Imagine sitting in your living room, enjoying a cup of your favorite morning coffee, and you open your mail to discover that you recently opened a new bank account at XYZ Bank, unbeknownst to you. Or maybe you receive an email notification alerting you that there has been an attempt to update your home address on your credit card account, and you are certain you have not moved. These are two major red flags that you could be the victim of identity theft, and this can escalate quickly if not addressed.
The prevention of identity theft is not just the responsibility of the consumer. Financial Institutions (FIs) are also tasked with ensuring the accounts they open are done so legitimately. FIs are currently faced with spikes in identity fraud cases, ongoing challenges of identity verification, and having to protect consumers from criminal activity.
These scenarios are becoming more prevalent as the technology industry is increasingly more sophisticated with artificial intelligence (AI) innovations and the public is being overwhelmed with information, junk mail, and distractions by social media.
What is Identity Theft?
Identity theft is the use of a person's identifying personal and/or financial information to commit fraud or theft without that person's consent for the perpetrator's benefit, financial gains, to break the law, or to avoid the police. This information includes but is not limited to, names, addresses, credit cards, social security numbers, bank account numbers, or medical insurance account numbers. The victims may not know immediately that they are the victim of identity theft until they receive warning signs such as a notification from a company that the thief has used their personal information, past due bills from creditors they do not recognize, calls from debt collectors, denial of credit due to delinquent account statuses, or missing mail or no longer receiving mail that is normally delivered to their address.1
Each year, the Federal Trade Commission (FTC) receives reports from consumers regarding problems they experience in the marketplace. The reports are stored on a secure online database, called the Consumer Sentinel Network (Sentinel), which are compiled and released in a data book annually. According to the most recent Sentinel Data Book 2023, consumer losses to fraud have reached their highest level at more than $10 billion. This is an increase of over $1 billion in reported losses in 2022. In 2023, approximately 5.4 million reports were received by the FTC.2 The FTC sorted the reports and categorized them into 29 categories in respect to fraud, identity theft, and other consumer protection topics.
Of the 5.4 million reports, 2.6 million were fraud reports, of which 27% reported a loss totaling $10 billion, with the median loss being $500. Younger people (44% age 20-29) reported losing money to fraud more often than older people (25% age 70-79). However, when people over the age of 70 incur loss, the median loss is much higher. Additionally, it was reported that about one in five people lost money due to imposter scams equating to approximately $2.668 billion with $800 being the median loss. A snapshot of the 2023 data showed that of the 5.4 million reports, the top three categories are Identity Theft (1,036,903 reports), Imposter Scams (853,935 reports), and Credit Bureaus, Info Furnishers and Report Users (711,802 reports).3
Of the 29 categories, identity theft tops the list with over one million reports. The most common types of identity theft reported included credit card, loan or lease, bank account, government documents or benefits, employment or tax-related, and phone or utilities.4 The most common subtype of identity theft is associated with new accounts such as establishing new bank accounts, takeover of existing bank accounts, establishing a credit account, or making changes to a person's existing credit account.
What Does This Mean for FIs?
Loss of Profit
Identity theft leads to FIs suffering financial losses due to criminals that gain access to the institutions' networks by using other people's information to open or take over accounts. These losses can include time spent investigating cases and legal fees, as well as reimbursement payments to the victims. This turns would-be profits into operating expenses and loss of revenue.
Reputational Risk
Identity theft linked to an FI can cause irreparable damage to an institution's reputation. A high reputational risk can lead to customers (individuals and businesses) questioning the institution's credibility and deciding to terminate their relationship with the FI, ultimately losing customer trust and reducing overall profitability and future earnings. Institutions may also face challenges when attempting to collaborate with new businesses and bank partners. Furthermore, employees may decide to leave the company as they may be concerned regarding the company's stability and reputation.
Legal Enforcement
As mentioned in the Sentinel, consumer fraud, specifically identity theft, is on the rise and consumers are filing more reports with the FTC, causing regulatory enforcement agencies to investigate more FIs. This could lead to severe fines, penalties, and legal consequences.
How Can FIs Prevent Identity Theft?
FIs can leverage Sentinel's data book to help defend against emerging fraud trends by using the data to educate their staff and customers, in addition to understanding and knowing which consumer groups are being targeted based on the current fraud trends. Additionally, FIs can use the data to protect themselves from customers that attempt to mask their illegal activities by hiding behind legitimate businesses,5 as well as from conducting business with companies that are not engaging in proper fraud prevention tactics in their own systems. FIs should invest in anti-fraud and fraud detection software to reduce the likelihood of fraud occurring on their platform and require that specific high-risk companies they conduct business with do the same.
In today's digital revolution, most consumers are monitoring their money and conducting transactions via multiple banking and finance related applications (apps) and platforms. This lack of face-to-face communication is a driving force behind the increase in identity theft. Criminals are using legitimate personal information (albeit not their own) to open accounts electronically across platforms to facilitate fraud. Therefore, it is imperative that FIs take the proper steps to monitor and verify the accounts they open.
The basis for recognizing and deterring identity theft starts with the FI implementing and maintaining an effective compliance program covering the five pillars of an Anti-Money Laundering (AML) Compliance Program.6One of the five pillars is to develop a robust Know Your Customer (KYC) program to include a Customer Due Diligence (CDD) process. This process requires FIs to establish and maintain written policies and procedures that are reasonably designed to:
- Identify and verify the identity of the customers;
- Identify and verify the identity of the beneficial owners (individuals who own 25% or more of a legal entity, and an individual who controls the legal entity) of companies opening accounts;
- Understand the nature and purpose of the customer's relationship to develop customer risk profiles; and
- Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.7
Crucial to an effective KYC program is the development of a detailed procedure document to guide employees within the CDD process. Employees will need to be thoroughly trained in how to carefully conduct CDD and follow through on all the required steps when collecting customer information and identifying and verifying customers' true identities. Additionally, FIs can partner with various third-party AML screening and instant identity verification providers that have features such as liveness detection and biometric authentication and provide initial risk assessments and/or fraud scores for each customer. FIs can invest in software that will detect the customer's Internet Protocol (IP) address and/or detect the geolocation of where the customer is conducting their transactions. This information should then be compared to the customer's profile such as home address and determine if it makes sense for the customer. Besides identifying the customer, an effective KYC program consists of multiple components including ongoing monitoring, suspicious activity reporting, and periodic account reviews. In order to fully understand the customer's relationship, FIs need to have in place proper controls for transaction monitoring procedures and established rules and perimeters for transaction thresholds, typically this can be set up with a transaction monitoring platform. This review allows FIs to identify outliers in activity and report any concerning activity that is found to the U.S. Treasury, as required. It is important that accounts are periodically reviewed for changes in the customer identification information, as well as the transactional history, to ensure that those who may pose a bigger risk to the FI are known and appropriately monitored.
Of all the mentioned steps to aid in the prevention of identity theft, as part of the FI's KYC program, the FI should implement an Enhanced Due Diligence (EDD) process to include contacting the customer via phone for verification purposes. By calling the customer, FIs can validate the customer's true identity and detect any fraudulent activity. These steps can be the difference between maintaining a healthy customer identification program and an individual and/or the FI becoming involved in an identity theft scheme and suffering significant financial and reputational losses. The success of an effective KYC program requires constant improvements, updates, and buy-ins from all employees and company leaders. Having a deficient or mismanaged KYC program can lead to loss of potential earnings and overall profit, reputational damage, legal implications, and regulatory authorities imposing fines.
Building and maintaining an effective BSA/AML compliance program to help prevent identity theft can be challenging, time-consuming, and full of questions. At Ankura, we have dedicated teams to help with all aspects of building an effective AML Compliance Program and vendor referrals, as well as providing training and guidance on identity theft trends and prevention techniques. Our experts will be able to assist in establishing/implementing policies and procedures, training staff, and providing guidance on any other compliance-related tasks. In addition, Ankura can provide global outsourcing services for transaction and compliance monitoring and consultation. Please reach out to an Ankura professional with any questions you may have regarding this.
To stay up to date on the latest in financial regulatory compliance, financial crime prevention, and risk management, sign up for our newsletter: Compass
Footnotes
1. https://www.usa.gov/identity-theft
2. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Annual-Data-Book-2023pdf
3. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Annual-Data-Book-2023.pdf
4. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Annual-Data-Book-2023.pdf
5. https://www.ftc.gov/business-guidance/blog/2024/02/facts-about-fraud-ftc-what-it-means-your-business
7. https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.