Economic crime against financial services organisations continues to rise around the world. Some 45% of financial services respondents to PwC’s 2014 Global Economic Crime Survey* say they have been victims of economic crime while 39% say they have been victims of cyber crime as fraudsters increasingly turn towards technology as their main crime tool.
Around half who have experienced economic crime during the survey period report an increase in the number of occurrences and the financial value of economic crime during the period (more so than other industries’ respondents).
The Global Economic Crime Survey includes 1,330 responses from the financial services sector across 79 countries, and finds that theft remains the most common form of economic crime for financial services firms (as reported by 67% of respondents). This is followed by cyber crime (39%), money laundering (24%), accounting fraud (21%) and bribery and corruption (20%).
Respondents reported significant collateral damage of economic crime to their reputation, with 29% of respondents citing this as the most severe impact of money laundering.
Andrew Clark, partner in PwC’s forensics practice, said: “Financial services organisations are finding that economic crime persists despite ongoing efforts to combat it. No organisation of any size anywhere in the world is immune to the impact of fraud and other crimes. The direct financial impact of economic crime harms organisations but such crimes also damage internal processes, eroding the integrity of employees and tarnishing reputations.”
Economic crime against financial services organisations continues to rise around the world
Clark continued: “While the financial services sector may be ahead of many industries in terms of the prevention and detection of economic crime, more can be done. Of particular concern are the clear weaknesses in some organisations’ fraud risk assessments, whistle-blowing mechanisms and awareness of the pervasive and sustained threat of cyber crime.”
Cybercrime: what’s the risk?
The survey shows that cyber crime is still the second most common type of economic crime reported by financial services respondents (after asset misappropriation) – 39% in 2014 (this compares to only 17% in other industries).
However, this percentage of respondents is alarmingly low. PwC’s experience has shown that a clear majority of financial services organisations (especially retail banks) suffered cyber crime events during the survey period.
Similarly, only 41% believe it’s likely that they will experience cyber crime in the next 24 months (45% in Africa and 36% in Asia Pacific). A further 19% are unsure whether they are likely or unlikely to experience cyber crime.
Financial services respondents perceive a greater increase in the risk of cyber crime compared to counterparts in other industries (57% compared with 45% in other industries). Clearly, financial services organisations believe that cyber crime is becoming a greater threat than ever before, yet many do not believe that it will actually happen to them.
Financial services organisations are finding that economic crime persists despite ongoing efforts to combat it and no organisation of any size anywhere in the world is immune to the impact of fraud and other crimes
“The financial services sector was one of the first to be targeted by cybercrime,” explained Andrew Clark. “Little wonder, as there has always been significant potential financial gains to be had from subverting computerised processes and corporate controls in banks.”
Clark added: “Less than 40% of economic crime in the financial services sector was reported as cyber crime in our survey. In our experience, financial services organisations do not always identify and log the cyber element of economic crime experienced. This leaves them exposed to cyber threats in spite of any existing cyber defence. If cyber crime is not being accurately tracked, the true risk cannot be fully grasped and understood.”
“Cybercrime is growing and the methods are constantly evolving – we see no abatement in attacks on banks’ infrastructure. So it is concerning that 40% of all financial services respondents believe that it is unlikely their organisations will experience cybercrime in the next 24 months. Financial services organisations need to recognise cybercrime as a risk type and establish proper cybercrime reporting.”
Where does economic crime occur?
Economic crime is a pervasive global threat to financial services organisations, but there are regional variations. In the Asia Pacific region, at least half of financial services respondents reported an increase. By contrast, nearly 40% of respondents from South and Central America reported a decrease.
Certain cyber threats ebb and flow. For instance, the Middle Eastern cyber attacks that targeted several large US banks in 2012 and 2013 appear to have receded. The US has seen dramatic increases in financial services economic crime, from outages created by Distributed Denial of Service (DDoS) attacks to massive ATM withdrawals by organised criminal groups.
Andrew Clark of PwC
Credit card fraud has become more pervasive as the US has yet to embrace the Chip and PIN system.
In Japan, phishing scams have targeted bank customers’ personal computers via virus, using fake pop-up windows or e-mails masquerading as legitimate Internet banking interfaces to trick customers into inputting their personal information.
PwC cyber security experts have also perceived a rise in cyber crime from Africa, which correlates with big Government initiatives to roll out broadband in that region.
Industry sources also indicate that cyber criminals are relocating to South Africa from Europe due to increased co-operation between law enforcement agencies in the EU.
Who commits fraud?
External fraudsters are still the main perpetrators of economic crime for the majority of financial services organisations (57%).
Most internal frauds are committed by junior staff (39%) and middle managers (39%), with a fifth of internal economic crime committed by those in senior management.
The profile of the typical financial services internal fraudster is a male between 31-50 years old with a university level education.
Andrew Clark explained: “Typically, economic crime is committed when three conditions are present: life pressure, opportunity and personal rationalisation for the crime. Financial services organisations are prime targets for external fraud given the amount of money fraudsters could potentially obtain and also the importance and sensitivity of data held by organisations. The latter might include credit card and personal identity details. Cyber crime is most often externally perpetrated, and not just for monetary gain but also for valuable information about individuals.”
Continuing this theme, Clark outlined: “Internal fraudsters in financial services are more likely to hold at least a university degree qualification than in other sectors – a reflection of the entry requirements of recruitment in the sector. Our survey results suggest that the average financial services internal fraudster is able to carry out fraud from quite a junior level in the organisation. This may be due to the fact that financial services products can be complex by design and function and, consequently, more difficult to ‘police’ despite internal controls.”
How is fraud found?
The financial services sector tends to be more strictly regulated. As a result, many business processes and functions have corporate controls in place. This makes it more difficult for frauds to be internally perpetrated without discovery.
Of the financial services respondents who knew how the economic crime in their organisation had been detected, 61% attributed the detection to having corporate controls in place compared to 56% in other industries.
*The 2014 Global Economic Crime Survey was completed by 5,128 respondents from 95 countries between August and October 2013. Of the respondents, 50% were senior executives, 35% represented publicly listed companies and 54% were from organisations with more than 1,000 employees. The responses included 1,330 responses from financial services organisations across 79 countries
For more information on the 2014 Global Economic Crime Survey visit: http://www.pwc.com/economiccrime