Five Questions Every Financial Institution Should Be Asking

Check fraud isn’t a new problem, but it continues to demand new attention.

According to the Association for Financial Professionals’ 2025 Payments Fraud & Control Survey, 63% of organizations experienced attempted or actual check fraud in 2024, making checks the payment method most frequently targeted by fraudsters. At the same time, the FBI and U.S. Postal Inspection Service have warned that mail theft-related check fraud continues to rise, with suspicious activity reports nearly doubling between 2021 and 2023.

For financial institutions, however, the challenge extends beyond fraud losses. Every suspicious check can trigger manual reviews, investigations, exception processing, and coordination across multiple systems. As fraud becomes more sophisticated, the operational burden of detecting and investigating it continues to grow.

The question isn’t simply, “How do we stop more fraud?”

Instead, the question institutions should be asking is, “Do we have a monitoring strategy that gives us the visibility to identify risk before it becomes an operational burden?”

Below are five areas every financial institution should evaluate.

1. Are You Building Monitoring on a Strong Foundation?

Effective monitoring starts long before the first transaction occurs.

Customer due diligence, account onboarding, and risk profiling determine whether monitoring systems have the context needed to identify suspicious behavior. Without that context, alerts become generic, investigations take longer, and analysts spend valuable time gathering information manually.

Ask yourself:

  • Do we establish expected account behavior during onboarding?

  • Are customer risk ratings incorporated into monitoring decisions?

  • Do monitoring rules leverage customer profile information, not just transaction activity?

When these foundations are missing, every investigation becomes more difficult than it should be.

2. Can You Recognize When Activity Is Truly Unusual?

Traditional monitoring often relies on fixed thresholds. Today’s fraud doesn’t.

Fraudsters intentionally operate below traditional limits, making subtle changes that appear legitimate until viewed against a customer’s normal behavior.

Instead of asking whether a transaction exceeds a rule, institutions should ask whether it makes sense for that customer.

Consider questions like:

  • Have we defined what “normal” looks like for each customer segment?

  • Can we identify changes in transaction velocity, payment type, or volume?

  • Do alerts identify deviations from expected customer behavior?

Context matters just as much as transaction amount.

3. How Quickly Can You Detect Fraud?

Time is one of the biggest differentiators between containing fraud and managing its aftermath.

Many institutions still rely heavily on end-of-day reviews or manual investigation queues. While these remain important, fraud increasingly requires real-time visibility.

Think about your current capabilities:

  • Are ACH transactions monitored as they occur?

  • Are check images analyzed for fraud indicators?

  • Does online banking activity contribute to fraud alerts?

  • Can suspicious activity trigger preventative action before funds leave the institution?

The faster you identify risk, the more options you have to stop losses and reduce investigation workloads.

4. Do You Have Visibility Across Every Payment Channel?

Fraud rarely stays within a single channel.

A customer may deposit a fraudulent check, initiate an ACH transfer, log into online banking from an unfamiliar device, and move funds externally, all within a short period of time.

If monitoring tools operate independently, investigators must piece together the story manually.

Ask yourself:

  • Does monitoring cover checks, ACH, wires, cash, and card activity?

  • Are real-time controls supplemented with end-of-day monitoring?

  • Are new payment products incorporated into your monitoring strategy?

The more disconnected your monitoring environment, the more difficult investigations become.

5. Are Your Investigations Making Your Institution Stronger?

Every fraud investigation produces valuable intelligence.

The most mature institutions don’t simply resolve alerts, they use investigation outcomes to strengthen policies, adjust controls, and improve monitoring over time.

Questions worth asking include:

  • Have fraud trends changed transaction limits or funds availability policies?

  • Are recurring alerts revealing control gaps?

  • Are investigation findings feeding continuous improvements to monitoring?

Monitoring shouldn’t be a reactive process. It should continuously evolve as fraud evolves.

The Bigger Picture

Check fraud may be today’s headline, but it’s really exposing a larger operational challenge.

Growing investigation queues. Manual reviews. Disconnected workflows. Limited visibility. Delayed decisions.

These issues don’t just increase operational costs, they reduce an institution’s ability to respond to emerging threats.

Building a comprehensive monitoring strategy means looking beyond individual fraud events and asking whether your monitoring program is providing the visibility, context, and actionable intelligence your team needs.

How Does Your Monitoring Strategy Measure Up?

We’ve created a practical assessment to help banks and credit unions evaluate their current monitoring approach.

The checklist walks through customer due diligence, expectations-based monitoring, real-time detection, layered monitoring, and continuous improvement—helping you identify strengths as well as opportunities to strengthen your fraud program.

Download the free guide: Building a Comprehensive Monitoring Strategy: A Practical Assessment for Banks and Credit Unions

And don’t miss our Thursday webinar series, where our fraud experts explore real-world monitoring strategies, emerging fraud trends, and practical approaches to reducing operational burden while improving detection. Register for an upcoming webinar.

Sources:

https://www.frbservices.org/news/fed360/issues/060325/check-fraud-remains-top-threat

https://www.fbi.gov/investigate/cyber/alerts/2025/mail-theft-related-check-fraud-is-on-the-rise

Automate the Easy — Empower the Thinking

Every fraud or compliance professional knows the feeling. You start the day ready to tackle high-risk alerts or a suspicious new pattern, and before you know it, you’ve spent three hours reviewing OFAC potential matches or manually closing out CTRs. By the time you reach the interesting work — the work that requires real judgment — the day is half gone.

The truth is, too many teams are stuck in that loop. As regulatory expectations grow and fraudsters become more creative, teams are buried under repetitive tasks that steal focus from where it’s needed most. The goal of automation isn’t to replace human expertise — it’s to protect it.

The Real Challenge: Volume Over Value

Financial institutions are handling more alerts, more cases, and more data than ever. Yet resources don’t always grow at the same pace. Analysts and investigators are expected to meet tight deadlines while managing rising workloads.

When that happens, something important gets lost: thinking time.

Critical connections between related cases. The intuition that spots a behavioral shift in a long-time customer. The creativity it takes to design new monitoring rules or recognize an emerging typology. These are the skills that no algorithm can replicate — but they require space to think.

Automate the Easy

That’s where smarter automation comes in. The idea isn’t to hand everything over to technology; it’s to delegate the routine so people can focus on the complex.

Think about tasks like:

  • Filing CTRs that meet clear thresholds.
  • Reviewing OFAC matches.
  • Assigning or escalating cases based on the situation.
  • Tracking activity for internal and external reporting.

These are predictable, rules-based activities. They’re important, but they don’t require human judgment every single time. Automating them ensures they get done accurately and consistently — while freeing your analysts to focus on what only humans can do.

Empower the Thinking

Once the easy work is automated, your team’s time is spent where it truly matters:

  • Analyzing the hard cases. Connecting patterns across multiple alerts, accounts, or time periods.
  • Investigating with context. Using history and behavior to understand not just what happened, but why.
  • Driving improvement. Refining detection logic, adjusting risk models, and contributing to smarter policy decisions.

That’s what modern fraud and compliance teams are built for — not clicking boxes, but solving puzzles. Automation gives them the breathing room to do exactly that.

Innovation Isn’t About Doing More — It’s About Doing Better

It’s easy to equate innovation with adding more technology. But the best programs innovate by using technology strategically. They automate the predictable to unlock the potential of their people.

At SimpliRisk, that’s the philosophy behind our entire platform. We help institutions streamline what’s repetitive — from managing workflows to documenting reviews — so that your analysts can spend their time thinking, connecting, and preventing.

Because the future of fraud and compliance isn’t about machines replacing people. It’s about giving people the tools and time to think.

When the easy parts of compliance take care of themselves, your team can do what no automation ever will — think critically, act decisively, and stay one step ahead.

From Lone-Wolf to Pack Defense: Why Fraud Data Sharing Is the Trend Banks Should Lean Into

Fraud is increasingly a networked crime. The same Business Email Compromise (BEC) crew, call-center scam, or check-alteration playbook will sweep across regions and brands in waves—hitting multiple banks and credit unions within days. In 2024, the FBI’s IC3 recorded $16B+ in reported internet-enabled losses, up ~33% year over year—evidence that organized scammers are scaling faster than any single institution can respond. (Federal Bureau of Investigation, Internet Crime Complaint Center)

How modern fraud actually “scales” across institutions

  • Reusable kits & scripts. Phishing- and fraud-as-a-service ecosystems let bad actors replicate the same trap at national scale, swapping only logos and URLs. Recent takedowns (e.g., INTERPOL’s 16shop) show how ready-made kits industrialize scams across brands. IBM’s threat reporting likewise highlights phishing kits as a top initial access vector. (Interpol, IBM)
  • Channel-hopping campaigns. The ring that targets one bank’s online banking this week can pivot to another’s mobile app—or switch to SMS “smishing”—next week, using the same victim narratives (delivery issues, payroll updates, prize claims).
  • Serial payees & destinations. Even when victims, devices, or account numbers change, the counterparties they send to (emails, handles, URLs, receiving accounts) often repeat—prime signals to share.
  • Check-fraud waves. Mail-theft-driven check fraud has surged; FinCEN’s analysis logged $688M in suspicious activity tied to mail theft over just six months, illustrating how a tactic rolls across many FIs. (FinCEN.gov)
  • Where losses concentrate. Survey data show debit-card and check fraud account for the largest shares of FI fraud losses—exactly the areas where fast cross-FI signal-sharing pays off. (ABA Banking Journal, FRB Services)

Why sharing fraud data works

  1. It breaks the copy-paste loop. When Bank A flags a payee/email/device pattern tied to an active scam, Banks B–Z can step-up authentication or pause suspicious sends before the playbook repeats. Sector frameworks emphasize establishing a common language so fraud intel moves quickly and usefully between teams and firms. (FS-ISAC, ABA Banking Journal)
  2. It speeds containment. Cross-FI alerts turn a one-off incident into early warning for everyone else—especially useful for rolling text/email scams and recurring check-deposit patterns.
  3. It improves precision. Narrow, recent, fraud-only signals (e.g., “first-seen payee used in eight recent BEC cases”) lift catch-rates without blanketing good customers.

What to share (fraud-only)

Focus on fraud indicators, not customer dossiers:

  • Counterparty signals: emails/phones, URLs/domains, handles/usernames, payee name variants, merchant/descriptor fragments.
  • Event fingerprints: time, IP ranges/ASN, app versions.
  • Case outcomes: “open or closed,” “potential loss”.

The takeaway

Fraudsters already operate as a network. Data sharing lets our defenses do the same—turning isolated incidents into sector-wide early warnings and shrinking the window where a scam can spread. A focused, privacy-conscious sharing program helps banks and credit unions stop copy-paste scams before they ripple across the industry.  Learn more about the SimpliRisk Peer Fraud Network today.

Sources & further reading

 

ACH Credit Monitoring Is Coming: What Banks & Credit Unions Must Do by June 2026

In 2026, NACHA will require risk-based monitoring for ACH credits to combat credit-push fraud. Large ACH processors must start March 20, 2026; everyone else by June 22, 2026. The rules emphasize risk-based processes, annual reviews, and does not require pre-posting monitoring. (Nacha)

Why this change matters

Fraud has shifted toward credit-push scams—criminals trick legitimate payers into sending funds to mule accounts (e.g., via BEC). NACHA’s new rules create a baseline of fraud monitoring across the network so both originators and receivers have a role in spotting suspicious activity and improving recovery outcomes. The rules also introduce and reference “False Pretenses” (payments induced by misrepresentation of identity/authority or ownership of the credited account), which squarely covers BEC, vendor and payroll impersonation. (Nacha)

Who is affected and when

  • Phase 1 — March 20, 2026
    • Applies to all ODFIs and non-consumer Originators/TPS/TPSPs with ≥6M originated entries in 2023.
    • Applies to RDFIs with ≥10M received entries in 2023. (Nacha)
  • Phase 2 — Practical date Monday, June 22, 2026 (effective date is Friday, June 19—a federal holiday)
    • Extends to all other Originators/TPS/TPSPs and all other RDFIs. Nacha explicitly notes the June 22, 2026, practical date. (Nacha)

What’s actually required

For RDFIs (incoming ACH credits)

Establish and implement risk-based processes and procedures reasonably intended to identify ACH credit entries initiated due to fraud (including “False Pretenses”). Review these processes at least annually. Nacha clarifies pre-posting monitoring is not required. (Nacha)

For ODFIs/Originators/TPS/TPSPs (outgoing)

Implement risk-based processes and procedures to identify entries suspected of being unauthorized or authorized under False Pretenses, with annual reviews. Pre-processing monitoring is not required by rule, though it offers the best chance to stop fraud. (Nacha)

What “risk-based credit monitoring” looks like (RDFI examples)

Your program can combine rules, analytics, and case workflows around signals such as:

  • Velocity & anomalies: first-time credits from a new Originator, sudden step-ups in amount/frequency, off-cycle “PAYROLL” bursts, unusual flows to a newly opened account.
  • Context mismatches: SEC code inconsistent with account type; unexpected Company Entry Descriptions relative to prior behavior.
  • Account risk: account age, typical balances, historic inflows/outflows, prior fraud flags, segment risk.
    These examples mirror Nacha’s guidance and align with existing AML monitoring practices. (Nacha)

A note on “pre-posting”

Many institutions ask if they must monitor before posting credits. Answer: No. Nacha states pre-posting monitoring of credit entries is not required; programs can be post-posting while still being risk-based and effective. (Nacha)

How SimpliRisk can help

  • Risk-based credit monitoring for unusual SEC codes, high volume or unusual cycle payroll, high dollar, high volume, unexpected jump in amounts.
  • Alerts workflows to review monitoring events.
  • Case investigations to dive deeper into unusual activity, leverage our Peer Fraud Network tools to evaluate the risk against other known fraud.