Add to collection(s) Add to saved
  1. Business

financial crime Financial crime

advertisement 
Fraud Risk Management:
The FSA’s Expectations
Jonathan Marsh
Partner
Berwin Leighton Paisner
Adelaide House
London Bridge
London EC4R 9HA
Tel : 020 7760 1000
Fax : 020 7760 1111
Overview
Where is the FSA coming from?
What are the FSA’s expectations?
Dealing with the aftermath
The FSA’s regulatory objectives – s.2
FSMA
Market confidence
Public awareness
Consumer protection
Reduction of financial crime
The reduction of financial crime
objective – s.6 FSMA
Reducing the extent to which regulated
persons and businesses in breach of the
general prohibition can be used for a purpose
connected with financial crime
Financial crime is any offence involving:
– Fraud or dishonesty
– Market abuse
– Money laundering
The reduction of financial crime
objective – s.6 FSMA
The FSA must, in particular, have regard to the
desirability of regulated persons:
Being aware of the risk of their businesses being
used in connection with the commission of financial
crime
Taking appropriate measures (in relation to their
administration and employment practices, the
conduct of transactions by them and otherwise) to
prevent financial crime, facilitate its detection and
monitor its incidence
Devoting adequate resources to prevention, detection
and monitoring
An increased focus
October 2004: Philip Robinson speech – the
FSA’s new approach to fraud – fighting fraud
in partnership
February 2006: Firm’s High Level
Management of Fraud Risk
March 2006: Capita Financial Administrators
Limited
Fighting fraud in partnership: key
messages
The FSA will pay “more attention to firm’s
arrangements for managing their fraud risks”
strong anti-fraud culture led from the top
clear allocation of responsibility for fraud risk
management
staff training
KYC procedures
capture and use of management information
on fraud
Firm’s High Level Management of
Fraud Risk – Roles, Responsibilities
and Resources
High level sponsorship of fraud management at executive level
Boards/board committees receive fraud reports but not
expected to have direct involvement in formulation and
monitoring of anti-fraud initiatives
Development and monitoring of fraud strategies typically the
responsibility of high-level management committees e.g. risk
committee or fraud “steering groups”
Approval of anti-fraud strategies and plans was sometimes
informal and director level accountability for delivery of
strategies and plans was unclear
Firm’s High Level Management of
Fraud Risk – Roles, Responsibilities
and Resources
High risk organisation (e.g. retail banks, insurers) – generally
well defined anti-fraud roles and responsibilities
Lower risk organisations (e.g. investment banks, asset
managers) – reliance on control procedures not specifically
labelled as anti-fraud measures
The FSA’s view: without formal, integrated anti-fraud
responsibilities and structures, anti-fraud initiatives may be
difficult to sustain on an ongoing basis
Favourable comment on a “hub and spoke” model with a central
team coordinating anti-fraud activity and dissemination of best
practice
Firm’s High Level Management of
Fraud Risk – Fraud Data and Reporting
Accurate and detailed fraud data and analysis
necessary to assess where and why there is a
fraud risk
Systems and controls should be capable of
detecting fraud risk at an early stage
Role of trade associations in collecting and
sharing fraud related data
Firm’s High Level Management of
Fraud Risk – Risk Assessment and
Risk Appetite
Generally fraud risk was reported and reviewed within
operational risk management reporting channels
Lack of formal fraud risk assessment processes beyond
those required for operational risk purposes
Firms need to assess the fraud risk that they are exposed
to (e.g. mispricing in the derivatives sector) and ensure
that appropriate controls are in place to mitigate this risk
Allocation of anti fraud resources was generally not driven
by a clear cost benefit or risk appetite analysis
Firm’s High Level Management of
Fraud Risk – Business Engagement,
Systems and Controls
Investment in systems and controls and a focus on robust
anti-fraud operational processes is key to risk mitigation
Fraud threats are dynamic and the ability to meet emerging
fraud threats depends on good analytics in a firm’s anti-fraud
operations
Focused management of internal (staff) fraud risk
– Enhanced vetting
– High profile arrests
– Communication and awareness
Focused management of fraud risk in product design – fraud
risk identification should take place at an early stage
Firm’s High Level Management of
Fraud Risk – Recruitment
Insider fraud (coercion, collusion, infiltration or
employee’s own initiatives) considered to be one of
the most serious fraud threats faced by financial
institutions
Enhanced vetting procedures e.g. use of specialist
agencies to conduct pre-employment screening with
varying levels of screening depending on seniority
Vetting key suppliers and insisting on agreed
standards of employee screening which will be
checked by random, unannounced visits
Insider profiling – working with the police to compare
new recruits against insider profiles
Firm’s High Level Management of
Fraud Risk – Anti-Fraud Training
Varying approaches to staff training
Generally fraud awareness training given to new
staff as part of induction
Newsletters or staff alerts
Computer-based training packages
Training predicated on “red flag” recognition
Good practice guidelines supported by tailored
training on a divisional basis
Firm’s High Level Management of
Fraud Risk – Resources for
Tackling Fraud
Increase in the size of dedicated anti-fraud teams
and staff
Increase in awareness of financial crime and
fraud risk
High hurdle rates applied to proposals for
anti-fraud investment and financial
considerations outweighed qualitative concerns
such as reputational risk
Firm’s High Level Management of
Fraud Risk – Fraud Investigations
In larger firms responsibility for significant or complex
fraud investigations was delegated to specialist
departments
At other firms responsibility given to corporate
security or audit
Varying degrees of sophistication e.g. some fraud
investigation units able to conduct investigations to
criminal investigation standards (including computer
forensics)
Increase threat of e-fraud makes investigation more
difficult
Use of “post-mortems” to improve risk mitigation
Firm’s High Level Management of
Fraud Risk – External Liaison and
Communication
Increased industry cooperation and strong
support within firms for this but more needs to
be done to share data and information on the
perpetrators of fraud
Firm’s High Level Management of
Fraud Risk – Educating Consumers
Tension between implementation of anti-fraud
measures and customer convenience
The degree to which customer experience is
expected to be negatively affected by an antifraud initiative was found to be a key factor in
determining whether to proceed with the
initiative
FSA Enforcement Action: Capita
Financial Administrators Limited
£300,000 fine for breaches of:
Principle 2: failing to act with due skill, care and
diligence in considering the risks posed by financial
crime
Principle 3: failing to take reasonable care to
organise and control its affairs responsibly and
effectively, with adequate risk management systems
SYSC 3.2.6R: failing to take reasonable care to
maintain effective systems and controls to counter
the risk that the firm might be used to further financial
crime.
FSA Enforcement Action: Capita
Financial Administrators Limited
Inadequate assessment of fraud risk, especially the
risk of internal fraud
Should have assessed the adequacy of existing
controls and considered additional controls to mitigate
any risks identified
Inadequate response to discovery of fraud: although an
investigation committee was set up, it focused on the
specific circumstances of the fraud rather than a wider
review of fraud risks
Dealing with the aftermath
Alert senior management / the board
Investigation of (a) specific circumstances and (b) wider fraud risks
– Appoint appropriate individuals to investigation team
– Consider whether use of external consultant is appropriate
– Establish timetable and objectives
Consider key legal issues
–
–
–
–
–
–
Asset recovery
Accessing personal data
Suspension / dismissal
Whether or not to provide documents to FSA voluntarily
Privilege
Money laundering reporting obligation
Corrective action / remedial plan
Insurance issues
Notifying FSA
Conclusions
Recognise importance of fraud risk management to the FSA and
react accordingly
Senior management needs to be engaged
Formal fraud risk assessment process and appropriate controls to
deal with identified risks
Clearly defined allocation of responsibilities for fraud risk
management
Adequate resources
Adequate investment in systems and controls which are capable
of early detection
Capture and use management information on fraud
Ensure threat of both internal and external fraud is assessed and
dealt with
Anti-fraud training
Development of fraud investigation plan
Related documents
Using CommonKADS Method to Build Prototype System in
Using CommonKADS Method to Build Prototype System in
WCMSRiskManagement
WCMSRiskManagement
Problem Solving Essay.doc
Problem Solving Essay.doc
The Headright System Yazoo Land Fraud (Allocation By Price)
The Headright System Yazoo Land Fraud (Allocation By Price)
Financial Certification
Financial Certification
Download
advertisement