About Us
Established in 1988, CIMCON Software, LLC is a pioneer in end-user computing and
model risk management, serving over 800 companies across industries. Recognized
by Gartner, Insurance ERM, and others as a top risk management vendor, CIMCON
brings 25+ years of experience and industry best practices to support AI & GenAI
readiness and governance. With the largest global installed base, our feature-rich,
extensively tested solutions offer unmatched depth, support, and reliability.
What is fraud detection and why is risk mitigation important?
The prevalence of fraudulent activities presents a major problem
to firms across the financial sector. In fact, according to a report
from the Association of Certified Fraud Examiners (ACFE), the
typical organization loses 5% of revenue to fraud each year.
In addition to the risk of identity theft, phishing scams,
and other types of consumer fraud, firms should also
be on the look-out for occupational fraud, which is a
type of financial crime that occurs when an employee,
manager, or third party misuses an organization’s
resources for personal gain.
The report from earlier found that more than $4.7 trillion is lost annually due to occupational fraud alone worldwide.
While fraud attempts have risen sharply post COVID, there are strategies that can be leveraged by organizations to
manage the risk of fraud both internally and externally.
In this post, we are going to discuss a few frequently asked questions on the subject of how to manage the risk of fraud
within your organization.
Managing the Risk from Fraud and Fraud Detection Tools
1. How can AI models contribute to enhancing fraud detection systems within banks, and what challenges do they
bring in terms of compliance and oversight?
According to a global survey by The Economist, fraud detection is the most common use of AI in banks, driven
by the availability of large, imbalanced datasets and the need to identify complex patterns that traditional
models might miss.
As AI also empowers fraudsters, staying ahead with advanced detection methods is critical, especially with
evolving threats and increasing regulatory scrutiny, such as the U.K.'s SS1/23 and the U.S.'s SR 11-7, which
govern both in-house and third-party fraud detection models.
2. Can you tell me more about the risks associated with leveraging 3rd party tools for use cases such as Fraud
Detection and how you would recommend mitigating these risks?
Third-party models tailored for fraud detection can boost capabilities with minimal internal effort, but they
also pose risks—especially the threat of Shadow AI, where a vendor quietly integrates AI into tools, causing
unpredictable performance changes.
As AI adoption grows, this concern is becoming more common among banks. To manage the risk, it's
crucial to implement automated reviews and monitor tools for behavioral shifts. Model-agnostic methods
can detect changes in Validity, Reliability, and Interpretability, helping flag unexpected improvements,
declines, or shifts in predictive features—triggering timely audits and follow-ups with vendors.
3. Considering the recent regulatory changes like SS1/23, what steps should banks take to ensure their AI models
comply with these new requirements?
Regulations like SS1/23 highlight the need for a comprehensive firm-wide model inventory, yet many firms
struggle to understand their full Model Landscape and uncover hidden risks. A model-agnostic approach to
discovering and assessing AI use in EUCs, models, and third-party tools is crucial.
One effective method involves defining consistent but customized Risk Profiles for different use cases—such as AI,
classification or regression models, and third-party tools—and assigning tailored, automated test groups for each.
This ensures nuanced validation with auto-generated documentation, while ongoing checks for vulnerabilities (e.g.,
via NIST) and data drift help align with regulatory expectations.
4. Are there any other kinds of risks that arise from fraud that the audience should be aware of and what are some
approaches to dealing with these risks?
While consumer fraud is a major area of risk that needs to be addressed, another lesser discussed area of risk is
occupational fraud, where an employee within an organization misuses company resources for personal gain. That is
why having controls and accountability within your organization can be really key, and this is another requirement
stressed often by regulators.
This can include tracking who is making what changes to models such as your Fraud Detection models, have
clearly defined policies for the approval of model changes before they are deployed, and clearly defined roles and
responsibilities for monitoring and independent review post deployment. Gaining visibility into these different
activities can help you identify bottlenecks as well as problem solve when effective policies are not being followed
or if high risk changes are being made, even if they are being made unintentionally.
Streamlined Risk Management
Overall, having a comprehensive approach to the dynamically evolving landscape of fraud and fraud detection
and mitigation technology can be instrumental to the success of a financial institution.
This includes the use of 3rd party AI fraud detection tools as well as internally developed fraud detection
models, and even managing the risk of occupational fraud within an organization. With a flexible approach,
risks from fraud detection methods that are decaying over time or using AI can be addressed and your
organization can avoid errors that can be costly to the organization.
Contact Us
Boston (Corporate Office)
+1 (978) 692-9868
234 Littleton Road
Westford, MA 01886, USA
New York
+1 (978) 496 7230
394 Broadway
New York, NY 10013
THANK
YOU