News Roundup: About 1 in 5 US Commercial Banks Spend at Least Half Their Compliance Budgets on KYC

CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.

Fenergo: About 60% of mid-market commercial banks spend more than one-third of their compliance budgets on KYC

Commercial banks in the U.S. are facing an evolving Know Your Customer (KYC) landscape as regulatory scrutiny demands strict due diligence measures, and their compliance spending reflects that, according to a survey by KYC provider Fenergo.

Among U.S. commercial banks, 20% dedicate more than half of their compliance budget to KYC, while about 40% spend about a third of their compliance budget on KYC, the report found.

Other key findings:

• Popular technology investment areas included operational risk (37%), cybersecurity risk (36%) and financial crime risk (36%) among all banks, while those in the largest category (managing $51 billion to $100 billion in assets), financial crime risk was their top technology investment priority.
• Half of respondents reported losing clients due to slow and inefficient onboarding processes.
• Only 17% of those surveyed fully automate workflows for their credit decisioning processes.

Survey respondents included chief operations officers, chief compliance officers, chief risk officers and chief information officers at mid-market commercial banks in the U.S. with assets ranging from $10 billion to $100 billion.

Survey: About one-third of business leaders say deepfakes haven’t increased fraud risk

Just under one-third (31%) of business leaders say scams powered by deepfake technology haven’t raised their organization’s fraud risk, according to a small survey of C-suite executives by Business.com.

The site’s survey of 244 CEOs and executives found that about 10% of executives said their companies had faced deepfake threats, though few have taken steps to mitigate risks, with more than half saying their employees haven’t had training to identify or address deepfake-powered fraud attempts.

Only 16% of those surveyed said they were very familiar with deepfakes, including how they’re made, their potential uses and their implications.

Report: More than half of global organizations can’t adequately track and report on sensitive data sent externally

Global organizations continue to grapple with how to protect sensitive information in an increasingly complex cyber threat landscape, according to a Kiteworks report that found more than half of those surveyed (57%) lack the ability to track, control and report on sensitive data shared externally.

The findings, part of the company’s annual report on compliance and security around sensitive content communications, also found that 32% of organizations experienced seven or more data breaches in 2023, while two-third exchanged sensitive content with 1,000 or more third parties.

Only 11% of surveyed organizations said they didn’t need to improve security around sensitive content, a number that fell considerably from the 26% who said so in 2023.