In the first six months of 2018, a total of £145m
was lost in the UK to criminals as a result of ‘authorised push payment scams’, where a fraudster tricks a victim into sending money to an account that they control. Of this, a paltry £30.9m has been recovered.
Given the extensive work that banks must now undertake on Know Your Customer (KYC) processes, and the distinctive pattern that the payments surrounding a fraud like this tend to follow, why are so few of these cases resolved? Are they genuinely difficult to crack, or does it reflect an attitude of acceptance among those who are meant to be policing the system?
In a recent case at a charity, criminals hacked into the email systems of a supplier and created a false invoice which the charity paid, transferring a five-figure sum to an account operated by fraudsters.
None of this money has been recovered and nobody, including the receiving bank, the police and Action Fraud, has seemed the slightest bit interested in discovering anything about the fraud, whether it was avoidable, and to confirm whether any action has been taken to catch those responsible.
There are several unanswered questions about external processes. Had the receiving bank done its KYC properly on the account? Was the account set up by fraudsters, or was an innocent account hijacked? Do banks not have computerised alerts set up to spot an unusual sequence of transactions? (A five-figure sum was transferred in and a multitude of smaller payments went out within the hour.) Where did the money go? Did the bank take any steps to chase after it?
When the charity was made aware of the fraud (the supplier had checked the remittance note against its bank statement and failed to see the money coming in), it called the receiving bank, which would not provide any information for confidentiality reasons. The charity then rang its own bank, which instructed its fraud department to make a request for information to the receiving bank. The receiving bank was asked again – after the 20 working-day period for the response had expired – and eventually revealed that there was money in the account. Another week went by before it was confirmed that this amounted to just £10. No further information has been received to date.
Government investment to tackle economic crime and illicit finance is tiny
A representative from the fraud department at the charity’s bank spoke to the charity, ostensibly to explain how things worked, what had happened and what action had been taken. But he simply described the process of waiting 20 days and did not provide any useful information, apart from saying that he could not remember any conversations he’d had with Action Fraud concerning any amount less than £100,000.
The charity appears to have hit a brick wall in its attempts to discover what has happened to the money and to retrieve it. Why, given how difficult it is to open an account and comply with anti-money laundering processes, is the bank not able to trace where the money has gone?
While it is encouraging that the UK government has announced an investment of £48m
to tackle economic crime and illicit finance, this figure is tiny compared to the £190bn
lost to fraud in 2017, of which £121bn was procurement fraud, such as the one suffered by the charity.
Surely these substantial losses are worthy of a greater effort?
This article first appears in the Q4 2018 print edition of The Review. All members, excluding student members, are eligible to receive the quarterly print edition of the magazine. Members can opt in to receive the print edition by logging in to MyCISI, clicking on My account, then clicking the Communications tab and selecting ‘Yes’.
Once you have read the print edition, keep coming back to the digital edition of The Review, which is updated regularly with news, features and comment about the Institute and the financial services sector.