Skip to content

Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here

Start Now

Insider fraud is an escalating issue within Financial Institutions (FIs), driven by economic pressures combined with remote and hybrid work. It’s a good climate to do bad things, sadly, with the digital payments ecosystem providing a ready target for insider threats.

The annual Insider Threat Database from Cifas reported a 14% increase in insider fraud cases in 2023, with theft or deception being the most common actions.
 
Globally, regulatory scrutiny is intensifying. The UK's 'Failure to Prevent Fraud' rule is just one example of the increasing pressure to manage insider fraud, or pay the consequences. FIs must balance mitigating threats with protecting customer experience and ensuring growth.
 
That’s difficult because today's insider fraud risks are more complex, requiring FIs to align risk management goals with corporate objectives. Modernizing and offering training programs are essential strategies. Neglecting such measures can lead to financial and reputational damage.

Asking 200 finance leaders around the world about the state of insider fraud and how FIs are fighting back amid regulatory pressure is at the heart of the FStech and Bottomline study, Under the Radar: How can financial institutions mitigate the risk of insider fraud?

 

Meet the Fraud Fighters

The results show that financial services professionals rely on various internal departments to investigate insider fraud. Top departments involved include compliance, HR, specialist fraud prevention teams, fraud departments, information security, and audit teams, with 50-56% of respondents noting their involvement.

This collaboration leverages diverse expertise: compliance teams bring regulatory knowledge, HR understands employee behavior, fraud departments specialize in detection, information security monitors digital activities, and audit teams assess internal controls. Together, they can identify signals that individual teams may miss.

However, this comes with issues like information silos and unclear investigation ownership. Unified case management systems can control this by consolidating information securely, ensuring data sharing, and maintaining confidentiality. Automation can help prevent data leaks by limiting access on a need-to-see basis.

 

A Multi-Layered Defense Is Best

Financial institutions recognize the need for a multi-faceted approach to address insider threats, with over 60% of respondents deploying a series of measures. Agent-based monitoring technologies, for example, offer real-time visibility into employee activities, helping to detect suspicious behaviors. Behavioral analytics and anomaly detection further enable a deeper understanding of user behavior, and identification of outliers.

A multi-layered approach involving agent-based monitoring, behavioral analytics, training programs, and regular security assessments is crucial. This kind of holistic strategy enhances overall resilience and protects against malicious insider activities while balancing robust security controls with privacy obligations. Complementary services should be chosen to ensure a comprehensive safeguarding approach.

 

What Bad Actors Like

The report reveals data theft as the most prevalent insider threat, identified by nearly 20% of respondents. Unauthorized access, mishandling, or copying of sensitive customer data poses serious risks, including reputational damage and regulatory violations.

Financial theft, like embezzlement or fraudulent transactions, ranks below data theft, indicating a stronger emphasis on asset protection in financial institutions.

Other significant threats include unauthorized access, negligence, and policy violations, which can lead to direct losses or more sophisticated attacks. Proactive players are adopting a comprehensive approach with robust access controls, user behavior analytics, employee training, and clear incident response plans, ensuring comprehensive protection of assets and reputation.

 

Monitoring and Minimization

And while 25% of respondents find gathering evidence for insider threats straightforward, 71% face challenges in the process. A shift toward employee training and awareness could explain this.

Notably, 47% of FIs plan to enhance fraud risk management. More still need to review and strengthen their policies, controls, and response procedures. Gap assessments, updated training programs, and advanced monitoring solutions are essential. By proactively preparing for the law, organizations can avoid penalties, improve resilience, and protect their assets and reputation.

The survey shows financial institutions prioritize privacy in insider threat monitoring. A slight majority (19%) emphasize that monitoring should be "proportionate and justified" to avoid excessive intrusion. Striking this balance is crucial, as overly intrusive practices can erode trust and expose organizations to legal risks.

FIs should strongly consider implementing data minimization practices, such as network-based monitoring and pseudonymization, ensuring only essential information is collected. Transparent communication and clear policies on monitoring practices are also vital, fostering a culture of trust and addressing insider threats while respecting privacy.

To review the complete findings from this survey, download a copy using the link below.

DOWNLOAD FULL REPORT