Presented by En. Wahid Ali Mohd Khalil Chief Compliance Officer Bank Islam Malaysia Berhad

Size: px

Start display at page:

Download "Presented by En. Wahid Ali Mohd Khalil Chief Compliance Officer Bank Islam Malaysia Berhad"

Philomena Perry
5 years ago
Views:

1 Presented by En. Wahid Ali Mohd Khalil Chief Compliance Officer Bank Islam Malaysia Berhad 1

2 2

3 3

4 Operational Fraud in Financial Institutions 4

5 5

6 Operational Fraud in Financial Institutions 6

7 7

8 Fraud Risk Awareness Fraud is defined as a deliberate and premeditated action which involves the use of deception to gain advantage or benefit, not necessarily but usually from a position of trust and authority, by either internal or external persons or parties. However, in the banking environment, the following definition may be more applicable: the use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets. Simply put, it means offences committed by individuals for themselves in the course of their occupation and offences of employee against their employers / business owner. 8

9 Fraud Risk Awareness 1.Deliberate; 2.Deception; 3.Misuse or misapplication of the organization s resources; 4.Personal enrichment; 5.By employees against employer/ business owner; and 6.Conducive environment to facilitate fraud. 9

10 Fraud Risk Awareness MOTIVE OR PERCEIVED PRESSURE JUSTIFICATION/ RATIONALIZATION OPPORTUNITY In order for fraud to occur, all 3 elements have to be present. 10

11 Fraud Risk Awareness Motive/pressure is what drives a person to commit fraud in the first instance, i.e., his motivation; Pressure can include almost everything including medical bills, expensive taxes, addiction problem, etc; It is non-sharable in the eyes of the fraudster. That is, the person believes, for whatever reason, their problem can only be solved by themselves; and There are instances where fraud is committed simply out of greed. 11

12 Fraud Risk Awareness Circumstances conducive to commit fraud; The perception by someone believing they can commit fraud without getting caught; Opportunity is created by weak internal controls, poor management oversight, and/ or through misuse of ones position or authority; Failure to establish adequate procedures to detect fraudulent activity such as a strong Internal Audit Function and Risk Management process; and The ability to control opportunity is the single most important factor in combating fraud. 12

13 Fraud Risk Awareness The process where the fraudster reconciles his/ her actions with the commonly accepted notion of right and wrong within the Shariah context such as:- To save family members or loved ones; Will lose everything family, home, car, etc., if they don t take the money; To borrow, with the intention of paying back the stolen money at some point; and Job dissatisfaction (salaries, bonus); Believes that something is owed to him/ her. 13

14 Fraud Risk Awareness Fraud is a cost; 92% of companies in Asia-Pacific were affected by at least one fraud in the past 12 month*; and Amount lost by business to fraud rose from USD1.4M to USD1.7M per billion dollars of sales in the past 12 months an increase of more than 20%.* * Global Fraud Report (2010/2011) 14

15 Fraud Risk Awareness Management; The C s Senior Managers & Managers Non Management Staff; Customers; Service Providers; and Suppliers. 15

16 Fraud Risk Awareness Employees 52% Management 35% Service providers 11% Customers 1% Others (i.e. suppliers) 1% * KPMG Malaysia Fraud Survey Report

17 Fraud Risk Awareness Internal controls 55% Notification by employee 33% Internal auditor 30% Notification by customer/ supplier 25% Anonymous letter/ informant Whistleblower 25% External auditor 8% * KPMG Malaysia Fraud Survey Report 2009 (Note that some respondents indicated more than one response) 17

18 18

19 Internal Control Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as a process, effected by an entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting and compliances with applicable laws and regulations. 19

Risk assessment Identify, analyze and manage risks that could negatively impact the

20 Internal Control 1. Control environment Management s commitment to good governance Tone from the top 2. Risk assessment Identify, analyze and manage risks that could negatively impact the organization and prevent it from achieving its goals 3. Control activities Policies and procedures (actions) put into place to address the risk of the entities 20

be identified, captured and exchanged (communicated) in a timely manner 5.

21 Internal Control 4. Information & communications Enable management to make reliable decisions Accurate and relevant information must be identified, captured and exchanged (communicated) in a timely manner 5. Monitoring Enables management to detect changes and deficiencies, Assessing effectiveness and efficiency of internal control performance, the process flow and operations of controls and to take necessary corrective actions on defects or flaws. 21

22 Internal Control 1. Preventive controls What you do to ensure that the right things happen; wrong things don t happen, i.e., segregation of duties/ authorization levels; i. Proactive ii. Reactive iii. Correction 2. Directive controls mandatory checking & reporting; and 3. Detective controls What you do when preventive controls do not work, e.g., surprise check. 22

23 Internal Control (i) Proactive Effective internal controls; Financial and operational audits; Intelligence gathering; Logging of exceptions; and Reviewing variances. (ii) Reactive Fraud investigations; Intuition; and Suspicion. 23

24 Internal Control Tone at the Top Investigation and Followup Education and Training Proactive Detection Reporting and Monitoring Integrity Risk and Controls 24

25 Internal Control Fraud; Negligence; Cash shortage/ customer s suit; and Breach of COE. 25

26 Internal Control Introduction Brief introduction of events leading to the investigation. Background Brief write-up on the fraud/ negligence/ breach of COE case. Objectives Scope Define the coverage of the investigation. Chronology of Events A list of all events leading to the discovery of fraud/ negligence/ breach of COE case in chronological order. 26

27 Internal Control Critical Issues Detailed by Chronology of Events Highlight critical risks/ issues/ gaps noted from the chronology of events Conclusion Arising from the chronology of events and critical risk identified Recommendations Disciplinary actions to be taken against the staff involved Process enhancement including additional control requirements Police report Legal action 27

28 28

Fraud Detection & Red Flags Financial Services Bill

Electronic Fraud Information Database System (e-

Section 408 - Criminal breach of trust by clerk or

29 Fraud Detection & Red Flags Financial Services Bill 2012; Islamic Financial Services Bill 2012; Electronic Fraud Information Database System (e- FIDS) issued by BNM in August 2002; and Penal code (Act 574):- Section Theft. Section Criminal breach of trust. Section Criminal breach of trust by clerk or servant. Section Cheating. However, to-date, there is no specific law relating to crimes under FRAUD. 29

Fraud Detection & Red Flags Gender: Men (87%); Women (13%) Age: 26-40

RM50,000 (53%); RM15,001 to RM30,000 (46%); RM15,000 and below (1%) No of

30 Fraud Detection & Red Flags Gender: Men (87%); Women (13%) Age: years (69%); 25 years & below (31%) Average Annual Income: RM30,001 to RM50,000 (53%); RM15,001 to RM30,000 (46%); RM15,000 and below (1%) No of years of service: 6 to 10 years (50%); 2 to 5 years (40%); less than 2 years (10%) 30

31 Fraud Detection & Red Flags I. Behaviors Dramatic changes in lifestyle (Ferrari / Rolex); Comes in first and leaves last; Constantly looks worried; Always willing to help, but not willing to teach; Stubborn, unwilling to implement changes to process/ procedures; Willingly takes on additional work; Seldom goes on leave - returns to work during leave; When on leave request relief to do only daily work; May refuse promotion to remain in existing job. 31

figures; Unusual fonts or inconsistent typefaces; Regular round sum transactions/

32 Fraud Detection & Red Flags II. Documentation Documents Misplaced or Lost when requested; Erased or crossed out figures; Unusual fonts or inconsistent typefaces; Regular round sum transactions/ entries; Many transactions for exactly the same sum; Values consistently just below authority limit; and Absence of documentary proof or key evidence. 32

33 Fraud Detection & Red Flags III. Relationships Recluse loner; Regular visits by same customers/ customer refuse to deal with anyone else; Exceptionally friendly or hospitable to auditors; Never turns down request for help by superior/ colleagues; and Often pays for team/ branch activities. 33

34 Fraud Detection & Red Flags Cash; Saving Accounts/ Current Account/ Investment Account/ Remittances; Clearing Process/ Cheque return; Stamp account; Procurement; ATM/ CDM Management; and Account Reconciliation. 34

35 Fraud Detection & Red Flags All Frauds and Breach of Code of Ethics are required to be reported to Jabatan Penyeliaan Perbankan 1&2 BNM, via e-fids (Fraud Information Database System). e-fids refers to Bank Negara Malaysia s (BNM) secure Internet web-based application system for Banks to transmit information electronically to BNM on fraud and defalcation, breaches to the COE, robberies and burglaries. e-fids was launched in November

36 Fraud Detection & Red Flags The reporting timelines: For Fraud, e-fids Form is required to be submitted to BNM within 24 hours from discovery. For Breach of Code of Ethics not involving fraud by staff, e-fids Form is required to be submitted to BNM within 48 hours from discovery. 36

37 Fraud Detection & Red Flags 37

38 38

standard of conduct is expected of directors, officers

39 Governance & Business Ethics COE refers to the BNM/GP7 guidelines for the banking industry where a minimum standard of conduct is expected of directors, officers and employees of Financial Institutions in Malaysia. 39

40 Governance & Business Ethics In looking for people to hire, you look for three qualities: integrity, intelligence, and energy. And if they don t have the first, the other two will kill you. Warren Buffet CEO, Berkshire Hathaway 40

41 Governance & Business Ethics 41

interest Other employment Entertainment and gifts

42 Governance & Business Ethics Conflict of interest Outside financial interest Other business interest Other employment Entertainment and gifts Corporate directorships Trusteeships Misuse of Position 42

equitable treatment of all customers Abuse of general trading practices Conflict of

43 Governance & Business Ethics Misuse of Information Completeness and accuracy of relevant records Confidentiality of communications and transactions Fair and equitable treatment of all customers Abuse of general trading practices Conflict of interest Grey market trading Insider trading Misuse of Bumiputera Names in Public Share issues 43

44 Governance & Business Ethics Divided into 2: Foundation of Islamic Ethics Characteristics of the Prophet 44

45 Governance & Business Ethics Integrity Perform any task or responsibility with honesty, truthfulness and adequate transparency. Sincerity Be fair, impartial and unbiased; free from conflict of interest. Piety (Wara ) Avoid from syubahah/ haram activities. Professional Competence & Diligence Perform duties and responsibilities in the best manner possible. 45

46 Governance & Business Ethics ALLAH-fearing conduct in everything Believe that Allah is observing our every action. Therefore, the behavior and conduct must be consistent with faith values. Accountability before ALLAH All actions are answerable before Allah. Strictly observe the Shariah requirements in any action taken, decision made, approval granted, etc. 46

47 Governance & Business Ethics Siddiq (Truthfulness) Speaks only the truth Amanah (Trustworthiness) Uses time wisely to perform the required duties, use company s properties appropriately, avoid theft, cheating, fraud and abuse of power. Tabligh (Advocacy) To deliver or inform; knowledge and information sharing. Fatonah (Wisdom) Habitual ability to do or accomplish something rightly, correctly and properly. 47

48 48

49 49

OVERVIEW. Common Personality Traits of Fraudsters. Common Sources of Pressure. Changes in Behavior

OVERVIEW. Common Personality Traits of Fraudsters. Common Sources of Pressure. Changes in Behavior Red Flags of Fraud OVERVIEW Red Flags of Fraud are warning signs that may indicate a higher fraud risk. They are NOT evidence that fraud is actually occurring. Many employees demonstrate one or more of