Consider this example:
She started her day in one of Hong Kong’s gleaming corporate towers, settling in at her job in the finance department of a multinational. Opening her email, there was a message from the company’s CFO based in London. They needed her to process a large payment, and quickly. Naturally, she was suspicious, but then an invitation to a conference call came through. She joined the call and on her screen was, as far as she could tell, the CFO along with other senior officers of the company. Her suspicions were allayed after the group video call: She went on to make 15 transfers totaling H.K. $200 million (U.S. $25.6 million) to five different Hong Kong bank accounts.
But it was all a fraud. The money was stolen.
Her initial concerns about the urgent email from the CFO were correct. These were scammers attempting an artificial intelligence (AI)-enabled heist. The fraudsters had stolen Hong Kong identity cards to open up the five bank accounts and apply for loans to make the accounts they’d later use to stash their loot appear legitimate. Then, with commercially available AI technology, they executed the fraud.
“Scammers found publicly available video and audio of the impersonation targets via YouTube, then used deepfake technology to emulate their voices…to lure the victim to follow their instructions,” says acting senior superintendent Baron Chan.
This latest AI-enabled scam is another reminder of the colossal nature of fraud affecting businesses around the world. According to Juniper Research, over $48 billion in e-commerce fraud was carried out in 2023, up $2 billion from the year before. A recent survey by KPMG also found that 67% of senior risk executives experienced fraud in the past 12 months and that 38% expected the risk of fraud to increase in the next year.
Fraud is not an isolated event. The criminal underworld carries out fraudulent activities to spot the weak links in the system and prepare the groundwork for bigger crimes. Just like the AI fraud in Hong Kong, those criminals were able to carry out their attacks because they could fraudulently open five bank accounts with stolen IDs and make them all appear legitimate. Those stolen funds then slither into the financial system with the money being laundered and lining the pockets of drug smugglers, people traffickers and terrorists.
But the threat of financial crime is not simply in the exponentially increasing rate at which fraudsters can target businesses thanks to AI, but because firms simply cannot afford to get into an arms race with criminals.
Uniting Forces: Breaking Down Silos in Fraud Prevention and Financial Crime
It only takes one weak link in the system, but many companies’ fraud prevention procedures are siloed from financial crime efforts. Financial institutions (FIs) in particular have historically kept their fraud prevention team and money laundering team separate, according to the article, “FRAML: An Integrated Approach To Financial Crime Risk Management.”
In Comply Advantage’s 2022 report, “The State of Financial Crime,” it reads that despite fraud being one of the top three predicate offences of concern for firms globally, in many companies, these teams tend to work separately.
Regulators have encouraged a collaborative approach. The Financial Crimes Enforcement Network (FinCEN) issued an advisory highlighting an expectation that FIs promote “communication and collaboration among internal anti-money laundering (AML), business, fraud prevention and cybersecurity units.”
Organizations’ greatest weakness — their size — can be turned into their greatest strength in the fight against financial crime. The good guys will always outnumber the band of criminals attempting to steal and launder and outsmarting them means understanding the game they are trying to play and beating them to it.
This is where company-wide training and communication can be a fundamental tipping point in the fight against fraud and financial crime. In the U.K., the Economic Crime and Corporate Transparency Act has made it a legal requirement for large businesses to implement training as part of their “reasonable procedures” to prevent fraud, just as they are expected to do to fight bribery and tax evasion.
Fraud awareness training is the fundamental difference that organizations can make to deepen their defenses. Training should start with helping staff understand the cost and scale of fraud. It costs billions, but that’s an abstract number. Think about examples of where fraud has cost you within your industry and organization. Training works best when it has practical, relevant examples, so use scenarios that your employees might face in their day-to-day work. When scenario-based learning is relevant, there can be a higher chance of staff retaining the learning.
Once staff are aware of the scale of fraud and the likely ways it could crop up in the organization and their job, training should then focus on what practical steps staff can and should take. If a single red flag is found, should they immediately call the police? Knowing what to do next is vital. Giving staff a series of steps to take can flag the issue higher up or alert others internally.
For the overall business, think about how fraud and financial crime teams can come closer together. When fraud and financial crime teams share their tools, they empower one another and can collaborate on challenging issues. Fraud teams may discover anomalous transactions that may need to be flagged for money laundering and vice versa.
Fraud can often lead to other crimes later on. Like in the Hong Kong case, criminals will test the waters by carrying out relatively low-level fraudulent activities such as opening a bank account or making a fake loan. Once those firms fall for their fraud, that’s when the criminals step up a gear and aim to carry out their daring and brazen attacks. Collaboration among internal teams can help bolster defenses, while dedicated anti-fraud training can arm everyone in the organization against the constant attacks of AI-enabled criminals.
Tips for Training Employees on Fraud Awareness
Training is one of the most important risk mitigation measures organizations can implement. With rapidly evolving threats to businesses worldwide, training plans should be flexible and agile to keep pace with rapid and mid-year deployment of new courses and modules.
Staff should be trained to understand the risks and benefits of AI now rather than next year. This is particularly true given the rapid increase in AI-based frauds.
Here are some best practices to follow when designing and delivering fraud awareness training:
- Include relevant and timely case studies of emerging threats such as AI-enabled fraud.
- Highlight related areas of financial crime that can impact your organization such as bribery and tax evasion.
- Explore how fraud can occur within your specific organization and ways of working.
- Differentiate between different types of fraud, including personal and corporate.
- Roll out role-specific training so everyone understands how they can fight fraud in their job.
- Test knowledge and understanding with regular knowledge checks, and frequently for higher-risk roles.
Financial crimes are escalating with the aid of AI, intensifying the urgency for action. That’s why it’s imperative for businesses to fortify their defenses. The recent AI-enabled fraud case in Hong Kong underscores the urgent need for heightened vigilance. With over $48 billion in e-commerce fraud recorded in 2023 alone, the stakes are higher than ever. To combat this epidemic, organizations must integrate fraud prevention efforts across all levels and departments. Fostering collaboration, implementing comprehensive training programs and staying abreast of emerging threats can bolster businesses resilience against the relentless onslaught of AI-enabled criminals.