McKinsey & Company’s report from this past October, Financial crime and fraud in the age of cybersecurity detailed how banks are trying integrated approaches to deter bad actors from affecting their bottom line. But are these new-era security measures enough to make banks truly dependable providers of payment solutions for the enterprise—or is it too little too late?
After taking pains to correctly distinguish financial crime (e.g. laundering, bribery, tax evasion) from the broader category of fraud (which includes forgery, credit scams, and insider threats), the report’s authors note that banks are creeping towards a security agenda that addresses both groupings.
McKinsey says that until now, banks in general have countered transaction-based fraud with “relatively straightforward, channel-specific, point-based controls.” But identity-based fraud, which has become more prevalent, has seen criminals develop applications that exploit both natural and synthetic data, pushing the concern into the cybersecurity realm.
As a result, banks’ internal fraud and cybersecurity teams have finally started trying to consolidate their risk assessment processes. The ultimate goal for banks is to integrate those two teams with the financial crime team in order to more holistically attack all risk. It’s a collaboration that makes sense—but this ideal end-state is coming far too slowly to keep up with the pace of crimes that target financial institutions.
While they progress at a glacial pace towards upgrading their security framework to the standards of the early 2000s, banks continue to fail at making robust moves into B2B payments, which fintech companies have come to dominate through smart, nimble disruption. Most recently, Bank of America rolled out a payment optimization offering that augments its current automated payment product. To be frank, this is almost like being handed a parachute pack seconds before being pushed out of the plane.
Most payment automation providers in the market have pretty much fully integrated their risk management functionality. Along with standard SOC, SOX, and PCI compliance, the gold-standard companies in the payments industry also offer full fraud coverage and liability assumption.
That’s not all. Companies currently seeking a paperless payment solution that avoids the real costs of bank-offered ACH payments also have service and support on their checklists. Industry-leading payment orgs with full teams that handle transaction calls for most of the business day and solve hundreds of support tickets per day are becoming the standard. In this new decade, a provider that fails to offer up a dependable human touch on the frontlines of its payment functionality will likely be overlooked.
After decades of digital payment evolution, the fact that banks only now dare to offer holistic B2B payment solutions speaks volumes about their arrogance. In the end, the providers who actually address and solve for the pain points that AP teams experience at ground-level—including fraud risk and security—will pull ahead in the new decade.