When fraud strikes at your financial institution, you need to be ready to respond. A prompt and thorough response reduces losses and protects your organization from additional threats. However, your remediation plan shouldn’t exclusively focus on financial losses. It should address all implications of the aftermath of fraud.
As you create and refine your plan, keep these tips in mind:
1. Outline remediation operating procedures.
Your fraud remediation strategy should outline who’s responsible for dealing with cases of fraud. It should detail exactly how and when your team communicates with clients about fraud on their accounts. The plan should also explain how you deal with canceling cards, stopping checks, or preventing fraudulent transactions from affecting victims’ accounts in other ways.
Your plan should also note procedures and processes for dealing with allegations of internal fraud. For example, if you have reason to believe that an employee has committed fraud or helped an outsider to facilitate fraud, you should have policies in place about their access to data while you investigate the fraud. In addition to outlining the consequences of committing fraud, this part of the plan should also list the consequences of false allegations made against other employees.
Note that in cases of internal fraud, you may need to revisit your fraud remediation team to ensure there are no conflicts of interest. Have this noted in your remediation plan so that you don’t forget to adjust your team as needed when dealing with internal fraud.
2. Create a template of response actions
Streamline your operating process by creating templates that allow you to conveniently record the incident and track your response. For instance, you may want to create a template that allows your team to log details about the date, time, and details of the fraud. They should also be able to easily record how the fraud was discovered (fraud detection software, employee detection, customer report, etc) and the actions you took to remediate the fraud.
3. Assign remediation roles.
Many different people inside and outside your financial institution will be responsible for the remediation process. Make sure that you know who handles what. Assigned roles should address every aspect of the process including responding to transactions flagged as potentially fraudulent by your fraud software, answering customer calls about fraud, contacting customers about fraud, reporting the fraud to external parties, talking with the media, etc.
You should also have well-defined protocols about which external individuals and organizations you need to contact about the fraud. Your list of external advisors may include people who help with investigation, evidence collection, communication, and legal issues.
4. Collect evidence.
The evidence you need varies based on the type of fraud. Your fraud remediation plan should detail the types of evidence you need to document and collect for various types of fraud. It should also include a confidentiality policy and strategies for avoiding bias during the investigation.
Your plan should also explain any evidence that your clients should provide if they have been the victim of fraud. For instance, a customer who disputes an online transaction on their card may need to provide details about their legitimate transactions. If the purchase was made from their IP address or delivered to their home, they may need to provide evidence proving that they aren’t committing “friendly fraud” by requesting a chargeback. Or, a customer who falls prey to check fraud may need to prove that they don’t bear liability for giving a thief access to their checkbook.
5. Decide how you’re going to communicate with the public.
Many cases of bank fraud are one-off incidents that affect a single account holder. For these incidents, you need a communication policy that outlines how and when you communicate with fraud victims and/or fraud reporters.
Generally, in those cases, you don’t have to worry about dealing with a public relations campaign. But occasionally, particularly when you’re dealing with a client who has to wait a long time for a refund, they may tell their story to the media. If/when that happens, you need a communication strategy ready to roll.
For larger cases of fraud such as institution-wide data breaches or similar events that affect multiple customers at your bank, you will need to deal with the public. Make sure you have a pre-drafted, proactive communications strategy that includes an approval process for press releases and media interviews.
Remember it’s always better to tell your story first, rather than to try to recast your image after the media has drug your institution through the mud. Whether you’re communicating with individual clients or the media, your communication strategy should have one core goal — to restore trust in your financial institution.
6. Constantly revise your plan.
Once you’ve created your fraud remediation plan, make sure to constantly revise it. After dealing with fraud incidents, review what worked and what didn’t, and then adjust your plan accordingly. Remember that the fraud landscape is always changing, and you need a nimble response that protects your customers from further losses and your financial institution from reputational damage.
7. Focus on prevention to minimize the need for remediation.
In the banking industry, you will inevitably face fraud, and you need a strategy to deal with its aftermath. Whenever possible, however, you should prevent fraud rather than remediate it.
At SQN Banking Systems, we create robust fraud detection tools that help banks prevent fraud as well as detect fraud. We customize our offerings based on the unique risk profiles of our clients, and we also offer hosting, software as a service, and other solutions/services to help our clients scale and fight fraud affordably.
Ready to improve your fraud position? Then, contact us today for a free fraud process review.