Evidence of a rise in financial crime during the pandemic is still being gathered, but anecdotal reports already suggest that some forms of criminal activity and scams are on the rise as unsavoury individuals seek to exploit vulnerabilities in a society under pressure.
Many regulators and industry bodies have moved to alert banks and financial institutions to the risks, but the priority for banks is to act fast to control immediate threats.
Financial institutions are accelerating their digital transformation strategies, taking the customer experience almost entirely online and there is a significant uptake in next generation technologies like computer vision and biometrics. But they must balance the challenges of moving quickly in a crisis against the need to maintain security and embed regulatory approval across technology. The following is a cautionary tale about the opportunities for fraudulent activity in identity checks when an individual has malicious intent:
In October 2019, The Tracing Group was engaged by a pension scheme to screen the scheme’s data to identify historic deaths which may have been overlooked. The Tracing Group also started providing ongoing monthly screening of deaths, and checks on the residency status of all members. These residency checks determine if any members do not reside at the address held, or if the Common Data for the members was not present or accurate.
While carrying out this essential work for the pension scheme, The Tracing Group residency checking process identified that the address held on record for a member was unable to be verified. The scheme acted proactively by instructing The Tracing Group to conduct a trace on all the members that were highlighted as potentially ‘gone away or unverified’, which subsequently traced this particular member to a new address.
As a result, the member contacted the administrator of the scheme directly to confirm his new address details. After passing security checks, the call agent was alarmed to learn that the member had not lived at the address held on record for him for decades. Unknown to the member, his pension had been in payment for several months, which suggested that someone may have fraudulently claimed his pension. After discussion with the call agent, the member disclosed that he had recently lost his wife and suffered a heart attack, spending much of 2019 in hospital. During this time, others had access to his home.
At the time the pension was put into payment, while the member was in hospital, an electronic verification was attempted unsuccessfully, so a letter was sent out to the member requesting identity documents. The administrator received suitable documents that matched the record, so benefits were put into payment.
The pension has now been suspended and the case has been referred to the pension administrator’s financial crime team, who will work with the police on a full criminal investigation. The correct member is now being paid and the scheme are working to reclaim what is due to them. This scheme acted promptly and decisively to flag the potential ‘gone away’, which resulted in a significantly reduced cost burden - a longer delay in identifying the fraudulent claim could have resulted in a much larger overpayment.
The technology behind identity checks is evolving, and uptake is being accelerated in many cases by the COVID crisis, but banks and financial institutions are still grappling with historic data entered many years ago. The best protection against fraudulent claims is for organisations to ensure a comprehensive data quality strategy is in place with regular screening. Identifying risk areas and keeping abreast of the latest developments and opportunities for fraudulent activity can help organisations to focus their efforts.
For further information on The Tracing Group’s tracing, cleansing and data screening services please contact the team on 01603 937800 or via the website: www.thetracinggroup.co.uk.
Note: This case study has been shared with permission from the pension scheme - client details have been anonymised for data protection.