Payment fraudsters can cut into U.K. bank compliance
New banking rules in the U.K. are on the way, and have major ramifications for payment routing and source codes for transactions, as well as create a short-term fraud risk.
To prevent a repeat of the 2008 financial crisis, U.K. regulators have made the bold move of reforming the structure of the country’s banking system. The bank ring-fencing initiative requires the retail and riskier investment banking arms of banks be split into separate legal entities. The objective is to achieve greater resilience and financial stability, should investment banking arms incur significant losses.
With the Jan. 1, 2019, deadline just around the corner, we are already seeing banks trawl through decades worth of infrastructure to make the necessary changes to their systems. Such a major restructure will have an impact on corporates.
It is important to be aware that the ring-fencing rules are not completely rigid and offer some degree of choice to each bank.
This flexibility increases complexity, especially for corporates that are multibanked, as each bank adopts a slightly different structure.
In some cases, these structural changes may result in the need of new sort codes. This means that corporates will need up-to-date validation and verification capabilities for accurate payment routing, to ensure payments are rerouted correctly to new sort codes. Another important implication to consider is the temporary increase in operational risk and potential for fraud.
During this time of change, corporates need to be extra vigilant against the risk of fraud. When some banks are contacting customers about changes to their sort codes, fraudsters could use the opportunity to claim they are from the bank and mislead a customer to reveal electronic banking credentials, or even encourage them to make a payment to a fraudulent bank account.
Earlier this year, we surveyed U.K. financial decision makers, which found that bank account validation (62%) and verification (59%) are the most popular measures to tackle the threat. The same report found that only one in four organizations checked against a blacklist or used an electronic invoice portal to reduce manual processes and cut the risk of fraudulent paper invoices.
It is worrying that a large proportion still doesn’t have these basic measures in place. New technologies and services, such as advanced encryption, multifactor authentication and password managers, and arming employees with the right education, should also be considered to ensure the right controls are in place.
The ring-fencing initiative is also a timely reminder for corporates of the importance of having clear visibility of up-to-date balances and transactions on all their accounts. Similarly, it is important for businesses and banks to be able to monitor their employees’ activity relating to bank accounts and to check all their transactions for any abnormal or suspicious activity.
As with any major infrastructure project, there is some potential for disruption to everyday activities as new group structures are established and new ways of operating are introduced.
Corporates need to be prepared for disruption by ensuring contingency plans are in place in the event of a bank’s systems malfunctioning, while security professionals need to ensure the right measures are in place to prevent potential fraud.