Report: State of Fraud & AML in 2022
Executive Summary: What You’ll Learn
In 2022, the future of finance is increasingly digital. No doubt spurred on by social distancing during the COVID-19 pandemic, more people are managing their finances remotely from their computers or smartphones.
But this preference for convenience comes with increased risks. As online financial services offer near-instant access to money management, this immediacy opens up new angles for committing fraud and money laundering.
For risk and compliance professionals, it’s extremely important to stay up-to-date with the changing regulations and be able to recognize and prevent new fraud schemes.
Of the 230+ risk and compliance professionals we surveyed:
of professionals said transaction monitoring and case management software was essential for any successful risk and compliance program.
of professionals said that identifying new fraud schemes and updating their tech stack accordingly was their biggest challenge.
admitted their fraud and AML team gets less than 15 hours of engineering support each week.
But that’s just the tip of the iceberg – read on for an in-depth analysis of what fraud and AML professionals care about most – and how they are solving key problems.
The purpose of this report is to share how risk and compliance professionals truly feel about the fight against fraud and money laundering and how they see the industry –and their approach – changing in the near future.
To do this, we’ve asked fraud and AML professionals a series of questions to better understand what pain points they want to alleviate, the top processes they want to improve, and how they use risk and compliance solutions most effectively.
By the end of this report, you’ll learn:
How professionals are tackling fraud and money laundering.
Current fraud and AML solution shortcomings.
What you need to build a successful risk and compliance program.
Key challenges of fighting fraud and money laundering.
What the future of fraud and AML looks like.
How We Conducted the Survey: Methodology and More
231 risk and compliance professionals participated, offering feedback on the challenges their organizations face, the solutions they are currently using, and what they require most to perform their job effectively.
With diverse roles - officers, analysts, managers, and directors - we get a clear picture of how different fraud and AML professionals see the problems. With this group, we can get feedback from professionals directly involved in dealing with (and finding solutions to) the problems we’re discussing.
We collected sources from leading financial technology newsletters that risk and compliance professionals are actively reading.
This let us draw from a wide and diverse network of professionals while limiting the bias in our results. The result is a comprehensive understanding of how today's risk and compliance professionals tackle fraud and anti-money laundering (AML).
The publications we utilized:
Work Week’s WTFintech?:
Content creator and former Fintech reporter Nicole Casperson provides industry news, analysis, and insights every Tuesday and Thursday. This newsletter has a particular focus on women in Fintech.
Work Week’s Fintech Takes:
Fintech industry analyst Alex Johnson breaks down the latest fintech trends, including product launches, fundings, partnerships, acquisitions, and cryptocurrency news. A newsletter with over 7000 subscribers that runs Mondays and Thursdays.
Fintech Business Weekly:
This weekly newsletter on banking, cryptocurrency, and Fintech is presented by Jason Mikula. A veteran in the financial sector, Jason has worked for startups like LendUp and Enova, as well as traditional finance companies like Goldman Sachs.
This Week in Fintech:
Nik Milanović and his team present this weekly digest of financial technology news and analysis that they dub “the front page of global Fintech”. It has editions covering worldwide audiences in Europe, Latin America, Asia, and Africa.
Current Fraud and AML Software Infrastructure
To understand the current infrastructure risk and compliance teams are using for their fraud and AML programs, we asked professionals what tools they currently use.
What Professionals Currently Use for Their Fraud and AML Systems
Top 5 Third-Party Risk & Compliance Solutions
Astonishingly, the majority (51% to be exact) of risk and compliance professionals said their organization uses a risk and compliance system that was built in-house.
While this may seem like a great option on the surface, there are cracks in the foundation. Many companies deploy their engineering teams to build tailored solutions for fraud and AML, but due to the inflexibility of these systems, they are challenging to update and manage, leading to blind spots when it comes to detecting new fraud schemes.
Over a quarter (25.63%) of respondents said their company relies on fraud systems from banks, credit card companies, and other payment processors. While these financial service organizations are regulated by the banking industry, they aren’t actually fraud and AML companies. Therefore, they aren’t as adept at identifying the most current fraud schemes and updating their tech stack to combat new threats.
These systems also err on the side of caution, resulting in more false positives than finely tuned fraud and AML systems. This costs risk and compliance organizations time and money because teams are busy handling alert backlogs instead of addressing true positives promptly. They also run the risk of turning away legitimate business.
This led to a key takeaway: professionals agree that their risk and compliance infrastructure needs a solution that can be rapidly modified to combat new fraud schemes while staying compliant.
Look for a solution that automatically updates as per the most recent regulatory regulations, so you’re always compliant with AML requirements. Rule-based solutions that follow fraud prevention best practices allow you to set up a customized infrastructure that reduces false positives, resulting in more transactions being processed, more value being delivered to your customers, and earning you more revenue.
How Risk and Compliance Professionals Are Utilizing Their Current Solutions
We wanted to understand what is essential to risk and compliance management professionals, including how they go about identifying risk and the capabilities that have helped these professionals build their risk and compliance programs effectively.
Building an Effective Risk and Compliance Program
Nearly 60% of professionals believe that reliable transaction monitoring and case management software is the most critical piece of their organization’s risk management and compliance system. For these solutions to work effectively, they need to be able to rapidly adapt to new threats and regulations.
But for a solution built in-house, this can mean substantial engineering resources.
To succeed, you need a comprehensive framework for assessing risk. This includes staying up to date on regulations, having the knowledge and ability to modify the tools as new fraud schemes arise, and the tools to get the signal from the noise so you can reduce false positives.
To do this effectively, you need a fraud and AML system that does it all (rather than stitching a few different solutions together). Ensure your tool addresses regulatory compliance, user onboarding, suspicious activity reporting, risk management, and fraud detection – all under one roof. The best way to address (and stop) threats is to use all the tools at your disposal to combat risk.
Perfecting fraud prevention efforts isn't just about following best practices, but also avoiding bad fraud practices and knowing what you shouldn't do.
Combined, 60% of professionals thought education and training on regulatory standards and managing risk and compliance tools was essential to building an effective compliance program.
Without the proper training on your solutions and regulatory best practices, your team will struggle to keep up with regulations and fraud. More importantly, they’ll fail to do so in an efficient, effective manner.
Fraud and AML software that performs all the tasks you need is extremely difficult to find, implement, and maintain. They require constant modification and significant engineering resources. It’s a key piece missing for most companies when it comes to achieving an effective Risk & Compliance program.
What you’re currently missing and how to keep up with the evolution of fraud.
Understand how risk and compliance professionals view the evolution of their platforms, what is missing from their current fraud and AML software, and what would cause them to change solutions in the next 12 months.
Fraud and AML Solution Problems
Having a system that is easy to update and alleviates the workload - and pressure - from your engineering team will help you keep your tech stack updated and compliant. Rather than tie up your engineering team on fraud and AML updates, you can divert those resources to focus on improving your core product and services.
To keep up with a rapidly evolving industry, we asked professionals what their priorities would be when looking for a new solution – highlighting what they're looking for currently.
Priorities When Purchasing Fraud + AML Software
The top priority – and rightly so – for risk and compliance professionals was security and reliability. It’s essential that your fraud and AML solution actually performs the main task of keeping your users (and platform) safe and that it performs this job reliably and efficiently.
The next two priorities – which closely trailed the #1 spot – were (1) ease of implementation and long-term management and (2) the ability for the solution to scale and support operational efficiency as the company grows. In both cases, professionals seek a solution that is not only easy to adopt and maintain, but that is also scalable alongside company growth.
To succeed, you’ll need to keep up with the rapidly changing fraud landscape, staying abreast of changes and implementing updates to ensure you’re still protected against fraud and money laundering.
How will you use a fraud and AML solution at your organization?
To truly understand what fraud and AML professionals need most, we asked about the top use cases that mattered to them when using a fraud and AML solution.
Top Use Cases for Fraud and AML Software
The majority of professionals (51%) emphasized the importance of having robust transaction monitoring capabilities to screen for malicious behavior and case management for automated filing and reporting. This is no surprise, as failing to file at all (or on time) can result in hefty fines and penalties.
Professionals also emphasized the importance of having streamlined user onboarding that follows all KYC / KYB requirements to ensure users are who they say they are. Offering users a frictionless onboarding experience while meeting all security and customer due diligence checks to follow KYC and AML best practices is the best course of action.
Look for a solution that offers data monitoring, utilizing fine-tuned historical performance of high-quality rules, minimizes false positives, and scales fraud detection efforts. Combine that with customizable scoring and predictive alert settings to really hone in on suspicious activity. All of this means faster, more effective investigations, with the mundane tasks of filing and reporting being largely automated.
A full-service solution solves your problems by offering a reliable and flexible fraud and AML platform that’s updated automatically. That frees up your company’s engineers to focus on what they do best!
What Are the Main Challenges Organizations Experience with Fraud and Money Laundering?
Fraud can be a very real – and challenging – threat. To really understand what problems risk and compliance teams face, we asked what the biggest pain points risk management professionals experience when it comes to fraud.
Common Fraud Pain Points for Risk Management Professionals
Identifying new fraud schemes, with 31% of professionals saying it was most important to them.
Getting engineering resources to make changes, with 29% of professionals saying it was most important to them.
Decreasing false positives, with 27% of professionals saying it was most important to them
Modifying the current tech stack to catch new fraud schemes, with 24% of professionals saying it was most important to them.
As you can see, staying on top of new fraud schemes and making the proper changes to your risk and compliance tech stack is extremely important to fraud and AML professionals.
The problem they face is fast-evolving fraud schemes (with new ones popping up all the time), a lack of engineering resources to devote to risk and compliance operations, and challenges updating the tech stack to integrate with what’s currently running. The fact is, criminals are almost always two steps ahead, leaving fraud and AML programs playing catch up.
When you combine this with the fact that most risk and compliance teams are using solutions built in-house, where they aren’t able to rapidly modify, update, or detect fraud – it’s no wonder they struggle.
This quickly creates a cycle where you’re falling behind on the latest schemes or struggling to divert resources to the updates you desperately need. Over time, this can be a very challenging hole to get out of.
The solution is a system flexible and adaptable enough that detection and regulatory rules can easily be changed to meet new forms of fraud and AML regulations. With automatic updates, you’re always compliant and ready for potential threats.
Building an Effective Fraud and AML Program in 2022
Now that we’ve explored exactly what risk and compliance professionals are struggling with, we can dive into what matters most when building an effective fraud and AML program.
of companies don’t get adequate engineering time dedicated to maintaining their fraud and AML solutions
of AML compliance professionals say minimizing false positives over the next year is a high or top priority for their company
of risk management professionals list it as a leading factor in building a compliant fraud and AML system
of companies file 10 or more SARs per month, and 64% take over an hour to finish each one
Organizations Lack Engineering Support Required to Make Changes and Tackle Fraud
One of the biggest challenges for risk management teams, besides keeping their fraud and AML software solution up-to-date with the latest fraud schemes, is securing the necessary engineering resources to apply those rules to their tech stack.
Companies with Internal Engineering Support for Risk and Compliance
Most professionals stated that their risk and compliance operations required internal engineering support. Keep in mind, however, 51% said they use in-house fraud and AML software, showing that many of these companies rely on solutions that are also absorbing some of their engineering team's time and energy – which is taking away from other efforts (like improving their core product offerings).
Even more startling is the lack of support time risk and compliance teams are getting from their engineering teams.
Hours of Engineering Support Dedicated to Risk and Compliance Teams
Given the difficulty of identifying new fraud schemes, staying apprised of all pertinent AML regulations, and updating the tech stack to stay compliant and combat threats, the 15 hours or less most companies are getting just isn’t enough time.
Engineering teams have a lot more to do than simply manage risk and compliance functions; they need to develop the core product and delight users with intuitive user interfaces. Updates for compliance eat into time that could be better spent focused on revenue-driving activities like building out core features and investing in customer experience.
The best fraud and AML solutions have dedicated teams working on them to keep them up-to-date – so the companies that use them don’t have to.
Fraudsters have become more sophisticated, developing new methods that are difficult to detect using traditional fraud detection efforts. To best protect against fraud, you need a solution that is easy to modify, test, and update without requiring engineering effort.
Reducing False Positive Rates Remains Top-of-Mind
Risk and compliance professionals have spoken loud and clear - false positives are a serious problem and it’s a key priority to address in the next 12 months of operations.
It’s no surprise false positives remain top of mind for risk and compliance professionals, as they are a window of opportunity for advanced and fast-evolving adversarial techniques leading to substantial financial and reputation damage. The real kicker here is that unlike loss prevention, with false positives, you’re actually the one causing the losses due to a rigid rule-based system that is inadequate or overactive.
You don’t just lose out on money from failing to validate legitimate sales, but you also lose customers’ loyalty and trust with your platform. Eventually, word of mouth will make it just as difficult to attract new customers as it does to retain existing ones.
All of this contributes to the overall problem, that fraud has a large impact on revenue. Dealing with false positives costs your team valuable time actually detecting and preventing fraud, as well as updating your system to be ready for the most current threats. In many cases, attempts at optimizing rules can actually lead to more fraud passing through your platform if the rules haven't been carefully tested before deployment.
Thus, organizations need an effective fraud mitigation solution that's accurate and has intelligent decision-making ability, leading to lower false positives.
Reliable Transaction Monitoring & Case Management Software is #1 Factor to an Effective Program
To help risk and compliance professionals, we tried to understand what they see as leading factors for the success of their fraud and AML programs, and understand what they use fraud and AML solutions for most.
There were two things that stood out – transaction monitoring and case management.
Risk and compliance professionals agree, transaction monitoring and case management are the most important features for building an effective risk and compliance program. In fact, 60% of professionals said this was the case, nearly 20% higher than any other factor. However, the majority of professionals are relying on built in-house solutions that are very difficult to update and don’t detect new fraud schemes effectively.
More than half of respondents also felt that transaction monitoring or case management were the most important use cases to solve when using a fraud and AML solution.
To really understand what matters to risk and compliance management professionals, you have to know how they use the tools they have for different applications.
What are organizations solving with transaction monitoring?
Most important was meeting compliance requirements, which - as we’ve discussed - is extremely challenging when regulations are constantly changing. Without enough engineering support, which many companies lack, you’ll struggle to keep your platform compliant - even if you’re aware of the regulations.
The next two on the list are loss prevention and improving false-positive rates (taking up a combined 45% of responses). Really, these are two sides to the same coin; increasing overall revenue by reducing losses related to AML compliance and fraud. The solution is having a finely-tuned rule-based system that allows you to ensure you reduce losses - and limit your false positives while doing it!
Finally, professionals use transaction monitoring tools to reduce manual work on analysts. By having a system in place to monitor transactions in real-time and provide suspicious activity reports, your team can spend more time investigating cases and ensuring the overall fraud and AML system is functioning smoothly.
What are organizations solving with case management?
To deliver the best case management software, we need to truly understand how fraud and AML professionals use these systems, and what matters most to them.
Priorities When Purchasing Fraud + AML Software
Overwhelmingly, they are using it to automate tasks and reduce manual work related to case analysis, alert resolution, and report filing. Risk and compliance teams are looking to be more efficient with their resources by leveraging reliable software to scale up these teams – remember, reliable software was the #1 factor in a successful fraud and AML program.
This allows organizations to divert more resources to building out their core product, improving the user interface (and experience), and making product improvements. With a robust case management solution that automates and streamlines processes and workflows, you’ll be able to put risk and compliance operations virtually on autopilot.
When choosing a solution, make sure it has reliable transaction monitoring and case management capabilities that can ingest your data. Look for a tool that has a robust, rule-based engine that follows AML transaction monitoring best practices, so you can fully customize your alerts and scoring, and optimize your system to reduce false positives along the way.
Fraud and AML Professionals Spend Far Too Much Time on Case Management
Risk management and compliance professionals showed a clear interest in case management capabilities as part of their fraud and AML software. While SAR filing didn’t get as much interest, it’s clear that case management and SAR filing are eating up too much time for risk and compliance professionals.
How Much Time R&C Professionals Spend on Each Case
of professionals spend more than 1 hour on each case.
of professionals spend more than 4 hours on each case.
How Many SARs R&C Teams File Per Month
of organizations file more than 10 SARs per month.
of organizations file more than 100 SARs per month.
AML case management and reporting take up time that could be better utilized elsewhere.
While 1 hour per case may seem reasonable if you’re filing 10 or fewer SARs each month, as we scale up to 50 or 100+, we can see this adding a significant amount of time to your AML team’s workload. Then double the time from 1 hour to 2 hours (as 30% of professionals spend more than 2 hours per case), and you have a real problem on your hands.
It gets worse – if you’re in the 10% that spend more than 4 hours per case, you’re talking about significant time investment in simple, repetitive tasks.
Time Spent Filing SARs (Based on hours/SAR and number of SARs)
While you can’t exactly fully erase this time with automated software – you’ll still need to investigate cases, flag priorities, and manage alerts - you’ll save a lot of time (and a small fortune) automating these tasks.
With such high fines and penalties for missed - or even late - SAR filings, it’s extremely important to have a system in place that lets you process SARs in a timely, effective manner.
You need to find a solution that decreases case management overhead and speeds up case resolution and filing times, without requiring manual steps. Look for a solution that automates SAR filing to FinCEN and goAML reporting for 56+ countries, so you can focus on investigation and delivering value to your customers.
COVID-19’s Impact on Fraud and AML Cases
There is no doubt that COVID-19 has had an impact on how consumers prefer to do business, with them championing accessibility, convenience, and ease of use. The pandemic undoubtedly shifted people’s preferences for attaining services online – and the financial services industry is no exception.
Let’s look at what risk and compliance professionals expect from fraud and AML cases in the next 12 months:
Professionals’ Predictions for Fraud Cases in the Next Year
The majority of risk and compliance professionals believe that fraud and AML cases are going to be on the rise in the next year, increasing in frequency post-pandemic. As Fintechs are exposed to this increase in fraud and money laundering attempts, it will be important to stay vigilant and be prepared to rapidly adapt to increases in - and changes to - fraud.
What is Most Important for Fraud and AML in the Next Year?
We asked risk and compliance professionals to predict the future of fraud based on their top objectives for the next year:
Meeting all necessary compliance requirements
Reducing the impact of fraud on revenue
Onboard more users securely
Reduce false positives for more accuracy
The ability to rapidly update rules and regulations
Predictability of alerts
Streamline case creation and SAR filing
As you can see, a few trends stand out – showing us what truly matters to risk and compliance professionals.
First, a combined 80% of professionals said that meeting compliance requirements and rapidly updating rules in response to new regulations were the most important things to work on in the next year.
With so many relying on built in-house solutions or random combinations of third-party solutions forced together to meet their needs, it’s no wonder fraud and AML teams are struggling to keep pace with changing regulations – including pushing relevant changes to their tech stack.
Second, 65% of professionals said reducing the impact of fraud on revenue and reducing false positives was most important in the coming 12 months.
This is a challenging balance to strike with risk and compliance solutions, as you’re constantly balancing defending against fraud losses by implementing rigid systems of protection and finely tuning your predictive scoring and alerts to bring down your false positives rates.
Third, and lastly, 35% of professionals said that securely onboarding new users was their most important objective in the coming year.
The fact is, performing adequate due diligence - including identity verification and proper KYC checks - at the time of onboarding is a great way to limit the amount of fraudulent accounts on your platform, in turn cutting down on the fraud being attempted as well! But you have to balance these checks with a fast, frictionless onboarding experience users love, or they won’t finish the process.
Having the right fraud and AML solution is critical for this, as it can drastically reduce the time and effort it takes to onboard new clients through automation. At the same time, a system should be thorough enough to adequately screen new users when they are brought on, so there is a lower risk of users actually committing fraud.
Conclusion: In-House Solutions Fail to Keep Pace with the Continued Evolution of Fraud
Ultimately, fraud and AML professionals want to be able to discover new, rapidly evolving fraud schemes, update their tech stack to handle compliance regulations and fraud attempts, and modify systems with accuracy to drive down false positives. They need reliable, scalable case management and transaction monitoring systems that help organizations combat fraud and money laundering.
Below, we cover the top three takeaways from risk and compliance professionals.
1. Solutions built in-house dominate the market, but don’t meet demands.
The majority of risk and compliance companies are using in-house solutions they built themselves; this method requires a significant investment in engineering resources, which is often unattainable. Even if it’s possible, it means diverting engineering resources to risk and compliance operations, costing your core platform from reaching its full potential.
And most organizations made it clear they don’t have the engineering resources to support this, with nearly 60% of businesses having only 15 hours or less to devote to risk and compliance.
Managing risk and compliance software in-house – and following all regulatory requirements and applying necessary compliance updates to your system – is a massive undertaking. The fact is, most financial service organizations aren’t ready to take this on (or effectively manage it) themselves.
Unlike static in-house solutions, fraud and AML solutions stay abreast of the most current fraud schemes and AML regulatory requirements. Ensuring you’re always compliant and combating the most immediate threats. Even better, these solutions have the engineering resources to keep the tech stack updated accordingly!
2. Transaction monitoring and case management are top priorities for organizations
No matter what we asked, risk and compliance professionals made it abundantly clear that they care deeply about transaction monitoring and case management when it comes to fraud and AML software.
Transaction monitoring and case management remained top priorities for risk and compliance professionals when building an effective risk management program and when choosing a fraud and AML software. When you consider that staying compliant was so important to businesses, it’s no surprise these solutions are so important to risk management teams, as they automate filing tasks and simplify investigation processes.
When thinking about transaction monitoring, look for a complete data monitoring solution that integrates a variety of data sources to accurately detect suspicious activity. Ensure the solution supports automated SAR e-filing to FinCEn and AML reporting to goAML, saving your team valuable time.
3. Increase revenue by tackling something under your control: reducing false positive rates
When it comes down to it, your company needs to make money; increasing your revenue will therefore always be a priority. False positives in fraud and money laundering cases stunt your revenue by not allowing valid transactions to clear when they should.
The best way to reduce false positive rates is to use a fraud and AML solution that is highly customizable. This allows you to define the parameters so that you optimize the fraud and AML tool to protect your platform, while keeping false positives extremely low. By creating, testing, and updating rules quickly and consistently, you can drive down false positive rates and let revenue flow as expected.
Use full-scale data monitoring to fully understand behavior for different user activities. Customize alerts for the most accurate detection, increased productivity, and improved efficiency.