What senior compliance professionals said about insider threat

When financial crime teams think about where the next threat will come from, the instinct is almost always to look outward. Fraud rings. Sanctions exposure. Mule accounts. And rightly so; these are real, relentless risks that demand constant vigilance.

Most programmes are built to look outward. But not all threats arrive from outside.

Insider risk sits across Fraud, AML, Cyber, HR and Conduct simultaneously. As a result, it tends to be nobody’s problem in particular. When everyone owns it, no one does.

One thread that came through clearly was the shift in regulatory expectation. The FCA is no longer just asking whether you have controls; they are asking whether you can prove those controls actually work. For many organisations, that is a harder question to answer than it might appear.

The discussion identified specific moments where risk tends to concentrate: employees under financial stress, high performers preparing to leave, bad actors missed at onboarding, and role changes with increased access.

The group also explored how hybrid working may be changing the picture, with the informal signals that once helped surface behavioural change becoming harder to read at a distance.

Perhaps the most thought-provoking moment in the room came when we turned the question back on the audience: are you applying the same scrutiny to insider behaviour that you routinely apply to customers?

Transaction monitoring is built to detect patterns, surface anomalies and flag unusual behaviour over time. Those are exactly the characteristics of insider threat: gradual change, non-obvious signals and behavioural drift. Many firms may already have the capability to do this more effectively. They are simply not using it that way.

Three practical actions came out of the session.

• Appoint one accountable owner for insider threat in the first instance. Not a committee; a person, with genuine end-to-end responsibility.
• Test your controls, not just your policies. Pick a realistic insider scenario and simulate it. Would you detect it? How quickly? Who would act?
• Design for moments of vulnerability, not just systems. Monitor the periods when risk is highest: financial stress, access changes and long stretches without leave.

ThirdEye, in partnership with Cosegic, has also brought together a practical guide, a blog and an on-demand webinar to help financial crime and compliance teams get to grips with insider threat. All three are available at jadethirdeye.com/detecting-and-preventing-insider-threat