A fraud risk management model is a framework outlining all processes related to how fraud can be identified, assessed, mitigated, monitored, and reported to senior management. An efficient Fraud Risk Management approach can have a significantly positive impact on the overall costs of fraud in a bank. KPMG recently released their 2019 Global Banking Fraud Survey which reports on the global perspective on how banks and financial institutions are addressing fraud threats.
The survey includes responses from 43 banks worldwide, one area the survey focuses on is how banks and financial institutions structure their fraud risk management operations. The survey found that 52% of banks do not currently monitor the total cost of fraud risk management. This is quite surprising as the level of fraud as a percentage of revenues has increased from .95% in 2017 to 1.53% in 2018.
This data supports why having a fraud risk management program in place is not only important to the individual bank but how it impacts the entire industry overall. Visibility into fraud risk management processes helps improve decision-making around how fraud is handled. This article will dive into what exactly is a fraud risk management operation model, its benefits for banks, and what are the key components to make this model a success.
An effective Fraud Risk Management Model
An effective fraud risk management model builds risk awareness, accountability, and transparency into how fraud is being actively managed by banks and financial institutions. According to Deloitte, it enables organisations to have controls which initially prevent fraud from taking place, it also detects the fraud as soon as it occurs and finally responds effectively to fraud incidents. A solid fraud risk management platform creates an enterprise-wide view into suspicious activities across all transaction channels, assisting in mitigating illicit behaviors in real-time to keep fraud within the bank’s risk appetite.
Components of a Well-Structured Fraud Risk Management Model
The association of Certified Fraud Examiners (ACFE) states that for a Fraud Risk Management approach to function well, it must be proactive rather than reactive4. The ACFE outlines that in 2019, the state of Risk Management Initiatives appears to be ‘immature’ as only 23% of studied organisations describe their risk management as “mature” or “robust.” The Committee of Sponsoring Organizations (COSO)2 outlines the significance of a focused framework based on strategic planning throughout the organisation, this is because risk ‘influences and aligns strategy and performance across all departments and functions’ as COSO have outlined. They suggest that there are five interrelated components, which are:
Governance and Culture, based on principles of Mission, Vision & Core Values
Strategy & Objective Setting, based on principles of Strategy Development
Performance, based on principles of Business Objectives Formulations
Review and Revision, based on principles of Implementation & Performance
Information, Communication, and Reporting, based on principles of Enhanced Value
The International Organization for Standardization (ISO)8 focuses on developing and publishing international standards. These standards are based on effectively managing risk to help organisations on a global scale perform to a certain good standard in an environment which is full of uncertainty, as ISO states. ISO develops standards that can help avoid consequences on an enterprise-level which can negatively affect results related to economic performance, reputation, environment, social factors, and safety. ISO focuses on eight principles of effective risk management. There are:
Integrated into organization
Structured and comprehensive
Based on the best available information
Customized and proportionate
Takes human and cultural factors into account
Facilitates continuous improvement
Furthermore, exploring deeper into risk management concerning fraud practices, according to KPMG6, a fraud risk management operating model must possess the following four key areas to effectively manage internal and external fraud threats:
1. Strategy & Governance: governance rules on who is responsible for fraud risk. KPMG6 found major differences in which internal parties were responsible for setting the fraud risk appetite for the organization, 52% of respondents stating this is done by their Board/Risk Committee. This shows there is still a lot to work on. A well-structured fraud risk operating model can help banks and financial institutions establish risk oversight which improves strategic decision making on how to mitigate fraud risks.
2. Process & Controls Strategic: specific objectives of the operating model are crucial to ensure fraud risk operations are running as they should. Process and controls will help achieve the objectives of the fraud risk management operating model, to lower the overall cost of fraud risk while creating a risk-aware. If processes and controls are implemented properly it will improve predicting, detecting, preventing, and responding to fraud risk no matter their origin.
3. People & Organization: the fraud risk management model requires the correct culture and individuals. Leadership should monitor and review the skills and support of all staff involved in the mitigation of fraud risk, and address any vulnerabilities that could allow fraud to slip through weaknesses in human performance. By frequently analyzing human capital, senior managers can ensure they have the best team on the field taking on financial fraud in its many forms.
4. Technology & Analytics: today’s digital banking world continues to grow. The more users adopt digital ways of conducting transactions, the more dynamic and powerful the technology banks need to fulfill the needs and wants of their customers, while also keeping their funds and data secure.