The FSA's Fraud Governance report has found that firms can go further to protect themselves and their customers from fraud.
The report notes several areas where firms need to work harder.
Philip Robinson, financial crime sector leader at the FSA, said: "Firms need to continue to invest in systems and controls and manage their responses to fraud in order to avoid being targeted as the weakest link."
The report found firms that underinvested in anti-fraud measures tended to suffer relatively high levels of losses.
The FSA said that only a handful of firms were found to be developing formal risk assessment processes and, as a result, firms tended to respond to fraud in an incident-driven manner.
In particular, the report warns smaller firms to analyse their vulnerability to attack and consider the threats to their business in a structured way because the impact of an attack or series of fraud events could be particularly damaging.
The report also noted some unclear or inappropriate allocation of anti-fraud responsibilities within firms. For example, accountability in individual roles was not always clearly defined and responsibility may be de-prioritised in favour of other business needs.
Insider fraud - whether arising from collusion, coercion, infiltration or existing employee action - was cited by firms as one of the most serious threats. The most common example offered by firms was incidents of staff being approached outside work and offered money to sell confidential information.
To counter this rising threat firms have tightened their employee vetting procedures. The report said the intensity of vetting varied between firms but did not always apply to both temporary and permanent staff.
The regulator also found evidence of competing priorities between fraud mitigation and customer experience. Firms were found to be wary of putting customers off by implementing protective measures that risk causing inconvenience to them over and above what their competitors do.
The FSA said firms recognise that customer education and awareness is vital to reduce fraud, but they should ensure that sufficient resources are applied to these areas.
