Corporate fraud is a tale as old as time. The total costs of a fraud attempt and the complete set of risks facing a financial institution in the aftermath of a fraud attack often go far beyond the fraud losses itself. That is, organizations must also account for legal costs, investigation costs, reputational risks, as well as eroded confidence and customer loss. An effective fraud framework will include prevention, detection, and deterrence. Organizations often focus on prevention and detection and neglect fraud deterrence, which involves proactive rather than reactive measures. Given the high occurrence and costs of fraud, both financial and reputational, organizations with successful fraud management frameworks in place could have an edge over competitors.
With billions of dollars that can be lost due to fraud, organizations are increasingly concerned with fraud risk management, looking towards a more proactive approach rather than a compliance-driven one. Read on for four important considerations in fraud risk management:
1. Governance and Tone from the Top
Given the high stakes involved, it is the Board and top management that need to prioritise fraud risk management – setting the tone at the top so that it ripples throughout the organization. Policies and processes for prevention and detection are only one part of the story; in order to minimize any losses attributed to fraud, it’s vital to have watertight reporting and communication systems so that the Board and management can make timely decisions in response to information provided to them. Other considerations involved include investigation, whistleblower protection, defined roles and responsibilities, performance monitoring, and more.
2. Fraud Prevention and Detection
Ideally, an organization will have the systems in place to prevent fraud, rather than having to detect fraud after it occurs. Developing effective policies and procedures, including ensuring protections for whistleblowers, can also act as a deterrence to potential wrongdoers. Fraud awareness from the top-down also enables communication and cooperation across the organization for continuous improvements to the systems in place.
Fraud prevention cannot always be possible. To this end, an important objective in a fraud risk management program is to minimize the elapsed time between fraud incidents and their detection. Mechanisms in place for faster detection of fraud should take into consideration common indicators of fraudulent activity in order for efficient monitoring and reporting.
3. Monitoring and Reporting
As mentioned, fraud can have far-reaching implications; fraud incidents can involve legal and civil liabilities in addition to the financial and reputational hits to the company. The set up of comprehensive processes and responsibilities in place is important so that when an incident does occur, the right responses can be triggered according to plan. In turn, those with the right information can take the timely action needed.
4. Technology-Enabled Fraud Risk Management
Just as much business is moving towards digital, crime is too. With a wide range of data stored in the cloud: there is large swatches of important information that is vulnerable to exploitation, including customer information and profiles, transaction data, related parties’ information, and more. This means that fraud prevention and detection must also be focused on the digital. Of course, with the large amount of data, organizations now also have the opportunity to use AI or Machine Learning to analyse and process data accurately in order to detect, prevent, and report on suspicious activity. Banks in the UK such as HSBC, RBS, Barclays and Lloyds have begun to leverage on new technologies, creating consolidated platforms to fight fraud as well as collect information on the patterns that indicate the incidence of fraud.
Just as with any risk, fraud cannot be completely eradicated. However, considering that organizations worldwide still often struggle with fraud risk management, a robust program to deal with fraud can become a strong competitive differentiator. Coupled with the digitization of fraud, organizations seeking to stay ahead of curve should maintain a proactive approach to fraud risk management, as part of an overall Enterprise Risk Management framework.
What Next?
Seeking to gain the skills needed to establish a robust fraud risk management? Sign up for our module on Fraud Risk Management, as part of of our Enterprise Risk Technician (ERT®) certification program.