Fraud Detection: AI Risk Management
                     About Us
Established in 1988, CIMCON Software, LLC is a pioneer in end-
user computing and model risk management, serving over 800 
companies across industries. Recognized by Gartner, Insurance 
ERM, and others as a top risk management vendor, CIMCON brings 
25+ years of experience and industry best practices to support AI 
& GenAI readiness and governance. With the largest global 
installed base, our feature-rich, extensively tested solutions offer 
unmatched depth, support, and reliability.
What is fraud detection and why is risk 
m• Tihte ipgrevaaltenicoe onf f raiumdulepnto acrtitviatiens ptre?sents a 
major problem to firms across the financial sector. In 
fact, according to a report from the Association of 
Certified Fraud Examiners (ACFE), the typical 
organization loses 5% of revenue to fraud each year.
• In addition to the risk of identity theft, 
phishing scams, and other types of 
consumer fraud, firms should also be on the 
look-out for occupational fraud, which is a 
type of financial crime that occurs when an 
employee, manager, or third party misuses 
an organization’s resources for personal 
gain.
• The report from earlier found that more than $4.7 trillion is lost annually due to occupational 
fraud alone worldwide. While fraud attempts have risen sharply post COVID, there are 
strategies that can be leveraged by organizations to manage the risk of fraud both internally 
and externally.
•  In this post, we are going to discuss a few frequently asked questions on the subject of how to 
manage the risk of fraud within your organization.
Managing the Risk from Fraud and Fraud 
1D. Heowt ecacn tAiI omonde lTs ocoontrlisbute to enhancing fraud detection systems within banks, 
and what challenges do they bring in terms of compliance and oversight?
• According to a global survey by The Economist, fraud detection is the most common 
use of AI in banks, driven by the availability of large, imbalanced datasets and the need 
to identify complex patterns that traditional models might miss.
• As AI also empowers fraudsters, staying ahead with advanced detection methods is 
critical, especially with evolving threats and increasing regulatory scrutiny, such as 
the U.K.'s SS1/23 and the U.S.'s SR 11-7, which govern both in-house and third-party 
fraud detection models.
2. Can you tell me more about the risks associated with leveraging 3rd party tools for 
use cases such as Fraud Detection and how you would recommend mitigating these 
risks?
• Third-party models tailored for fraud detection can boost capabilities with minimal 
internal effort, but they also pose risks—especially the threat of Shadow AI, where a 
vendor quietly integrates AI into tools, causing unpredictable performance changes.
• As AI adoption grows, this concern is becoming more common among banks. To 
manage the risk, it's crucial to implement automated reviews and monitor tools for 
behavioral shifts. Model-agnostic methods can detect changes in Validity, Reliability, 
and Interpretability, helping flag unexpected improvements, declines, or shifts in 
predictive features—triggering timely audits and follow-ups with vendors.
3. Considering the recent regulatory changes like SS1/23, what steps should banks 
take to ensure their AI models comply with these new requirements?
• Regulations like SS1/23 highlight the need for a comprehensive firm-wide model 
inventory, yet many firms struggle to understand their full Model Landscape and 
uncover hidden risks. A model-agnostic approach to discovering and assessing AI use in 
EUCs, models, and third-party tools is crucial.
• One effective method involves defining consistent but customized Risk Profiles for different 
use cases—such as AI, classification or regression models, and third-party tools—and 
assigning tailored, automated test groups for each.
• This ensures nuanced validation with auto-generated documentation, while ongoing checks 
for vulnerabilities (e.g., via NIST) and data drift help align with regulatory expectations.
4. Are there any other kinds of risks that arise from fraud that the audience should be 
aware of and what are some approaches to dealing with these risks?
• While consumer fraud is a major area of risk that needs to be addressed, another lesser 
discussed area of risk is occupational fraud, where an employee within an organization misuses 
company resources for personal gain. That is why having controls and accountability within your 
organization can be really key, and this is another requirement stressed often by regulators.
• This can include tracking who is making what changes to models such as your Fraud 
Detection models, have clearly defined policies for the approval of model changes before 
they are deployed, and clearly defined roles and responsibilities for monitoring and 
independent review post deployment. Gaining visibility into these different activities can 
help you identify bottlenecks as well as problem solve when effective policies are not being 
followed or if high risk changes are being made, even if they are being made 
unintentionally.
Streamlined Risk Management
• Overall, having a comprehensive approach to the dynamically evolving landscape of 
fraud and fraud detection and mitigation technology can be instrumental to the success 
of a financial institution.
• This includes the use of 3rd party AI fraud detection tools as well as internally 
developed fraud detection models, and even managing the risk of occupational fraud 
within an organization. With a flexible approach, risks from fraud detection methods 
that are decaying over time or using AI can be addressed and your organization can 
avoid errors that can be costly to the organization.
Contact Us
Boston (Corporate 
Offi+c1e ()978) 692-9868
234 Littleton Road
Westford, MA 01886, 
NeUwS AYork
+1 (978) 496 7230
394 Broadway
New York, NY 10013
THAN
K
You