Regulators have their own crime watch and from time to time suggest some red flags for identifying crime. One such example is the suggestive red flags for bribery given by the Foreign Corrupt Practices Act (FCPA)
Foreign Corrupt Practices Act (FCPA) gives some bribery red flags
- A high-pressure culture – hit the sales target!
- A culture that requires entertaining, or offering gifts to, government officials.
- Activities requiring a high level of government interaction.
- Personal or family relationships between employees/contractors/agents and foreign officials.
- Unusual documentation or payment arrangements, including sizeable commissions or fees, or payments to third country bank accounts.
- The bad reputation of an agent or consultant in the local community for ethical business practices.
- Reluctance to furnish information about business relationships with other reputable US corporations.
- Reluctance to execute agreements containing FCPA compliance covenants.
- Meal or gift expenditures in excess of local custom amounts.
- Suggestion of a pay-to-play scheme, including a requirement for a payment to a charity, foundation, or other third parties in exchange for a contract or other benefit to the company.
There are certain frauds that spurt in response to certain situations or crises. One such example is the occurrence of the COVID 19 pandemic. Covid 19 Pandemic has wreaked havoc across the globe and fraud incidence has increased and bad actors misuse the situation to extract money and steal information.
In response, the Financial Crimes Enforcement Network (FINCEN), that calls upon financial institutions to remain alert to COVID-19-related fraud by understanding the current scams and red-flag indicators that may indicate this illicit activity. Once you know more about your detection capabilities and any potential gaps, you can develop risk-focused procedures around this heightened illicit activity. Fraud often can lead to hard dollar losses, and suspicious activity monitoring may need to be enhanced if your risk assessment indicates.
An analysis of each of the combined advisory red flags will assist an institution in building a solid framework around COVID-19 related fraud detection.
Red flags include:
- Medical supply related transactions through a personal account
- Merchant requires pre-paid cards, virtual currency, or other hard to trace mean of payment
- High chargeback and/or return volume in the customer’s account
- A newly opened account received a large wire transaction that was not disclosed at account onboarding
- New accounts opened after January 2020 for the purpose of selling medical supplies or highly sought-after goods (toilet paper, masks, disinfectant, etc.)
- The customer begins to use an established account differently after January 2020 without an explainable purpose
- The customer’s account is receiving or sending electronic fund transfers (EFT) to/from a new business with no known physical or internet presence.
- The customer’s account is used for COVID-19 related goods with a company that is not a medical supply distributor
Fraud Risk Assessment
Management uses fraud risk assessments to identify and understand risks to its business and weaknesses in controls that present a fraud risk to the organization. Once a risk is identified, a plan can be developed to mitigate those risks by implementing appropriate controls or procedures and assigning individuals task of effecting and monitoring a plan for mitigation.
Fraud risk assessment addresses the following-
- Asset misappropriation.
- Financial and non-financial reporting.
- Regulatory compliance areas.
- Illegal acts.
The assessment should be carried out periodically or when changes are effected to-
- Internal processes/controls.
- Organizational structure.
- Distribution and allocation of duties among key personnel.
The assessment can be performed using a matrix format, narrative or any other format that best suits the organization for ease of reading, understanding and evaluation.
Fraud Risk Assessment Components
- Description of fraud risk or schemes: Examples include fraudulent disbursements, undisclosed relationships/related parties, theft by cyber-fraud, revenue recognition, bribery, manipulation of liabilities and expenses, false employee qualifications or certification, compliance with government regulations, inappropriate journal entries, improper reporting and disclosures, theft of assets or services.
- Identification of existing anti-fraud controls: Internal controls in effect, preventive or detective controls.
- Likelihood of occurrence: Based on frequency – rare to very frequent – or probability of occurrence – remote to almost certain.
- Significance to the organization: Incidental to catastrophic.
- Assessment of control effectiveness: Ineffective to very effective.
- Fraud risk response: Additional controls or corrective action activities proposed to be implemented.
- Responsible person: To implement controls and mitigation efforts.
- Monitoring activities: To be periodically conducted and frequency of occurrence.
Critical Success Factors in Fraud Risk Management
The fraud risk approach is a top-down and bottom-up process. It is critical for an organization to establish and implement the right policies, processes, technology, and components within the organization and diligently enforce these policies and processes collaboratively and consistently to effectively fight fraud across the organization. To effectively and efficiently counter fraud at the enterprise level, organizations should develop an integrated and holistic culture and proper segregation of duties that enable enterprise-wide information sharing and collaboration to prevent first, detect early, respond effectively, monitor continuously, and learn constantly. The following critical success factors are identified for successful fraud prevention and mitigation program-
1: Fraud Risk Management by Design
Organizations have implemented management processes and solutions to combat fraud risk. Initiating an appropriate enterprise fraud risk management program, sufficient governance, and management framework, and consistent management processes and
practices have become a part of fraud risk mitigation efforts. Yet it is observed that most of these efforts are poorly coordinated and reactionary. The fraud risk management capabilities and technology solutions in place are generally implemented in silos and disconnected across the organization. It has to be understood that this is not a one-time activity but a continuous process and must be well designed with the following key components:
- Proactive risk assessment process—An organization must have an effective fraud risk assessment process to systematically identify significant fraud risk and determine its exposure to such risk.
- Effective governance and clear organizational responsibility—Organizations must commit to an effective governance process, direction, and oversight for the identification and mitigation of fraud. They must set the responsibility-accountability matrix for ease of administration.
- Integrated framework: -The counter-fraud program to be covering all areas of business processes provide for monitoring and management of the program. It has to be integrated with other systems like risk and compliance.
2: Risk-based Approach
Organizations must adopt a risk-based approach to address areas and processes of highest risk exposures immediately while planning for future fraud prevention enhancements. Countering fraud is an ongoing and continually evolving process, and the journey to the target state is a balancing act of enhancing the process, organization and governance, and technological capabilities, with their proper integration throughout the organization.
3: Proper Collaboration and Systemic Learning
Fraud detection and prevention is not merely an information-gathering exercise and technology adoption but needs the organisation’s commitment to, and implementation of, continual systemic learning, application, coordination and collaboration, knowledge and data sharing, and communication.
4: Big Data Technology and Advanced Analytics
Technological breakthroughs and capabilities grounded in big data and analytics can help prevent and counter fraudulent acts that impact the bottom line and threaten the brand value and customer retention. Big data technology can gather data from any source, regardless of structure, volume, or velocity, and harness, filter, and sift through the oceans of data—whether in motion or at rest—to find and relate the indicators that point towards a possible fraud. The use of predictive analytics can mine data to identify suspicious patterns that will enable timely detection and prevention of fraud.
Fraud risk like any other risk has to be under continuous surveillance, red flags play a pivotal role in the early diagnosis of fraudulent activities. Although the list of red flags is not exhaustive, it gives an idea of the ways in which the organizational system is used to perpetrate some advantage for the perpetrator, most often it can be an insider. Some open opportunity avenues can lead to its exploitation and the dollar loss can be substantial. Forewarned they say is forearmed, preventive, and detective measures outweigh the corrective measures. Hence fraud risk assessments, risk analytics, and control activities should go on continuously so that fraud risk can be kept at a minimal or acceptable level.
Blog Published By: Ms. Priti Sikdar Executive Vice President at RiskPro India Ventures Private Limited.