If fraud and risk executives hope to be truly effective, they need to understand the various stakeholders within their organization who can play key roles in the development of fraud and risk strategies.
These stakeholders include some of the core functions of the business, and they need a seat at the table for building consensus around these strategies.
Let’s briefly look at each of these stakeholders, and their primary functions within the enterprise.
IT and Cyber Security
The importance of including the IT—specifically IT infrastructure—and cyber security functions in the fraud and risk discussion is obvious. T
he IT department is responsible for deploying and maintaining the infrastructure components—whether on premises, in the cloud, or a mix of both—that support virtually every aspect of the business.
The cyber security department is accountable for ensuring that all systems, networks, applications, and data are protected against threats such as hackers, malware producers, and other bad actors.
From a fraud standpoint, among the challenges these groups face are automated (bad) bot traffic on the network with ill intent, according to a January 2020 report by research firm Gartner, “How to Create a Payment Fraud Detection Strategy at the Organizational Level.” They need to be able to detect bots at the network level, block bot traffic, and identify and mitigate malware attacks.
Human Resources (HR)
The HR department is responsible for all people-related issues and processes within the organization. It oversees different aspects of employment including recruitment and hiring, administration of employee payroll and benefits, compliance with labor law and employment standards, performance evaluation, and maintaining employee records—among other processes.
In short, HR leaders are in charge of virtually every aspect of the employee lifecycle within an organization.
The types of fraud that could impact HR include payroll fraud, or theft through a company’s payroll system; expense reimbursement fraud; workers’ compensation fraud; and health insurance fraud.
Operations, or operations management, are among the most pivotal components of the business. Business operations include activities that a company engages in on a daily basis. Operations leaders are responsible for overseeing processes such as manufacturing, facilities, assets, and technology other than IT.
An example of operational fraud might be fraudulent loss of corporate assets due to an organization’s internal and external exposure to theft, diversion, or the mismanagement of transactions. Detecting operational fraud could include a combination of IT/security, forensic investigation, and traditional anti-fraud efforts.
The finance and accounting department is responsible for all financial functions and the related processes. These might include treasury management (including the level of risk a company can assume):
- cost control
- billing and credit control
- investment appraisals
- management of tax issues
- ensuring compliance with regulations
- the preparation of financial statements
- inventory management and control
- payroll system management (in conjunction with HR)
- budgetary control
- asset management
- cash flow and working capital management.
Not surprisingly, the finance department faces a host of potential fraud risks, including invoice fabrication, unauthorized cash transfers, identity theft and account takeover, expense fraud, mobile banking fraud, and social engineering fraud.
Leaders in accounting often play a large role in helping to prevent fraud within the organization. Among the key challenges they face, according to the Gartner report, are the cost of fraud losses and fraud management tools, as well as operational costs of fraud management. They’re looking for a deeper understanding of overall fraud management costs, the expected return on investment on tools, and the impact on overall profitability from different approaches to fraud detection.
Marketing and Sales
In many businesses, the marketing department oversees functions such as advertising, promotions, public relations, and in some cases sales. Among the key marketing functions are research and development, pricing, distribution, customer service, and communications.
Sales focuses on working with customers and prospects to sell products and services and advises the marketing department based on feedback from customers. The marketing department might suggest what the sales team should focus on in various markets, based on market research. Both sales and marketing leaders might also help guide the development of new products and services based on what they see in the market and customer demand.
These functions also have to deal with fraud issues, such as fraudulent marketing including fake news disseminated by bots and fraudsters siphoning off advertising cash. Among the key challenges, according to the Gartner study, are launches of new products and services, geographic expansion, and brand reputation.
In addition, marketing oftentimes is responsible for oversight and management of the company Website, as well as overseeing customer experience through the site. This is why at many companies, especially small and mid-sized businesses (SMBs), someone in marketing is put in charge of finding a solution to fraud prevention challenges.
SMBs that have an online presence and conduct e-commerce are a clear target for fraud, and for these smaller companies the risks are arguably greater because just a single incident could have a significant monetary impact. The challenge is finding a balance between delivering a quality customer experience while ensuring the company and its customers are protected against fraud.
Marketing and sales leaders need to focus on customer experience and resolving fraud-related complaints, and execute a flexible and extensible fraud detection strategy that can easily adapt to evolving services and global growth.
Customer Support and Experience
The customer support (or customer service) organization is responsible for answering clients’ questions, addressing their complaints, providing information about a company’s products and services, taking orders for products and services, processing returns, and other tasks.
With the growing emphasis on customer experience, the customer support/service function has become more vital than ever. And it faces a number of challenges related to fraud, according to Gartner.
These include how fraud controls can affect customer expectations of low friction; the dropout and abandonment rate due to authentication processes and fraud controls; the tension in balancing customer experience with fraud risk; and having to face customer complaints with little information.
To address these, departments can consider using passive versus active forms of authentication, such as behavioral biometrics; provide friction-free journeys for the majority of good users; and reduce the number of false positives in checking for fraud. They can also use tools that provide insight into why customers were declined online. With appropriate training, they can discuss decisions made with customers and add intelligence into fraud tools based on customer interactions.
Legal and Compliance
Legal departments are responsible for ensuring that organizations are properly discharging their business affairs, handling tasks such as adopting and executing rules and regulations, providing legal consultation and advice, drafting resolutions and other documents, and taking part in administrative decision making. Compliance, which can be part of legal, is responsible for ensuring that companies are adhering to government and industry rules and regulations.
The legal/compliance department is a key player in an organization’s efforts to combat fraud. Among the challenges they face, according to Gartner, are determining how the organization is using multiple fraud tools with varying stores of customer data; and making sure the organization is complying with the various data privacy regulations.
Legal might be involved in vendor selection for anti-fraud tools, based on privacy considerations and the impact on customers.
Departments that handle product development are typically responsible for all stages of the development lifecycle, including conception, design, development, testing, and release into the market.
Fraud comes into play with product development in that the products themselves can be susceptible fraudulent activity if not designed correctly. Development teams need to conduct preliminary research to identify potential threats products are apt to encounter and then address any weaknesses in the design of products. The key is to balance the prevention of fraud with the need to enable high quality, usability, and innovation in the products.
Finally, the function that handles fraud analysis deserves special mention even though it might be part of the IT and/or security function of the organization. These are the people, including data analysts and data scientists, who hold the keys to helping address the risk of fraud throughout the organization.
Among the challenges this group faces, according to the Gartner report, are a lack of reporting and business intelligence (BI), disparate fraud management tools; and a lack of transparency from machine learning models for fraud detection.
What this function needs to succeed are consolidated data warehouse and reporting capabilities, a centralized decision platform to ingest outputs from disparate tools and orchestrate responses, and clarity in machine learning models.
These and many other stakeholders within companies have been or are going through the process of digital transformation. Fraud and risk management needs to keep pace with the rapid transformation underway. In addition to deploying new solutions to outsmart fraudsters, risk management leaders need to work the problem in a more collaborative way—bringing virtually every function of the business into the process.