What Is Financial Crime Risk Management (FCRM)?

What are the types of financial crime?

In simplest terms, financial crime is the practice of taking money or property illegally from another person or organization for one’s own benefit.

Among the major types of financial crime are: money laundering, terrorist financing, fraud, bribery and corruption, market abuse and insider trading, tax evasion, embezzlement, counterfeiting, identity theft and electronic crime. These crimes can be executed both by external attackers or internal employees, including leaders at the very top of the business.

Financial crime also incorporates a range of less-serious criminal activities. While the cost or legal ramifications may not be as high as with the major types listed above, the following behavior falls under the under the umbrella of financial crimes:

• Personal purchases: Employees use company funds to buy items that aren’t work-related.
• Theft: Employees steal money (e.g., from a cash register or safe) or items from the business to sell for cash.
• Skimming: Employees take a little off the top of each transaction, usually in amounts that are small enough to go undetected, but which add up over time — a particular problem in cash-based retail businesses.
• Payroll schemes: In other cases, payroll employees issue non-approved checks or bonuses, or overstate an employee’s hours.
• Billing schemes: Employees submit false invoices that the business then pays, and the employee or an accomplice receives the payment.
• Forgery: Employees sign or reproduce documents using someone else’s signature. Documents might include timesheets, expense reports, contracts and even checks.

Meanwhile, financial crime perpetrators tend to range from petty thieves to heavy-hitting global crime syndicates:

• Organized criminals: Large-scale operations that can include powerful, dangerous people.
• Individual criminals: Includes hackers with no connection to the organization, or customers, suppliers or contractors, but with some knowledge of the business.
• Business leaders: Includes executives or board members stealing from the company or misrepresenting how an organization is performing (e.g., manipulating financial data to exaggerate profits).
• Employees: Typically involves stealing funds in some way and taking steps to cover their tracks (e.g., skimming). Outside criminals often target employees as partners to help carry out these activities. The employee could be complicit in this or be unknowingly targeted to carry out criminal activity, e.g., a bad actor pretending to be the CEO or a business leader in order to gain access to secure info (phishing).

What is the true cost of financial crimes?

Financial crimes have a significant impact on an organization’s revenue, with 46% of respondents acknowledging that they had been victims of fraud or economic crime. For companies with more than $10 billion in annual revenue, 52% experienced fraud in the 24 months prior to PwC's 2022 Global Economic Crime and Fraud Survey and almost one in five of those companies reported losses of over $50 million from the single most disruptive incident alone. Companies with less than $100 million in annual revenue, by contrast, experienced less fraud — 38% experienced fraud with about a quarter of those companies facing losses of one million dollars or more. When added up, those breach detection and cleanup expenses, compliance penalties and lawsuits often take a large bite out of profits. What’s more, the damage to the organization’s reputation can last for years.

What is financial crime compliance?

Financial crime compliance is the process of ensuring that your organization is meeting the standards, policies and regulations (both internal and external) that apply to your industry and organization.

In 1990, the US Treasury established the Financial Crimes Enforcement Network (FinCEN), which lays the groundwork for financial crime compliance:

• The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, requires financial institutions to work with the U.S. government in cases of suspected money laundering and fraud.
• The USA PATRIOT Act puts forth measures “to prevent, detect, and prosecute international money laundering and financing of terrorism.”
• Know Your Customer (KYC) is a portion of the Patriot Act that requires businesses to verify the identity of customers and understand the nature of their activities.

What is anti-money laundering (AML)?

The United Nations estimates that the amount of money laundered in one year is 2% to 5% of global GDP, or $2 trillion in current US dollars. Every financial institution is exposed to anti-money laundering (AML) risk, largely driven by three factors:

• Products and services have moved online: Offerings that are more consumer-friendly, such as online pre-qualifications and mobile payments, are more complicated to monitor than cash transactions.
• Compliance is deprioritized: Financial institutions cut resources allocated to compliance in an effort to undercut their competitors and offer better deals.
• Remaining compliant presents challenges: The sheer amount of customer and transaction data is simply too much for organizations to manage compliantly, much less parse and use to investigate suspicious activity.

As a result, organizations aren’t doing what’s necessary to meet AML compliance — which can lead to hefty penalties. Thus, it’s critical that financial institutions:

• Establish internal policies and procedures designed specifically to prevent money laundering.
• Employ AML investigators and support them with AML software that can process data quickly and efficiently.
• Train employees on an ongoing basis to both understand money laundering and know what to do if they suspect something is wrong.
• Maintain a strict system of record keeping and reporting.

How can you prevent financial crimes in your organization?

The laws set the precedent for how your organization can prevent and address financial crimes within your organization. Knowing which rules apply to you, monitoring changes in the laws, and building awareness about them across the organization are your top priorities.

These best practices will also help you prevent criminal activity:

• Start at the top: The most effective FCRM strategies have buy-in from everyone, from frontline employees all the way up to the C-suite, with executives actively engaged in the process. Security staff should have plenty of facetime with business leaders to discuss pain points and vulnerabilities, and executives should have access to intelligence reports that provide a clear picture of how the organization is addressing threats.
  
• Assign clear responsibilities and roles: Offer employees ample opportunities to speak up when they see suspicious activities, while providing adequate training to those who are accountable for both identifying and managing financial crime threats. Train all employees on the company’s FCRM policies, how they specifically apply to their role in the organization and how to spot criminal activity.
  
• Create cross-departmental teams: IT plays a huge role in financial crime prevention, as do legal and compliance teams, but you should also include employees from customer service, HR, sales, accounting, business development and other groups, especially as you examine all possible risk scenarios.
  
• Review third-party vendors: The vendors with whom you do business could expose you to liabilities, so ensure they comply with the same regulations as your organization.
  
• Support your financial crime and AML analysts with technology: Invest in fraud detection, AML solutions and security automation, among other solutions. The less time your analysts spend on dead ends, false positives and repetitive tasks, the more they can focus on real threats and compliance activities.
  

What is a financial crime risk assessment?

A financial crime risk assessment is a systematic, step-by-step process of analyzing an organization’s vulnerability to financial crime. To perform a financial risk assessment, you’ll need to take the following steps:

Identify your risks: You need to both understand and document risks, based on the complexity of your organization, the market you are in, the services and products you provide, and how much of your business is conducted online. Looking at past incidents within your organization, and the general proliferation of these financial crimes in the market, you’ll need to estimate your risk level for each of the following:

• Money laundering
• Terrorist financing
• Fraud
• Bribery and corruption
• Market abuse and insider trading
• Tax evasion
• Embezzlement
• Forgery
• Counterfeiting
• Identity theft
• Electronic crime
• Personal purchases
• Theft
• Skimming
• Payroll schemes
• Billing schemes

Once you have documented your risks, you can prioritize them, based on which pose the biggest threat.

Establish protective measures to mitigate your risks: With full awareness of where you are most vulnerable, you can plan the controls and systems that you will implement to prevent financial crimes within and against your organization. These controls can include:

• Assigning responsibility to individuals for ensuring compliance. (e.g., will you assign the work to a security team member or hire a new AML analyst)
• Establishing organization-wide policies and procedures.
• Implementing customer due diligence (CDD) and enhanced due diligence (EDD) to ensure that you’re capturing all the customer information needed to assess risk.
• Creating effective management information (MI) reports that provide both data and context.
• Providing adequate training to employees across the organization beyond IT so that they know how to recognize and report financial crimes.

Review and improve controls: Your organization should conduct regular audits to ensure that the controls you have put into place are addressing new risks. As the market and overall environment changes, you need to create new procedures and policies to address new issues and ensure compliance.

Monitor and report: It’s imperative that you monitor the effectiveness of your controls, so document suspicious activity and the steps you’ve taken to resolve the issue. Proper reporting is required under various compliance regulations, so it’s critical to have that information readily available.

What is a FCRM system?

FCRM tools enable security staff to proactively identify potential vulnerabilities, examine activity continuously, perform ongoing risk assessments, and manage and respond to questionable activity. Here’s a breakdown of their capabilities:

• Detect threats in real time: FCRM systems instantly detect suspicious activity — even on large volumes of transactions — and send alerts to security personnel who can then decide what action to take next.
  
• Uncover anomalous user behavior: Some FCRM tools use advanced user behavior analytics and machine learning to detect malicious or unusual behavior associated with users, devices and applications.
  
• Improve investigation efficiency and results: The best FCRM solutions allow you to quickly search through massive amounts of current or historical machine data to find financial crimes.
  
• Reduce alert fatigue: You can establish custom rules and automation routines to reduce repetitive alerts and false positives.
  
• Adhere to fraud and AML compliance regulations: The FCRM solution brings order to unstructured data, enabling you to adequately meet regulations.
  
• Provide analytics and reporting: With FCRM solutions, you can easily analyze, measure, and manage financial crime risks and share critical information with stakeholders across the organization.
  

How do FCRM systems combat financial crimes?

FCRM systems help combat financial crime in two ways — they clear away much of the noise so analysts can focus on financial crime prevention strategy and compliance, and they offer better visibility and insight, while alerting analysts when suspicious behavior occurs.

Here is how FCRM technology helps to prevent these common crimes:

• Electronic payment fraud: FCRM solutions allow you to more easily detect, investigate and resolve attempts to steal funds through ACH and wire (Fed and SWIFT) transactions. Research suggests that FCRM solutions are working: after peaking in 2019, there has been a gradual decrease in the percentage of organizations being impacted by a payments fraud attack or attempt.
  
• Fraud: FCRM tools continuously aggregate cross-channel data about customers and accounts to create behavior profiles, then automatically look for unusual patterns of behavior and key indicators of fraud risk.
  
• Electronic crime: You can set up custom rules and alerts to flag specific behaviors so that your analysts can investigate them.
  
• Money laundering: FCRM tools with AML capabilities can be used to identify high-risk individuals by pulling from historical data to pinpoint suspicious patterns in customer transactions, as well as locating and identifying specific transactions.
  
• Terrorist financing: Strong FCRM solutions provide a sanction list or blacklist and check activity on an organization’s accounts against it. If a match occurs, the solution will hold payments until an authorized person releases or denies the payment.
  
• Bribery and corruption: FCRM tools make it possible for investigators to identify connections between contractors or public officials and pinpoint unusual payment patterns that could indicate the organization is paying or receiving bribes.
  
• Market abuse and insider dealing: FCRM solutions help you manage employee trades and compare them in real time against activities in the securities market to investigate potential illegal trading.
  

How do you select a FCRM solution?

When it comes to choosing an FCRM solution, the platform you choose will be heavily dependent on your needs, making it imperative to conduct a thorough risk assessment before you begin researching tools. Here are some of the features you’ll also want to consider:

• Reliable and complete data: Look for tools that use advanced behavior analytics and machine learning to create thorough, real-time, 360-degree profiles of the people and entities with whom you do business.
  
• Customized dashboards and painless reporting: Among other things, you will need high-level overviews, trend analysis statistics, and workflow-based reports, along with the ability to drill down and access specific data to support an investigation and pull reports for compliance requirements.
  
• Regulatory compliance features: FCRM tools enable you to comply with local, state, federal and international regulations. Choose a vendor that offers you the ability to rapidly retrieve log data and generate reports for auditor requests.
  
• User-friendliness: You want a straightforward platform that works the way you need it to work, offering customization and an intuitive interface. Make sure that any vendor you choose is also committed to providing ongoing training and support so you get the most from your investment.
  

Customers expect a safe, real-time, omni-channel experience. E-commerce and digital data transactions create new challenges in assessing and managing your financial crime risk. That said, this isn’t something you can put off or ignore.

Regulators will hold your organization responsible for any financial crimes that happen on your watch, even those that come from outside forces. Adopting an FCRM solution makes it easier to identify, respond to and prevent those threats, while ensuring that your organization remains compliant — even with a growing and increasingly complex array of regulations.