How can banks truly understand the changing regulatory landscape?
The EU AI Act came into force earlier this year, marking a major milestone as the first regulation of its kind for this emerging technology. While the Act has raised concerns about compliance costs and potential impacts on innovation, its overarching goal is to position the EU as the “global hub for trustworthy AI” and reduce risks associated with the new technology.
Although the Act will affect many industries, its immediate impact on financial services (FS) may seem less significant at first. The FS sector is already heavily regulated to ensure the safety and soundness of the financial system and protect consumers. However, there’s room for improvement in the eyes of the banks. Mitek’s 2024 Identity Intelligence Index found over a third (36%) of banks want better clarity on new regulations to enhance customer protection.
So, while the EU AI Act’s impact on banks may be limited for now the industry faces a fast-evolving regulatory landscape that will increasingly shape its future. Adapting to these changes will demand greater flexibility in managing emerging technologies and compliance complexities.
Now is the time for banks to refine their strategies, leveraging innovative processes and technology to combat identity theft and safeguard their customers. Let’s explore how they can adapt to meet these challenges effectively.
Senior Vice President of Identity at Mitek Systems.
Putting safety first
The Mitek Index found on average, 76% of banks surveyed believe fraud cases and scams have become more sophisticated. Of the challenges and concerns leaders have in their roles today, AI-generated fraud and deepfakes on the rise (37%) took the top spot. We see billions lost to fraud last year, with more than half a billion pounds in the UK, $8.8 billion in the US, and €1.8 billion in Europe.
Some banks may not even realize they are falling victim to these advanced tactics. Current anti-fraud systems and processes often lack the capability to detect deepfakes and other AI-driven threats, leaving institutions fighting an invisible enemy. Dealing with unknowns creates a rising tension within banks that could make these organizations fear that every transaction could be fraudulent.
Despite acknowledging the need to address these threats, many banks struggle to act quickly due to limited expertise and reliance on siloed, outdated systems that cannot keep up with the fluidity of modern AI-driven fraud tactics. Compounding this issue is the rise of increasingly sophisticated fraud tactics, including the creation of “fake” customers using synthetic identities or AI-generated personas. Banks often fail to fully grasp the scope of fake profiles, leaving critical gaps in their defenses.
To combat this, banks are investing in technology to analyze customer interactions and detect fraud. Success requires a balanced approach that prioritizes customer experience, compliance, and fraud prevention equally. By leveraging data and weighing customer lifetime value against fraud risks, banks can adopt a more nuanced strategy.
The stakes are high: once a fraudulent or synthetic identity successfully opens an account, it could persist indefinitely, posing long-term risks to both customer security and operational costs. By adopting this nuanced approach, banks will be able to make the necessary changes required to keep customers safe, and on their side, amid an increasingly complex fraud landscape.
The build or buy conundrum facing banks
Compliance is more than a tick-box exercise – regulations are needed as they solve real world problems. Financial institutions should start viewing fraud prevention and regulatory compliance as long-term, strategic opportunities to differentiate and bolster their cybersecurity.
To satisfy regulators, safeguard the customer experience, and stand toe-to-toe with fraudsters, financial services organizations should have a clear picture of the scale and nature of fraud within their systems. This can be achieved through specific techniques such as advanced anomaly detection using AI tools and machine learning, analysing transaction patterns for irregularities, and implementing tools like identity verification systems to spot synthetic or stolen identities.
Banks must constantly test the edge to balance both, giving the customer a frictionless ‘phy-gital’ experience, while also identifying fraudulent activity. However, we have reached a tipping point where it’s no longer feasible for internal IT teams in banks to keep up with this increasing volume of regulations through manual, inefficient, and expensive processes that don’t meet expectations for seamless user journeys.
Align with regulatory standards, today and tomorrow
Banks should work with technology vendors to ensure product roadmaps align with regulatory standards, today and tomorrow. The FS industry has an opportunity to collaborate leveraging technology to develop better identity lifecycle strategies.
Multi-layered fraud detection allows banks to anticipate the constantly changing identity landscape, helping to protect vulnerable customers from increasingly sophisticated fraudulent attacks. In this way, fraud prevention must focus on converting raw data – such as login attempts, transaction anomalies, and device usage patterns – into actionable intelligence.
While banks can all individually work on protecting their own customers, it’s work that is not as efficient if done alone. To be more effective, the financial services industry needs to establish an identity intelligence ecosystem where banks and other financial institutions can collaborate and share fraud threats in real time. By working together and exchanging data on emerging fraud patterns, suspicious activities, and known threats, banks can enhance their ability to detect and prevent fraud more quickly, improving security for all customers.
Viewing regulation as a commercial opportunity
With regulatory requirements emerging and tightening across various sectors, banks and other financial institutions find themselves between a rock and a hard place. The good news is that banks have the hard-earned experience and many tools at their disposal to develop robust compliance programs and effectively navigate these regulatory challenges.
With the right combination of resources, institutions can develop scalable programs that adapt to future regulatory changes. While delivering compliance and risk programs is challenging, firms that build a cohesive strategy today will have a much easier time tomorrow. From there, establishing a fraud intelligence ecosystem between organizations and law enforcement could be essential to help all banks stay on top of regulations and keep their customers safe.
We’ve compiled a list of the best identity management software tools currently available.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
The EU AI Act came into force earlier this year, marking a major milestone as the first regulation of its kind for this emerging technology. While the Act has raised concerns about compliance costs and potential impacts on innovation, its overarching goal is to position the EU as the “global…
