FRM in Financial Institutions

Anti-Fraud Forum

Kemal Özmen, Forensic Director

16 May 2012

2©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

There is a diverse array of risks of fraud that have materialized into real cases in Romania, CEE and Western Europe in the last few years

Romanian-Bulgarian cross

border motor insurance fraud

Theft of cash and other valuables

from bank branches

Loans granted based on false documents and

information

Collusion between lessee, supplier

and agentRogue trading

Ponzi and other investment schemes

Fraudulent bankruptcies

Financial statement manipulations re:

sub-prime exposures

Credit cards fraud

3©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

Turbulent times definitely contribute to increased fraud. Estimates vary between 5-10% of worldwide corporate revenues being lost to fraud

OPPORTUNITY

MOTIVATIONRATIONALISATION

Note: Fraud TriangleSource: Donald Cressey 1953

Increased financial motivation

Inflation, personal debt burdens versus negative personal financial growth

Increased OpportunityDown sizing / re-engineering risk, process automation, dual control and lack of segregation of duties

Increased ease of rationalisation

Reduced remuneration, morale, incentives, perceived inequity and personal growth

opportunities

4©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

While the benefits of improving the fraud risk management strategy are clear and demonstrable, you cannot manage the fraud risks that you cannot see

Direct and Indirect Losses to Fraud

• An organization's fraud risk management (FRM) strategy can present a competitive difference in the financial service market.

• End game is more efficiently managing costs than your competitors.

• Losses related to fraud, theft and corruption are taken directly off the organization's bottom line.

• Depending on the profitability ratio of your organization, every 1 RON lost to fraud means that a further X RONs would have to be generated to replace this lost value/profitability.

• Add to that the damage to the reputation and brand name of an organization and the loss of the confidence.

• The cost of disinvestment as the result of a negative public incident can far out weigh the initial direct financial loss.

Fra

ud

Ris

k M

anag

emen

t S

trat

egy

Wea

ker

Str

onge

r

Org

anis

atio

n’s

wat

erli

ne

See less

See more

5©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

Nevertheless financial services institutions have a responsibility to stakeholders to manage fraud risks

…external drivers for fraud

Money laundering Fraudulent instructions Insider trading

Impersonation and false information on loan applications

Double-pledging of collateral Forged or valueless collateral Misappropriation of loan funds by

agents/customer Kickbacks and inducements

Off market rings Related party deals Broker kickbacks

Bogus documents Forged power of attorney

Private banking Depositor camouflage Unrecorded deposits Theft of customer deposits / investments

Retail and corporate banking– credit business Loan to fictitious borrowers Use of nominee companies Deposit transformation Transactions with connected companies Asset quality manipulation Kickbacks and inducements Use of parallel organisations Selling recovered security below market prices Bribes to obtain release of security or reduce claimed amount

Securities business False deals / unrecorded deals / delayed deal allocations Misuse of discretionary accounts Exploiting weaknesses in matching procedures Mismarking of valuation rings

…internal fraud risk factors

Investment banking business Bogus investments Selling or lending without authority Front running and insider trading Share ramping

FRM responsibilities

• Develop and maintain an effective FRM strategy

• Properly manage and mitigate fraud risks

• Safeguard and protect assets

• Protect stakeholder interests

• Protect reputation and brand

6©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

Managing fraud risks means prevention of fraud, detection of incidence of fraud and response in the face of a fraud event

• Identify fraudsters before they become customers• Indentify fraud committed by organized groups before significant

losses incurred

Prevent fraudsters as early as possible:

• Strengthen fraud monitoring• Increase awareness of fraud management• Improve reporting lines

Enhance early detection of fraud in existing portfolio:

• Mitigate potential losses• Prevent future incident through self learning process• Discourage irregular behavior through thorough disciplinary and legal

action

Respond to fraud promptly and adequately in order to:

7©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

There are many different elements to consider when implementing an FRM strategy, most important of all is alignment with the organization

Governance• FRM framework

and policies• Roles and

responsibilities• Objectives and

reporting• Empowerment and

monitoring• Integration with

other functions

Prevention• Fraud risk

assessment• Fraud risk register• Anti-fraud controls• Awareness

programs• Employee

screening• Ethical

assessments

Detection• Proactive

monitoring of transactions with clients

• System detective controls

• Whistleblower hotline

• Reactive reviews and data analysis

Response• Fraud response

and investigations framework and protocols

• Evidence to legal counsel, regulators, and to legal and disciplinary proceedings

• Protocols for disclosure and other remedial actions

8©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

The fraud prevention and detection framework and support technology must be integrated to the overall Fraud Risk Management process

A Fraud prevention and detection system

implementation is not a one-off exercise.

It must be established as a continuous

process and requires ongoing

improvement.

General fraud detection and follow-up rules & principles

FS institution specs

high cost high % of fraud identification

Data gathering, analysis, testing and

evaluation

Calibration

Follow up

Product specs

Historical patterns

FRM frame-work

9©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

This is how the framework, methodology and the support technology would come together

Business events

Transactions in core applications

Access to records and data

Fraud scenarios DB

Capture, analyze, corroborate

Fraud risk register

Management response to

fraud

Investigation and Response methodology

Red flags

10©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

The FRM framework and any support technology has to support the following processes

Primary and secondary

processes, e.g. analysis process

prior to approval / underwriting

Automated fraud detection

mechanisms, e.g. for transactions

based on red flags

Use of all known fraud indicators,

red flags and scenarios

Maximum utilization of all available data

Regular and Ad hoc portfolio screening

Facilitation of investigation phase

and decision making

Control over the investigation

process, ensuring adherence to professional standards

Continuous gathering of

relevant information and its further utilization

Monitoring of employee actions

Flexible reporting tools facilitating

effective monitoring

On-line, real-time, ex-post

11©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

A wide range of aspects need to be considered during implementation

Awareness has to be built up in top

management and all levels below

FRM processes have to be aligned with existing processes

and systems

Changes to existing process (e.g.

enhanced data gathering)

Any changes resulting from the IT tool implementation have to be reflected

in policies and procedures

Roles and responsibilities have

to be defined (segregation of

duties)

Reporting (ex post, ex ante, online) and escalation lines have

to be established

Fraud indicators/scoring

model must be accessible only to a limited user group

only

Employees should be trained adequately to be able to utilize

features of the system

Utilization of synergies – e.g. AML,

credit risk, claims risk, asset / collateral

risk

Data sharing with other systems (DWH,

Risk Management, Core System, Collections)

Data Quality & Data protection against theft or corruption

Automated update of blacklists and other indicative

statistics

12©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

This is how a typical Fraud Risk Management framework and support system implementation project would look like

Proposed recommendations

Phase IGAP analysis of current FRM

structures and processes

Phase IIDesign of FRM framework,

processes and systems

Phase III

Support in implementation

Understanding of banking processes and products under consideration

Understanding of current FRM framework, systems, processes and controls

Comparison of existing processes and controls against FRM model and identification of key gaps

Review of functionality of the considered tools and assessment of their flexibility and usefulness from the fraud scoring system perspective

Analysis of potential use of the selected IT tool in respect of fraud scoring system

Development of the road map and business case for enhanced FRM

Design of FRM framework:

Roles and responsibilities, Governance model, Fraud unit, Strategy, policies and procedures, Motivation schemes

Design of processes related to ongoing monitoring of the risk of fraud and performance of the initial fraud risk assessment

Design of the processes and controls in respect of fraud:

Prevention Detection Response

Design of the automated fraud detection / scoring tool

Assistance in the implementation of FRM framework, processes and controls by assisting in:

Creation of anti-fraud unit

Development of fraud strategy

Drafting policies and procedures

Development of awareness programs

Implementation of controls

Trainings

Fraud detection system testing and calibration

Work flow testing

People

Business processes

Technology

Infrastructure

Support in implementation

Design of FRM framework, processes and systems

GAP analysis of current FRM structures and processes

13©2012 KPMG Romania SRL, a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative("KPMG International"), a Swiss entity. All rights reserved. PDC no.8229.

Questions & Answers

Kemal ÖzmenForensic DirectorKPMG in Romania

Head of Forensic Services in Romania, Serbia and Montenegro, Bulgaria and the Balkans

kozmen@kpmg.com

T: +40.372.377.839F: +40.372.377.700M: +40.748.234.635

© 2012 KPMG Romania S.R.L., a Romanian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Romania.

The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International Cooperative (KPMG International).