The global pandemic has created many hits to the financial system. One of these is rising fraud rates, which could create unrecoverable losses to banks of all sizes. Suspicious Activity Report (SAR) filings for all types of fraud are up substantially, with wire transfer fraud filings rising almost 40% last year over 2019 (FinCEN SAR Stats). Managing this risk means strengthening the control environment — improving policies and procedures, beefing up and targeting employee training, and implementing effective monitoring and reporting to executives and the board of directors. Making these efforts successful requires an accurate risk assessment, necessitating accurate and complete fraud data across all channels and payment rails. Building better fraud data is where the FraudClassifierSM Model can help.
Each type of payment has its own rules and methods for identifying fraud and resolving cases, making the tabulation of fraud across an institution, or even defining what is or is not fraud nearly impossible. As envisioned by multiple Fed districts and built with the help of a broad workgroup of industry thought leaders, including banks, third parties, government agencies, and others, FraudClassifier solves this problem. The Fed released the final model in summer 2020, and adoption has begun at financial institutions of all sizes. By allowing for the proper measurement of fraud risk, the model significantly strengthens the risk assessment process. The model categorizes fraud across all payment methods, creating a broad, holistic look across an entire organization.
The model begins by asking who initiated the payment, unlike the rules of payment associations, which focus on who committed the fraud and how. The benefit is categorization becomes agnostic of the payment rail. By dividing categories between authorized and un-authorized parties, and in the next step asking about the method of fraud, the model delineates meaningful categories, eight for authorized parties and four for unauthorized. These fourteen categories are the finished product and describe the fraud committed — what and who — providing powerful insights into fraud trends by creating standard definitions across all payments.
FraudClassifier is entirely voluntary and for internal use. There is no mandate that a bank adopt the model and no fixed time frame to do so. The data generated is for a bank’s internal use, not for law enforcement or industry statistics. A bank could choose to share FraudClassifier data, but there is no intention to make it mandatory. After the model becomes widespread, it could become more common for examiners to ask for resulting data, but there is no intent to require it.
While core providers and other processing platforms have begun discussing incorporating the model into their products, none has to date. For now, tracking the model’s results and tabulating categories will rely on homegrown solutions — a spreadsheet or a more full-featured reporting and analytics solution. Depending on the size of the bank and rates of fraud, a spreadsheet could work just fine to start.
The Fed has established a timeline for implementation, targeting 2022 and 2023 for widespread adoption. Depending on a bank’s size and complexity, it could take a few months or more to implement the model, and for data management purposes, year-end is a convenient time to do it. So, for many, it’s not yet too late for 2022. Such a project would require buy-in from the board and senior management, setting up a team to work out the details, solving the tracking problem, and training the appropriate staff. Ongoing requirements likely mean evolving the implementation team into a more permanent workgroup. Periodic meetings, perhaps quarterly, would ensure that things stay on track. And, of course, someone needs to be the internal champion for the model. The right person for that role will vary, possibly from the back office, a compliance person, or another appropriate resource. An employee that already has responsibility for fraud monitoring at the bank is an obvious choice.
FraudClassifier is the first industry-wide attempt to improve risk management by making fraud classifiable across all payment types. Banks that use the model will establish better controls and manage real risks by compiling complete, meaningful fraud data. While the use of the model will remain voluntary, its benefits may become clear enough that one day it may be unusual to find a bank that has not implemented it.
Bauer is FVP/Compliance, BSA & Security at Bankers' Bank, a WBA Gold Associate Member.
By, Cassie Krause