Mission-critical data and consumer-specific information often are the target for savvy thieves who prey on the financial services industry. Further, as consumers, employees and external business partners demand -- and are given -- greater access to sensitive data, banks are more susceptible than ever to internal security breaches.
Clearly, fraud is a costly fact of doing business. Approximately 3 million adults said they were victims of ATM or debit card abuse in 2005, according to a survey by Stamford, Conn.-based Gartner that focused on the global IT industry. These incidents resulted in $2.75 billion in losses, with an average loss of more than $900 per incident, Gartner reports. Another 1.9 million online financial services users were victims of illegal checking account transfers, the study adds. These hijacked accounts resulted in nearly $3.5 billion in losses -- an average of roughly $1,800 per incident. Banks absorbed most of these losses, Gartner points out.
Operational Risks are being tracked and counted. More processes are in place to try and get a grasp of the data and the trends to create new procedures. Transfer of risk is creating even more issues. Is any of this working as quickly or effectively as management would like?
If fraud is at the heart of operational risk, then human behavior is no doubt at the center of fraud. To understand how to minimize fraud, you must have a more substantial grasp on the human motives for fraud. And to better understand those human behaviors, a risk manager must know the clues and cues for detecting what people are exploiting the organization with deception and new tactics for achieving their goals across business boundaries. The USA Patriot Act is one tool that has targeted the center of this human behavior.
"These and other regulations are forcing companies to look at all customer activity, even across silos," says Rosenoer. That is where the CRO comes in. "The role of the CRO -- or chief risk officer -- is to ensure the bank is compliant across these regulations," he explains. "Further, the CRO bridges business continuity in the event of fraudulent events. Again, this is not just an online problem. CROs are evaluating money laundering rings, compromised internal systems or anything that is threatening the enterprise."