The BoG fraud report (3): lets clear the weeds from the grass

0

“Risk management is a more realistic term than safety. It implies that hazards are ever-present, that they must be identified, analyzed, evaluated and controlled or rationally accepted.”……Jerome F. Lederer

This is the third in my series of fraud prevention, following the usual BoG’s fraud report of banks, specialized deposit institutions SDIs and Payment Service Providers, PSPs The annual reports classify the various types of frauds, the trends over the past four years. The 2023 report has also highlighted some directives by BOG to banks, SDIs and PSPs which, if implemented, will help reduce the incidence of fraud in the sector.

In the first two articles, I highlighted the need to reduce internal fraud through best hiring practices, induction programs and people risk red flags which Supervisors should identify early. I also talked about the KYT (KNOW YOUR TARGET) motto of fraudsters, plus my own created motto of KYS (KNOW YOUR STAFF) for Leaders and Supervisors.



Fraud Types and Definitions

Let us go back to the BoG fraud report of 2023 on the fraud types and how they are defined in the report.

ATM/Card fraud ▪ ATM fraud refers to the fraudulent use of ATM cards or ATM personal identification numbers (PIN) to withdraw money from another person’s account or steal directly from the ATM machine by breaking into the machine. ▪ Card fraud refers to the fraudulent use of another person’s debit card number and PIN to withdraw cash from the victim’s account or make unauthorized purchases.

Burglary: refers to the illegal entry into a building of a financial institution with the intention of stealing.

 Cheque fraud Cheque Fraud refers to the unlawful use of cheques for the purpose of acquiring funds illegally.

Cyber-email fraud Cyber-email fraud refers to the act of tricking an email recipient into believing that the email was sent from the actual sender (authentic source).

E-Money fraud E-Money fraud refers to unauthorized withdrawal of electronic money from the wallet of financial institutions, mobile money operators and individuals.

Fraudulent withdrawals Fraudulent withdrawals refer to unauthorized access to the accounts and wallets of clients.

Forgery and manipulation of documents Forgery and manipulation of documents refers to the creation or altering of a document with the intent to defraud someone.

Impersonation refers to the act of pretending to be another person for the purpose of fraud.

 Lending/Credit fraud Lending/Credit fraud refers to the unauthorized use of one’s personal information to obtain credit.

Remittance fraud Remittance fraud refers to the act of criminals manipulating the international money transfer systems to defraud others.

 Cash theft (Suppression of cash and deposits) Cash theft/Suppression of cash refers to the process of concealing and diverting cash deposits or cash received from a customer.

SIM swap related fraud Tricking a cellular service provider into switching a victim’s service to a SIM card controlled by the fraudster (essentially hijacking the victim’s phone number). The main aim of SIM swapping is usually to exploit two-factor authentication to gain fraudulent access to bank accounts.

In addition, the report states that:

“The fraud type that recorded significant jump in cases was ATM/POS/Card fraud, recording 218 cases in 2023 as compared to only 9 cases recorded in 2022. The increased use of digital channels may have contributed to the rise in fraud emanating from ATM/POS/Card payment platforms.

“Banks are therefore required to enhance the security features of their electronic banking systems to make the systems difficult to be accessed by these fraudsters. SIM swap fraud was identified as one of the emerging fraud types recorded by the banks in 2023 with 15 recorded cases for the year.”

This week, lets continue with the next source of operational risk or losses……The Process Risk)

Process risk

This is considered to be a sub-component of operational risk. It exists when the process that supports a business activity lacks both efficiency and effectiveness, which may then lead to financial, customer, and reputational loss.

The Role of Supervisors in Minimizing Process Risk

All the above, as mentioned earlier, contains the four elements of operational risk under people, system, process and external factors. Moreover, all these are covered by documented process manual, so where did the financial institutions go wrong?

Since the banker- customer relationship is a legal contract under which each party can be sued or sue, every banking transaction is conducted under processes and procedures. They are not done by using logic. No financial institution is allowed to operate without documented process manuals in all its departments. Banking has always been the most regulated sector in the economy. Financial intermediation is the oil of growth and will always be there.

Policies and procedures

Imagine a bank without the following policies: Finance, Credits, Risk, Operations, Audit, Compliance, Legal, Investment, Technology, and so on. The Regulator will not even allow it to operate, because there are many laws and regulations governing them. Each policy also has a documented guiding process. Can a bank staff work on the banking software without a process manual? That is where the role of Supervisors come to play in the process risk factor.

Let me use a typical process of cash management:

  • Each teller has a documented flow of the process for data entry into the banking software, with his or her password before transactions can be effected in customers’ accounts.
  • Each branch has a daily cash limit to keep, which is covered by insurance
  • Each Teller has an operational limit to work with in their counters
  • Each branch should have a keys register, with two vault custodians, never swapping the keys
  • Monies collected outside the banking halls should be dual controlled and returned to the branch, and customer credited. Due to the use of technology, customers accounts are now credited to their accounts by officers on the field

This then brings to mind the cases of cash suppression! With all the CCTVs scattered everywhere, how can Tellers suppress customers’ deposits?

The Maker-Checker policy: In banking, no one can originate a transaction and also finish it. The Maker and Checker policy should never be avoided. Every role is accompanied by special data entry rights to ensure it is strictly adhered to.

Foreign transfer of customers funds to their suppliers outside the country are guided by many directives from BoG, that banks are sometimes suspended from performing foreign transactions and even fined for infringements.

Credit management is also covered by detailed processes guided by the credit policy. There are always dual checks and balances to ensure there are no ghost customers, securities offered, offices, business and residential addresses before approvals are granted.

In the digitized banking world, artificial intelligence takes care of all these due to the availability and credibility of data. Decision on loans are therefore taken within a few hours. Until we reach that stage, bank staff should never underrate the need for strict controls in everything they do.

How about reconciliation? Controls without checking is useless. This process assists in early identification of errors, lapses as well as frauds. With digitalization, has come with a new breed of reconciliation tools capable of providing highly automated operational risk metrics to the business allowing minimal resources to focus on what matters.

Robust KYC and AML procedures: Implementing thorough KYC and AML procedures is crucial for preventing fraud. This includes verifying customer identities, monitoring transactions for suspicious behaviour, and ensuring that all regulatory requirements are met. In an effort to curb money laundering, terrorism financing, and other financial crimes, financial institutions are required to submit Suspicious Transactions  Reports (STRs) to report suspicious activity to the Financial Intelligence Centre. This ensures these criminals are investigated and held accountable for their actions, as law enforcement will pursue these incidents accordingly. Are these processes being followed by Supervisors?

Next week we shall examine the System Risk factor

to be continued

ABOUT THE AUTHOR

Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of Three books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story” and “The Modern Branch Manager’s Companion”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.

CONTACT

Website www.alkanbiz.com

Email:alberta@alkanbiz.com  or [email protected]

Tel: +233-0244333051/+233-0244611343

Leave a Reply