 15
RELATED AITE GROUP RESEARCH ................................................................................................................. 17
ABOUT AITE GROUP...................................................................................................................................... 18
AUTHOR INFORMATION ......................................................................................................................... 18
CONTACT ................................................................................................................................................. 18

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
2
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

TOP 10 TRENDS FOR 2020

Faster, higher, stronger: The Olympic motto is an inspirational phrase in the world of athletics,
and it’s also remarkably apt in describing the arms race that is currently raging in the realm of
financial crime. Mark McClusky’s excellent book by the same name explains how advanced
1
technology and science have created a new breed of superathlete, just as the application of
advanced technologies has taken fraud and money laundering attack vectors to entirely new
levels of scale, scope, and impact.

The good news is that the financial services firms, retailers, and corporations that are the prime
targets of these attacks have rapidly progressing technology solutions at their disposal as well—

Licensed to [email protected] - Not for Distribution

though their ability to nimbly adopt these technologies is often hamstrung by internal
bureaucracy. 2020 will see firms continue to invest, even as the specter of global recession
looms large. Collaboration is also an important arrow in the industry’s quiver, and collaborative
efforts will continue to multiply and mature on a number of fronts—everything from the
convergence of fraud, anti-money laundering (AML), and information security functions within
financial institutions (FIs) to elevated private and public cooperation to take down mule and
other financial crime networks. These initiatives will take hold and accelerate, as the financial
services industry works to become faster, higher, and stronger in the face of rapidly evolving
financial crime threats.

To this end, Aite Group identifies 10 trends that will shape Fraud & AML around the globe in
2020 and beyond:

• Financial crime convergence and collaboration accelerate.

• FI employee fraud is resurgent.

• Self-service security becomes a competitive differentiator.

• Momentum builds around mule takedown efforts.

• Accelerated innovation becomes a top regulatory priority.

• Faster payments risks accelerate.

• FIs invest to address contact center fraud.

• Business email compromise (BEC) and consumer push payment scams enter
regulators’ crosshairs.

• The industry tackles new sanctions challenges and opportunities.

• The EU marches toward strong customer authentication (SCA).

1. Mark McClusky, “Faster, Higher, Stronger: The New Science of Creating Superathletes and How You
Can Train Like Them,” Avery, October 2014.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
3
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

F IN A N C I A L C R I ME CO N VE RG E N C E A N D CO L LA B O R AT IO N
AC C E LE R AT E
By Charles Subrt

Financial crime prevention is a long-standing challenge for the financial services industry, as
organized crime flourishes. Tens of billions of dollars are devoted annually to AML compliance as
well as fraud and cybercrime prevention. Even with extensive investments in time and money,
2
less than 1% of all money laundering is caught, and enforcement actions for AML deficiencies
persist. The increasing complexity and digitalization of products and services, plus the
heightened emphasis on the customer experience and personal data privacy further complicate
the already complex financial crime landscape.

Licensed to [email protected] - Not for Distribution

As threats grow and costs increase, private and public sectors alike recognize the vast potential,
and perhaps the imperative, for convergence, enhanced collaboration, and greater intelligence
sharing. Converging people, processes, data, and technology can have tremendous impact—
greater economies of scale, richer insights, smarter financial crime strategies, and sharper
detection and reporting.

FIs have shifted back and forth between keeping fraud prevention, information security, and
AML functions separate and establishing unified hierarchies and governance. Generally, most
have maintained distinct units with different mandates. With advancements in technology,
increasing transactions volume, faster payments, and the perpetual drive for cost-efficiency, the
rationale behind the historic divisions is less clear. FIs are gradually adopting more cohesive tech-
enabled financial crime strategies. Greater synergy and alignment can deliver more dynamic and
agile defenses by expanding data sharing, fabricating more holistic customer views, and when
combined with newer technology, spawning faster and more accurate threat monitoring,
analysis, and detection. Hidden risks are identified, duplication and waste are eliminated, gaps
are closed, and resources and processes are optimized. A recent Aite Group survey of financial
crime leaders signals increasing partnership and consolidation among the financial crime
3
functions of FIs. However, integration has its fair share of hurdles. Extensive time, budget, and
resources are required. Given the historical silos, a cultural transformation with a deep
commitment from the top is crucial. Without it, success will be out of reach.

Regulators, too, acknowledge the substantial upside of greater collaboration and dialogue—with
FIs, technology solution providers, law enforcement, and other regulators around the globe.
Stronger public-private partnerships can further disrupt money launderers, mule networks,
terrorists, drug traffickers, and other financial crime organizations. Expanded collaboration
cultivates better understanding and identification of emerging threats and typologies, helps
prioritize resource allocation, and generates higher quality and more actionable intelligence.

2. Ronald F. Pol, “The Global War on Money Laundering Is a Failed Experiment,” The Conversation,
October 20, 2019, accessed December 3, 2019, https://theconversation.com/the-global-war-on-
money-laundering-is-a-failed-experiment-125143.

3. See Aite Group’s report Key Trends Driving AML Compliance Transformation in 2020 and Beyond,
November 2019.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
4
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

The financial industry is clearly at a pivotal point in the financial crime fight. Big data and
technology are benefiting prevention and detection. But without greater collaboration, the fight
may be lost. As they say, it takes a village.

F I E M P LOY E E F R AUD I S R E S URG E N T

By Shirley Inscoe

FI employee fraud never goes away, but severity tends to be cyclical; the rate of incidents often
rises when the economy declines. The economy has been relatively strong in recent years, so
employee fraud hasn’t been top of mind for many FI executives. Certainly, there have been many

Licensed to [email protected] - Not for Distribution

other fraud concerns to supersede employee fraud, especially with organized criminal rings
focused on committing identity crimes, such as application fraud and account takeover. However,
as the potential for an imminent economic decline looms, now is the time to prepare to thwart
employee fraud.

Employees steal from their employers for a variety of reasons: Some feel they are entitled to
more money because they were passed over for a promotion, think they make less money than
they should, or feel customers have so much money they will never miss the amount taken.
Others are thrill seekers who want to see if they can get away with the theft; some are addicts to
shopping, drugs, or other vices; and sometimes good employees find themselves in desperate
circumstances and don’t see any other option to obtain funds to pay bills or cover an emergency.

There are three facets to employee fraud—motivation, opportunity, and rationalization.

Employees who work in FIs with poor internal controls face temptations that should be
prevented if management is doing its job. Setting high ethical standards, which are consistently
displayed, provides a great working environment and protects employees. Management’s role is
critical; if the organization appears not to value honesty and ethics, employees may feel these
traits are not important or don’t apply at work.

There are many steps management can take to protect against employee fraud:

• Create a work environment where honesty is the standard and internal controls are
enforced. This reduces opportunity and makes expectations of ethical behavior clear.

• Provide employees with an outlet to turn to when they face a crisis (i.e., an
employee assistance function).

• Provide a confidential way for employees to report suspicious behavior without fear
of repercussions.

• Use internal processes and technology to detect anomalous behaviors and

investigate them. Educating employees that their activities are monitored can serve
as a powerful deterrent.

• Prosecute employees who steal to set an example for others who might be tempted.

The next economic downturn could occur at any time—the FIs that prepare now will avoid a
huge resurgence in employee fraud losses when it does.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
5
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

S E LF - SE RV IC E S EC UR IT Y B ECO MES A CO MP E T IT IVE

D IF F E R E N T IATO R
By Trace Fooshée

There is no question that the industry trend toward digitalization has left a lasting impression on
how those who manage financial crime prioritize and defend investments in their pursuit of a
better balance between fraud loss prevention, client experience, regulatory compliance, and
operating efficiency. Perhaps one of the more significant developments of this shift has been
the emergence of digital capabilities (and, in some cases, capabilities that span other channels
as well) that are primarily perceived as client experience investments but also pay dividends

Licensed to [email protected] - Not for Distribution

from a client security perspective and/or from a cost reduction perspective. Several examples
over the past three to five years include trends among banks to invest in card controls, digital
security “control centers” on online banking and mobile platforms, and voice biometrics.

While many fraud executives have enthusiastically supported these kinds of investments,
they’re frequently doing so as a supporting business unit or as a co-sponsor of an initiative led
by digital or contact center leadership. In fact, many fraud executives have found forging
alliances with their digital counterparts to be particularly fruitful in securing funding for the kind
of security controls that can have unexpected, often indirect positive impacts on improving
fraud loss prevention and client experience. Interestingly, these solutions span a variety of
forms and range in terms of both their scope and their ambition. Many of these solutions are a
reflection of the growing interest in experimentation with unconventional (at least for many
bankers) methodologies for driving innovation in their pursuit of a more compelling and
competitive client experience.

As more fraud leaders find themselves collaborating with their counterparts in product and
channel management in design-thinking sessions or brainstorming meetings centered around
how to nudge clients toward better security practices, they’re beginning to discover how to
reimagine fraud and security controls in some rather unconventional ways. There are indications
that this trend is accumulating momentum as solutions such as Ethoca’s Eliminator, Verifi’s
Order Insight, and card controls (whether vendor supplied or developed in house) gain more
widespread adoption. Capital One released a digital assistant, Eno, earlier this year. While Eno is
pitched primarily as a means of improving client experience by way of automating interactive
chat sessions and monitoring for duplicate card transactions, Eno is also being used to improve
security by way of more dynamically enabling virtual card numbers using browser extensions
and improving the effectiveness of fraud alerts.

The old phrase “deputizing the client” is taking on new dimensions, and that’s a good thing.
Given the growth in attack patterns (for example, account takeover) that exploit vulnerabilities in
controls that have been deprecated to the client’s discretion (for example, credential reuse), it’s
likely that we’ll see greater emphasis on more creative approaches to federating security
controls in a way that promotes more proactive client engagement in security.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
6
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

M O M E N T U M B U IL D S A RO UN D MUL E TA K E D OW N E F F O RT S
By Julie Conroy

Mule networks represent a critically important asset that enable organized crime, terrorists, and
rogue nation states to cash out the proceeds of criminal activity. Mule accounts are usually
consumer or small-business accounts, and they are created by criminals with relative ease using
complicit or duped consumers, stolen identity data, or synthetic identities (all of which exist in
abundance). The money placed in a mule account has typically been stolen from a customer at
another institution, and many FIs do not have proactive controls to detect and eradicate mule
accounts because they do not have direct fraud loss exposure.

Licensed to [email protected] - Not for Distribution

There are certainly money laundering considerations, however, and the takedown of mule
networks is another growing point of convergence among fraud and AML operations across the
globe. There is also the growing recognition that while an FI does not usually have direct loss
exposure for many of the mule accounts on its books, the network of mule accounts that
facilitate the quick transfer of funds from bank to bank has a systemwide impact, so cracking
down on these accounts benefits the ecosystem as a whole. Regulatory inducements, such as
the U.K.’s Contingent Reimbursement Model (CRM) Code for Authorized Push Payment Scams,
which shifts liability for social engineering scams from the victim to the bank, have added further
4
impetus to mule takedown efforts.

The U.K. banks are on the forefront of this trend. In December 2018, Pay.UK and Vocalink
launched the Mule Insights Tactical Solution (MITS). By bringing together payments data from
multiple banks and overlaying that data with proprietary analytics and algorithms, MITS
pinpoints mule accounts involved in suspected illegal activities. Over 90% of U.K. current
accounts are covered by the solution.

Many large U.S. FIs are also making investments in mule detection and takedown efforts. In
some cases, the efforts consist of building and deploying detection analytics looking for account
activity that is indicative of mule behavior. A budding collaborative effort has started with the
simple step of creating a contact directory that enables banks to communicate directly when
they detect a suspicious inbound transaction. In the highly fragmented U.S. banking market, it
can be very challenging for the receiving FI to find the right person to talk to at the originating FI
in the relatively short window of time before they have to release the funds, so a simple contact
list can save valuable hours (and dollars).

These types of efforts need to spread globally, either through market-driven efforts, as seen in
the U.S., or through regulatory instigation, as seen in the U.K. Mule networks are an essential
underpinning of financial crime, and concerted efforts to cripple these networks will impede the
rampant growth that financial crime rings currently enjoy.

4. See Aite Group’s report Customer Safety 360: The Guide to Effective Fraud Controls, November 2019.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
7
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

AC C E LE R AT E D IN N OVAT IO N B ECO M ES A TO P R EG UL ATO RY

P R I O R IT Y
By Charles Subrt

As FIs exploit the benefits of machine learning (ML), data analytics, and robotic process
automation (RPA) to enhance the customer experience, drive efficiency, and fuel growth,
accelerated innovation has become a top regulatory priority. Regulators worldwide recognize the
enormous potential—a modernized supervisory regime, enhanced financial crime detection and
deterrence, and ultimately a safer financial system. At the forefront of this trend, Hong Kong,
Singapore, and the U.K. have unveiled initiatives to accelerate regulatory transformations
through technology within the last few years. The U.S. is finally catching up.

Licensed to [email protected] - Not for Distribution

Often seen as the global trailblazer in regulator-led innovation, the U.K. Financial Conduct
Authority (FCA) pioneered novel strategies to stimulate experimentation in technology across
the financial industry and aid investments in fintech companies. Since 2016, the FCA has hosted
multiple multiday tech-sprint events to trigger dialogue among technology and compliance
experts across both private and public sectors and unearth new solutions to critical challenges.
New ideas are conceived, and actionable technology-driven solutions are developed. In July
2019, the U.S. hosted its first-ever regulatory tech-sprint. Working with the FCA, the Alliance for
Innovative Regulation (AIR), a new nonprofit organization, brought together representatives
from FIs, technology companies, and several U.S. federal regulatory agencies for four days in
Washington, D.C. The event concentrated on how new technology can more efficiently and
5
effectively combat money laundering and financial crime.

U.S. regulatory authorities are pushing innovative transformation to optimize and elevate
financial crime prevention and detection. In December 2018, the U.S. Treasury Department’s
AML unit and U.S. federal banking regulators issued a joint statement encouraging innovation
and experimentation. Moreover, regulator-led innovation projects are being introduced to
accelerate learning, discourse, and technology adoption. In May 2019, the U.S. Financial Crimes
Enforcement Network (FinCEN) launched the Innovation Hours program to bring together the
private and public sectors to cultivate more innovative approaches against illicit crime. When
announcing the program, FinCEN noted “responsible innovation can be an important part of
safeguarding the U.S. financial system against new and evolving threats related to money
6
laundering, terrorist financing and other serious financial crimes.” The Federal Deposit
Insurance Corporation (FDIC) launched the FDIC Tech Lab to better engage the financial sector
7
and help advance the technology evolution.

5. “TechSprints,” Alliance for Innovative Regulation, accessed November 25, 2019,

https://www.regulationinnovation.org/tech-sprints.

6. “FinCEN’s Innovation Hours Program,” Financial Crimes Enforcement Network, May 2019, accessed
November 25, 2019, https://www.fincen.gov/resources/fincens-innovation-hours-program.

7. “Statement of the Federal Deposit Insurance Corporation on ‘Overseeing the Fintech Revolution:
Domestic and International Perspectives on Fintech’ Before the Task Force on Financial Technology of
the Committee on Financial Services, U.S. House of Representatives,” Federal Deposit Insurance
Corporation, June 25, 2019, accessed November 25, 2019,
https://www.fdic.gov/news/news/speeches/spjun2519.html.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
8
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

Throughout 2019, FIs experienced this heightened regulatory focus on innovation. And this
regulator-led undertaking of exploration and discovery will only be picking up speed in 2020.

FA ST E R PAY ME N TS R I SK S AC C E LE R AT E
By Trace Fooshée

As of December 2019, 40 countries have either transformed existing payment infrastructures to

make them faster or have deployed new faster payments infrastructure in an impressive effort to
modernize their banking systems. It’s clear that the world is ready for faster payments, but is the
U.S. ready for it? Whether or not, faster payments has arrived, and many in the industry are

Licensed to [email protected] - Not for Distribution

eager to understand what to expect in terms of risk, operations, market demand, and regulatory
or legislative oversight. Perhaps the most anticipated questions of all are whether and how these
rails will influence usage of existing payment rails and how that will impact revenue and risk.

Few question the benefits or the inevitability of faster payments. Many, however, are
exceptionally and understandably curious to comprehend how faster payments will impact
financial crime. Will those countries, such as the U.S. and Canada, that are just joining the faster
payments party be doomed to repeat history by not learning from those that have gone before?
Or will collective wisdom, foresight, and technological advancements enable the followers to
avoid the same (or similar) fates of trailblazers in the U.K., Singapore, and Australia, to name just
a few? Recent research by Vocalink empirically revealed several insights that many had derived
intuitively. Specifically, fraudsters prefer faster payments; thus, it’s reasonable to expect that
fraud attacks will be amplified, that they will move money with greater frequency, and that most
8
FIs are aware of less than one-third of mule accounts at their organizations.

In the U.S. market, Early Warning and The Clearing House have taken extraordinary steps to
develop and deploy impressive security measures intended to address concerns by member
banks and consumers alike about the security of their networks. But will those steps be enough?
What is an acceptable rate of fraud on a network? Even if the industry can determine that an
inbound payment is destined for a mule account, who will have policies so clearly defined that
they will be able to react in a timely and legally defensible manner? Such a procedure would
require an unprecedented level of cooperation and interoperability between fraud and AML
functions within a bank. How would that change the conventional wisdom that “Fraud is from
Mars and AML is from Venus”? It is highly likely that the North American migration to faster
payments will trigger increases in scam attacks as it did in the U.K. If so, the increase in scam
activity may finally reach the tipping point that could spur regulators to mandate more
sophisticated recovery controls or shifts in liability, such as those proposed in the Contingency
Reimbursement Model in the U.K.

While it’s clear that many important steps are being taken to prepare the North American
market for faster payments, it’s not yet clear whether the complexity and size of North America
will confound the benefits of those efforts. This is made all the more likely given the relatively

8. “The Rise of the Mule,” Vocalink Analytics, 2017, accessed December 3, 2019,
https://www.mastercard.us/content/dam/mccom/en-us/documents/vocalink-anti-money-laundering-
case-study.pdf.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
9
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

open-ended specifications and enforcement policies proposed or managed by the networks.

They are well intentioned and understandably balanced in favor of adoption versus security, but
given that as much as one-third of fraud executives among the top 40 largest U.S. banks believe
that their organization’s investments in security are not keeping pace with those in digital sales
and service platforms, it’s likely that the industry will see a significant amplification of criminal
activity as adoption of faster payments accelerates.

F IS IN VEST TO A D D R ES S C O N TA C T C E N T E R F R AUD
By Shirley Inscoe

Licensed to [email protected] - Not for Distribution

Contact centers enable a great deal of fraud, but many FIs don’t quantify it; instead, they
attribute fraud to the delivery channel where the funds were actually stolen. The emphasis in
contact centers is to provide a great customer experience—and to do it quickly. Unfortunately,
fraudsters know this and take advantage of agents when they impersonate legitimate customers.
They may act angry, flirt, cajole, plead, or take other actions to convince the call center
representative they are legitimate customers in order to gain access to an account.

This is not a new problem for FIs, and it is one reason contact centers are often referred to as
9
“the fraud enablement channel.” Historical examples of common fraudster activities include
getting online credentials reset to gain access (resulting in losses attributed to online or mobile),
obtaining an additional debit or credit card on an existing account (loss charged to cards), and
ordering checks (check fraud losses). With the advent of real-time payments, fraudsters are now
calling the contact center to impersonate the customer and request the removal of holds that
the fraud department placed on payments that the fraudsters initiated on accounts that they
took over. Through this process, fraudsters can steal funds even after the fraud department
detects their actions and places holds! So, while the fraud is not new, it does have new wrinkles
that are increasing fraud losses at many FIs.

Fortunately, many technology solutions can help determine whether the legitimate customer
versus a fraudster is contacting the call center. Although many of these solutions are quite
different, FIs are implementing various technologies to assist them in defeating the fraudsters
who feast on the contact center smorgasbord. Technologies may focus on ensuring the device
being used to call the contact center is one previously associated with the customer, and then
verify that the device has not had the SIM card replaced or the number hasn’t been forwarded
or ported from another device. Other solutions may focus on the behavioral biometrics of the
customers—how they hold or handle the device, how data is entered, the speed with which data
is entered, etc. Other solutions may focus on the incoming call itself and perform analysis on the
call before it is answered, and in some cases, additional tests after it is answered (e.g., examining
background noise). Of course, the customer’s voice is an important component used by some
solutions that use voice recognition or voice biometrics. Some FIs choose to obtain the
customer’s consent in implementing such solutions, while others focus on creating a hot file of
known fraudsters’ voices (as opposed to using voice as part of the authentication process). Many

9. See Aite Group’s report Contact Centers: The Fraud Enablement Channel, April 2016.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
10
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

of these solutions operate in the background and are totally transparent to the customer,
thereby adding greater protection without additional friction.

All these technology options are viable, and there is no “right” solution choice. However, with
organized criminals increasingly focusing on contact centers to help enable their fraudulent
actions, FIs need to take action to secure contact centers. With improving the customer
experience being a priority in many FIs, what could be more important than protecting
customers’ accounts and ensuring that fraudsters aren’t successfully impersonating them to
steal their money? Technology investments are being made by many large FIs that will result in
organized attacks shifting to unprotected FIs—don’t overlook the risk of being late to invest.

Licensed to [email protected] - Not for Distribution

B EC A N D CO N S UM E R PU SH PAY ME N T SC A MS E N T E R
R EG U LATO RS’ C RO S SH A IRS
By Julie Conroy

BEC and consumer authorized push payment (APP) scams have been growing rapidly around the
globe netting organized crime rings billions of dollars and leaving consumer and business victims
holding the bag. These scams target the weakest link in the financial services chain—the
customer—and employ social engineering tactics to extract funds. BEC takes place when a
criminal hacks into a business executive’s email account or spoofs his or her email address, then
requests that the company’s chief financial officer (CFO) or controller make a wire payment to a
particular vendor account. Too often, the email recipient doesn’t take the time to verify the
request, and the money is quickly gone. This scam does not discriminate by size of business—
everything from a small city government to large corporations such as Nikkei America, Google,
and Facebook have fallen victim to BEC scams. According to the FBI, there was more than US$26
billion in BEC-exposed losses between October 2013 and July 2019, with a 100% year-over-year
10
increase from 2018 to 2019. BEC-exposed losses also grew at a 100% rate between 2017 and
2018, which clearly illustrates why these scams are increasingly top of mind for regulators.

APP scams dupe the consumer into voluntarily initiating payments to the fraudster. A prime
example of APP fraud was publicized in Canada recently, when a retiree sued his bank to try to
recoup the CA$800,000 that he was tricked into sending fraudsters, thinking he was closing on a
11
piece of real estate in California. U.K. regulators are on the forefront of addressing these scams.
APP fraud losses totaled over 616 million pounds in just the first half of 2019, representing a 40%
12
year-over-year increase. As a result of the rapidly growing impact of APP fraud in the U.K., the
U.K. Lending Standards Board introduced the Contingent Reimbursement Model Code for APP

10. “Business Email Compromise the $26 Billion Scam,” Federal Bureau of Investigation, September 10,
2019, accessed November 24, 2019, https://www.ic3.gov/media/2019/190910.aspx.

11. Erica Johnson, “Bank Wires Fraudsters Over $800K of Retiree’s Savings, Despite Red Flags,” CBC News,
November 17, 2019, accessed November 24, 2019, https://www.cbc.ca/news/canada/calgary/wire-
fraud-email-condo-sale-1.5358363.

12. Rupert Jones, “Number of Bank Transfer Scams in UK Rises by 40% in a Year,” The Guardian,
September 26, 2019, accessed October 4, 2019, https://www.theguardian.com/money/2019/sep/26/
number-of-bank-transfer-scams-in-uk-rise-by-40-in-a-year.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
11
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

13
Scams to address these social engineering fraud losses. This voluntary code establishes
increased consumer protection standards with the goal of reducing the number of authorized
push payment scams (although the extent to which the code is truly voluntary is somewhat
questionable based on Aite Group interviews with U.K. bank executives). The U.K. FIs that have
signed up to the code have committed to protect their customers with a set of proscribed
procedures to detect, prevent, and respond to push payment scams and provide a greater level
of protection for customers considered to be particularly vulnerable to this type of fraud (e.g.,
the elderly). A key aspect of the code is that any consumer, microenterprise, or charity will be
14
fully reimbursed if it falls victim to an APP scam. While there are many elements that the code
requires, a key aspect is that banks must confirm that the identity of the recipient account
matches those on the payment instructions.

Licensed to [email protected] - Not for Distribution

The U.K. is often on the vanguard of both payments innovation and associated payments
regulation (as fraudsters find the security gaps that result from innovation, opening a new
frontier of loss exposure). Now that a precedent for a liability shift for social engineering fraud
has been established in the U.K. market, expect regulators in other jurisdictions to take notice
and wade into the fray—unless banks take the initiative and proactively improve their controls to
thwart this rampantly growing fraud vector.

T H E I N D U ST RY TAC K L ES N E W SA N C T IO N S C H A L LE N G E S A N D
O P PO RT UN IT IE S
By Charles Subrt

Sanctions risk is an increasingly critical area of concern. Sanctions are expanding, the geopolitical
climate is becoming more volatile, and the volume, speed, and globalization of business is
growing. Facing a complicated, ambiguous, and perhaps unforgiving sanctions ecosystem, the
financial services industry is rethinking, transforming, and elevating sanctions compliance.

Far from perfect, sanctions compliance programs and screening systems are being challenged
like no other time previously, with major consequences for contravening sanctions rules—
immense fines, business and customer loss, and reputational damage. Examples of the
increasing pressure on FIs include the following:

• The current U.S. administration is intensifying its reliance on sanctions to achieve its
foreign policy objectives. In 2018, 1,500 individuals and entities were added to the
U.S. Specially Designated Nationals and Blocked Persons List (SDN) list, a 50% jump
higher than from any prior year. Often acting unilaterally, the U.S. resumed the Iran

13. “Contingent Reimbursement Model Code (CRM) for Authorised Push Payment Scams,” Lending
Standards Board, accessed October 1, 2019, https://www.lendingstandardsboard.org.uk/contingent-
reimbursement-model-code/.

14. See Aite Group’s report Customer Safety 360: The Guide to Effective Fraud Controls, November 2019.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
12
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

sanctions, pushed harder against North Korea, and sanctioned numerous Russian
15
oligarchs and senior officials and the Maduro government in Venezuela.

• Expanded use of U.S. secondary sanctions conflict with European Union legislation
precluding EU firms from complying with certain U.S. sanctions on Iran.

• Regulatory scrutiny and expectations are rising, and enforcement penalties are
escalating.

• Expanding markets, faster payments, and higher transaction volume are elevating
sanctions risk in the digital age. Current automated systems are generating too many
false positives, demanding larger staffs and significant investigation efforts.

Licensed to [email protected] - Not for Distribution

• Terrorists and financial criminals are constantly seeking innovative ways to conceal
ownership, obscure transactions, and evade sanctions. Companies doing business in
Iran often attempt to sidestep sanctions controls.

The current state of volatility is becoming a springboard for organizations to adapt, transform,
and modernize their operational strategies, processes, and tools for sanctions compliance.
Leveraging ML, RPA, and other new technologies, screening and other compliance practices are
being optimized for more efficient and effective sanctions risk management. As organizations
search for better ways to manage increasing transaction volume, diminish false positives, and
enhance threat detection, technology solution providers are delivering smarter, faster, and more
economical screening solutions.

But technology alone will not be enough to solve the sanctions challenge. Human capital is
critical. The complexity of sanctions, the risk of penalties, and the evolution of technology
mandate thought leadership and strategic minds. Organizations will seek and develop talented
and highly skilled resources with deep sanctions expertise. And sanctions practitioners with
diverse skills will have endless opportunities for growth and professional advancement.

To navigate the sanctions labyrinth in 2020, the financial services industry will ramp up its
investment in people, processes, data, and technology.

T H E E U MA RC H ES TOWA R D S C A
By Ron van Wezel

Fraud prevention is an increasingly challenging task for online merchants globally, and Europe is
no exception. On average, companies rejected 3% of all domestic orders due to suspicion of
fraud. They manually screened 20% of all orders for suspicion of fraud, of which 10% were
16
declined (2% of all orders). The high manual activity indicates that operational costs are high;

15. “2018 Year-End Sanctions Update,” Gibson Dunn, February 11, 2019, accessed November 25, 2019,
https://www.gibsondunn.com/2018-year-end-sanctions-update/.

16. “Masters of Balance,” Visa CyberSource, 2019, accessed November 17, 2019,
https://www.cybersource.com/en-us/solutions/fraud-and-risk-management/fraud-report.html.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
13
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

Aite Group estimates that European merchants spent US$29 billion annually on fraud prevention
in 2018.

Still, European businesses lost 1.9% of their annual e-commerce revenue due to payment fraud
on domestic orders in 2018.17 This situation was hardly sustainable, and the EU’s legislative
authority has stepped in to enforce SCA on digital payments in order to protect consumers and
businesses against this increasing problem. SCA requires two-factor authentication of digital
payments unless an exemption applies.18 SCA was introduced on September 14, but
enforcement has been postponed until December 31, 2020, to give the market sufficient time to
complete the transition to the new way of working.

Aite Group research indicates that the market agrees with the European Commission’s vision

Licensed to [email protected] - Not for Distribution

that SCA will reduce fraud considerably. An online survey with 88 payment executives shows that
37% of the respondents think that SCA will reduce fraud by more than 50%. If fraud would
indeed be reduced by as much as 50% as a result of SCA, this would mean a direct saving for the
industry on fraud losses in the order of US$750 million. The indirect savings would be even
higher, as SCA will help businesses reduce the operational costs of fraud management, based on
a substantial reduction of transactions that have to be manually reviewed.

However, the introduction of SCA is a double-edged sword. SCA may reduce fraud considerably,
but at the same time, market participants see SCA as a risk, as it will introduce friction in the
checkout process. Consumers will face an increase in transactions that require authentication
with a second factor, such as a one-time passcode or biometric factor. Aite Group estimates
that, on average, the number of stepped-up authentications will double. This may expose
merchants to the risk of cart abandonment and loss of sales if the new process is not properly
managed.

Aite Group’s research shows that the industry considers SCA a significant risk to online
commerce in the first year after its introduction. About half of respondents to Aite Group’s
survey think that SCA will lead to a loss of at least 5% of online sales, and 31% think that this loss
will be higher than 10%. Responses from merchant organizations agree with these results. On
the other hand, 25% of all respondents (and 20% of the smaller merchant sample) say that the
impact of SCA will be negligible. These respondents may believe that consumers will quickly get
used to the practice of SCA, and/or that SCA may increase trust in online commerce.

Clearly, merchants need to work with their payment service providers to reduce conversion risk
as much as possible after the introduction of SCA. This should involve a multilayered approach
with the dual purpose of reducing the number of transactions that require SCA and offering the
best user experience for the remaining transactions. Fortunately, the regulator has granted an
additional year to make that happen.

17. “Masters of Balance,” Visa CyberSource, 2019, accessed November 17, 2019.

18. See Aite Group’s report PSD2: Advent of the New Payments Market in Europe, March 2019.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
14
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

CONCLUSION
In 2020, Aite Group anticipates the following trends in fraud and AML:

• Financial crime convergence and collaboration accelerate. Despite substantial

efforts, economic crime is flourishing. The private and public sectors are increasingly
recognizing that collaboration and convergences among fraud, AML, and
information security functions can help organizations more successfully address the
growing challenges.

• FI employee fraud is resurgent. The next economic downturn could be just around

Licensed to [email protected] - Not for Distribution

the corner, and when it occurs, a resurgence of employee fraud is likely. Smart FI
executives are working now to ensure they are prepared by establishing enhanced
internal controls, processes, and employee monitoring to deter fraud.

• Self-service security becomes a competitive differentiator. The trend to more

proactively engage clients to encourage them to take a more deliberate role in
improving their security hygiene will accelerate as fraudsters continue to migrate
their tactics to exploit end-users’ security vulnerabilities. Nudging clients toward
better security practices will play a greater role in influencing how fraud executives
think about controlling for these security vulnerabilities.

• Momentum builds around mule takedown efforts. Mule networks are an essential
underpinning of financial crime, and concerted efforts to cripple these networks will
impede the rampant growth that financial crime rings currently enjoy.

• Accelerated innovation becomes a top regulatory priority. To speed up and advance

the financial crime technology revolution, global regulators will lead numerous
innovation initiatives. 2020 will see the outbreak of regulator-led innovation offices
and tech-sprints.

• Faster payments risks accelerate. As real-time payments adoption ramps up, so too
will the deployment of capabilities to blend channel and transaction monitoring
controls into fraud countermeasures and to experiment with organizational
structures and policies that foster greater collaboration between fraud and AML.

• FIs invest to address contact center fraud. Fraudsters are focusing on contact
centers more than ever before, using them to enable their crimes. A wide variety of
technology solutions is available for contact centers, many of which add greater
security without adding additional friction to the customer interaction. Investments
in contact center technology can better protect the FI and ensure only legitimate
customers get the great service their agents provide.

• BEC and consumer push payment scams enter regulators’ crosshairs. Now that a
precedent for liability shift for social engineering fraud has been established in the
U.K. market, expect regulators in other jurisdictions to take notice and wade into the
fray—unless banks take the initiative and proactively improve their controls to
thwart this rampantly growing fraud vector.

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
15
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

• The industry sees new sanctions challenges and opportunities. Currently, sanctions
is an intensifying, unpredictable, and perhaps unforgiving ecosystem. By escalating
its investment in people and talent development, process optimization, and big data
and technology, the financial services industry will build and benefit from more
effective and more efficient sanctions risk management practices and solutions.

• The EU marches toward SCA. The introduction of SCA is a double-edged sword. SCA
may reduce fraud considerably, but at the same time, market participants see SCA as
a risk, as it will introduce friction in the checkout process.

Licensed to [email protected] - Not for Distribution

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
16
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

RELATED AITE GROUP RESEARCH

Market Trends in Digital Fraud Mitigation, December 2019.

Customer Safety 360: The Guide to Effective Fraud Controls, November 2019.

Key Trends Driving AML Compliance Transformation in 2020 and Beyond, November 2019.

Key Trends Driving FI Fraud Investments in 2020 and Beyond, November 2019.

Best Practices to Thwart Fraud in Real-Time Payments, October 2019.

Licensed to [email protected] - Not for Distribution

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
17
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com
Top 10 Trends in Fraud & AML, 2020: Faster, Higher, Stronger JANUARY 2020

ABOUT AITE GROUP

Aite Group is a global research and advisory firm delivering comprehensive, actionable advice on
business, technology, and regulatory issues and their impact on the financial services industry.
With expertise in banking, payments, insurance, wealth management, and the capital markets,
we guide financial institutions, technology providers, and consulting firms worldwide. We
partner with our clients, revealing their blind spots and delivering insights to make their
businesses smarter and stronger. Visit us on the web and connect with us on Twitter and
LinkedIn.

Licensed to [email protected] - Not for Distribution

AUT H O R I N FO R MAT IO N
Julie Conroy
+1.617.398.5045
[email protected]
Fraud & AML Team

C O N TA C T
For more information on research and consulting services, please contact:

Aite Group Sales

+1.617.338.6050
[email protected]

For all press and conference inquiries, please contact:

Aite Group PR
+1.617.398.5048
[email protected]

For all other inquiries, please contact:

[email protected]

©2020 Aite Group LLC. All rights reserved. Reproduction of this report by any means is strictly prohibited.
18
101 Arch Street, Suite 501, Boston, MA 02110 • Tel +1.617.338.6050 • Fax +1.617.338.6078 • [email protected] • www.aitegroup.com