A fraud risk management model is a framework outlining all processes related to how fraud can be identified, assessed, mitigated, monitored, and reported to senior management. An efficient Fraud Risk Management approach can have a significantly positive impact on the overall costs of fraud in a bank. KPMG recently released their 2019 Global Banking Fraud Survey which reports on the global perspective on how banks and financial institutions are addressing fraud threats.
The survey includes responses from 43 banks worldwide, one area the survey focuses on is how banks and financial institutions structure their fraud risk management operations. The survey found that 52% of banks do not currently monitor the total cost of fraud risk management. This is quite surprising as the level of fraud as a percentage of revenues has increased from .95% in 2017 to 1.53% in 2018.
This data supports why having a fraud risk management program in place is not only important to the individual bank but how it impacts the entire industry overall. Visibility into fraud risk management processes helps improve decision-making around how fraud is handled. This article will dive into what exactly is a fraud risk management operation model, its benefits for banks, and what are the key components to make this model a success.
An effective Fraud Risk Management Model
An effective fraud risk management model builds risk awareness, accountability, and transparency into how fraud is being actively managed by banks and financial institutions. According to Deloitte, it enables organisations to have controls which initially prevent fraud from taking place, it also detects the fraud as soon as it occurs and finally responds effectively to fraud incidents. A solid fraud risk management platform creates an enterprise-wide view into suspicious activities across all transaction channels, assisting in mitigating illicit behaviors in real-time to keep fraud within the bank’s risk appetite.
Components of a Well-Structured Fraud Risk Management Model
The association of Certified Fraud Examiners (ACFE) states that for a Fraud Risk Management approach to function well, it must be proactive rather than reactive4. The ACFE outlines that in 2019, the state of Risk Management Initiatives appears to be ‘immature’ as only 23% of studied organisations describe their risk management as “mature” or “robust.” The Committee of Sponsoring Organizations (COSO)2 outlines the significance of a focused framework based on strategic planning throughout the organisation, this is because risk ‘influences and aligns strategy and performance across all departments and functions’ as COSO have outlined. They suggest that there are five interrelated components, which are:
- Governance and Culture, based on principles of Mission, Vision & Core Values
- Strategy & Objective Setting, based on principles of Strategy Development
- Performance, based on principles of Business Objectives Formulations
- Review and Revision, based on principles of Implementation & Performance
- Information, Communication, and Reporting, based on principles of Enhanced Value
The International Organization for Standardization (ISO)8 focuses on developing and publishing international standards. These standards are based on effectively managing risk to help organisations on a global scale perform to a certain good standard in an environment which is full of uncertainty, as ISO states. ISO develops standards that can help avoid consequences on an enterprise-level which can negatively affect results related to economic performance, reputation, environment, social factors, and safety. ISO focuses on eight principles of effective risk management. There are:
- Integrated into organization
- Structured and comprehensive
- Based on the best available information
- Customized and proportionate
- Takes human and cultural factors into account
- Facilitates continuous improvement
Furthermore, exploring deeper into risk management concerning fraud practices, according to KPMG6, a fraud risk management operating model must possess the following four key areas to effectively manage internal and external fraud threats:
1. Strategy & Governance: governance rules on who is responsible for fraud risk. KPMG6 found major differences in which internal parties were responsible for setting the fraud risk appetite for the organization, 52% of respondents stating this is done by their Board/Risk Committee. This shows there is still a lot to work on. A well-structured fraud risk operating model can help banks and financial institutions establish risk oversight which improves strategic decision making on how to mitigate fraud risks.
2. Process & Controls Strategic: specific objectives of the operating model are crucial to ensure fraud risk operations are running as they should. Process and controls will help achieve the objectives of the fraud risk management operating model, to lower the overall cost of fraud risk while creating a risk-aware. If processes and controls are implemented properly it will improve predicting, detecting, preventing, and responding to fraud risk no matter their origin.
3. People & Organization: the fraud risk management model requires the correct culture and individuals. Leadership should monitor and review the skills and support of all staff involved in the mitigation of fraud risk, and address any vulnerabilities that could allow fraud to slip through weaknesses in human performance. By frequently analyzing human capital, senior managers can ensure they have the best team on the field taking on financial fraud in its many forms.
4. Technology & Analytics: today’s digital banking world continues to grow. The more users adopt digital ways of conducting transactions, the more dynamic and powerful the technology banks need to fulfill the needs and wants of their customers, while also keeping their funds and data secure.
Moreover, The Chartered Global Management Accountant (CGMA)5 has emphasised on the influence of driving strong business performance in their Fraud Risk Management Report. They consider a 16-step fraud prevention plan; the primary steps are to firstly consider fraud risk as an integral part of the overall corporate risk management strategy. Secondly, to develop an integrated strategy for fraud prevention and control, and thirdly to establish an ownership structure from the top to the bottom of the organisation. These three initial steps outline the key standards for promoting an efficient Fraud Risk Management Model.
Similarly, the Chartered Institute of Management Accountants (CIMA)3 suggests that there are many studies and research which have aimed to calculate the total cost of fraud. However, all the findings and figures do not consider undetected losses and indirect costs such as damage to reputation and management costs. Additionally, the ACFE 2018 Report to the Nations has found that the total losses caused by fraud exceed $7.1billion1, however, this is only known losses. The ACFE claims that this figure does not come close to representing the total amount of fraud losses, and the true global cost of fraud is probably ‘magnitudes higher’ due to the mentioned undetected and indirect costs.
The use of the right resources
A strong risk-aware culture will improve fraud risk management across the entire organization, engaging employees to identify and report fraudulent behaviors to the correct parties to handle. However, in today’s digital banking environment it takes more than a strong team of fraud fighters, these workers must also have the technological tools to fight fraud in real-time. This is where technology plays its part in creating a strong defense against illicit banking activities. For instance, the use of effective and efficient resources is becoming a necessity in today’s bank fraud prevention strategies to keep up with the enormous amount of transactions occurring globally.
Fraud orchestration is one technology concept which aims to use artificial intelligence, machine learning, workflow and automation to track fraud in real-time by creating a mission control for fraud prevention, where fraud activity is visible across all channels, regardless of the simultaneous activities which lead to fraud, activities which can be missed without fraud orchestration -a 360 view. This promotes the destruction of fraud system silos and creates an enterprise-wide view of fraud risks for more effective detection and prevention. These interactions will, without doubt, lead to a decrease in the overall cost of fraud by reducing overheads, and most importantly, increasing the detection and prevention rate of fraud, which means there will be less fraud.
Most research demonstrates that fraud is prevalent within the banking and finance industry. It remains a very costly problem which only continues to increase as the risks of fraud increase. This increase is due to factors such as the rapid development of technology advances, more competitive markets and an increase in globalisation, amongst other reasons. It can be concluded that there are key recommendations by different research which indicate the significance of an integrated strategy to tackle fraud.
With fraud activity increasing at a rapid pace costing banks and financial institutions billions 9 every year, the right fraud risk management operating models can help manage the damage created by fraudsters. A well-structured fraud risk management framework creates the accountability and transparency needed to fight fraud in real-time keeping customer assets safe from digital intruders. The time is now for the financial industry to adopt fraud risk management into the core of its organization, a competitive advantage no organization can afford to avoid for long.
- “2018 Report to the Nations”. Access at: https://s3-us-west-2.amazonaws.com/acfepublic/2018-report-to-the-nations.pdf
- “Enterprise Risk Management. Integrating with Strategy and Performance”. Access at: https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf
- “Fraud risk management. A guide to good practice”. Access at:https://www.cimaglobal.com/Documents/ImportedDocuments/cid_techguide_fraud_risk_management_feb09.pdf.pdf
- “Fraud Risk Management”. Access at: https://www.acfe.com/uploadedFiles/ACFE_Website/Content/review/frm/02-Fraud-Risk-Mgmt-Overview.pdf
- “CGMA Report. Fraud Risk Management, A guide to good practice”. Access at: https://www.cgma.org/content/dam/cgma/resources/reports/downloadabledocuments/fraudriskmanagement.pdf
- “Global Banking Fraud Survey”. Access at: https://assets.kpmg/content/dam/kpmg/xx/pdf/2019/05/global-banking-fraud-survey.pdf
- “Global Risk Management Survey”. Access at: https://www.deloitte.com/bg/en/pages/finance/articles/global-risk-management-survey-2019.html
- “ISO Risk Management”. Access at: https://www.iso.org/iso-31000-risk-management.html
- “The banking industry’s multi-billion dollar fraud problem—and how to solve it”. Access at: https://www.bai.org/banking-strategies/article-detail/the-banking-industrys-multi-billion-dollar-problem