| Technology - a crucial weapon in fighting fraud |
Back |
| Technology can prove vital in preventing fraud says Mike Zehetmayr, but equally important is abiding by the tenet of ‘Know your employee!’ |
Fraud in financial affairs has been with us since the first ‘banking’ transactions on an Italian bench and as a characteristic of flawed human nature; it is unlikely to ever go away. However, use of advanced technology means that financial companies can increasingly monitor and detect fraud and, hopefully, prevent its occurrence.
The major cases of fraud that occurred at AIB subsidiary Allfirst, Baring’s Bank and the Lehman Brothers attracted headlines because of the massive amounts involved. All the indications are that fraud common throughout the financial systems, be it false use of credit cards or illegal use of utility bills - in the UK 80 per cent of new bank account openings in London involve the use of fraudulent utility bills.
Failure to monitor fraud is draining profits
Existing data suggests that fraud cost large European companies E3.6 billion in the last two years, and more significantly, that only a paltry 13 percent of this amount was recovered from the fraudster. With the significant increases in insurance premiums it is unlikely that insurance will continue to provide the fallback to failures in fraud management and control.
So how does fraud happen? Conflicts of interest can present some people with opportunities for misappropriating funds because they have supervisory control over their own actions. Management may fail to control fraud, due to naivety about the propensity for misdeeds, or a lack of clear demarcation of responsibility for fraud control. Fraud occurs in organisations where the people most likely to spot anomalies - those familiar with culture and procedures - are lost through cost cutting measures. Finally, but perhaps most inexcusable nowadays, fraud occurs where IT solutions that control and trace financial transactions are not exploited fully.
The massive financial frauds at Allfirst and Lehman Brothers were caused by a combination of the above: in the former, currency trader John Rusnak exploited poor systems and controls in trade confirmation, market data and an unorthodox reporting structure to run up losses of almost US$700 million. In Lehman Brothers’ branch in Cleveland, Ohio, broker Frank Gruttaduaria abused his dual role as branch manager and broker to funnel a total of US$40 million from client accounts using unauthorised withdrawals and account statements diverted to PO Boxes under his control.
Action on fraud
Financial institutions are becoming more aware of the threat to their organisations posed by fraud. PwC statistics indicate that one-third of companies believe that fraud is more of a threat than it was five years ago.
International finance bodies demand more and more regulatory compliance reporting. The main procedures financial institutions follow to reduce their exposure to risk are: the Basel Capital Accord , which provides for greater transparency in risk; GAAP, which demands greater consistency in profit & loss reporting and the US Patriot Act, prompted by the September 11 atrocities, which calls for banks to report any suspect transactions.
Initiatives
There are also initiatives to reduce the time taken for transactions to settle and therefore to reduce the opportunities for fraud. CLS Bank reduces the level of risk of operational failure with time-zone differences, and the increasing use of system and processes relying on STP, automating the processing behind settlement of transactions in securities trading.
All companies, but particularly financial companies where the possibilities for surreptitiously misappropriating large amounts of money undetected are greater, need to adopt a ‘hands-on’ approach to managing the risk of fraud. In addition to implementing the recommendations of the above organisations, companies must take action internally to reduce potential for misbehaviour by employees and/or clients.
A five-point action plan to combat financial fraud should include the following steps:
1. Assess existing and future fraud vulnerabilities, e.g. offshore banking should be monitored for money laundering.
2. Monitor fraud risks in such a way that a person reporting suspect behaviour is rewarded not penalised.
3. Implement effective human resources policies that will facilitate easy investigations of people and practices within an organisation.
4. Implement a robust fraud policy response plan.
5. Communicate the company’s stance on fraud to all stakeholders - shareholders, employees, clients, etc.
Financial institutions should not make the mistake of relying on auditors to detect fraud or erroneous accounts, as AIB’s recent experience demonstrates. Rather they should employ, rotate and stagger the rotation of auditors on a regular basis. This avoids complacency and enables the new auditors to ask the difficult questions with a fresh perspective to the organisation and are less likely to accept unusual practices.
Solutions to reduce risk
Advanced technology offers financial institutions the ability to effectively and unobtrusively monitor and detect any suspicious transactions. In the light of recent scandals, companies need to be seen to manage fraud with solutions that go beyond compliance and prevention. Technology offers solutions for fraud detection and prevention, forensic investigation and regulatory compliance reporting.
The familiar concept of know your customer (KYC) can be applied to fraud monitoring. In addition to understanding how their customers do business with them, institutions must monitor employees’ behaviour and transactions. To KYC, we must add KYE - know your employee! Fraud starts at home - understand your business first and then understand your client. Fraud perpetrated by staff is often larger, over a longer time period and impact a financial institutions reputation.
Companies must apply the impressive computational power and new mathematical models to categorise business activities, identify suspicious activity, enable investigation and provide an audit trail of the actions taken. They should invest in technology in order to understand their transactions and all relevant electronic customer information. They must track customer’s behaviour, perhaps using electronic fingerprints of the behaviour.
Additionally, they should create dedicated risk segments where any unusual transactions or suspect fingerprint deviations in accounts can be presented and they should be prepared to take action on suspicious transactions. It is critical for financial institutions to establish an enterprise-wide view of risk and adopt real-time monitoring of transactions if available. These tools and controls are excellent at predicting future exposures, what many business lack is the organizational rigueur to back test the organizations existing controls. Businesses are advised to use the information collected not just to report to regulators and suspend transactions, but also to improve the processes and controls in the business.
Many organisations question the ability of statistical modeling and classical decision making processes as appropriate tools to monitor and control fraud. In their own right these tools only provide an insight to abnormal behavior, which requires further investigation. Ultimately the decision relies on the ability of the analysts and operators to detect a pattern that indicates suspect behavior. That is not to say that new pattern recognition methods and tools are being developed to aid and improve this process, but today these are still in development.
Any financial institution considering its approach to fraud control must understand that implementation of a costly IT system will involve training of personnel and could precipitate fundamental change in the organisation. Crucially, any IT system put in place to control fraud must be dynamic and up to date. It will never be completed, as long as there are people looking for a way to make money fraudulently.
Benefits of this system will only be seen in the long term in retrospective analysis and when a value is placed on an institution’s reputation. However, reduction of risk ultimately allows each institution to protect corporate reputation, maximise revenues and returns and enhance capital allocation. |
Mike Zehetmayr is a partner at Logica in charge of fraud solutions.
|
| Article appeared in the October 2002 issue.
|
|
|
