Fraud Prevention and Mitigation Tips for Financial Institutions

by Reinhart Law

Fraud Prevention and Mitigation Tips for Financial Institutions

Reinhart has a nationally recognized Financial Institutions Group tailored to serve the strategic, governance and regulatory needs of financial institutions of all sizes. In addition, for more than 15 years, we have worked closely to assist WACHA, its members and clients in numerous states on all payment-related issues that arise. And in this new environment, we have helped clients navigate the ever-evolving fraud landscape, specifically with prevention, mitigation and the aftermath once an issue of fraud has been settled.

Since the beginning of the COVID-19 pandemic, we have seen a notable increase in incidents of fraud. Unfortunately, this is not unexpected as cybercriminals and others look to exploit and take advantage of others during national emergencies. To help protect your financial institution from becoming a victim, we have summarized below important tips for financial institutions to consider when it comes to not only preventing fraud, but also mitigating related losses and handling the aftermath.

Prevention: Aside from having appropriate multifactor authentication, firewalls, data encryption and other technological tools, what can institutions be doing to curtail fraud?

• Educate your customers. One of the most important things a financial institution can do is educate its customers regarding the common methods of fraud and the best practices to stay protected. Communicating this can be done, for example, by providing your customers with "workshops" or alerts illustrating these methods and best practices.

• Offer (and require) commercially reasonable security procedures. In order to help your customers avoid fraud (and your institution avoid liability), it is important that you offer commercially reasonable security procedures for your products. In addition, make sure your customers understand they are required to abide by these security requirements and that they are in place to help protect them and your institution against fraud. For example, are you requiring your customers to restrictively endorse remotely deposited checks?

• Ensure internal policies are sufficient. The commercially reasonable security procedures mentioned above are ineffective if everyone in the organization does not know or follow the appropriate protocols. Make sure your internal policies are adequate and being followed by doing internal training and periodic “audits” along the way. 

Loss Mitigation: What are some of the most important pieces to the loss mitigation puzzle?

• Insurance. It is vital to have an insurance policy covering your institution in case of loss due to various instances of fraud. Note that it is necessary to read and understand the fine print of the policy to make sure you are doing exactly what the policy requires. We have seen nuanced requirements in policies over the years that have resulted in denied coverage.

• Agreements and liability. Many organizations create a patchwork of customer agreements over the years, oftentimes with employees pulling sample agreements from the internet. This practice is understandable, but not recommended and puts institutions at risk of their agreements containing inconsistencies. 

• Enhanced security offerings. In the event you offer enhanced security products (for example, Positive Pay), you should have customers affirmatively decline such services if they refuse to use them. In other words, wherever possible, you want your customers to sign a document stating they understand that the products are available, but have declined to sign up. 

Aftermath: Finally, once an issue of fraud has been settled, what should you do next?

• Reflect. Make sure you have a "post-mortem" meeting in the unfortunate event your institution, or a customer, has become a victim of fraud. Chances are, there are lessons to be learned from the experience. 

• Document. Make sure your documentation has been collected and recorded so if a similar situation arises in the future, the response can be recreated, if necessary (whether for a regulator or future strategic partner).

For more information on how to protect your financial institution from potential fraud issues, or for assistance in any of your strategic, governance and regulatory needs, please contact John Reichert or Melissa York Lanska.