3 fraud & risk lessons banks can learn from fintech companies
Over the past few years, banks have struggled to compete with fintech companies. It's been a regular topic in our industry, and with the recent boom in fintech funding, it's probably not going to go away any time soon. You could argue either way about who is currently "winning," but at the very least, banks are worried about how they are stacking up to these younger, more tech-savvy companies.
There are a lot of areas where banks have a competitive advantage over fintech companies. Many of these advantages come from having more experience, more capital, an existing customer base, and an existing handle on regulatory requirements - to name a few.
The primary disadvantage banks face is how quickly they can move to create great end-to-end experiences for new customers on new platforms. Typically, banks understand customer needs well and are good at procuring or building solutions to customer problems. One thing that slows banks down compared to fintech companies is how difficult it is to give users a great experience at scale without introducing risk.
As the CEO of a leading fraud and risk management solution, here are the top three challenges I see banks face:
1. Previous experience leads them astray
Banks have a lot of experience with identity verification, KYC/AML, and fraud prevention. This experience can often lead banks to take practices that served the bank well in-branch and try to make it fit into a new digital context.
However, sometimes it's not as simple as taking something you did in person and moving that same experience online. For example, when someone comes into a bank to open an account, the bank may have a list of 15 questions they always ask people. Questions like, "what is your main source of income?" or "where did you bank before?" These questions might serve a purpose, but having to answer 15 questions as you're talking to someone in person at a bank is quite different from filling out a 15-question form online. The latter experience is one that most people do not want to take the time to do, and therefore banks see a high abandonment rate if they provide that type of experience online.
A big lesson here is that digitization is different than digital transformation. Rather than look at your old processes and try to digitize them so that they can be adapted online, banks should take a step back and rethink their processes altogether. Fintech companies, on the other hand, don't have the bias of old processes. They are thinking about things from a new perspective and have a digital-first approach.
2. Org structure and legacy systems don't lend themselves to change
The organizational structure of banks typically makes it harder to implement changes. That, coupled with legacy technology, can make it much more challenging to implement new software, tools, and data vendors. As a result, many banks have old systems in their tech stack that have not adapted to the ever-changing fraud and risk landscape. Whereas fintech companies typically have newer tech stacks and, in general, are more aligned to adapt to changes.
To combat this, banks often tighten their existing tools instead of adding new ones. For instance, if banks see more fraud coming through, they often tighten their current risk thresholds to ensure that the exact type of fraud isn't let through again. This approach can substantially lower their approval rates and increase false negatives. There are many nuances to making up someone's entire risk profile, and the new tighter thresholds may not be considering the other factors.
3. Systems in silos
The last challenge that I see a lot of banks facing is that their systems are often set up in silos. As I mentioned earlier, it can be difficult for banks to implement new technologies, but even when they do implement new tools or software, it's common that the tools are not integrated into their existing technology landscape in a way that shares data and optimizes use.
This challenge is prevalent in fraud and risk management when setting up multiple data vendors. A lot of banks follow a linear approach to KYC/AML compliance and fraud mitigation. They check the applicant's data against one data source, and if it passes, they'll check the second data source, and so on. As their fraud needs or AML regulations evolve, they tack another data source onto the end, hoping to meet their new needs.
The issue with this approach is that you will only ever decrease your approval rate. What's the alternative? Banks would see more successful applications if they looked at identity verification holistically. If you use multiple data sources simultaneously in the same workflow, you're able to match your applicant's data across any one of the various data vendors at once and compare responses. If someone has recently moved, but their address has not been updated in one data source, the second or third data source may be able to verify the new address. A holistic approach allows you to look at the full picture of an applicant, ultimately increasing your approval rates, mitigating fraud, and providing a quick and seamless customer experience all at the same time.
What banks can learn from fintech companies
Don't get me wrong; fintech companies can struggle from the three challenges listed above just as much as banks. However, they typically employ a different strategy to KYC and fraud that serves them pretty well: they tend to take on more risk, use multiple solutions and data sources to combat it, and analyze it holistically. Once they've exhausted every tool and tactic, they automate it to scale.