Home
Resources
CUBE RegNews: 2...

CUBE RegNews: 26th October

A selected summary of key developments for regulated financial institutions

Greg Kilminster

Greg Kilminster

Head of Product - Content
Copy link Copy linkCopy to clipboard
Share on X Share on Facebook Share on Linkedin

Posted: 2023-10-26

UK Finance half year fraud update 


UK Finance, the trade body representing the UK’s banking and finance industry, has released its half year fraud report. 


The latest figures released highlight that fraud fell in the first six months of 2023 with a total of £580 million being stolen by criminals. This is a decrease of two per cent compared with the same period in 2022. 


Authorised Push Payment (APP) fraud in which the victim makes the payment themselves has fallen by one per cent, but is 27% higher than the total reported for the same period in 2020. 77 per cent of all APP scams during 2023 originated on an online platform of some description. 


Investment scams, where people are persuaded to transfer or ‘invest’ often substantial sums of money with tales of fictitious dividend payments or high returns, account for nearly a quarter of all APP losses reported; the largest proportion of all APP scam types. 


The report outlines numerous industry responses to the ongoing challenge of fraud, including the following. 


1. Legislative engagement: Collaborating with government and parliament to support legislation related to fraud, including the Online Safety Bill, Financial Services and Markets Act, and Economic Crime and Corporate Transparency Bill. 


2. Economic Crime Plan: Working with the government on the Economic Crime Plan to cut fraud against individuals and businesses. 


3. Fraud strategy support: Assisting the government in the development of the new Fraud Strategy, participating in consultations on issues like cold calling and the Computer Misuse Act. 


4. Online Fraud Group: Co-chairing the Online Fraud Group, a public-private initiative to disrupt criminal activities through collective action. 


5. Intelligence sharing: Sharing intelligence on emerging threats with law enforcement, government departments, and regulators via the National Economic Crime Centre. 


6. Dedicated Card and Payment Crime Unit (DCPCU): Securing funding to enable DCPCU to tackle emerging cryptocurrency cyber threats, resulting in substantial industry savings. 


7. Data breach intelligence: Sharing intelligence on data breaches, compromised card details, and emerging threats across the banking and finance industry. 


8. Scam attack mitigation: Collaborating across industries to share data and intelligence that mitigates live scam attacks, including impersonation calls and SMS. 


9. Crackdown on number spoofing: Working with Ofcom to combat number spoofing, preventing criminals from spoofing trusted organisations’ phone numbers. 


10. Block Scam text messages: Collaborating with text message providers and law enforcement to block unauthorised sender IDs used for scam text messages. 


11. Employee training and banking protocol: Training employees to identify and stop suspicious transactions, using the Banking Protocol to prevent fraud and make arrests. 


12. Customer education campaigns: Conducting customer education campaigns, including “Take Five to Stop Fraud” and “Don’t Be Fooled,” to raise awareness and provide consistent fraud prevention advice. 


13. Education in schools: Implementing education and awareness programs in schools to deter students from becoming money mules. 


14. Customer research: Conducting continual analysis and consumer research to develop effective warnings against fraud and encourage preventive actions. 


15. Innovative tools: Collaborating with vendors and payment schemes to develop innovative tools to identify fraud risk and track funds. 


16. Real-time data sharing: Working on secure data sharing solutions to freeze funds and repatriate them to the rightful owner in real time. 


17. Reimbursement Code: Creating the Contingent Reimbursement Model (CRM) Code for the reimbursement of victims of authorised push payment scams to ensure consistent consumer treatment. 


18. National Fraud Database: Establishing a National Fraud Database funded by the industry for real-time sharing of fraud risk data and intelligence. 

The initiatives represent a comprehensive and collaborative effort to combat fraud, protect the public, and maintain the financial integrity of the UK. 

Click here to read the full RegInsight on CUBE’s RegPlatform


MAS consultation on sharing responsibility for scams 


The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) today published a joint consultation paper proposing a Shared Responsibility Framework (SRF) for phishing scams.   


The consultation’s proposal sets out an SRF for sharing responsibility for scam losses amongst financial institutions (FIs), telecommunication operators (Telcos) and consumers, for unauthorised transactions arising from phishing scams. 


It covers scams including those with a digital nexus – whereby the victim clicks on a fake link but excludes any scams whereby the victim has authorised payments, for example investment scams or romance scams. The consultation notes: “Such scams will require a different approach, as the victim intended to make the funds transfer but has been deceived as to the underlying premise for the payment. Such scams also do not fundamentally affect confidence in digital payments or digital banking, as they can equally happen in the non-digital world.” 


Interestingly, the proposed SRF also excludes scams where a consumer was deceived into giving away his credentials to the scammer directly via text messages, and non-digital means such as phone calls or face-to-face. The consultation notes “This takes into account years of public education to sensitise consumers to the fact that they should never reveal their credentials or OTP directly to anyone under any circumstances.” In other words, let the buyer beware. 


The consultation closes on 20 December 2023. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform


Grewal speech on proactive compliance 


In a speech to the New York City Bar Association Compliance Institute Gurbir S Grewal, Director of the Division of Enforcement at the Securities and Exchange Commission (SEC) spoke about the critical importance of fostering a culture of proactive compliance to enhance public trust and confidence in financial institutions and markets. Grewal emphasised the roles of compliance professionals, consultants, attorneys, and other stakeholders in creating this culture through education, engagement, and execution. 


Grewal began his speech by acknowledging the decline in public trust in institutions, including the financial sector, and highlighted its adverse effects on investor confidence and the efficient operation of markets. 


Grewal went on to emphasise that compliance professionals serve as the first line of defense against misconduct. Their role in creating a culture of proactive compliance is crucial. This culture consists of three key elements: education, engagement, and execution. 


Education: 


  • Understanding the law: Compliance professionals should continuously educate themselves about relevant laws and emerging risk areas, staying informed about regulatory changes and enforcement priorities. They must monitor actions and rules by regulatory bodies like the SEC and assess their impact on their organisations. 
  • The Whistleblower Program: Grewal cited the SEC’s Whistleblower Program as an example of a new policy, highlighting the importance of understanding and adhering to regulations such as the Dodd-Frank whistleblower protection rule Rule 21F-17. Compliance professionals should ensure that their employment agreements and policies align with these rules and protect whistleblowers. 


Engagement: 


  • Internal engagement: Compliance professionals should engage with personnel across different business units within their organisations. Understanding their activities, strategies, risks, and financial incentives is crucial for effective compliance. Proactive internal engagement helps in the design and adoption of meaningful policies and procedures. 
  • Continuous effort: Engagement should be an ongoing effort because businesses evolve, risk areas change, and enforcement priorities shift. Compliance professionals must adapt and stay informed. 


Execution: 

  • Implementation of policies: Simply having policies is not enough; they must be effectively implemented. Grewal pointed to examples where firms had policies in place but failed in their implementation, resulting in significant penalties. He cited the failures to maintain and preserve electronic communications as a good example of this where, despite 40 firms having policies and procedures in place, there was failure in implementing them resulting in fines totalling $1.5 billion. Compliance professionals should ensure policies are followed through leadership, training, and oversight. 
  • Cooperation and reporting: In cases of securities law violations, self-reporting and cooperation can lead to substantially reduced penalties. Compliance professionals should actively encourage cooperation and facilitate investigations. 


Charges against compliance officers: 

Grewal clarified that enforcement actions against compliance officers are rare and typically involve: 

  • Affirmative misconduct: When compliance officers engage in misconduct unrelated to their compliance responsibilities, they are held accountable like anyone else. 
  • Misleading regulators: Cases where compliance officers obstruct or mislead regulators, which undermines the SEC’s oversight ability. 
  • Wholesale failure: Instances where compliance officers fail to fulfill their obligations and conduct basic inquiry and analysis. 


In concluding, Grewal’s reassuringly noted that “we have no interest in pursuing enforcement actions against compliance personnel who undertake their responsibilities in good faith and based on reasonable inquiry and analysis.”   


Summing up, his speech highlighted the importance of creating a culture of proactive compliance to enhance public trust in financial institutions. Compliance professionals are instrumental in this endeavour, and they must focus on education, engagement, and execution to ensure effective compliance. Charges against compliance officers are rare and typically result from deliberate misconduct. The speech serves as a valuable guide for professionals working in the compliance and risk management field. 


Click here to read the full RegInsight on CUBE’s RegPlatform