FRAUD RISK MANAGEMENT IN BANKS –TECHNOLOGY, INNOVATION AND CYBER CRIME
Background – Fraud Risks Management
Fraud Risk Management (FRM) is an ongoing process that equips the organizations with the tools to control fraud risks. The process includes three steps- detection, prevention and response to a certain fraud. The ever evolving technology around all sectors of the world has borne risks and therefore there is a need of automated detection system and robust defence processes. On several occasions, the Reserve Bank of India (RBI) has spoken about the dire need of an effective FRM system in banking sector.
Fraud Risk Management in Banks
Privatization of banks has given way to undying competition in the banking sector. In today’s time no bank can survive without a technologically sound system, customer friendly digital products, hassle free user experience and continuous innovation. Innovation is disruptive when it creates a new market of its own and disrupts the existing market and hence displacing established market-leading firms, products and alliances. One such disruptive innovation would be non-bank payment system providers such as Paytm. As technology evolves from being an enabler and differentiator to being at the core of the banks’ operations, associated issues of security need to be addressed comprehensively. In the recent past, there have been several high profile fraud cases both nationally and internationally- On 2 August 2016, Bitfinex, a Hong Kong exchange for the trading of digital currencies, announced that some of its customer’s accounts were hacked and bitcoins were reportedly stolen. The value of the stolen bitcoins has been reported to be approximately US$65 million or more. Consequently, the value of bitcoins came down and the trust on the digital currency was left shaken. In another incident, on 29 January 2018, Central Bureau of Investigation (CBI) received a complaint from Punjab National Bank (PNB) alleging that M/s Diamond R US, M/s Solar Exports and M/s Stellar Diamonds, in collusion with two bank officials committed the offence of cheating against PNB and caused a wrongful loss. The loss amounted to be as high as $2 billion.
Recent developments such as demonetization and further push to electronic mode of payments will no doubt bring several benefits to the economy, however, we need to be conscious of the security aspects.
Fraud risk control is measured by Early Warning Signals (EWS) and Red Flagged Accounts (RFA). EWS acts as a trigger for any possible credit impairment, when a suspicion of fraudulent activity is thrown by one or more EWS, those accounts are tagged as RFA. Such accounts should be further investigated. RBI has given an illustrative list of EWS to banks under the framework of fraud risk management.
To mitigate fraud risks, there is an imperative need for another technology on the lines of FRM system which monitors all present and past transactions, creates a database according to banking needs and is also involved in data analytics and optimization. In simple terms, FRM involves fraud risk identification, event reporting, control, allocation and mitigation framework. The five principles of effective FRM includes-
Fraud Risk Governance – defined responsibilities and on-going procedure to implement
Fraud Risk Assessment – actual risks faced by the organization
Fraud Prevention – prevention is rooted in a culture of fraud awareness, understanding common policies and procedures, a safe harbor for whistle-blowers, and continuous communicationFraud Detection – detected through whistle-blowers or continuous monitoring of transactions
Monitoring and Reporting – ensuring that the information goes to the right person
Basic FRM model
The above stated five principles are imbibed into a software to create a solid Fraud Risk Management model. The approach consists of four phases a) assessing the risk and setting targets, b) designing controls to prevent, detect and respond, c) implementation throughout the organization and d) evaluation. The global firm, EY promises enterprise-wide fraud monitoring system which it includes-
Offsite and real-time monitoring of transactions based on historical fraud instances and the current industry landscape.
Proactive due-diligence involving centralised system of alerts across different systems and data sources.
Investigation cell involving intelligent system along with designed case management to suit the needs of the bank and thus prioritizing alerts accordingly.
Creation of dashboard for management oversight to track efficiency and monitor fraud investigation findings.
Making proper use of past and present database to make continuous improvements in the dynamic market space by way of data analytics.
FRM is basically a software that is used to monitor the real time transactions, tally the credits, raise alerts and hence to prevent fraud. The answer to disruptive innovation is always ‘further innovation’. In today’s time, when the defaulters are innovating their ways into doing fraud, the bankers need to have in place a robust system to detect, prevent, monitor and respond to such fraud. Further, FRM system can also be used to watch employee accountability by monitoring employees, so that instances like that of Nirav Modi/PNB case do not occur again.