Fraud Detection: AI Risk Management

1. About Us Established in 1988, CIMCON Software, LLC is a pioneer in end-user computing and model risk management, serving over 800 companies across industries. Recognized by Gartner, Insurance ERM, and others as a top risk management vendor, CIMCON brings 25+ years of experience and industry best practices to support AI & GenAI readiness and governance. With the largest global installed base, our feature-rich, extensively tested solutions offer unmatched depth, support, and reliability.

2. What is fraud detection and why is risk mitigation important? • The prevalence of fraudulent activities presents a major problem to firms across the financial sector. In fact, according to a report from the Association of Certified Fraud Examiners (ACFE), the typical organization loses 5% of revenue to fraud each year. • In addition to the risk of identity theft, phishing scams, and other types of consumer fraud, firms should also be on the look-out for occupational fraud, which is a type of financial crime that occurs when an employee, manager, or third party misuses an organization’s resources for personal gain.

3. The report from earlier found that more than $4.7 trillion is lost annually due to occupational fraud alone worldwide. While fraud attempts have risen sharply post COVID, there are strategies that can be leveraged by organizations to manage the risk of fraud both internally and externally. • In this post, we are going to discuss a few frequently asked questions on the subject of how to manage the risk of fraud within your organization.

4. Managing the Risk from Fraud and Fraud Detection Tools 1. How can AI models contribute to enhancing fraud detection systems within banks, and what challenges do they bring in terms of compliance and oversight? • According to a global survey by The Economist, fraud detection is the most common use of AI in banks, driven by the availability of large, imbalanced datasets and the need to identify complex patterns that traditional models might miss. • As AI also empowers fraudsters, staying ahead with advanced detection methods is critical, especially with evolving threats and increasing regulatory scrutiny, such as the U.K.'s SS1/23 and the U.S.'s SR 11-7, which govern both in-house and third-party fraud detection models.

5. 2. Can you tell me more about the risks associated with leveraging 3rd party tools for use cases such as Fraud Detection and how you would recommend mitigating these risks? • Third-party models tailored for fraud detection can boost capabilities with minimal internal effort, but they also pose risks—especially the threat of Shadow AI, where a vendor quietly integrates AI into tools, causing unpredictable performance changes. • As AI adoption grows, this concern is becoming more common among banks. To manage the risk, it's crucial to implement automated reviews and monitor tools for behavioral shifts. Model-agnostic methods can detect changes in Validity, Reliability, and Interpretability, helping flag unexpected improvements, declines, or shifts in predictive features—triggering timely audits and follow-ups with vendors.

6. 3. Considering the recent regulatory changes like SS1/23, what steps should banks take to ensure their AI models comply with these new requirements? • Regulations like SS1/23 highlight the need for a comprehensive firm-wide model inventory, yet many firms struggle to understand their full Model Landscape and uncover hidden risks. A model-agnostic approach to discovering and assessing AI use in EUCs, models, and third-party tools is crucial. • One effective method involves defining consistent but customized Risk Profiles for different use cases—such as AI, classification or regression models, and third-party tools—and assigning tailored, automated test groups for each. • This ensures nuanced validation with auto-generated documentation, while ongoing checks for vulnerabilities (e.g., via NIST) and data drift help align with regulatory expectations.

7. 4. Are there any other kinds of risks that arise from fraud that the audience should be aware of and what are some approaches to dealing with these risks? • While consumer fraud is a major area of risk that needs to be addressed, another lesser discussed area of risk is occupational fraud, where an employee within an organization misuses company resources for personal gain. That is why having controls and accountability within your organization can be really key, and this is another requirement stressed often by regulators. • This can include tracking who is making what changes to models such as your Fraud Detection models, have clearly defined policies for the approval of model changes before they are deployed, and clearly defined roles and responsibilities for monitoring and independent review post deployment. Gaining visibility into these different activities can help you identify bottlenecks as well as problem solve when effective policies are not being followed or if high risk changes are being made, even if they are being made unintentionally.

8. Streamlined Risk Management • Overall, having a comprehensive approach to the dynamically evolving landscape of fraud and fraud detection and mitigation technology can be instrumental to the success of a financial institution. • This includes the use of 3rd party AI fraud detection tools as well as internally developed fraud detection models, and even managing the risk of occupational fraud within an organization. With a flexible approach, risks from fraud detection methods that are decaying over time or using AI can be addressed and your organization can avoid errors that can be costly to the organization.

9. Contact Us Boston (Corporate Office) +1 (978) 692-9868 234 Littleton Road Westford, MA 01886, USA New York +1 (978) 496 7230 394 Broadway New York, NY 10013

10. THANK You