Prevent, detect and manage fraud across the enterprise, making smarter decisions, increasing return on capital and driving business performance are the key indicators of an organization that are thriving management.
Banks are likely to become exposed to diverse frauds involving various intruders like: employees, customers and those with whom it has business dealings. Contemporary criminals make use of sophisticated skills and advanced technologies to perform unlawful activities in the financial sector. Such activities are often associated with money laundering, embezzlement, evasion of sanction, and illegal transfer of funds for tax avoidance and financing terrorism. Frauds can be engineered by the outsiders, with or without connivance by the employees or by the latter on their own. Involvement amongst the employees in committing a fraud constitutes a more serious threat as banks’ records and vouchers are tempered with rendering fraud detection difficult. This can expose a financial institution to various risks in terms of operations, legal affairs, regulations and reputations.
In order to prevent any fraud, a bank should establish sound and prudent practices in Good governance, Risk management &Compliance (GRC) and management by developing a strategy, approving a policy and implementing a procedure. The bank can easily minimize fraud risks within its integrated risk management framework. It is compulsory to identify, assess and quantify such risks and implement the risk mitigation measures in order to minimize the possibility of occurrence of any event that may affect the bank.
Fraud: Act or course of deception, an intentional concealment, omission, or perversion of truth, to:
(1) gain unlawful or unfair advantage,
(2) induce another to part with some valuable item or surrender a legal right, or
(3) inflict injury in some manner.
Forgery: False-making, or any material-alteration of any document or writing to pass it off as genuine, whether by addition, erasure, insertion, obliteration, removal, or otherwise with intent to defraud.
Fraud must be proved by showing that the fraudster’s actions involved five separate elements:
(1) A false statement of a material fact,
(2) Knowledge on the part of the fraudster that the statement is untrue,
(3 ) Intent on the part of the fraudster to deceive the victim,
(4) Just if able reliance by the alleged victim on the statement, and
(5) Injury to the alleged victim as a result.
These elements contain nuances that are not all easily proved.
First, not all false statements are fraudulent. To be fraudulent, a false statement must relate to a material fact. It should also substantially affect a person’s decision to enter into a contract or pursue a certain course of action.
Second, the fraudster must know that the statement is untrue. A statement of fact that is simply mistaken is not fraudulent. To be fraudulent, a false statement must be made with intent to deceive the victim. This is perhaps the easiest element to prove, once falsity and materiality are proved, because most material false statements are designed to mislead.
Third, the false statement must be made with the intent to deprive the victim of some legal right.
Fourth, the victim’s reliance on the false statement must be reasonable. Reliance on a patently absurd false statement generally will not give rise to fraud; however, people who are especially gullible, superstitious, or ignorant or who are illiterate may recover damages for fraud if the fraudster knew and took advantage of their condition.
Finally, the false statement must cause the victim some injury that leaves her or him in a worse position than she or he was in before the fraud.
Types of fraud:
Fraud can be committed in a number of different ways and in a number of different settings. One common type of fraud in banking is customer account takeover, where someone illegally gains access to a victim’s bank account using bots. Other examples of fraud in banking include the use of malicious applications, the use of false identities, money laundering, credit card fraud and mobile fraud etc.
Actions that constitute fraud refer to, but are not limited to:
- Any dishonest or fraudulent act
- Misappropriation of funds, securities, supplies, or other assets
- Impropriety in the handling or reporting of money or financial transactions
- Disclosing confidential and proprietary information to outside parties
- Accepting or seeking anything of material value from customers, contractors, vendors, or persons providing services/materials to the bank.
- Destruction, removal, or inappropriate use of records, furniture, fixtures, and equipment;
- Any similar or related irregularity
- Receipt of tip-offs
- Refusal to take vacation or sick leave
- Significant personal debt & credit problems
- Behavioral change – These may be an indication of drugs, alcohol, gambling etc.
- High employee turnover, especially in those areas which are those vulnerable to fraud
- Lack of segregation of duties in a vulnerable area
- Employee life style change: expensive cars, jewelry, homes, clothes
- Managers display significant disrespect for regulatory bodies
- Policies & procedures are not documented or enforced
Impact of fraud
Fraud, whatever form it may take, is never a desirable event for a bank. It costs an adverse impact not only on bank’s financial health but also on other non-financial aspects. Some of the major impacts of fraud are listed below:
- Reduced operational efficiency
- Loss of funds
- Bad press publicity
- Loss of trust
- Staff anxiety
- Investigation costs
- Confidentiality compromised
- Damage to credibility
- Strategic plans jeopardized
- Throwing good money after bad
The ideal approach shall involve the whole company and its processes in order to provide the key solution defining the Fraud Management Solution.
The functional model for the definition of an anti-fraud solution is based on three different components:
- Prevention: It includes all the components of the key value such as the customer identity, the creation and delivery of the service, new IT applications and technologies, new operations and business processes, adequate SLAs
- Detection and management: It includes decision-making and back-office processes
- Analysis and investigation: It includes KPIs and data analyses
A pro-active fraud prevention program is key for the bank in its battle against fraud. At minimum, the program must:
- Reduce risk of fraud
- Act as a deterrent
- Reduce opportunity
- Reduce internal and external pressures
- Align attitudes of employees
- Provide an avenue for communication and openness
- Save money and resources in the long run and reduce potential fraudulent activities
Fraud prevention measures:
- Anti-Fraud Culture: To prevent fraud at grass root level, an anti-fraud culture needs to be instilled and observed at the top of the organizational. The Board of Directors and the Management need to firmly assert their standing against fraud of any scale and extent. A tone of zero tolerance against fraud is the foundation to the organization-wide implementation of anti-fraud environment. There should be a culture that removes undue pressure that may eventually push the employees to commit fraud and prevent the employees for rationalizing any fraud, minor or significant, under any circumstances.
- Employee code of ethics: A code of ethics must be development that serves as a guiding tool that helps employees to discern between what is right and what is wrong. Any deviation of the code of the ethics may call for disciplinary actions from the appropriate authority. A monitoring mechanism also needs to be in place to ensure full compliance.
- Extensive Background Check: While considering an individual as a potential employee for the Bank an extensive background checking needs to be in effect to decide whether he/she is susceptible to commit fraud. As often times, external parties get involved in to bank fraud, background need to be checked while selecting customers, suppliers, business partners, agents, etc.
- Compliance to adopted modus operandi: Every transaction should comply with the modus operandi adopted by the bank and any deviation from it should be suspected as a potential threat of fraud that needs to be prevented.
- Strong and effective IT control: Since operations of the bank are now highly IT intensive, the following issues need to be considered to ensure the integrity, security, efficiency and reliability, and compliance to the Bank’s information systems and resources management:
- Monitoring of IT operations, databases, server hardware and server operating systems, network infrastructure and applications systems to be ensured.
- Quality assurance, systems development controls and user acceptance testing (UAT), review of all new systems to be done for ensuring elimination of technology related risk and vulnerability in the product, process, and system.
- Ensuring quality of internal and external financial reporting.
- Segregation of duties: For an instance, relationship managers need to be functionally and, if possible, physically separated from risk managers to ensure due diligence and compliance so that credit is offered to a genuine borrower after observing all necessary formalities. Thus, Bank must find out such areas of operation that are related but need to be separated to guard against fraud events.
- Strict Password maintenance: A password maintenance policy should be developed and strictly followed and none shall be allowed to share password with other colleagues. When leaving the desk for a moment, the computer must be logged off so that, in his/her absence, other employees cannot use the computer to effect a transaction or change any information.
- Duty Rotation: Often times, it is observed that an individual employee keeps serving a particular position for a substantially long period of time. Such over-staying to a particular position may give him/her an opportunity to take an undue advantage and commit fraud. So, there must be a position duty policy that shall logically rotate employees and reduce such risk.
- Limitations of access to assets/resources: Vital assets/resources (tangibles and intangibles) need to be under controlled custody of Bank. Only authorized officers shall be allowed to have access to it and such access must be recorded and regulated. The custodian of vital assets/resources must have access to the list for preventing any unauthorized access and use of bank’s resources.
- Removal of unauthorized and formal system users: A formal authorized user of a particular system may be assigned a different job and, by default, no longer be reckoned as an authentic user of that system.
- Training & Communication: Employees, at all level, should be made aware of the existing policies and procedures for preventing fraud, and whenever there is a new policy that must be immediately communicated to all for compliance. Apart from employees, the customers of the bank can also be educated by the publication of various safety manuals for them into the Bank’s web site.
- Self-Assessment of Anti-Fraud Internal Control: All Divisions/Departments/Units should establish self-assessment process that will assess how effectively the Division’s/Department’s/ Unit’s Anti-Fraud Internal Controls enable management to identify areas of risk or to assess the need for additional control mechanisms.
Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false fabrications. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging cheques or using stolen credit cards. Other forms of fraud may involve inflating losses or causing an accident with the sole intent for the disbursement.
With an unlimited and rising number of ways someone can commit fraud, detection can be difficult to accomplish. Activities such as reorganization, downsizing, moving to new information systems or encountering a cybersecurity breach could weaken an organization’s ability to detect fraud. This means techniques such as real-time monitoring for frauds is recommended. Organizations should look for fraud in financial transactions, location, devices used, initiated sessions and authentication systems.
Fraud detection techniques
Fraud is typically an act which involves many repeated methods; making searching for patterns a general focus for fraud detection. For example, data analysts can prevent insurance fraud by making algorithms to detect patterns and anomalies.
Fraud detection can be separated by the use of statistical data analysis techniques or artificial intelligence (AI).
Statistical data analysis techniques include the use of:
- Calculating statistical parameters
- Regression analysis
- Probability distributions and models.
- Data matching
AI techniques used to detect fraud include the use of:
- Data mining: Which can classify, group and segment data to search through up to millions of transactions to find patterns and detect fraud.
- Neural networks: Which can learn suspicious looking patterns, and use those patterns to detect them further.
- Machine learning: Which can automatically identify characteristics found in fraud.
- Pattern recognition: Which can detect classes, clusters and patterns of suspicious behaviour.
Managing fraud and identity can sometimes feel like taking one step forward, and two steps back. Whether proactive or reactive, fraud management is arelentless cycle of increasing risk, expense and frustration. It is particularly frustrating for good customers who experience cumbersome verification and validation efforts when they just want to access their account or conduct everyday business.
However, fraud management adoptionadvantages not only loss reduction, but also add
- Greater value of the services provided to customers,
- Decrease and control of new subscriptions/acquisitions with ascertained Fraud practices,
- Costs cutting linked to Credit recovery in fraudulent practices,
- Decrease in the number of reports for non-identified transactions,
- Competitive edge through a better and faster fraud management that consequently results in an opportunity to increase revenues.
This article is written by Ziaullah Khan. He is an SEVP and Head of ICCD, United Commercial Bank Limited.