Estimated reading time: 7 minutes
When the topic is fraud and financial crime, trade finance companies are certainly on high alert. Every transaction made in this multi-trillion-dollar ecosystem must be checked for sanction lists for countries as well as corporations. Documents need scouring for authenticity, payments need to be secured, and receivables reconciled at a scale arguably not seen in any other business. The exposure is so great that the International Chamber of Commerce (ICC) speculates that if even 1% of the $5 trillion trade financing market is vulnerable to fraud, and 10% of the transactions within it are affected, the annual losses can amount to around $5 billion.
Digitisation and better transaction transparency have been promoted as solid defences against finance fraud and, in many cases, will be effective. But what if those prevention measures aren’t aimed at the right fraud vector? Because a new report from Bottomline shows that fraud and financial crimes at global corporations are becoming inside jobs. Our recent 2023 Business Payments Barometer surveyed 1,600 finance leaders in the US and Great Britain and shows that 59% of GB businesses and 73% of US businesses have seen increases in insider threats and insider employee fraud over the past year.
Regardless of whether you’re a bank with a trade finance division, provide trade finance solutions, or operate in the supply chain finance space, your company is vulnerable to insider threats. And if those threats come to fruition, that cost can transcend financial theft and reach into data leakage and reputational damage.
Granted, the trade finance industry has already created and reinforced strict rules around information sharing such as the “no private phones on the trading floor” rule. But the report is consistent with other work done around trade finance fraud of late, and it’s interesting to note that most corporate respondents from GB (65%) and the US (73%) use supply chain finance.
Other research also identifies insider threats as a clear and present danger to profits, reputations and supply chains. In fact, one such report from Deutsche Bank shows that fraudsters are capitalising on the trade industry’s reliance on analogue processes and sophisticated document fraud and concealment. The problem is serious enough for Deutsche to predict that it could affect the supply chain and the cost of goods. Document fraud and insider fraud go hand in hand, according to the report.
In this report, ICC Michael Howlett, CEO of ICC Commercial Crime Services and Director of its International Maritime Bureau (IMB), said, “The biggest problem remains collusion between related parties. Banks are often the targets of such frauds.”
“Deals that appear to be arms-length transactions turn out not to be. Because the IMB sees suspect transactions from across the banking industry globally, patterns of major fraud schemes become more apparent than those restricted to a single bank’s transactions or from a single jurisdiction.”
Potential insider culprits and background
However, while they show up more frequently on the trade finance radar screen, insider threats can be detected and mitigated with the right policies, procedures and technologies. Before we unpack the technology and best practices that can stop insider threats, let’s look at how it got to this point.
The hybrid work environment is where many analysts have laid the blame for its increase, as corporate-owned devices have been scattered to homes and other remote locations. This remote environment means that new entries in the workforce often lack the training and personal interaction to know the difference between innocent information sharing and more malicious theft of data, intellectual property or even capital.
Then insider fraud moves to collusion between an employee and outside groups. A new report from IBM and the Ponemon Institute shows fraudsters are taking it a step further. According to “The Cost of Fraud 2022,” when remote working factored into a data leak, costs averaged nearly $1 million greater than in breaches where remote working wasn’t a factor — $4.99 million versus $4.02 million. Remote work-related breaches cost about $600,000 more compared to the global average.
Another report from Bottomline and Strategic Treasurer showed that reliance on remote work increases a company’s risk of different types of fraud. Three fraud types were noted because of remote working:
- business email compromise at 64%,
- data theft at 39%,
- external fraud at 38%.
The data shows that insider threats can lead to social engineering fraud, which for a trade finance company can lead to dangerous impersonations and eventually financial theft.
In the trade finance context, insider threats can be as serious as data and capital held for ransom, and benign as a new employee sharing a few contacts with a friend. However, innocent actions can become legitimate threats if they go unchecked.
There are three ways to detect and mitigate insider threats by mixing sound practices and technology solutions.
- Technology: Companies must replace manual investigations of suspicious employee behaviour with automated system-based monitoring of essential applications. Many companies use a manual process of checking log files, which can show suspicious interactions. However, the results of those processes can be difficult to read and only detect insider threats after the fact. It can be more effective to monitor the junctions and business applications related to data and money movement where fraudulent behaviour can occur. Some examples include a payment system through which an insider can make unauthorised transactions, a customer data warehouse where an insider can steal identities, or even a compliance platform where insider threats can be disguised.
- Enterprise Case Management (ECM): To detect and mitigate fraud and financial crimes, a company needs to gain awareness of suspicious activity, gather evidence of wrongdoing, investigate and potentially prosecute it. ECM is an overarching principle and technology solution that helps companies organise, prioritise and manage cases in one system. It also allows them to collect all the evidence in one system. For a trade finance company, it should include financial impact analysis capabilities, investigative data, Know Your Customer (KYC) data, AML data and much more.
- Securing payments, data and networks: Many global companies are on the right track when it comes to payment protection. According to the Business Payments Barometer, the majority of respondents (57% in GB and 55% in the US) used bank account validation and verification followed by multi-factor authentication. However, this is not the case with insider fraud issues: Only 40% of British and 47% of US companies surveyed use automated employee behaviour monitoring to detect suspicious behaviour. Most fraud experts will tell you that the attitude toward fraud and financial crime prevention is just as important as the technology. With that in mind, between 70 and 75% of all respondents say security comes at the expense of convenience. However, a concerning 60-70% believe fraudsters are moving too fast for payment protection technology to keep up.
What’s next for business payments?
When asked what will influence the next three years, respondents pointed to fraud prevention, the digitisation of finance and reduced payment friction, and acquiring new payment technologies and methods as their top choices. Central bank digital currencies, which have its share of the trade finance headlines, as well as other payments news, came in fifth for the US and eighth for GB, with only 9 to 13% of respondents listing it as a priority.
Trade finance – like any other segment of the financial services industry – runs on data, capital and the ability to secure both. But humans operate them, and it’s here that trade finance companies need to aim their fraud defences and future investments.
“Trade finance often presents an intoxicating mixture of invincible individuals, glamourised financials and compelling narratives that play on our bias and divert our attention from the substance of the trade and the credibility of the narratives being peddled.” wrote Baldev Bhinder, Managing Director of law firm BlackStone & Gold in a recent op-ed.
“The solution is not in stopping trade finance but by creating enough checks and balances that address the fallibility of the human psyche as much as the robustness of the trades.”
Read Bottomline’s Business Payments Barometer report here.