“Being honest may not get you a lot of friends, but it’ll always get you the right ones”
Hello dear Readers, I hope you had a good week. Last week, I continued the series on hints to fight red flags in the branch, this time, touching on Process Risk. We will also examine both process as well as system risks.
I did not just go straight the point but instead started with a tall list of questions to ponder over. How did you find the questions? Isn’t it strange how we take certain things for granted? Many root-cause analysis of frauds and operational losses in banks point to some of these little things we overlook in the service delivery.
Red Flags in Process Risk.
The questions we pondered over last week brought out a few salient reminders.
- a) Procedural manuals need to be properly designed, reviewed, customized, disseminated, assimilated and adopted by users to make them effective.
- b) The absence of procedural manuals has serious implications such as ignorance displayed by the staff, lack of uniformity in service delivery resulting in the staff resorting to the use of logic instead of banking principles.
As mentioned last week, at each point in the process, a variety of risk issues confront the bank, especially at the branch, hence the need for adherence to processes, which act as a guide as well as a control.
Compromised Account Opening Processes
Most frauds can be traced to the account opening stage. A Sales Executive who is under pressure to meet targets can compromise the account opening procedures to meet the targets. If you are a Supervisor in charge of vetting account opening documentation, watch out for the following signals:
- Were the other directors, partners, or trustees not present at the account opening? If it is worth having the account, why don’t you defer or arrange a meeting off-site to confirm their existence and the particulars being presented? Many officers have been convinced to approve account opening, using the particulars of non-existent customers.
Mis-matched Services
Bank services and products are not to be given to every Tom, Dick and Harry.
- Are you selling products like ATMS, cheque books, and e-banking products to unqualified persons? Was the e-banking application form submitted by an illiterate? Was it thumb printed? Check again. It is likely that this payment channel will be operated by third parties instead of the customer, resulting in future claims on the bank. Let us not sell e-banking products just to meet targets. It is also part of the banking relationship and should not be taken for granted.
E-mail correspondence from some illiterate although wealthy customers should be confirmed. Ask yourself, if the person is definitely not computer literate, someone else is acting on his or her behalf. Any indemnities? Any power of attorneys? Some of these importers have been defrauded by cyber fraudsters who misdirect their wire transfer instructions originally meant for their principals abroad.
Cheque Handling and Processing
The cheque is one of the most convenient and yet one of the most dangerous instruments in banking. Many process risks involve red flags in cheque payment system. Within the past few years many banks have suffered massive losses at the hands of cheque fraudsters.
It is recommended that all branch banking staff undergo intensive refresher training on the legal principles covering the cheque payment system.
Let us be wary of customers who regularly stop cheques, put off their phones to avoid confirmation of cheques. Look at the new breed of customers who insist that every cheque issued should be confirmed by him or her! This is definitely not banking. They may do your bank more harm than good.
Explain the cheque process to them so that more third parties can trust the cheque as a means of payment. The cheque must not be seen only as a payment instrument to be honoured according to the “whims and caprices of the customer”. Although bankers have a duty of care towards their customers, the cheque payment system should not be abused. It can put the bank into trouble.
There are numerous red flags associated with not adhering to the procedural manuals, but I will pause here.
What is System Risk?
This is related to the losses arising from disruption of business or from systems. Events that causes these risks are data corruption, computer virus, telecommunication failures and utility disruptions. System issues are usually bank-wide and not necessarily a branch problem. Most problems relating to the banking application software are general. However, let us look at a few cases of red flags at the branch level which should not be underrated:
Users’ Misunderstanding of the Banking Concepts embedded in the Banking Software
On the other hand, many users do not appreciate the fact that it only facilitates transactions and does not replace the human touch. Not giving data entry personnel the needed training and background to the transactions they perform is really an avenue for disaster.
Data entry, on the computer without understanding the implications, is the first red flag. Banking and customer service is not only speed and accuracy, but also involves the understanding of the workings of the computer in the banking application.
Particular attention needs to be paid to the double-entry principle in accounting, the reasons behind the creation of the suspense accounts in banking and how they should be monitored to prevent over-due transactions which can be manipulated into frauds and losses to the bank.
Users with Dual Access to Perform Front and Back office Transactions
In small branches, there is a tendency for staff to do more teamwork and assist each other to close early. This is a good trait but this has to be managed to ensure that data entry rights are well segregated.
Unless the banking application is very much foolproof, Tellers having access to general ledger data entry rights as well is a breach of the segregation of duty principle in operations. Managers with clerical data entry rights should equally be avoided.
Managers performing data entry functions
I have seen a few situations where branch managers perform both data entry as well as authorization and over-ride transactions! This is a definite NO! Shortage of staff may occasionally be treated as an emergency and exceptional rights given by IT department. This exception should however be reversed by the close of day.
Availability of Access Rights to Users who are on transfer, leave or upon exit
Managers need to have regular check on the data entry access rights of users in the branch to avoid cases of staff visiting the branch while on leave or even on transfer and checking their balances or sometimes performing data entry to assist! Does your system continue to have names of ex-staff as data entry users? Sounds funny but it can be abused.
Have you ever come across a system transaction list of data entry staff for a particular day including a member of your branch who is on leave? That is strange and needs quick verification action before something fishy happens. Certain events of user rights of staff on leave have caused some upsets to some banks. It may be the tip of the iceberg.
Leaving the Banking Application System Open
- Is your system so slow that staff who want to be away briefly do not want to shut down?
- Do your staff leave the system on when they go to the wash room or out for lunch?
- Do your staff leave the system on when they close early, to enable their colleagues continue their work for them?
- Do your staff allow interns to work in their system without the necessary close marking
Constant System “freezes”
- Are your computers slow and outdated? Some of the “freezes” are accompanied by system errors when the system resumes. Your customers’ data can be corrupted.
- Do you just accept every explanation given by the IT department during system issues, without seeking thorough explanation? Perhaps you can even minimize some of the effects at your branch with some efforts and monitoring from yourself.
Frequent “error correction” of transactions
- Do you notice particular data entry personnel who regularly make mistakes that requires correction of errors?
There have been several cases of these “corrections” which are deliberately done to cover up some frauds. Check the audit trail of such transactions for possible regular names and closely examine the other transactions performed by these users
Exchanging Passwords
This is a basic caution which is given to staff during induction on the first day at work, but the directive continues to be flouted everywhere. Many friendships have been broken when one person abused the trust shared. In banking, we always say, “Trust but Verify”. Giving away one’s password is like giving away one’s life jacket to another person while swimming!
TO BE CONTINUED
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of Three books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story” and “The Modern Branch Manager’s Companion”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.
CONTACT
Website www.alkanbiz.com
Email:alberta@alkanbiz.com or [email protected]
Tel: +233-0244333051/+233-0244611343
