Partnering on Fraud – Moving Beyond Education to Recovery

Ep 316 –  Partnering on Fraud – Moving Beyond Education to Recovery transcript

 

Announcer 00:05

Welcome to the Treasury Update Podcast presented by Strategic Treasurer, your source for interesting treasury, news, analysis, and insights in your car, at the gym, or wherever you decide to tune in.

 

Doug Hartsema  00:19

You’re welcome.  Looking forward to it.

 

Craig Jeffery  00:19

Welcome to the Treasury Update Podcast. This is Craig Jeffery. I’m your host for today’s episode. The episode is called, Partnering on Fraud:  Moving Beyond Education to Recovery.  And can we make the recovery transparent? This is a dialog about how banks can work with their customers. My guest today is Doug Hartsema from the Hartsema Group. He runs advisory groups for a number of banks, payment rails, even a university. Doug, thank you so much for joining me again on the Treasury Update Podcast. Can you tell me briefly your career path and what you do at Hartsema Group?

 

Doug Hartsema  00:59

Okay, so first of all, the Hartsema Group is a very small consulting practice. We run customer advisory groups, strategic advisor groups in the banking space and the payment space, primarily, a couple of technology companies are our customers as well. We also do a little bit of this in the athletic fundraising for a couple of universities. Same model just applied to a completely different setting. My background is, I’m a former banker. Grew up the old Wachovia, worked at Huntington, worked at JP Morgan, worked at JP Morgan, and then worked at at Huntington, and always had an advisory group along the way, and decided I would turn it into a company. So 11 years ago, we, when I left Huntington, I turned it into a company, and we’ve been having a blast there. Having a blast ever since.

 

Craig Jeffery  01:43

Well, it’s so good to talk to you again. Doug, as we think about partner fraud, you have mentioned to me that fraud is one of the most dominant topics in the discussions that occur on these advisory groups with banks. I mean, fraud has been so significant so many ways, and when those things happen, it’s very significant to the company, and it also absorbs a lot of time, effort and issues. So why? Why is that the most dominant topic? I’m hoping to give a little more clarity Other than this, it’s important, but there might be some other aspect to it.

 

Doug Hartsema  02:16

So first of all, for context, we run about a dozen advisor groups, mostly for banks. And these are, these are 15 or 20 people, typically their best customers, their most innovative customers, and the customers themselves are able to shape the agendas, so they’re part of that process. And so the reason it’s so unique is because when you ask the customers, and this is a recent thing, this has happened in the last 18 months, and it’s much more pronounced even in the last six months, when you ask them what they want to talk about, they want to talk about fraud. So if that’s the proxy for what they’re worried about, if it’s the proxy for what’s on their mind, it is the number one thing they want to talk about. And I’m convinced that if we simply let these meetings turn into meetings that are all about fraud, that’s where they would go. And so I think the difference is, what’s happened is, you know, in the old days, not too long ago, fraud was something that happened to somebody else, and we’re gonna, we’re gonna do our best, but it hasn’t happened here, and so I’m interested in it, and I’m fine with all the education that’s swirling around, but it’s not really happening here, so it’s not my problem, and that’s what’s changed in the last, you know, year or so, every single company has a fraud issue. They have one, they have several, or they have hundreds of open fraud issues. And they could be significant, they could be non significant, but everybody’s got the issue now, and everybody’s struggling with it. It’s a very sensitive subject because of the whole liability thing. So there’s this dark cloud of liability that hovers over every fraud issue, and what it’s creating is a It feels like we’re, we’re having a tug of war about this, instead of partnering on it. And so that’s, that’s what they want to talk about, and what they’re looking for, and we’ll get into this as we move forward. They’re just looking for a partnership. This is new to them, but it’s real money, and they’re concerned about it.

 

Craig Jeffery  04:31

That’s that’s interesting they’re looking for. It can be a tug of war instead of a partnership. I wonder how much that comes about, because sometimes a company has done something that is very foolish, that to the equivalent of we’ve gone and handed money to somebody in the van that we can’t see, but we thought it was our friend. And they make statements to the bank, well, you’re going to make us whole for this, right? Because we used your system to transfer funds. And you know, the bank responses, maybe initially in their mind is like, that’s insane. You just passed money to somebody you didn’t know. And usually they have some way of saying, No, we’ll do what we can to try to fix this, but we’re not taking the loss for what you did. And sometimes that’s viewed as very adversarial and challenging.

 

Doug Hartsema  05:19

I think you bring up a really, really good point. I would submit that the idea of the bank’s going to cover this right is where we were a couple of years ago. But we’ve moved past that, and the corporates really do understand that, that the bank can’t possibly be liable for something that it didn’t do. If there’s a bank issue, there’s no question about liability, but liability, which used to be the only thing used to drive the discussion, doesn’t drive the discussion anymore. And I think that’s really the point here. Is the corporates have moved beyond liability, and now they want a process that is manageable. That’s where the opportunity is, because the corporates are talking about recovery, the banks are largely talking about prevention and and liability.

 

Craig Jeffery  06:18

So we have, we have a significant amount of data from our research on the level of fraud, the attempts the year over year, continued growth of the threat level, the attempts companies continue to improve what they’re doing. They feel more threatened by it. We do a number of functions and activities around fraud. We have a annual Treasury fraud and control survey. We also provide services. We’ll do payment security assessments looking at payment processes and companies. Where are things exposed? What does a company need to do to fix that? We have payment security training, training focused on the payment processes, and then we also do payment penetration testing, where can companies be compromised a real world adversary, who’s who’s a friendly and not compromising so this is not a commercial. I’m just mentioning that for background, for those who who listen, kind of back to your point about not being tug of war, but a partnering. How are banks working with companies in a more collaborative manner? And why is it a tug of war? It’s, is it only because of the liability issue?

 

Doug Hartsema  07:28

No, I honestly think that this is something that hasn’t really been looked at the way we look at a process. I would use that to give you the advice that I have, which really is, I think the industry needs to look at fraud recovery as a customer facing process, and I don’t believe that’s what’s happening today. And customer facing processes are transparent. They’re traceable. Everybody knows where it stands. What’s going to happen next. It’s not mysterious. The results are unknown, but the process is very, very clear. The example that I would give you is we used to get feedback years ago about the process of an implementation, bank, implementation, new product, whether it’s a sophisticated product, or an or a non sophisticated product, the process of implementation was not very transparent. You didn’t know where it stood. It was a mystery. It was it always took longer than you thought, and there was a lot of feedback about that process, and virtually every bank in the country has fixed that the an implementation today is a very, very different process than it was five years ago, and the reason is because the implementations today are treated as a customer facing process, they have access to an implementation is a project, whether it’s A little project or a big project, it’s a project, but there’s there’s visibility into that project and where it stands is clear, and what you need to do next is clear. So my advice is the banks need to apply the same process that they applied the same, you know, deep dive that they applied to their implementation process and largely fixed it to the fraud recovery process. And I think that’s the real issue here. Is transparency, visibility and some sense of a projected outcome and a time frame.

 

Craig Jeffery  09:38

Even if the specific results may not be known, but there’s guidance given through the process. So transparency, traceability, I think there’s those are some really, really good, good concerns. So how does this play out? In some details, if you’re saying it should be these aspirational things of transparency, traceability, what do banks need to say and communicate to? To live in this world of a better process, like implementation, for example?

 

Doug Hartsema  10:06

That’s a good question. I really think the answer is, this is entirely solvable. And I believe if the bank looked at its fraud recovery process with the, you know, the active open cases that it has, and applied the customer facing filter to that. There’s some obvious things that they need to do, but first and foremost, what we started talking about is this whole concept of who’s going to pay for this, where is the liability. We have to move past that, because the banks can’t afford to be afraid of a transparent recovery process, because they’re still worried that the liability issue might ultimately be theirs. And that’s why I think we’ve we’ve got to move beyond this. You’re going to pay for that, right? Which is exactly what you said, which is exactly where the corporates were a couple of years ago. We have to move past that so that we can then look at it as a process that needs to be updated.

 

Craig Jeffery  11:09

Yeah, who will pay? Where’s the liability? I guess. You know, as you enter this, are we going to get our money back? We don’t know. We know you should respond quickly, because the faster you ask the bank for help, the more rapidly they can respond. And time matters, and this allows them to have a better recovery rate. What should be shared? Right? You can’t say we’re going to recover it, but is there any other guidance that they can give people on the transparency side about this?

 

Doug Hartsema  11:38

The willingness to say, this is what we’re doing. This is who we’re doing it with. This is where it stands. This is our follow up. If I go back to the implementation example, all of the things that are happening behind the scenes are, I mean, I’m not suggesting at all that the banks aren’t chasing this with hundreds and hundreds of people. What they’re not doing is clueing in the folks that are being asked by their boss or their boss’s boss every two weeks, where do we stand on that $10,000 wire that went left instead of right? They don’t have an answer to that.

 

Craig Jeffery  12:15

Yeah, it’s almost like on the customer service side, many, many companies, from tech companies to banks, they they give you an update. Here’s our service level agreement. Here’s an email. It’s not resolved, okay? It’s been escalated to another group. There’s regular communication, even if it’s not what the person wants to hear. It’s not silence, yep, agree. You had shared a statistic earlier, not on this podcast, but as we’re talking through what we might cover, and you gave it a baseball analogy for how banks are succeeding in terms of tracking things down.

 

Doug Hartsema  12:47

Yeah, in one of our meetings, one of the fraud czars at the at the bank mentioned that they actually keep track very, very detailed data on how many of their fraud incidents that they actually recover, and they said they were batting 400 which, you know, in baseball is great, but in business, it’s not. But what was interesting about that is it was the first time anyone was ever willing to share that with a room full of customers, and the customer’s initial reaction is, wow, that’s lower than I was expecting. Is it our fault? Are there things that we can do to help raise your batting average? Because we can’t recover this stuff, we’re counting on you to recover this stuff. And it was just, it was a really, really interesting dialog, because the initial corporate reaction was not four out of 10. That’s ridiculous. The initial corporate reaction was, how can we help?

 

Craig Jeffery  13:46

Yeah, how can we help? One of my first thoughts, I would love to ask this question, if someone can determine that they’re batting 40% success rate of recovering, is there a distinction between someone lets the bank know immediately and someone delays it a day or two, because we know time matters, and so I know there’s going to be some elements. So if they can come up and say, well, when it’s reported within two hours of it happening, the return rate is 75% when it’s more than three days, it’s 12% Yeah, I mean, just just having some of that, like, we have that in so many different areas, areas like, you know, we have this tech ratings for security and services. A company with a score of this high, this amount or higher is 10% is likely to suffer this type of loss. A company this score lower is eight times more likely to suffer this type of fraud than a company with this type of score. Just knowing that, like, at what point does a flip over would be useful. So next time you have those meetings, ask them if they can calibrate that more. I’d love to know data on the value of speed. We say speed matters. It does. I’d love to have a little more clue. Glued in on that.

 

Doug Hartsema  15:01

Yeah, I think you’re really on to something. And I also think that fraud recovery is an opportunity for the banks to differentiate. The banks are trying to differentiate on their products, on their people, on their process. Back to the implementation example. There are banks that absolutely are differentiating themselves the way they do onboarding. And I’m I look forward to the day when a bank says we actually have the highest batting average in the industry that we know of, because we do this and this and this. And so it’s it’s not something that’s going to happen every once in a while. It’s happening hundreds of times a day. And I’d love to see an opportunity for a bank to say we’re going to be the best if, if you have fraud with us, we’re better at recovering your money than someone else. Wouldn’t that be interesting?

 

Craig Jeffery  15:53

Yeah, it would be. And here are the things to help you succeed more, right? That? And that’s what, that’s what the customers are asking, like, how can, how can we help you? What can we do to make you more successful? For us, that’s really good. The other topic on liability or concerns, there’s another area where you know the use of products, and having people certified on products that helps people to be much more user, user experience. They’re not making assumptions about what they’re doing on a system, whether it’s related to fraud or whether it’s sending payments or something else. What’s the issue there on the liability and concern side, from the bank standpoint, that may impede better success if we didn’t take it that way.

 

Doug Hartsema  16:42

Yeah, the whole issue of certification has come up multiple times in the last 18 months or so. And ironically enough, the issue of I want my team to be certified is coming from the corporates. So the corporates are saying, if anybody in my company that has the authorization to move money, I want to know that they actually understand the tools that they’re using, and they see that as a risk management tool. And so it is interesting that it is this is not the banks telling the corporates, you know, Wouldn’t it be neat if your people were certified on our products, which I actually think is a really unique differentiator. It’s the corporate saying, I need my team to be certified that they’re using the products, your products, the best way they can, again, as a risk management tool. Back to the earlier discussion about this, you know, this dark cloud of liability. I think the banks are anxious about certification, because they’re concerned that if someone is a certified user of their systems and they still make a mistake, I think the banks are anxious that that could become an issue around liability. But it is interesting that we’re hearing much more interest in product level certification, particularly around money movement products directly from the corporates, and they want to require it.

 

Craig Jeffery  18:18

The corporation want to require it. Yep, I think that makes sense. We see that across some different domains as well. If we look at those that have payment security specific training, not just cybersecurity training, but payments security specific training, those that have it, versus those that don’t, those that don’t, depending on the area of types of frauds and losses. It’s 1.5 times to five times more, so one and a half to five times more likely that that company will suffer a loss. Now it’s not, you know, 20% 100% but it’s but that type of factor is really useful, and that’s what we expect when someone’s trained, because now they know the 12 areas where someone else is like, I want to get in and get out. I know two things, not realizing, Oh, you didn’t do this. You left the door open, and you created a significant issue for the company. So that this is this was really helpful. Doug, any final thoughts about partnering on fraud? This was a top issue for everybody who goes to these advisory groups. You brought up a lot of really good points. Any final thoughts, either as a recap or or something new to leave with the group?

 

Doug Hartsema  19:34

Yeah, I would finish sort of where we started, which is what the corporates are really looking for, is for this to feel like a partnership. Banks have been talking about trusted advisor for a long time, but to the corporates, at least as it stands today, when this topic comes up, it doesn’t feel like the same partnership that it might feel if we’re working on payments. Modernization or moving from paper to electronic, banks are very, very good at making that a partnership, and I think we’ve got some work to do for the whole fraud issue all the way from prevention to recovery to feel the same way, to feel like a partnership.

 

Craig Jeffery  20:16

Thank you so much. Doug.

 

Announcer  20:23

You’ve reached the end of another episode of the Treasury Update Podcast. Be sure to follow Strategic Treasurer on LinkedIn. Just search for Strategic Treasurer. This podcast is provided for informational purposes only, and statements made by Strategic Treasurer LLC on this podcast are not intended as legal, business, consulting, or tax advice. For more information, visit and bookmark StrategicTreasurer.com.