Search for:

Lessons to learn from BoG fraud reports of 2019 and 2020 (Part 3)

“Cyber is not something you can separate from the core business. All of our businesses are digitally dependent now, and all of them deal with digital threats.”

David Ferbrache, Technical Director for cybersecurity at KPMG U.K. (2017)

This week we continue to share lessons learnt from the Bank of Ghana Fraud Report of 2019 and 2020. We shall concentrate on correspondent banking and e-money frauds today. Once again, here are some extracts from the report:

Correspondent Banking Fraud

The significant increment in reported values is as a result of increased 49% – 51% Staff Involvement-Jan-Dec 2019, and  56% – 44% Staff Involvement- Jan – Dec 2020 values in attempted correspondent banking fraud. In some instances, single incidents reported values as high as €100,000,000. Even though attempted fraud values increased significantly, loss incurred through fraud reduced by 24.0%.”

E-Money Fraud

“E-Money fraud recorded 14 cases in 2019 and 126 cases in 2020 showing a year-on-year increase of 800.0%.  E-Money Fraud recorded a loss value of GH¢ 1.04 million for 2020, as compared to a loss value of GH¢ 0.37 million for the same period in 2019. Banks recorded the highest loss values for E-money Fraud. Banks lost GH¢604,755.65, representing 57.7% of total E-money related fraud recorded in 2020. Rural and community banks followed with a loss of GH¢ 398,883.59 representing 38.1% of total E-Money related losses reported in 2020.”

“Even though Savings and loans companies recorded negligible E-Money related losses, the sector recorded a 100.0% success rate of E-Money related fraud. This may be an indication of the absence of security systems in the sector to forestall E-Money related losses.”

“Microfinance companies follow closely with 83.09% success rate in E-Money related fraud. This is followed by rural and community banks with success rate of 75.9% and 44.8% respectively. The data indicates that sectors with less stringent security measures record higher success rate of E-Money related fraud.”

Cause for concern

The above extracts from the 2020 report gave me much concern. The main reason is that while Bank of Ghana is doing its best to encourage the public especially small- scale entrepreneurs to go cash-lite and use the banking system in their foreign transactions, the fraudsters are also taking advantage of system and human lapses to negate these efforts.

Through correspondent banking relationships, banks can access financial services in different jurisdictions and provide cross-border payment services to their customers, supporting international trade and financial inclusion. E-money has also come to stay to reduce physical interaction, time and resources in financial transactions, while making payments for goods and services hassle-free.

Cybercrime

Cybercrime is a major concern for banks around the world. Until recently, the focus of attacks has tended to be on banks’ customers through card and account detail compromises. But as criminals have become more sophisticated, they have raised their ambitions, and in a change of focus are now directly targeting banks themselves.

In light of these threats, what steps can financial institutions take to protect themselves from cyberattacks, detect suspicious activity more readily, and improve their chances of recovering quickly from any cybercrime attacks? As a layman on this subject, I intend to share more of the awareness and preventive parts, which can help reduce the impact on our banking systems as well as the customers’ businesses.

Sophisticated fraudsters are now mounting focused high-end attacks. Organized crime groups have begun directly targeting bank systems. Unlimited cash-out attacks, for example, have seen criminals compromise the networks of card-issuing banks, enabling them to modify withdrawal limits and clean out groups of ATMs in coordinated assaults.

In 2016 an attack on the Bank of Bangladesh, resulted in the loss of $81 million. This is of particular concern to correspondent banks. Can you imagine that while the attack itself took place in early February 2016, the ultimate beneficiary accounts in the Philippines had allegedly been opened a year earlier, which is likely to have been when the attackers began their initial reconnaissance.

Software on the bank’s interface server was modified, not only to enter fraudulent payment requests, but also to conceal this activity so that fraudulent transactions would not appear on daily logs. If this happens to a bank in Ghana, you can imagine the effect on our banking system?

Education and Awareness for both Staff and Customers

A word to the wise is enough. Bankers and customers alike are prone to cyber crime, and the effect on correspondent banking and e-fraud is massive. Fraudsters typically start with commoditized attacks, whereby organized crime groups send millions of emails containing phishing links to malware. Customers and staff should continue to be re-educated and reminded not to click on strange emails that can result in the system being compromised and the potential for money to be extorted by ransomware demands.

  • Using the banks email for personal correspondence should always be a no, no.
  • Banks “SME Clinics” to create awareness, should highlight the following:
  • Education about the fact that compromising the customer’s environment, introducing malware using techniques such as phishing or email compromise scams.
  • Capturing valid operator credentials, typically through access to password files or by putting keyloggers in place to capture password details, and thereby gaining an understanding of the payment environment and associated behaviours.
  • Regular caution to both staff and customers not to share passwords. The temporary “convenience” in doing that can lead to a catastrophe for both businesses and banks.
  • Knowledge of fraudulent credentials which can be used to attack the back office; for example, by sending fraudulent MT 103 payment messages.
  • Fraudsters can hide transaction activity. For example, by removing payment information from local databases, and thereby delaying the discovery of the attack and increasingly the likelihood that funds will be settled.
  • Customers should not sign blank forms for foreign currency transfers. Some unscrupulous Relationship Managers have been sanctioned for altering the amounts that their customers’ originally meant to transfer.

Taking Control

There are other actions financial institutions can take, to detect fraud more readily and respond more effectively to any threats. These include:

  • Timely reconciliation of accounts, provide payment confirmation and have policies in place around payment amendments.
  • Institutions should also know how to cancel payments rapidly, should the need arise.
  • Require counterparts to send confirmation messages. While these messages are not currently mandatory, they provide additional transparency between counterparties.
  • Review the MT 940/MT 950 statement messages that they receive in order to check that the amounts and balances recorded on their statements match their own records of transaction activity.
  • Monitoring Transaction Data to detect any concealment of identity both to prevent fraud and to detect attacks that do take place.
  • Activity monitoring: By obtaining an aggregated record of daily activity, banks can gain a clearer understanding of their payment activity and identify any significant changes in activity.
  • Risk monitoring: By monitoring risk in their transaction environments, banks can counteract fraudsters’ efforts to hide their transaction activity, as well as identifying unusual single or aggregated transactions.
  • Institutions should source and store such information separately to ensure that it cannot be compromised in an attack that disables or damages their own payment systems and records.

Response and Recovery

It is also important to have robust processes in place so that financial institutions can respond quickly and effectively if they detect a cyberattack. This may involve canceling fraudulent messages or taking steps to facilitate business continuity if transactions cannot be canceled.

Disaster Recovery/Business Continuity

As the final stage of defense, financial institutions need to have measures in place that enable them to respond appropriately to cyberattacks and restore usual business operations as quickly as possible. This requires a strong link between cybersecurity and business continuity/disaster recovery, as well as an understanding that cybersecurity is intrinsically connected to the core business.

They also need to have a plan in place stating how they will bring the business back online quickly and securely.

Conclusion

To conclude this session, let me quote from Tony Wicks, head of AML initiatives, SWIFT, London, UK. in an article in ACAMS TODAY,  “Combating Cyber Fraud in Correspondent Banking”:

“As cybercriminals turn their attention deeper into the banking world, it is imperative that financial institutions take appropriate steps to secure their environments. There are a number of areas in which actions can be taken both to prevent attacks, as well as to increase the likelihood of an attack being detected in time. Last but not least, institutions need to have a clear business continuity plan in place covering the steps to take in the event of a successful attack”.

TO BE CONTINUED

ABOUT THE AUTHOR

Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of Three books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story” and “The Modern Branch Manager’s Companion”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.

CONTACT

Website www.alkanbiz.com

Email:alberta@alkanbiz.com  or albique@yahoo.com

Tel: +233-0244333051/+233-0244611343

RISK WATCH with Alberta Quarcoopome: Obstacles can be blessings in disguise!

A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty.”  Winston Churchill

When one hears the word “risk”, the immediate reaction is “Aw…problems”. This word seems to have a negative perception and is mostly avoided. Seasoned professionals however know that risk does not always have to be negative. Risk can also create opportunities for progress and improvement as well as a competitive edge. In today’s business world, risk poses threats but also provides opportunities to create new competitive advantage and ways to satisfy customers.

 “Why Conflict Can Actually Be A Good Thing” – 4th Dec 2017 article by Imeyen Ebong, Forbes Contributor

This article is a must read:

 A large European bank’s executive committee gathered for a two-day meeting to work on a plan to turn the company around. The stakes were high. The bank was not performing well and was nearing the limits of its permitted capital ratios. A full turnaround would be required, and everything from redefining the business strategy to restructuring the company, and even exiting whole lines of business, was on the table.

Yet instead of quickly jumping into financing options or other operational decisions, the meeting began with an unfamiliar series of exercises with an unusual goal: to help the leaders in the room get to know one another personally.

Many had worked together for years, but prior to this meeting, something about the executive team had felt wrong, the CEO said. These people would have to lead the bank’s transformation, and while they seemed to get along, executives complained about a lack of trust and collaboration. Decisions jointly made rarely seemed to be implemented.

In the workshop, the group spent a full day learning basic details about one another for the first time, like the names of their children, where they had gone to school and their family histories. They also engaged in a discussion of personality types and gave open feedback about what they appreciated about each other, and which behaviors they found problematic.

Given the company’s dire outlook, this kind of work might seem beside the point, but after the meeting, members of the group reported a different level of trust. Rather than making assumptions about what team members were thinking, as they once had, they said they were now willing to open up and disagree about some things.

The payoff was a much healthier debate, essential as they mapped out the bank’s transformation.

The turnaround is still in its early days, but already the leadership team members credit a more open environment and willingness to share conflicting ideas with improved results. The worst-case scenarios for the bank are no longer on the table.”

Obstacles – A Part of life 

Opportunities hide behind obstacles. Not all obstacles are bad. According to John Mason, an opportunity’s favourite disguise is an obstacle. You will always meet obstacles in the road of your answer because no one is immune to problems.

Being a diligent person does not remove you from the world and its problems, rather it positions you to live in it productively and victoriously. I remember the case of a very diligent banker who overlooked a wrong transaction which nearly caused a heavy financial loss to the bank.

What did people say? What! How come? We thought she was a very diligent banker. Was she not the one always hammering the due processes into our heads?” What a world! What a world indeed. That event was taken very seriously by the bank’s management and serious efforts and procedures were implemented to reduce errors in those transactions. Yes, everybody is vulnerable to risk. Your life will be much more productive if you understand that obstacles are a part of life.

Opportunities roll on the wheels of adversity

The door to opportunity rolls open the wheels of adversity. Problems are the price of progress. The obstacles of life are intended to make us better, not bitter. Obstacles are merely a call to strengthen, not quit. Successful people are those who solve the biggest problems. When you encounter obstacles, you will discover things about yourself that you will never know.

TURNING RISKS INTO OPPORTUNITIES – Improving business Performance

 Let us look at a few examples of how we can turn risks into opportunities:

Account Opening Errors: The Window to Fraud

Have you been searching for a customer who has perpetuated some kind of fraud? Whether there was loss to the bank or not, reputational damage can cause customers to shy away from doing business with you. Go back and examine the account opening documents. Shoddy work, wasn’t it? It is now time to tighten the screws. Find time to check on what kind of customers are coming on board. Your obstacles? The untrained sales and customer service staff. Seize the opportunity to coach and mentor these staff on best practices.

The Computer Frauds Obstacle and Skills Gap

With the advent of e-banking, e-transactions are sometimes perceived to come with zero-errors. We sometimes forget that garbage in, garbage out. The big obstacle here is Fraud, both internal and external. To clear this obstacle, why don’t you design short courses/seminars/focused – group discussions with SMEs and customers who are not very computer-savvy? Be honest and transparent with them and educate them on computer skills and fraud prevention.

This can be done with minimum costs. The results? ..Customer Loyalty! Don’t worry about the frauds that you have experienced in the Bank. It is the sign that the door to accuracy lie in transactions by your systems, guided by improvement and efficiency in supervision. The risks of losing customers create opportunities to increase profits.

Risks of Loss of Knowledge

Knowledge is power. How do you feel when some valuable and experienced staff leave the bank? Some of them leave a big vacuum difficult to fill. Institutional knowledge loss leads to loss of productivity and increase in the risk of adverse events.

Without an established and well documented credit history, the exit of loans and recovery officers creates a challenge and some loan customers can be difficult to trace. Institutions need to establish a repository of valuable knowledge for future guidance.

This include documented processes, history of events, causes and lessons learnt. History and archiving should not be looked down upon. An institution that forgets history creates opportunities for history to repeat itself!

Words from the grapevine: Social Media Risks also create opportunities

They say the chief Teller at ABC bank has vanished with GHC590,000. Don’t mind them, the Manager is always out and hardly checks up on what’s going on in the branch”

“I heard that they hardly evacuate excess cash to their head office. …After all, they were trading with the cash”

I hear they don’t have any checks and balances in the branches…..They think they can use logic to work. As for me I am closing my account tomorrow”

How would you feel if you read such messages about your bank? Don’t worry. It is an opportunity to defuse the situation using this same medium of communication to correct and clear your bank’s name.

The speed with which complaints travel across the internet, is enough to make service providers sit up and devise error-free services and ways to provide less or near zero tolerance for errors. Social media increases reputational risks when service delivery fails.

Banks are now becoming more social media-friendly since a scandal can affect customer loyalty and retention within a short time. In such circumstances, banks can use the same social media platform as an opportunity to appreciate what stakeholders are saying, respond immediately and clarify the impressions created and reduce loss of business and reputational damage.

Seize the Moment!

Doing your best at this moment, puts you in the best place for the next moment. All the flowers of tomorrow are in the seeds of today. Seize the moment, opportunities are constantly either coming to you or by you. In everyday of your life write it on your heart that everyday is the best day of the year, to unlock every opportunities hidden behind the obstacles you are facing.

Dear bankers, we hope you take risk management to a different level and see how obstacles can be turned into opportunities and gold mines.

Meanwhile please book a copy of my new book, “THE MODERN BRANCH MANAGER’S COMPANION” a 440 paged book with 29 chapters of technical as well as soft skills in banking. It involves the adoption of a multi-disciplinary approach in the practice of today’s branch management. It also shares invaluable insights on the mindset needed to navigate and make a difference in the changing dynamics of the banking industry. Call 0244333051 for your copy.

ABOUT THE AUTHOR

Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of Three books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story” and “The Modern Branch Manager’s Companion”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.

CONTACT

Website www.alkanbiz.com

Email:alberta@alkanbiz.com  or albique@yahoo.com

Tel: +233-0244333051/+233-0244611343

Technical Banking for Amenfiman Rural Bank Staff

Managing workplace conflicts for Senior staff of Ga Rural Bank