50% Banks Run Risk Assessment Yearly; Spike In Banking Frauds Post-Covid: Deloitte Report 

Despite an alarming rise in the number of banking frauds post-Covid in India, only 50 per cent the banks in India conduct fraud risk assessments and update the fraud risk register once in a year, finds a recent report, India Banking Fraud Survey Edition IV, by Deloitte, published in January 2022. The study included responses from banks and financial institutions like private, public, foreign, co-operative and regional rural banks in India.  

While only 50 per cent banks conduct risk assessment only once a year, 45 per cent do so once in two or three years. In a few cases, 5 per cent, risk assessment has not been conducted even once in five years.  

Top Banking Frauds  
Data theft and cybercrime are the two major factors driving the increase in the number of banking frauds in India, finds the study. More than 20 per cent of the banking frauds involved loans. Among the biggest concerns include identity thefts and mobile banking/net banking fraud.  
“Banks were facing a three-pronged ‘attack’ in combatting financial crime: Growth in digital transactions, continually evolving regulatory guidelines, and new fraud trends. While banks are yet to fully understand the implications and impact of the current environment on fraud-related matters, there appears to be acceptance on part of the banks that the pandemic may possibly lead to a rise in frauds,” finds the report. 
 

Failure To Cope With Rising Frauds  
While on one hand, technology has eased the mode of banking for both customers and banks, on the other hand, it also poses a threat to banking and finance, states the report. Lockdowns and social distancing norms restricted the mobility of bank staff and customers, thereby increasing the reliance on digital channels and other forms of non-face-to-face banking services. In addition, with a significant number of bank staff working from home, banks had to provide their staff remote access to their organisation’s network and information. This forced banks to enact significant organisational and operational changes within a short timeframe to avoid service interruptions. While remote access was given to employees, banks failed to develop the mechanism to counter the vulnerability this led to, says the report. Various undiagnosed vulnerabilities further complicate the setup for the banks.  

Most of the vulnerabilities stay unreported unless routine account audit/reconciliation or process reviews are done. While 50 per cent of banks conduct reviews once a year, there could be growing concern regarding the security of the banking system.  
Even though a majority of the frauds can be detected through internal audits, there are several challenges in conducting such an audit. Technological limitations and lack of required skill sets are major challenges. More than 50 per cent of the banks don’t have the required technical teams and the infrastructure to conduct internal forensic audits, the report stated.  

Though technology is a threat, the study also suggests that it is also the way to counter fraud in banking. Banks can implement artificial intelligence (AI) and machine learning (ML) technology to enhance their financial risk management systems. 
“Banks need to take the time to measure the effectiveness, appropriateness and efficiency of existing controls against an updated risk assessment. A key challenge for banks managing their regulatory obligations is finding the balance between risk management and efficiency/effectiveness through innovation using AI and ML” suggests the report.