To address this growing risk, banks should begin by evaluating and enhancing their existing controls in a manner proportionate to their size and complexity. Scalable solutions do not necessarily require high-end technology. Training front-line staff to identify red flags of synthetic identity misuse (such as unnatural movements in video calls or inconsistencies in submitted documentation) can go a long way in mitigating risk. Adding out-of-band verification (e.g., call-back procedures) for high-risk transactions, reinforcing manual identity reviews during the onboarding of a new customer, and implementing dual-authorization for account changes can also serve as practical, low-cost defenses. Some vendors now offer affordable, modular fraud detection tools, including basic liveness detection or media forensics capabilities, which can be used to supplement traditional customer due diligence. In addition to internal controls, a key risk area lies in the oversight of third-party relationships. As banks increasingly partner with vendors and fintechs to deliver services, it is essential to evaluate not only the vendor’s performance but also how AI is used in the services they provide. Does the vendor rely on AI models for customer verification, risk scoring or fraud detection? If so, what guardrails are in place to detect misuse, synthetic identities or deepfakes? Banks must remember that they remain ultimately responsible for the actions and outputs of their third-party vendors, even when those services are outsourced. This includes ensuring vendors operate within the bank’s risk appetite and regulatory expectations. To meet this obligation, banks should enhance their third-party risk management programs to include specific due diligence around AI model governance, data integrity and fraud control capabilities. Period reviews, contract clauses that require 27 NEBRASKA BANKER
RkJQdWJsaXNoZXIy ODQxMjUw