What daylight robbery can teach you about preventing financial crime.
New or old, financial crime makes for a great story: the often-lurid details of the crimes and their motivation, and the dollar figures involved tell a dramatic tale, often appealing to production studios at Netflix and Amazon. Such was the case in the United Kingdom back in April, when a G4S armored van transporting cash remained parked on a quiet street in south-west London for eight hours, before anyone realized around a million pounds -- and for that matter, the van’s driver -- had gone missing.
He didn’t get far. The ‘Flying Squad’, a well-historied Metropolitan Police unit specializing in high-profile thefts, were quickly onto his location and recovered the money. Still, the heist piqued the public interest for a few reasons: its brazenness in broad daylight; that it was an inside job; and also that initial awareness of the problem seems to have taken so long to develop. A more sophisticated plan and perpetrator might have netted a far different outcome -- and a million pounds lost could represent a significant, and very public blunder. Thankfully, that crisis was averted.
The Heists Hiding in Plain View
Within this story, there are a number of trends that can inform us about preventing financial crime and loss at an institutional level.
The reality is, is that the velocity and variety of potential frauds are up. There is a lot of noise around sophisticated fraud schemes that take advantage of digital payments networks, and around what to do about them. They are becoming more brazen in their delivery, though like the G4S heist, frequently clumsy in execution, and range widely in their sophistication and intent. For those reasons, they can be easily overlooked - or mistaken. Likewise, these gambits often take advantage of vulnerabilities within, from an innocent-looking phishing email all the way up to “rogue traders” who have famously initiated these nefarious schemes themselves. And of course, many of these crimes, whether simple or systematic, take months or even years to definitively uncover and address, as the art of the con continues to evolve. Even the Flying Squad have accepted this technology lag, and turned to old-school ways to address it.
What strikes us at Gresham is the seeming banality of it all, and the reminder that many financial firms are coping with “heists” the size of the G4S robbery on their ledgers every day, hiding in plain view about as anonymously as that van sitting calmly in Clapham. Certainly, the payments and trade reconciliation spaces where we work have certainly seen their share of recent events, whether involving nefarious intent, processing errors and poor oversight of transactions, or all of the above. Some, like the global fraud that nearly collapsed an African central bank last year, make the news. But we hear less about them, as they mostly stay tucked away within the envelope of operational risk, to ultimately be resolved quietly (and slowly).
Perhaps, like the Flying Squad, what is needed is a change in mindset and, in particular, smarter intelligence about the ecosystem at hand. Of course, this must involve faster and more sophisticated assessment of transaction activities as enabled by analytics engines, AI and other tools. But it also demands more intentional design of the data infrastructure and core processing that lies beneath, providing control at a foundational level, and ensuring informational accuracy and timeliness before further analysis is even introduced.
Functions related to financial crime, like cybersecurity, anti-money laundering (AML) programs, and trade surveillance, have seen their profile climb in recent years, and the consequences prove why: reputational damage and tanking stock price, increasing pressure from legal authorities, and of course, the possibility of unrecoverable losses. While addressing these requires different strategies, skills, and technology than traditional operational risks, the root of the problem remains conceptually the same: establishing effective control within compliance, investigatory and deterrence processes, and beforehand, establishing effective control around data.
Before pursuing the van driver, G4S and police authorities had to take a step back. They needed to confirm there had even been a heist -- and to do that, they needed the particulars about that day’s delivery to begin with: the route and location, the timing, the amount of cash, the driver and vehicle’s identification. Financial firms likewise need to be able to spot the problem, connect the dots and identify the cause in order to act quickly and effectively.
Today, financial crime is more newsworthy than ever, but to fight it, process and control is where attention should be placed. Whilst not as headline grabbing, it means that the situation never hits the front pages or escalates to the level that gets Hollywood attention. To get there it requires having something better than an armoured car -- the right data, and data control provider -- to rely upon first.