Firms hit compliance fatigue as fraud increases

Many businesses are unprepared for new regulation, while losses to fraud increase

Author
Date published
June 17, 2020 Categories

Businesses are beginning to suffer from compliance fatigue as new regulations and initiatives are straining their ability to stay on top of them.

In a report conducted by Bottomline Technologies, compliance ranked as the second most important priority in 2019 but fell to eighth in 2020, with only eight percent of those surveyed indicating it was their top-priority.

The survey was launched prior to the pandemic and asked 800 financial decision-makers of various sized firms. It found that a sizable number of businesses are unprepared for new payment regulations and initiatives.

“For small businesses looking at everything that’s in the pipeline, it becomes quite overwhelming to begin to understand all these different products, all these different sets of regulation, and what it’s going to mean for them in the long term,” said Daniel Bellis, senior policy advisor at the Federation of Small Businesses (FSB), speaking during a webinar this week.

For AML5, which came into force in January of this year, only 64 percent of businesses were prepared for its implementation while even less are prepared to adopt PSD2 (59 percent).

Only 55 percent of businesses have indicated they are ready for the transition to ISO 20022 which the Bank of England expects a ‘phase one’ to be adopted by 2022.

Of those who answered they were unprepared for PSD2, 35 percent said it was because ‘there is no urgency’ while 47 percent responded, ‘we don’t know how to prepare or what are the benefits’. A similar number said the same thing of ISO 20022, with 40 percent indicating the former and 42 percent the latter.

Naresh Aggarwal, associate director of policy and technical at the Association of Corporate Treasurers says treasurers often do not see any direct benefit in preparing for new regulatory changes.

“More generally, it’s still really hard to find a compelling business case for businesses to adopt some of these things. Some of the treasures I speak to are working long days, just keeping the wheels turning and [regulation] is adding something new into the mix.

“One of the challenges that is still around education. What is the benefit? Why should you invest time and energy, looking at some of these new changes when you’re firefighting things you have to face right now.”

Fraud losses rise

Fraud continues to be a growing problem as companies of nearly all sizes (except enterprises) reported increased losses due to fraud. Average losses rose 14 percent from £87,950 in 2019 to £99,830.

“[For large businesses] it remains a key challenge. It’s often not the big amounts that are taken out. It’s small amounts taken out over regular periods. Often responsibility for payments is spread across a lot of different people and periphery teams”, says Aggarwal.

For firms of all sizes there is large majority that believe they could be doing more to mitigate losses from fraud but at the same time a resignation that fraud losses are the cost of doing business. More than 60 percent of businesses deemed medium (250+ employees) or larger said ‘financial loss due to payment fraud are part and parcel of running a business’

Gavin Mclean, managing director of payment products at Lloyds says the coronavirus pandemic has added to fraud risks as fraudsters utilise it as another avenue of attack. “[Fraudsters] will use coronavirus and the uncertainty and challenges that it throws up to come up with ever more sinister and elaborate MOs to try trick us out of our money.

“From the banking perspective, confirmation of payee is a good tool in the kitbag to try and help banks, businesses and payment service providers to combat fraud. It won’t be a silver bullet but bringing some of those fraud fighting measures that are embedded in the payment system up to the front can only help.”

Bank account validation and multi-factor authentication remain the top two payment protection measures businesses employ to guard against fraud with around half of firms using them. This however, is a decrease in comparison to a year ago. The only measure that saw a rise this year was the adoption of automated employee behaviour monitoring, which increased from 16 percent to 39 percent.

“There’s a spectrum of sophistication, from malware and actually trying to hack the technology to more human and social engineering and just tricking people. That means that the, the range of defenses that a business needs to employ is really quite wide and sophisticated”, says Mclean.

“None of us can afford to be complacent in this regard, and we will have wins along the way. But that will just mean that the threat migrates elsewhere and then what have to tackle in a different way.”

Exit mobile version