The importance of Regtech to navigate through the haze of regulation, criminality and bad shopping choices in the Covid era.
Living with the new-norm
You’re on Mute! Clearly the phrase of the summer as millions of us descend to the dining tables, garden rooms, loft, home office or whatever space you can find amidst the fun and games of kids taking instructions from a teacher during a Zoom class whilst
jumping around on all fours. Yes -welcome to the new norm, the Covid-19 pandemic and its subsequent global lockdown has required us to make the best of the resources to our disposal and power on in leading our lives in the best way possible. Beyond this, there
has been of course the unprecedented levels of human suffering with families losing loved ones as a result of this wretched disease, whilst we learn to adjust to these new norms people have been dying so its always important to consider perspective.
Given we are online more – think back to the early days of Lockdown when the swathes of queues outside supermarkets stockpiling for Armageddon meant many of us spent hours on end registering with multiple online grocery sites hoping to get lucky with a delivery
slot even if it was for 4am on a Saturday. So whilst we spend more time online, register our details here and there and click down the rabbit-hole of news sites to distract our minds from the pandemic, we are increasing the opportunities for our personal data
to end up in the hands of criminals for illicit use.
Changing nature of Digitally-driven Fraud
The problem is we were already overwhelmed as an industry by cybercrime Tsunami, long before the pandemic. Think APP fraud (Authorised Push Payment), UK Finance reported
a staggering £455m worth of losses in 2019, it was the biggest menace in relation to banking fraud. Consider the modus operandi of the criminal here - socially engineer the customer to believe you are dealing with a genuine entity, then transfer your hard-earned
cash somewhere into cyberspace to never be seen again. Many of the victims are small businesses or the elderly and vulnerable who can’t always spot the nuances between what looks right and what doesn’t. Now add a global pandemic to the mix with this heinous
type of crime, a deluge of opportunity to prey on society when they are at their weakest with the prospect of eliciting even more significant sums than we have been used to in the past.
Social Engineering is a real menace and its originated by the extraction of personal data from interception, mass breaches and in many cases insider fraud. Often the criminal has only some of the credentials needed to perform an attack on the consumer (or
business) and then attempts numerous techniques to obtain the missing pieces.
We have also seen the early examples of Social engineering attacks around Test Track and Trace schemes asking unsuspecting users to share their personal credentials to an unsolicted text message or email and given the nervousness of the public at large it
is easy to see may proceeding with sharing their data.
From a technology solutions standpoint we need to consider innovation that brings multuple risk signals closer together, by this I mean the market has been flooded by new technologies aiming to solve the problmes in this space but by using data more collaboratively
and contextualised we are likely to find answers on where we go from here.
Balancing Risk with Customer Experience
History has shown that during an economic downturn fraud and financial crime is most rife, as well as the tactics deployed by organised criminals described previously we see more opportunistic lower-scale crimes from ordinary people who just don’t have enough
to get by or see that there are weaknesses here that are there to be exploited. This is best explained by the Government support schemes, lets take CBILS and BBILS first, which had to be rushed forward for obvious reasons to ensure that businesses could stay
afloat and minimise lay-offs. With huge sums up for grabs there was naturally a major opportunity to commit fraud and financial crime. Whilst there have been numerous examples of scams which take over the credentials of an unsuspecting company and redirect
payment instructions, there has also been a significant challenge on the lenders supporting the scheme to originate and issue these loans as quick as possible.
From my experiences the complexities for larger banks in aligning multiple stakeholders, technology systems and process to get these loans through the door are challenging enough. When you consider that many banks are still going through digital transformation
and lending through online platforms are still under development – the difficulties are all too obvious. The impact for the larger banks is that whilst there are likely to be fraud losses down the line (we won’t know for sure until Summer 2021 when the ‘payment
free’ period ends and defaults ensue), getting these loans out in a reasonable amount of time becomes the complication as the risk, credit and financial policies still have to meet their appetite to lend.
Solving complex business challenges through collaborative processes between internal stakeholders and technology partners will be a useful approach to ensure the best possible customer experience can be achieved at the same time as meeting regulatory obligations.
KYB (Know Your Business) has been another hot topic during the pandemic. In particular, small businesses wanting to get online and/or start to accept card payments given the public at large want to reduce the amount of things they touch, whether its cash
or limiting time in physical stores, taking card payments is now becoming the default method for purchasing in the Covid era - protecting both staff and customers alike. Traditionally the biggest roadblock to taking card payments is being approved to take
card payments. Rightly so, there are regulations in place to ensure that fraud and abuse is minimised, but some of the methods to on-board merchants out there are archaic, very manually driven and time consuming, making the whole process ultimately costlier.
The regulatory landscape,is quite important in this regard and in April this year the
FCA wrote to the CEO’s of major financial institutions requesting them to embrace innovation in Customer Due Diligence (CDD) during the pandemic – yet ensuring they still meet their regulatory obligations. The UK JMLSG (Joint Money Laundering Steering Group)
was already on this path and its guidance from earlier this year was drawing greater attention to ‘anti-impersonation’ and taking a ‘risk based’ approach in CDD which is important in tacking the multi-faceted risk management challenges in the digital economy.
A big focus on Transaction Monitoring in the 5th AMLD is going to be another key tactic by Fintechs payment companies and Gaming operators across the globe in not just knowing their customers at the point of account opening, but throughout the lifecycle of
It has been a busy time for the Regtech community the challenges from the pandemic has resulted in a renewed focus on upgrading such tools to rise to the growing demands. What is important is ensuring that firms have a strong combination of colloboration,
expertise and technology to navigate through these troubled waters.
Riten Gohil is Partner & Co-Founder at Sphonic a London-based digital risk management business, he has been a practitioner in the field of fraud, identity and financial crime from his time working at the likes of the Serious Fraud Office, EY Forensics,
APACS (UK FInance) and Visa.