.svg)
Public-private collaboration in the financial services space has paved the way for a new set of guidelines from Latvia’s financial watchdog that emphasise issues such as prevention and complaints handling.
The Bank of Latvia, in collaboration with the Financial Industry Association, has introduced new guidelines aimed at strengthening financial fraud risk management within the country’s banking and payments sector.
The "Guidelines for the Supervision, Management and Mitigation of Financial Fraud Risk" outlines a risk-based approach for financial institutions (FIs) in Latvia, aiming to improve fraud detection and mitigation for a safer financial environment.
The guidance aligns with regional activity elsewhere in the Baltics — Lithuania’s central bank published similar guidelines in April 2024, focusing on issues such as internal governance requirements and customer due diligence.
Like the Latvian guidelines, they serve as soft law, and both should be taken into account by firms as guidance rather than firm compliance requirements, despite the references to legislation such as the Payment Services Directive (PSD2) throughout.
Corporate governance
The Bank of Latvia’s guidelines reinforce the need for good internal governance structures at institutions, and the regulator stresses that a strong internal framework is essential in preventing fraud and safeguarding both firms and their customers.
FIs are expected to:
- Clearly define roles and responsibilities within fraud risk management structures.
- Establish accountability mechanisms at the management level.
- Implement technology-driven fraud detection and prevention systems.
- Ensure regular staff training on fraud risks, regulatory requirements and best practices.
The regulator also said firms need to establish robust fraud risk management frameworks and factor in regulator reviews, updates and information sharing between departments, auditors and regulators to maintain an effective approach to risk mitigation.
Fraud prevention
To improve fraud monitoring and prevention, the guidelines recommend that FIs operating in Latvia conduct annual fraud risk assessments using a documented methodology.
Firms are also expected to identify, analyse and document all current fraud risks based on reliable data.
In addition, the Bank of Latvia said this process should factor in statistical data and expert opinions, such as that outlined by the European Banking Authority's (EBA) Guidelines on fraud reporting under PSD2.
Institutions are also expected to share fraud-related data in real time at both national and cross-border levels, and to report digital fraud incidents to CERT.LV, Latvia’s cybersecurity incident response body.
Recognising the evolving nature of financial fraud, the guidelines also encourage institutions to leverage technology and real-time fraud monitoring to enhance detection and prevention capabilities.
Like other regulators internationally, including the UK’s Financial Conduct Authority (FCA), the Latvian watchdog has suggested the use of AI-driven fraud detection and transaction monitoring.
The guidelines introduce stringent requirements for rejecting and suspending payments suspected of being fraudulent, stating that firms must refuse high-risk transactions before execution and notify clients accordingly.
They recommend risk-based transaction limits for new customers, to be reviewed regularly.
In addition, customers need to have the option to modify payment limits, although significant increases should require strong customer authentication or direct communication with an institution’s representative.
If a fraudulent transaction has already been executed, institutions should assess whether it can be reversed and communicate possible recovery options to clients.
Where fraud is suspected, FIs should determine whether a client’s account is being misused for illicit purposes, such as money mule activity.
In such cases, communication with the client may be withheld while necessary actions are taken to prevent further financial crime.
Transaction monitoring
The guidelines place significant emphasis on improving payment transaction monitoring, requiring FIs to implement comprehensive measures to detect and prevent fraud.
This involves:
- Flagging new payment instrument registrations, such as payment cards added to digital wallets.
- Identifying unusual transaction patterns, such as rapid fund withdrawals or crypto purchases.
- Monitoring transactions originating from high-risk countries or using suspicious networks such as VPNs or proxies.
Additional measures include detecting known fraud indicators, such as malware presence during authentication, and scrutinising incoming payments for non-standard transactions, including express credits or suspicious fund transfers.
Complaint handling
The Latvian guidelines also focus on consumer protection issues, such as requirements to improve the efficiency of complaint-handling processes.
For example, FIs are expected to establish clear procedures for handling fraud complaints, including the use of thorough analysis and up-to-date complaint statistics.
When responding to complaints, firms should provide specific and detailed replies rather than generalised responses.
Clients also need to receive clear explanations regarding the fraud circumstances, particularly when gross negligence is cited as a reason for refusing compensation.
Institutions should also offer a detailed assessment of the client’s actions and their contribution to the fraud.
In addition, FIs should provide supervisory authorities with evidence and explanations regarding fraud investigations, fund recovery efforts and disputed payment authorisations.
FIs have also been advised to make sure that their customers have easy access to clear information about the complaint handling process and fraud reporting channels.
At the same time, the regulator wants FIs to promote financial literacy by providing updates on emerging fraud trends, educating customers on secure payment practices and offering guidance on protecting financial data.
It said that trained staff should be available to assist clients with fraud-related concerns during working hours.
How should firms respond?
Latvia’s guidelines are advisory, but payment service provider (PSP) firms should view them as essential to maintaining regulatory goodwill.
Adopting these recommendations could strengthen their fraud defences and smoothen interactions with the Bank of Latvia going forward.
Ignoring the fraud management guidelines, even though they are not legally binding, could create challenges for firms.
For example, the regulator may interpret non-compliance as a sign of weak risk management, which could result in more frequent inspections, higher compliance costs and eventually potential enforcement actions.
This increased scrutiny would place additional operational and financial burdens on firms, making it essential to align with regulatory expectations.
Beyond regulatory concerns, failing to follow best practices could severely affect a firm’s reputation.
The regulator and other industry stakeholders may criticise institutions that do not prioritise fraud prevention, leading to negative media attention, including on platforms such as LinkedIn.
In addition, because the guidelines were written in collaboration with the Financial Industry Association, they could be used for accreditation, resulting in firms that do not follow them being shut out of one of the country’s key industry associations.
This sort of negative reception could ultimately lead to damage for firms that outweighs the costs of implementing the guidelines.
The fact that the guidelines are not legally binding means there is flexibility to implementation deadlines.
This will ultimately help firms feed in the changes to their fraud prevention strategies, while showing the regulator that they take their duties to the public seriously.
