FRM in Financial Institutions Anti-Fraud Forum Kemal Özmen, Forensic Director 16 May 2012
Dec 25, 2015
FRM in Financial Institutions
Anti-Fraud Forum
Kemal Özmen, Forensic Director
16 May 2012
2©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
There is a diverse array of risks of fraud that have materialized into real cases in Romania, CEE and Western Europe in the last few years
Romanian-Bulgarian cross
border motor insurance fraud
Theft of cash and other valuables
from bank branches
Loans granted based on false documents and
information
Collusion between lessee, supplier
and agentRogue trading
Ponzi and other investment schemes
Fraudulent bankruptcies
Financial statement manipulations re:
sub-prime exposures
Credit cards fraud
3©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Turbulent times definitely contribute to increased fraud. Estimates vary between 5-10% of worldwide corporate revenues being lost to fraud
OPPORTUNITY
MOTIVATIONRATIONALISATION
Note: Fraud TriangleSource: Donald Cressey 1953
Increased financial motivation
Inflation, personal debt burdens versus negative personal financial growth
Increased OpportunityDown sizing / re-engineering risk, process automation, dual control and lack of segregation of duties
Increased ease of rationalisation
Reduced remuneration, morale, incentives, perceived inequity and personal growth
opportunities
4©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
While the benefits of improving the fraud risk management strategy are clear and demonstrable, you cannot manage the fraud risks that you cannot see
Direct and Indirect Losses to Fraud
• An organization's fraud risk management (FRM) strategy can present a competitive difference in the financial service market.
• End game is more efficiently managing costs than your competitors.
• Losses related to fraud, theft and corruption are taken directly off the organization's bottom line.
• Depending on the profitability ratio of your organization, every 1 RON lost to fraud means that a further X RONs would have to be generated to replace this lost value/profitability.
• Add to that the damage to the reputation and brand name of an organization and the loss of the confidence.
• The cost of disinvestment as the result of a negative public incident can far out weigh the initial direct financial loss.
Fra
ud
Ris
k M
anag
emen
t S
trat
egy
Wea
ker
Str
onge
r
Org
anis
atio
n’s
wat
erli
ne
See less
See more
5©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Nevertheless financial services institutions have a responsibility to stakeholders to manage fraud risks
…external drivers for fraud
Money laundering Fraudulent instructions Insider trading
Impersonation and false information on loan applications
Double-pledging of collateral Forged or valueless collateral Misappropriation of loan funds by
agents/customer Kickbacks and inducements
Off market rings Related party deals Broker kickbacks
Bogus documents Forged power of attorney
Private banking Depositor camouflage Unrecorded deposits Theft of customer deposits / investments
Retail and corporate banking– credit business Loan to fictitious borrowers Use of nominee companies Deposit transformation Transactions with connected companies Asset quality manipulation Kickbacks and inducements Use of parallel organisations Selling recovered security below market prices Bribes to obtain release of security or reduce claimed amount
Securities business False deals / unrecorded deals / delayed deal allocations Misuse of discretionary accounts Exploiting weaknesses in matching procedures Mismarking of valuation rings
…internal fraud risk factors
Investment banking business Bogus investments Selling or lending without authority Front running and insider trading Share ramping
FRM responsibilities
• Develop and maintain an effective FRM strategy
• Properly manage and mitigate fraud risks
• Safeguard and protect assets
• Protect stakeholder interests
• Protect reputation and brand
6©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Managing fraud risks means prevention of fraud, detection of incidence of fraud and response in the face of a fraud event
• Identify fraudsters before they become customers• Indentify fraud committed by organized groups before significant
losses incurred
Prevent fraudsters as early as possible:
• Strengthen fraud monitoring• Increase awareness of fraud management• Improve reporting lines
Enhance early detection of fraud in existing portfolio:
• Mitigate potential losses• Prevent future incident through self learning process• Discourage irregular behavior through thorough disciplinary and legal
action
Respond to fraud promptly and adequately in order to:
7©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
There are many different elements to consider when implementing an FRM strategy, most important of all is alignment with the organization
Governance• FRM framework
and policies• Roles and
responsibilities• Objectives and
reporting• Empowerment and
monitoring• Integration with
other functions
Prevention• Fraud risk
assessment• Fraud risk register• Anti-fraud controls• Awareness
programs• Employee
screening• Ethical
assessments
Detection• Proactive
monitoring of transactions with clients
• System detective controls
• Whistleblower hotline
• Reactive reviews and data analysis
Response• Fraud response
and investigations framework and protocols
• Evidence to legal counsel, regulators, and to legal and disciplinary proceedings
• Protocols for disclosure and other remedial actions
8©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
The fraud prevention and detection framework and support technology must be integrated to the overall Fraud Risk Management process
A Fraud prevention and detection system
implementation is not a one-off exercise.
It must be established as a continuous
process and requires ongoing
improvement.
General fraud detection and follow-up rules & principles
FS institution specs
high cost high % of fraud identification
Data gathering, analysis, testing and
evaluation
Calibration
Follow up
Product specs
Historical patterns
FRM frame-work
9©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
This is how the framework, methodology and the support technology would come together
Business events
Transactions in core applications
Access to records and data
Fraud scenarios DB
Capture, analyze, corroborate
Fraud risk register
Management response to
fraud
Investigation and Response methodology
Red flags
10©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
The FRM framework and any support technology has to support the following processes
Primary and secondary
processes, e.g. analysis process
prior to approval / underwriting
Automated fraud detection
mechanisms, e.g. for transactions
based on red flags
Use of all known fraud indicators,
red flags and scenarios
Maximum utilization of all available data
Regular and Ad hoc portfolio screening
Facilitation of investigation phase
and decision making
Control over the investigation
process, ensuring adherence to professional standards
Continuous gathering of
relevant information and its further utilization
Monitoring of employee actions
Flexible reporting tools facilitating
effective monitoring
On-line, real-time, ex-post
11©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
A wide range of aspects need to be considered during implementation
Awareness has to be built up in top
management and all levels below
FRM processes have to be aligned with existing processes
and systems
Changes to existing process (e.g.
enhanced data gathering)
Any changes resulting from the IT tool implementation have to be reflected
in policies and procedures
Roles and responsibilities have
to be defined (segregation of
duties)
Reporting (ex post, ex ante, online) and escalation lines have
to be established
Fraud indicators/scoring
model must be accessible only to a limited user group
only
Employees should be trained adequately to be able to utilize
features of the system
Utilization of synergies – e.g. AML,
credit risk, claims risk, asset / collateral
risk
Data sharing with other systems (DWH,
Risk Management, Core System, Collections)
Data Quality & Data protection against theft or corruption
Automated update of blacklists and other indicative
statistics
12©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
This is how a typical Fraud Risk Management framework and support system implementation project would look like
Proposed recommendations
Phase IGAP analysis of current FRM
structures and processes
Phase IIDesign of FRM framework,
processes and systems
Phase III
Support in implementation
Understanding of banking processes and products under consideration
Understanding of current FRM framework, systems, processes and controls
Comparison of existing processes and controls against FRM model and identification of key gaps
Review of functionality of the considered tools and assessment of their flexibility and usefulness from the fraud scoring system perspective
Analysis of potential use of the selected IT tool in respect of fraud scoring system
Development of the road map and business case for enhanced FRM
Design of FRM framework:
Roles and responsibilities, Governance model, Fraud unit, Strategy, policies and procedures, Motivation schemes
Design of processes related to ongoing monitoring of the risk of fraud and performance of the initial fraud risk assessment
Design of the processes and controls in respect of fraud:
Prevention Detection Response
Design of the automated fraud detection / scoring tool
Assistance in the implementation of FRM framework, processes and controls by assisting in:
Creation of anti-fraud unit
Development of fraud strategy
Drafting policies and procedures
Development of awareness programs
Implementation of controls
Trainings
Fraud detection system testing and calibration
Work flow testing
People
Business processes
Technology
Infrastructure
Support in implementation
Design of FRM framework, processes and systems
GAP analysis of current FRM structures and processes
13©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.
Questions & Answers
Kemal ÖzmenForensic DirectorKPMG in Romania
Head of Forensic Services in Romania, Serbia and Montenegro, Bulgaria and the Balkans
T: +40.372.377.839F: +40.372.377.700M: +40.748.234.635
© 2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Romania.
The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International Cooperative (KPMG International).